• Proceedings of the Korea Information Processing Society Conference
• /
• 2018.05a
• /
• pp.110-112
• /
• 2018

북한은 소프트웨어 개발기관인 조선콤퓨터센터(KCC)를 설립하고 자체 소프트웨어를 개발하여 사용하고 있다. 조선콤퓨터센터(KCC)는 리눅스 오픈소스 기반의 붉은별 운영체제를 개발하고, 내부 응용프로그램인 서광문서처리체계를 개발하여 사용하고 있다. 이러한 내부문서체계의 보안 취약점을 분석하기 위해 서광문서체계와 유사한 워드프로세스의 CVE 보안 취약점을 분석하고, 서광문서체계의 파일인 ODT 파일의 구조를 분석한다.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2012.11a
• /
• pp.997-1000
• /
• 2012

인터넷의 급속한 발달로 인해 아날로그 콘텐츠에서 디지털 콘텐츠 서비스로 빠르게 발전하고 있다. 다양한 분야에서 디지털 콘텐츠를 이용하여 오프라인 시스템을 대체하게 되었다. 하지만 디지털 콘텐츠의 특성 때문에 불법 복제 및 무단 유포의 문제점과 저작권 침해의 문제점들이 발생하게 되었다. 따라서 보안 서비스에 대한 요구사항도 급격히 증가하고 있다. 이에 따라 본 논문에서는 워터마크 기술을 기반으로 인터넷 환경에서 사용자가 원하는 워터마킹을 이용하여 불법 복제를 방지함으로써 안전한 문서보안 콘텐츠를 제공하기 위한 시스템을 구현 및 설계 하였다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.12 no.5
• /
• pp.53-61
• /
• 2002

In this paper, we will introduce a design of key recovery based on XML can be used in B2B environment. XML Digital Signature and XML Encryption that are defied recently as standards by W3C(World Wide Web Consortium) are deployed to sign/verify or encrypt/decrypt documents for electronic commerce and keys to store/load at/from key recovery server. The result of signature or encryption is always an XML document and all messages used in this key recovery system are also XML documents. It enables to adapt transparently this key recovery system to legacy XML applications and electronic commerce platforms based on XML. And its method for key recovery is key escrow. One of the characteristics of this key recovery is that one enterprise can recover keys of some documents for electronic commerce from external key recovery system in other enterprises related with them and also recover keys from owns.

• Convergence Security Journal
• /
• v.22 no.5
• /
• pp.3-9
• /
• 2022

Recently, in order to build a cyber physical system(CPS) that is a technology related to the 4th industry, the construction of the virtual control system for physical model and control circuit simulation is increasingly required in various industries. It takes a lot of time and money to convert documents that are not electronically documented through direct input. For this, it is very important to digitize a large number of drawings that have already been printed through object recognition using artificial intelligence. In this paper, in order to accurately recognize objects in drawings and to utilize them in various applications, a recognition technique using artificial intelligence by analyzing the characteristics of objects in drawing was proposed. In order to improve the performance of object recognition, each object was recognized and then an intermediate file storing the information was created. And the recognition rate of the next recognition target was improved by deleting the recognition result from the drawing. In addition, the recognition result was stored as a standardized format document so that it could be utilized in various fields of the control system. The excellent performance of the technique proposed in this paper was confirmed through the experiments.

• Journal of Korea Multimedia Society
• /
• v.16 no.10
• /
• pp.1156-1162
• /
• 2013

Face verification has been widely studied during the past two decades. One of the challenges is the rising concern about the security and privacy of the template database. In this paper, we propose a secure face verification system which generates a unique secure cryptographic key from a face template. The face images are processed to produce face templates or codes to be utilized for the encryption and decryption tasks. The result identity data is encrypted using Advanced Encryption Standard (AES). Distance metric naming hamming distance and Euclidean distance are used for template matching identification process, where template matching is a process used in pattern recognition. The proposed system is tested on the ORL, YALEs, and PKNU face databases, which contain 360, 135, and 54 training images respectively. We employ Principle Component Analysis (PCA) to determine the most discriminating features among face images. The experimental results showed that the proposed distance measure was one the promising best measures with respect to different characteristics of the biometric systems. Using the proposed method we needed to extract fewer images in order to achieve 100% cumulative recognition than using any other tested distance measure.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.11 no.5
• /
• pp.1653-1660
• /
• 2010

The user information stored in database have been leaked frequently. To protect information against malevolent manager on the inside or outside aggressor, it is one of the most efficient way to encrypt information and store to database. It is better to destruct information than not to use encrypted information stored in database. The encrypted database search system is developed variously, and used widely in many fields. In this paper, we implemented the scheme that can search encrypted document without exposing user's information to the untrusted server in mobile device. We compared and analyzed the result embodied with DES, AES, and ARIA based on symmetric key by searching time.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.15 no.6
• /
• pp.2188-2203
• /
• 2021

With the rapid development of mobile Internet, smart phones have been widely popularized, among which Android platform dominates. Due to it is open source, malware on the Android platform is rampant. In order to improve the efficiency of malware detection, this paper proposes deep learning Android malicious detection system based on behavior features. First of all, the detection system adopts the static analysis method to extract different types of behavior features from Android applications, and extract sensitive behavior features through Term frequency-inverse Document Frequency algorithm for each extracted behavior feature to construct detection features through unified abstract expression. Secondly, Long Short-Term Memory neural network model is established to select and learn from the extracted attributes and the learned attributes are used to detect Android malicious applications, Analysis and further optimization of the application behavior parameters, so as to build a deep learning Android malicious detection method based on feature analysis. We use different types of features to evaluate our method and compare it with various machine learning-based methods. Study shows that it outperforms most existing machine learning based approaches and detects 95.31% of the malware.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.31 no.5B
• /
• pp.478-485
• /
• 2006

In this paper, we analyze the conditions of generating the dynamic Web documents in multi-user server and propose effective method for it. PSSI technique leads to replace the complex process of modifying a CGI source program by simply correcting the HTML Web document in the external file form. This technique has the strong points of CGI, flexibility and security of programming as well as those of SSI, easiness of modifying Web documents. Due to the characteristics of PSSI that Web source documents are in the form of external file, we show that with a single CGI program an individual user can design and modify his own Web documents in his directory. This means that PSSI technique has more advantage in managing the server than the CGI method which requires CGI program to be set up whenever that service is needed.

• The KIPS Transactions:PartC
• /
• v.12C no.1 s.97
• /
• pp.37-44
• /
• 2005

As wireless network was developed and Capability of Wireless Phone was increased, M-Commerce was activates In Wireless network environment. User Authentication and Security in E-Commerce Environment is very important, so Authentication Technology, such as WPKI and Hermes System, XML Digital Signature in Wire Network is studying. But if authentication systems was implemented heterogeneous, WPKI is difficult to implement the system, it's not interoperate with authentication system on wire internet, not support XML digital Signature. Hermes system also not interoperate with XML digital signature system. So our paper designed System that can interoperate among digital signature systems and XML document to apply XML digital signature technology on wire network to wireless network, and then implemented system that can XML digital signature to use Java Card.

• International Commerce and Information Review
• /
• v.6 no.2
• /
• pp.107-127
• /
• 2004

The rapid development of internet information technology has increased interest in e-Trade these days, but it is not activated greatly up to now. In order to promote e-Trade, it is essential to construct cooperative process such as connecting systems among trade related parties. Building e-Trade platform which is based on the infrastructure of the past trade automatic system is key point of promoting e-Trade. To do this, a study on the basic concept and specific components of e-Trade platform is needed absolutely. At this point of view, after this paper has examined domestic and foreign studies on the fundamental technologies about electronic commerce, it drew several key technologies that could be applied to e-Trade considering the current IT trend. Then it evaluates these technologies according to Technology Reference Model(TRM) of the National Computerization Agency. This will help us to show the operation strategy as well as the concept of future e-Trade platform and its composition. On the basis of the theoretical background, this paper classified NCA's technology model into 6 fields, which are application. data, platform, communication, security and management. Considering the key technologies, e-Trade platform has to be mutually connected and accept international standards such as XML. In the aspect of business side, trade relative agencies' business process as well as trading company's process has to be considered. Therefore, e-Trade platform can be classified into 3 parts which are service, infrastructure and connection. Infrastructure part is compared of circulating and managing system of electronic document, interface and service framework. Connecting service (application service) and additional service (application service) consist of service part. Connecting part is a linking mutual parts and can be divided into B2B service and B20 service. The organization operating this e-trade platform must have few responsibilities and requirements. It needs to positively accept existing infrastructure of trade automatic system and improving the system to complete e-trade platform. It also have to continuously develop new services and possess ability to operate the system for providing proper services to demanders. As a result, private sector that can play a role as TTP(Third Trust Party) is adequate for operating the system. In this case, revising law is necessary to support the responsibility and requirement of private sector.