• Title/Summary/Keyword: Forgery Analysis

Search Result 70, Processing Time 0.023 seconds

Study on History Tracking Technique of the Document File through RSID Analysis in MS Word (MS 워드의 RSID 분석을 통한 문서파일 이력 추적 기법 연구)

  • Joun, Jihun;Han, Jaehyeok;Jung, Doowon;Lee, Sangjin
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.28 no.6
    • /
    • pp.1439-1448
    • /
    • 2018
  • Many electronic document files, including Microsoft Office Word (MS Word), have become a major issue in various legal disputes such as privacy, contract forgery, and trade secret leakage. The internal metadata of OOXML (Office Open XML) format, which is used since MS Word 2007, stores the unique Revision Identifier (RSID). The RSID is a distinct value assigned to a corresponding word, sentence, or paragraph that has been created/modified/deleted after a document is saved. Also, document history, such as addition/correction/deletion of contents or the order of creation, can be tracked using the RSID. In this paper, we propose a methodology to investigate discrimination between the original document and copy as well as possible document file leakage by utilizing the changes of the RSID according to the user's behavior.

Exact Security Analysis of Some Designated Verifier Signature Schemes With Defective Security Proof (결함 있는 안전성 증명을 갖는 수신자 지정 서명기법들에 대한 정확한 안전성분석)

  • Kim, Ki-Tae;Nyang, Dae-Hun;Lee, Kyung-Hee
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.20 no.5
    • /
    • pp.37-48
    • /
    • 2010
  • Designated verifier signatures allow a signer to prove the validity of a signature to a specifically designated verifier. The designated verifier can be convinced but unable to prove the source of the message to a third party. Unlike conventional digital signatures, designated verifier signatures make it possible for a signer to repudiate his/her signature against anyone except the designated verifier. Recently, two designated verifier signature schemes, Zhang et al.'s scheme and Kang et al.'s scheme, have been shown to be insecure by concrete attacks. In this paper, we find the essential reason that the schemes open attacks while those were given with its security proofs, and show that Huang-Chou scheme and Du-Wen scheme have the same problem. Indeed, the security proofs of all the schemes reflect no message attackers only. Next, we show that Huang-Chou scheme is insecure by presenting universal forgery attack. Finally, we show that Du-Wen scheme is, indeed, secure by completing its defective security proof.

Integrated Object Detection and Blockchain Framework for Remote Safety Inspection at Construction Sites

  • Kim, Dohyeong;Yang, Jaehun;Anjum, Sharjeel;Lee, Dongmin;Pyeon, Jae-ho;Park, Chansik;Lee, Doyeop
    • International conference on construction engineering and project management
    • /
    • 2022.06a
    • /
    • pp.136-144
    • /
    • 2022
  • Construction sites are characterized by dangerous situations and environments that cause fatal accidents. Potential risk detection needs to be improved by continuously monitoring site conditions. However, the current labor-intensive inspection practice has many limitations in monitoring dangerous conditions at construction sites. Computer vision technology that can quickly analyze and collect site conditions from images has been in the spotlight as a solution. Nonetheless, inspection results obtained via computer vision are still stored and managed in centralized systems vulnerable to tampering with information by the central node. Blockchain has been used as a reliable and efficient decentralized information management system. Despite its potential, only limited research has been conducted integrating computer vision and blockchain. Therefore, to solve the current safety management problems, the authors propose a framework for construction site inspection that integrates object detection and blockchain network, enabling efficient and reliable remote inspection. Object detection is applied to enable the automatic analysis of site safety conditions. As a result, the workload of safety managers can be reduced with inspection results stored and distributed reliably through the blockchain network. In addition, errors or forgery in the inspection process can be automatically prevented and verified through a smart contract. As site safety conditions are reliably shared with project participants, project participants can remotely inspect site conditions and make safety-related decisions in trust.

  • PDF

A Study of Forensic on Eavesdropping from VoIP and Messenger through WiBro Network (WiBro 네트워크에서 메신저, VoIP 도청 및 포렌식 연구)

  • Chun, Woo-Sung;Park, Dea-Woo
    • Journal of the Korea Society of Computer and Information
    • /
    • v.14 no.5
    • /
    • pp.149-156
    • /
    • 2009
  • Korean WiBro becomes international standard to IEEE 802.16e, and We are carrying out a WiBro network business from capital regions. We executed eavesdropping about voices and messenger program and the VoIP which frequently happened in WiBro networks at these papers. We have a lot in common with the Wireshark which is a packet collection and an analyzer, and We execute eavesdropping, and We reproduce eavesdropping data with bases to a SIP, H.263, TCP, UDP protocol through packets. In time of a copy of a packet negative the VoIP which verify time with bases, and was eavesdropped on integrity packet and a X-Lite call record, be matched that a packet is counterfeit forgery did not work, and We demonstrate, and verify integrity. The data which integrity was verified put in a seaming envelope, and we prepare so as it is to a liver of investigator, and execute, and to be able to do use to proof data after seaming in courts in order to utilize as criminal investigation data.

Blockchain-based Smart Meter Authentication Protocol in Smart Grid Environment (스마트 그리드 환경에서 블록체인 기반 스마트 미터 인증 프로토콜)

  • Jonghyun Kim;Myeonghyun Kim;Youngho Park
    • Journal of Korea Society of Industrial Information Systems
    • /
    • v.28 no.5
    • /
    • pp.41-54
    • /
    • 2023
  • Smart grid that supports efficient energy production and management is used in various fields and industries. However, because of the environment in which services are provided through open networks, it is essential to resolve trust issues regarding security vulnerabilities and privacy preservation. In particular, the identification information of smart meter is managed by a centralized server, which makes it vulnerable to security attacks such as device stolen, data forgery, alteration, and deletion. To solve these problems, this paper proposes a blockchain based authentication protocol for a smart meter. The proposed scheme issues an unique decentralized identifiers (DIDs) for individual smart meter through blockchain and utilizes a random values based on physical unclonable function (PUF) to strengthen the integrity and reliability of data. In addition, we analyze the security of the proposed scheme using informal security analysis and AVISPA simulation, and show the efficiency of the proposed scheme by comparing with related work.

Online Signature Verification by Visualization of Dynamic Characteristics using New Pattern Transform Technique (동적 특성의 시각화를 수행하는 새로운 패턴변환 기법에 의한 온라인 서명인식 기술)

  • Chi Suyoung;Lee Jaeyeon;Oh Weongeun;Kim Changhun
    • Journal of KIISE:Software and Applications
    • /
    • v.32 no.7
    • /
    • pp.663-673
    • /
    • 2005
  • An analysis model for the dynamics information of two-dimensional time-series patterns is described. In the proposed model, two novel transforms that visualize the dynamic characteristics are proposed. The first transform, referred to as speed equalization, reproduces a time-series pattern assuming a constant linear velocity to effectively model the temporal characteristics of the signing process. The second transform, referred to as velocity transform, maps the signal onto a horizontal vs. vertical velocity plane where the variation oi the velocities over time is represented as a visible shape. With the transforms, the dynamic characteristics in the original signing process are reflected in the shape of the transformed patterns. An analysis in the context of these shapes then naturally results in an effective analysis of the dynamic characteristics. The proposed transform technique is applied to an online signature verification problem for evaluation. Experimenting on a large signature database, the performance evaluated in EER(Equal Error Rate) was improved to 1.17$\%$ compared to 1.93$\%$ of the traditional signature verification algorithm in which no transformed patterns are utilized. In the case of skilled forgery experiments, the improvement was more outstanding; it was demonstrated that the parameter set extracted from the transformed patterns was more discriminative in rejecting forgeries

A study on the vulnerability of integrity verification functions of android-based smartphone banking applications (안드로이드 스마트폰 뱅킹 앱 무결성 검증 기능의 취약점 연구)

  • Kim, Soonil;Kim, Sunghoon;Lee, Dong Hoon
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.23 no.4
    • /
    • pp.743-755
    • /
    • 2013
  • In recent years, the malicious apps with malicious code in normal apps are increasingly redistributed in Android market, which may incur various problems such as the leakage of authentication information and transaction information and fraudulent transactions when banking apps to process the financial transactions are exposed to such attacks. Thus the financial authorities established the laws and regulations as an countermeasures against those problems and domestic banks provide the integrity verification functions in their banking apps, yet its reliability has not been verified because the studies of the safety of the corresponding functions have seldom been conducted. Thus this study suggests the vulnerabilities of the integrity verification functions of banking apps by using Android reverse engineering analysis techniques. In case the suggested vulnerabilities are exploited, the integrity verification functions of banking apps are likely to be bypassed, which will facilitate malicious code inserting attacks through repackaging and its risk is very high as proved in a test of this study. Furthermore this study suggests the specific solutions to those vulnerabilities, which will contribute to improving the security level of smartphone financial transaction environment against the application forgery attacks.

An analysis on invasion threat and a study on countermeasures for Smart Car (스마트카 정보보안 침해위협 분석 및 대응방안 연구)

  • Lee, Myong-Yeal;Park, Jae-Pyo
    • Journal of the Korea Academia-Industrial cooperation Society
    • /
    • v.18 no.3
    • /
    • pp.374-380
    • /
    • 2017
  • The Internet of Things (IoT) refers to intelligent technologies and services that connect all things to the internet so they can interactively communicate with people, other things, and other systems. The development of the IoT environment accompanies advances in network protocols applicable to more lightweight and intelligent sensors, and lightweight and diverse environments. The development of those elemental technologies is promoting the rapid progress in smart car environments that provide safety features and user convenience. These developments in smart car services will bring a positive effect, but can also lead to a catastrophe for a person's life if security issues with the services are not resolved. Although smart cars have various features with different types of communications functions to control the vehicles under the existing platforms, insecure features and functions may bring various security threats, such as bypassing authentication, malfunctions through illegitimate control of the vehicle via data forgery, and leaking of private information. In this paper, we look at types of smart car services in the IoT, deriving the security threats from smart car services based on various scenarios, suggesting countermeasures against them, and we finally propose a safe smart car application plan.

Analysis on Power Consumption Characteristics of SHA-3 Candidates and Low-Power Architecture (SHA-3 해쉬함수 소비전력 특성 분석 및 저전력 구조 기법)

  • Kim, Sung-Ho;Cho, Sung-Ho
    • Journal of the Korea Institute of Information and Communication Engineering
    • /
    • v.15 no.1
    • /
    • pp.115-125
    • /
    • 2011
  • Cryptographic hash functions are also called one-way functions and they ensure the integrity of communication data and command by detecting or blocking forgery. Also hash functions can be used with other security protocols for signature, authentication, and key distribution. The SHA-1 was widely used until it was found to be cryptographically broken by Wang, et. al, 2005. For this reason, NIST launched the SHA-3 competition in November 2007 to develop new secure hash function by 2012. Many SHA-3 hash functions were proposed and currently in review process. To choose new SHA-3 hash function among the proposed hash functions, there have been many efforts to analyze the cryptographic secureness, hardware/software characteristics on each proposed one. However there are few research efforts on the SHA-3 from the point of power consumption, which is a crucial metric on hardware module. In this paper, we analyze the power consumption characteristics of the SHA-3 hash functions when they are made in the form of ASIC hardware module. Also we propose power efficient hardware architecture on Luffa, which is strong candidate as a new SHA-3 hash function. Our proposed low power architecture for Luffa achieves 10% less power consumption than previous Luffa hardware architecture.

Analysis of IoT Open-Platform Cryptographic Technology and Security Requirements (IoT 오픈 플랫폼 암호기술 현황 및 보안 요구사항 분석)

  • Choi, Jung-In;Oh, Yoon-Seok;Kim, Do-won;Choi, Eun Young;Seo, Seung-Hyun
    • KIPS Transactions on Computer and Communication Systems
    • /
    • v.7 no.7
    • /
    • pp.183-194
    • /
    • 2018
  • With the rapid development of IoT(Internet of Things) technology, various convenient services such as smart home and smart city have been realized. However, IoT devices in unmanned environments are exposed to various security threats including eavesdropping and data forgery, information leakage due to unauthorized access. To build a secure IoT environment, it is necessary to use proper cryptographic technologies to IoT devices. But, it is impossible to apply the technologies applied in the existing IT environment, due to the limited resources of the IoT devices. In this paper, we survey the classification of IoT devices according to the performance and analyze the security requirements for IoT devices. Also we survey and analyze the use of cryptographic technologies in the current status of IoT open standard platform such as AllJoyn, oneM2M, IoTivity. Based on the research of cryptographic usage, we examine whether each platform satisfies security requirements. Each IoT open platform provides cryptographic technology for supporting security services such as confidentiality, integrity, authentication an authorization. However, resource constrained IoT devices such as blood pressure monitoring sensors are difficult to apply existing cryptographic techniques. Thus, it is necessary to study cryptographic technologies for power-limited and resource constrained IoT devices in unattended environments.