• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.3
• /
• pp.499-510
• /
• 2023

Recently, an intelligent and advanced cyber attack attacks a computer network of a public institution using a file containing malicious code or leaks information, and the damage is increasing. Even in public institutions with various information protection systems, known attacks can be detected, but unknown dynamic and encryption attacks can be detected when existing signature-based or static analysis-based malware and ransomware file detection methods are used. vulnerable to The detection method proposed in this study extracts the detection result data of the system that can detect malicious code and ransomware among the information protection systems actually used by public institutions, derives various attributes by combining them, and uses a machine learning classification algorithm. Results are derived through experiments on how the derived properties are classified and which properties have a significant effect on the classification result and accuracy improvement. In the experimental results of this paper, although it is different for each algorithm when a specific attribute is included or not, the learning with a specific attribute shows an increase in accuracy, and later detects malicious code and ransomware files and abnormal behavior in the information protection system. It is expected that it can be used for property selection when creating algorithms.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.3
• /
• pp.363-374
• /
• 2023

A white-box environment refers to a situation where the internal information of an algorithm is disclosed. The AES white-box encryption was first announced in 2002, and in 2016, a side-channel analysis for white-box encryption called Differential Computation Analysis (DCA) was proposed. DCA analysis is a powerful side-channel attack technique that uses the memory information of white-box encryption as side-channel information to find the key. Although various countermeasure studies against DCA have been published domestically and internationally, there were no evaluated or analyzed results from experiments applying the hiding technique using dummy operations to DCA analysis. Therefore, in this paper, we insert LU T-shaped dummy operations into the WBC-AES algorithm proposed by S. Chow in 2002 and quantitatively evaluate the degree of change in DCA analysis response depending on the size of the dummy. Compared to the DCA analysis proposed in 2016, which recovers a total of 16 bytes of the key, the countermeasure proposed in this paper was unable to recover up to 11 bytes of the key as the size of the dummy decreased, resulting in a maximum decrease in attack performance of about 68.8%, which is about 31.2% lower than the existing attack performance. The countermeasure proposed in this paper confirms that the attack performance significantly decreases as smaller dummy sizes are inserted and can be applied in various fields.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.3
• /
• pp.401-410
• /
• 2023

In this paper, we propose optimization methods for implementing SPARKLE, one of the NIST LWC finalists, on a 64-bit ARMv8 processor. The proposed methods consist of two approaches: an implementation using ARM A64 instructions and another using NEON ASIMD instructions. The A64-based implementation is optimized by performing register scheduling to efficiently utilize the available registers on the ARMv8 architecture. By utilizing the optimized A64-based implementation, we can achieve speeds that are 1.69 to 1.81 times faster than the C reference implementation on a Raspberry Pi 4B. The ASIMD-based implementation, on the other hand, optimizes data by parallelizing the ARX-boxes to perform more than three of them concurrently through a single vector instruction. While the general speed of the optimized ASIMD-based implementation is lower than that of the A64-based implementation, it only slows down by 1.2 times compared to the 2.1 times slowdown observed in the A64-based implementation as the block size increases from SPARKLE256 to SPARKLE512. This is an advantage of the ASIMD-based implementation. Therefore, the ASIMD-based implementation is more efficient for SPARKLE variant block cipher or permutation designs with larger block sizes than the original SPARKLE, making it a useful resource.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.5
• /
• pp.827-846
• /
• 2023

Recently, various information technologies such as network communication and sensors have begun to be integrated into weapon systems that were previously operated in stand-alone. This helps the operators of the weapon system to make quick and accurate decisions, thereby allowing for effective operation of the weapon system. However, as the involvement of the cyber domain in weapon systems increases, it is expected that the potential for damage from cyber attacks will also increase. To develop a secure weapon system, it is necessary to implement built-in security, which helps considering security from the requirement stage of the software development process. The U.S. Department of Defense is implementing the Risk Management Framework Assessment and Authorization (RMF A&A) process, along with the introduction of the concept of cybersecurity, for the evaluation and acquisition of weapon systems. Similarly, South Korea is also continuously making efforts to implement the Korea Risk Management Framework (K-RMF). However, so far, there are no cases where K-RMF has been applied from the development stage, and most of the data and documents related to the U.S. RMF A&A are not disclosed for confidentiality reasons. In this study, we propose the method for inferring the composition of the K-RMF based on systematic threat analysis method and the publicly released documents and data related to RMF. Furthermore, we demonstrate the effectiveness of our inferring method by applying it to the naval battleship system.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.5
• /
• pp.787-799
• /
• 2023

As IoT devices are widely used at home, IoT automation system that is integrate IoT devices for users' demand are gaining populrity. There is automation rule in IoT automation system that is collecting event and command action. But attacker delay the packet and make time that real state is inconsistent with state recongnized by the system. During the time, the system does not work correctly by predefined automation rule. There is proposed some detection method for delay attack, they have limitations for application to IoT systems that are sensitive to traffic volume and battery consumption. This paper proposes a practical packet delay attack detection technique that can be applied to IoT systems. The proposal scheme in this paper can recognize that, for example, when a sensor transmits an message, an broadcast packet notifying the transmission of a message is sent to the Server recognized that event has occurred. For evaluation purposes, an IoT system implemented using Raspberry Pi was configured, and it was demonstrated that the system can detect packet delay attacks within an average of 2.2 sec. The experimental results showed a power consumption Overhead of an average of 2.5 mA per second and a traffic Overhead of 15%. We demonstrate that our method can detect delay attack efficiently compared to preciously proposed method.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.6
• /
• pp.1077-1086
• /
• 2023

The searchable encryption model allows to selectively search for encrypted data stored on a remote server. In a real-world scenarios, the model must be able to support multiple search keywords, multiple data owners/users. In this paper, these models are referred to as Multi Ranked Searchable Encryption model. However, at the time this paper was written, the proposed models use fully-trusted trapdoor centers, some of which assume that the connection between the user and the trapdoor center is secure, which is unlikely that such assumptions will be kept in real life. In order to improve the practicality and security of these searchable encryption models, this paper proposes a new Multi Ranked Searchable Encryption model which uses random keywords to protect search words requested by the data downloader from an honest-but-curious trapdoor center with an external attacker without the assumptions. The attacker cannot distinguish whether two different search requests contain the same search keywords. In addition, experiments demonstrate that the proposed model achieves reasonable performance, even considering the overhead caused by adding this protection process.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.6
• /
• pp.975-987
• /
• 2023

With the advancement of Artificial Intelligence (AI) technologies, the provision of data-driven AI services that enable automation and intelligence is increasing across industries, raising concerns about the AI security risks that may arise from the use of AI. Accordingly, Foreign countries recognize the need and importance of AI regulation and are focusing on developing related policies and regulations. This movement is also happening in Korea, and AI regulations have not been specified, so it is necessary to compare and analyze existing policy proposals or guidelines to derive common factors and identify complementary points, and discuss the direction of domestic AI regulation. In this paper, we investigate AI security risks that may arise in the AI life cycle and derive six points to be considered in establishing domestic AI regulations through analysis of each risk. Based on this, we analyze AI policy proposals and recommendations in Korea and validate additional issues. In addition, based on a review of the main content of AI laws in the US and EU and the analysis of this paper, we propose measures to improve domestic guidelines and policies in the field of AI.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.6
• /
• pp.1099-1110
• /
• 2023

The recognition system of autonomous driving and robot navigation performs vision work such as object recognition, tracking, and lane detection after multi-sensor fusion to improve performance. Currently, research on a deep learning model based on the fusion of a camera and a lidar sensor is being actively conducted. However, deep learning models are vulnerable to adversarial attacks through modulation of input data. Attacks on the existing multi-sensor-based autonomous driving recognition system are focused on inducing obstacle detection by lowering the confidence score of the object recognition model.However, there is a limitation that an attack is possible only in the target model. In the case of attacks on the sensor fusion stage, errors in vision work after fusion can be cascaded, and this risk needs to be considered. In addition, an attack on LIDAR's point cloud data, which is difficult to judge visually, makes it difficult to determine whether it is an attack. In this study, image scaling-based camera-lidar We propose an attack method that reduces the accuracy of LCCNet, a fusion model (camera-LiDAR calibration model). The proposed method is to perform a scaling attack on the point of the input lidar. As a result of conducting an attack performance experiment by size with a scaling algorithm, an average of more than 77% of fusion errors were caused.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.34 no.2
• /
• pp.335-345
• /
• 2024

In the digital era, data security has become an increasingly critical issue, drawing significant attention. Particularly, anti-tampering technology has emerged as a key defense mechanism against indiscriminate hacking and unauthorized access. This paper explores case studies that exemplify the trends in the development and application of TPM (Trusted Platform Module) and software anti-tampering technology in today's digital ecosystem. By analyzing various existing security guides and guidelines, this paper identifies ambiguous areas within them and investigates recent trends in domestic and international research on software anti-tampering. Consequently, while guidelines exist for applying anti-tampering techniques, it was found that there is a lack of methods for evaluating them. Therefore, this paper aims to propose a comprehensive and systematic evaluation framework for assessing both existing and future software anti-tampering techniques. To achieve this, it using various verification methods employed in recent research. The proposed evaluation framework synthesizes these methods, categorizing them into three aspects (functionality, implementation, performance), thereby providing a comprehensive and systematic evaluation approach for assessing software anti-tampering technology in detail.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.34 no.2
• /
• pp.207-216
• /
• 2024

As big data was built due to the 4th Industrial Revolution, personalized services increased rapidly. As a result, the amount of personal information collected from online services has increased, and concerns about users' personal information leakage and privacy infringement have increased. Online service providers provide privacy policies to address concerns about privacy infringement of users, but privacy policies are often misused due to the long and complex problem that it is difficult for users to directly identify risk items. Therefore, there is a need for a method that can automatically check whether the privacy policy is safe. However, the safety verification technique of the conventional blacklist and machine learning-based privacy policy has a problem that is difficult to expand or has low accessibility. In this paper, to solve the problem, we propose a safety verification technique for the privacy policy using the GPT-3.5 API, which is a generative artificial intelligence. Classification work can be performed evenin a new environment, and it shows the possibility that the general public without expertise can easily inspect the privacy policy. In the experiment, how accurately the blacklist-based privacy policy and the GPT-based privacy policy classify safe and unsafe sentences and the time spent on classification was measured. According to the experimental results, the proposed technique showed 10.34% higher accuracy on average than the conventional blacklist-based sentence safety verification technique.