• Journal of Internet Computing and Services
• /
• v.21 no.3
• /
• pp.93-102
• /
• 2020

In order for data obtained through all stages of digital crime investigation to be recognized as evidence capability, it must satisfy legal / technical requirements. In this paper, we propose a mechanism and implement software to provide digital forensic evidence by automatically recovering files by scanning / inspecting the unallocated area inside the storage disk block without relying on information provided by the file system. The proposed technique checks / analyzes the RAW disk data of the system under analysis in 512-byte block units based on information on the storage format / file structure of various files stored on the disk without referring to the file system-related information provided by the operating system. The file carving process was implemented, and a smart carving mechanism was proposed to intelligently restore deleted or damaged files in the storage device. As a result, we have provided a block based smart carving method to intelligently identify fragmented and damaged files in storage efficiently for forgery analysis on digital forensic investigation.

• Proceedings of the Korean Society of Broadcast Engineers Conference
• /
• 2017.06a
• /
• pp.63-65
• /
• 2017

This paper proposes a detection algorithm of video tampering by investigating the change of HEVC coding pattern. When a part of video is deleted and re-compressed, the characteristic patterns are generated by forgery. The proposed algorithm uses these patterns to classify whether video is forged. Experimental results show that the proposed method detects video forgery effectively.

• International journal of advanced smart convergence
• /
• v.12 no.1
• /
• pp.149-156
• /
• 2023

OOXML-based MS-Office digital files are extensively utilized by businesses and organizations worldwide. However, OOXML-based MS-Office digital files are vulnerable to forgery and corruption attack by including hidden suspicious information, which can lead to activating malware or shell code being hidden in the file. Such malicious code can cause a computer system to malfunction or become infected with ransomware. To prevent such attacks, it is necessary to analyze and detect the corruption of OOXML-based MS-Office files. In this paper, we examine the weaknesses of the existing OOXML-based MS-Office file structure and analyzes how concealment and forgery are performed on MS-Office digital files. As a result, we propose a system to detect hidden data effectively and proactively respond to ransomware attacks exploiting MS-Office security vulnerabilities. Proposed system is designed to provide reliable and efficient detection of hidden data in OOXML-based MS-Office files, which can help organizations protect against potential security threats.

• Journal of Broadcast Engineering
• /
• v.22 no.6
• /
• pp.734-743
• /
• 2017

In this paper, we introduce a technique to detect the video forgery using coding pattern analysis. In the proposed method, the recently developed standard HEVC codec, which is expected to be widely used in the future, is used. First, HEVC coding patterns of the forged and the original videos are analyzed to select the discriminative features, and the selected feature vectors are learned through the machine learning technique to model the classification criteria between two groups. Experimental results show that the proposed method is more effective to detect frame deletions for HEVC-coded videos than existing works.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.15 no.3
• /
• pp.109-114
• /
• 2005

On the research for constructing secure group-oriented proxy signature schemes, there are several proposals of threshold proxy signature schemes which combine the notions of proxy signature with threshold signature. Recently, Hsu and Wu proposed a threshold proxy signature scheme which uses a self-certified public key based on discrete logarithm problem. In this paper, we show that this scheme is vulnerable to original signer's forgery attack. So our attack provides the evidence that this scheme does not satisfy nonrepudiation property.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.2
• /
• pp.429-436
• /
• 2018

Electronic documents are efficient to be created and managed, but they are liable to lose their originality because copies are created during distribution and delivery. For this reason, various security technologies for electronic documents have been applied. However, most security technologies currently used are for document management such as file access privilege control, file version and history management, and therefore can not be used in environments where authenticity is absolutely required, such as confidential documents. In this paper, we propose a method to detect document forgery and tampering through analysis of file system without installing an agent inside the instance operating system in cloud computing environment. BubbleDoc monitors the minimum amount of virtual volume storage in an instance, so it can efficiently detect forgery and tampering of documents. Experimental results show that the proposed technique has 0.16% disk read operation overhead when it is set to 1,000ms cycle for monitoring for document falsification and modulation detection.

• Journal of the Korean Institute of Intelligent Systems
• /
• v.20 no.6
• /
• pp.825-830
• /
• 2010

Generally, the copy protection mark and 2D bar-code techniques are widely used for forgery protection in printed public documents. But, it is hard to discriminate truth from the copy documents by using exisiting methods, because of that existing 2D-barcode is separated from the copy protection mark and it can be only recognized by specified optical barcord scanner. Therefor, in this paper, we proposed the forgery protection tehchnique for discriminating truth from the copy document by using watermark inserted 2D-barcord, which can be accurately distinguished not only by naked eye, but also by scanner. The copy protection mark consists of deformed patterns that are caused by the lowpass filter characteristic of digital I/O device. From these, we verified the performance of the proposed techniques by applying the histogram analysis based on the original, copy, and scanned copy image of the printed documents. Also, we suggested 2D-barcord confirmation system which can be accessed through the online server by using certification key data which is detected by web-camera, cell phone camera.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.13 no.1
• /
• pp.273-278
• /
• 2013

Recently, user authentication schemes using smart cards for multi-server environment have been proposed for practical applications. In 2009, Liao-Wang proposed a secure dynamic ID based remote user authentication scheme for multi-server environment that can withstand the various possible attacks and provide user anonymity. In this paper, we analyze the security of Liao-Wang's scheme, and we show that Liao-Wang's scheme is still insecure against the forgery attack, the password guessing attack, the session key attack, and the insider attack. In addition, Liao-Wang's scheme does not provide user anonymity between the user and the server.

• Journal of Software Assessment and Valuation
• /
• v.17 no.1
• /
• pp.17-24
• /
• 2021

There is a problem that unknown paintings are sophisticated in the level of forgery, making it difficult for even experts to determine whether they are genuine or counterfeit. These problems can be suspected of forgery even if the genuine product is submitted, which can lead to a decline in the value of the work and the artist. To address these issues, in this paper, we propose a system to classify chromaticity data among extracted data through objective analysis into quadrants, extracting comparisons and intersections, and estimating authors of unknown paintings using XRF and hyperspectral spectrum data from corresponding points.

• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 2003.07a
• /
• pp.43-46
• /
• 2003

At SIC 2001, Popescu proposed m efficient group signature scheme for large groups［1］. However, this paper shows that his scheme is to be insecure by presenting a signature forgery. Using our attack, anyone (not necessarily a group member) can forge a signature on a message m, and sine the attacker doesn't have to be the group member, the revocation manager cannot reveal the identity of the signer. Additionally, we modify Popescue's scheme to prevent the forgeary.