• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.40 no.5
• /
• pp.815-825
• /
• 2015

DNP3(Distributed Network Protocol) is one of the most representative protocols which is used in SCADA(Supervisory Control and Data Acquisition) system. IEC 62351 is listing the integrity, confidentiality, availability and non-repudiation or accountability as the security requirement. However, IEEE Std. 1815 that is DNP3 standards does not define a mechanism for non-repudiation or accountability. In this paper, we propose a non-repudiation of origin technique about the sender of critical ASDU and implement the proposed scheme using software such as OpenSSL and SCADA source code library.

• International Journal of Internet, Broadcasting and Communication
• /
• v.10 no.3
• /
• pp.11-25
• /
• 2018

While being believed that decrypting any RSA ciphertext is as hard as factorizing the RSA modulus, it was also shown that, if additional information is available, breaking the RSA cryptosystem may be much easier than factoring. For example, Coppersmith showed that, given the 1/2 fraction of the least or the most significant bits of one of two RSA primes, one can factorize the RSA modulus very efficiently, using the lattice-based technique. More recently, introducing the so called cold boot attack, Halderman et al. showed that one can recover cryptographic keys from a decayed DRAM image. And, following up this result, Heninger and Shacham presented a polynomial-time attack which, given 0.27-fraction of the RSA private key of the form (p, q, d, $d_p$, $d_q$), can recover the whole key, provided that the given bits are uniformly distributed. And, based on the work of Heninger and Shacham, this paper presents a different approach for recovering RSA private key bits from decayed key information, under the assumption that some random portion of the private key bits is known. More precisely, we present the algorithm of recovering RSA private key bits from erased key material and elaborate the formula of describing the number of partially-recovered RSA private key candidates in terms of the given erasure rate. Then, the result is justified by some extensive experiments.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.38B no.3
• /
• pp.190-198
• /
• 2013

Since the facilities for the remote users tend to be deployed in distributed manner, authentication schemes for multi-server communication settings, which provide various web services, are required for real-world applications. A typical way to authenticate a remote user relies on password authentication mostly. However, this method is vulnerable to attacks and inconvenient as the system requires users to maintain different identities and corresponding passwords. On the other hand, the user can make use of a single password for all servers, but she may be exposed to variants of malicious attacks. In this paper, we propose an efficient and secure authentication scheme based on a brokered authentication along with smart-cards in multi-server environment. Further we show that our scheme is secure against possible attacks and analyze its performance with respect to communication and computational cost.

• The Transactions of the Korean Institute of Electrical Engineers A
• /
• v.55 no.4
• /
• pp.139-143
• /
• 2006

Recently, standard of living improved and Information-Communication industry developed rapidly. Thereby, interest about electric power quality is rising worldwide. So, research and Development to enhance electric power quality in various viewpoint until most suitable supply system from each kind device to improve electric power quality. And specially, interest about voltage quality is rising by diffusion increase of information communication appliance and minuteness control appliance etc. Also Power consumption is increasing, but expansion of large size generator by environmental and site security problem is difficult. So, introduction of distribution generation is investigated actively by electric-power industry reorganization. Voltage management of power system had been controlled by ULTC (Under Load Tap Changer) in substation and pole transformer on the high voltage distribution line. But, voltage control device on substation and distribution line is applied each other separatively. Therefore, efficiency of line voltage control equipment is dropping. Also, research about introduction upper limit of distribution generation is consisting continuously. This paper presents cooperation use way between voltage control device and introduction upper limit of distribution generation for most suitable voltage control in distribution power system.

• Journal of Electrical Engineering and Technology
• /
• v.13 no.5
• /
• pp.2086-2098
• /
• 2018

Security plays a vital role and is the key challenge in Mobile Ad-hoc Networks (MANET). Infrastructure-less nature of MANET makes it arduous to envisage the genre of topology. Due to its inexhaustible access, information disseminated by roaming nodes to other nodes is susceptible to many hazardous attacks. Intrusion Detection and Prevention System (IDPS) is undoubtedly a defense structure to address threats in MANET. Many IDPS methods have been developed to ascertain the exceptional behavior in these networks. Key issue in such IDPS is lack of fast self-organized learning engine that facilitates comprehensive situation awareness for optimum decision making. Proposed "Intelligent Behavioral Hybridized Intrusion Detection and Prevention System (IBH_IDPS)" is built with computational intelligence to detect complex multistage attacks making the system robust and reliable. The System comprises of an Intelligent Client Agent and a Smart Server empowered with fuzzy inference rule-based service engine to ensure confidentiality and integrity of network. Distributed Intelligent Client Agents incorporated with centralized Smart Server makes it capable of analyzing and categorizing unethical incidents appropriately through unsupervised learning mechanism. Experimental analysis proves the proposed model is highly attack resistant, reliable and secure on devices and shows promising gains with assured delivery ratio, low end-to-end delay compared to existing approach.

• Review of KIISC
• /
• v.19 no.5
• /
• pp.11-20
• /
• 2009

지난 2009년 7월 7일부터 수차례에 걸쳐 청와대 및 다수의 중요 웹 사이트에 대해 분산서비스거부(Distributed Denial of Service, DDoS) 공격이 시도되었다. 이 공격에서 사용된 공격 방법은 공격 트래픽의 형태와, 공격 수행을 위한 공격 네트워크의 구성 방법에 있어서 기존의 방법과는 다른 형태를 띠었고, 이로 인해 공격탐지 및 차단이 쉽게 이루어지지 않아, 피해가 매우 컸다. 이와 같이 최근에는 기존의 DDoS 공격 탐지 및 차단 기술로는 쉽게 탐지 및 차단할 수 없는 고도화된 분산서비스거부 공격이 시도되고 있으며, 그로 인한 피해가 커지고 있는 상황이다. 분산서비스거부 공격은 이미 2000년 이전부터 발생하여온 오래된 공격임에도 불구하고 아직까지 이를 효과적으로 차단하지 못하고 있는 것이다. 이는 전체 정보통신 운영환경과 분산서비스거부 공격의 전체 공격 프로세스에 대한 심도있는 분석을 통해 인터넷 전반에 걸친 거시적인 DDoS공격 대응 방안을 모색하는 것이 아니라, 개개의 공격 형태를 탐지하고 차단할 수 있는 방법을 모색했기 때문이다. 이에, 본 논문에서는 과저부터 현재까지 DDoS공격이 어떻게 발전해 왔는지를 분석하고, 현재 발생하고 있는 분산서비스 거부 공격의 공격 체계와 공격 기법에 대한 복합적 분석을 통해 현재의 고도화된 분산서비스 거부 공격을 효과적으로 차단할 수 있는 분산서비스거부 공격 통합 대응체계를 제안한다.

• The KIPS Transactions:PartC
• /
• v.10C no.6
• /
• pp.825-834
• /
• 2003

In this paper, we propose a new certified e-mail system which reduces user's computational overhead and distributes confidentiality of TTP(Trusted Third Partty). Based on the traditional cryptographic schemes and server-supported signiture for fairness and confidentiality of message, we intend to minimize to computation overhead of mobile device on public key algorithm. Therefore, our proposal becomes to be suitable for mail user sho uses mobile devices such as cellular phone and PDA. Moreover, the proposed system is fault-tolerant, secure against mobile adversary and conspiracy attack, since it is based on the threshold cryptography on server-side.

• Proceedings of the KIEE Conference
• /
• 1996.07b
• /
• pp.883-886
• /
• 1996

Instead of point-to-point hard wiring between substation yard equipments and SCADA RTU(Remote Terminal Unit), fibre optic cable will be used in the portion between Local Units and Central Unit in the future KEPCO 765kV substation. The connections between substation yard equipments and nearby Local Unit remain the same hard wiring. The new fibre optic system will provide security especially during ground faults and is immune to electrical noise. A prototype system will be manufactured and installed in the existing 154kV Yeosan Substation by the end of July this year and operated for one year. By incorporating the operation experiences acquired in the system, an improved system will be commercially applied to 765kV Shin-An-Seong Substation where 345kV GIS will be installed initially and act as the switching station in the year 1998. The system is composed of one Central Unit and several Local Units. The Central Unit is composed of two workstation level computers, one is in operation and the other backup, and a Communication Control Unit. The Local Unit uses the existing SCADA RTU technology and takes the form of a distributed one. Between the Communication Control Unit and Local Units, the fibre optic system with star-coupler is used.

• 한국정보통신설비학회:학술대회논문집
• /
• 2008.08a
• /
• pp.102-106
• /
• 2008

Forensic Marking is the technology that enables the service providers (SP) to identify the illegal digital contents distributors by first inserting markings (data indicating the user information and playback time) in realtime into the digital contents at time of playback of digital contents, and then later by extracting inserted markings from the contents which are illegally captured from the multimedia device such as IPTV STBs and distributed over the Internet. Digital Rights Management (DRM), which is a very popular content protection technology, has the security hole that can be vulnerable because the encrypted digital contents are transformed into their original plaintext forms after the decrypting process on the STBs. Therefore Forensic Marking (FM) has now become a companion content protection solution to DRM. This article describes a new way of tracking up to 4 illegal content users in FM implementation using the blue-difference chroma component of YCbCr color space. This FM technology has many advantages like fast processing time and easy portability to STB devices compared to that of the traditional watermarking processing in the frequency domain.

• Journal of KIISE:Computer Systems and Theory
• /
• v.30 no.7_8
• /
• pp.417-425
• /
• 2003

We propose an efficient one-time signature scheme for stream authentication by improving HORS. When one-time signatures are used for authenticating live streams, one of the most serious drawbacks is that its large signature size yields high communication overhead. Compared with the previous one-time signature schemes, proposed scheme has the smallest signature size. Moreover, verification overhead is very low. Compared with the previous schemes for stream authentication, signing overhead of our scheme is larger than that of HORS but much lower than those of BiBa or Powerball. Moreover, signing operation can be trivially parallelized without any additional risk because it does not require sharing of the secret key between distributed servers.