• Journal of Korea Multimedia Society
• /
• v.23 no.5
• /
• pp.658-666
• /
• 2020

PGP is an encryption software designed to provide information protection, security and authentication services for online communication systems. The characteristic of behavior done on the Internet is that you don't know the other person. It is very important to protect information from someone you cannot trust. So identification of the other person is an important task. PGP uses an digital signature algorithm to verify the identity of the other party. However, it is not accurate to check the other party's credibility. PGP increases trust as other users sign more on public keys of user. In other words, credibility is not perfect. In this paper, PGP certification system that key management in Ethereum blockchain, one of the blockchain platforms, is proposed. Key management in blockchain ensures data integrity, transparency and reliability.

• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 1991.11a
• /
• pp.40-48
• /
• 1991

McEliece 공개키 암호체계에 대한 새로운 암호해독적 공격이 제시되어진다. 기존의 암호해독 algorithm이 exponential-time의 complexity를 가지는 반면, 본고에서 제시되어지는 algorithm은 polynomial-time의 complexity를 가진다. 모든 linear codes에는 systematic generator matrix가 존재한다는 사실이 본 연구의 동기가 된다. Public generator matrix로부터, 암호해독에 사용되어질 수 있는 새로운 trapdoor generator matrix가 Gauss-Jordan Elimination의 역할을 하는 일련의 transformation matrix multiplication을 통해 도출되어진다. 제시되어지는 algorithm의 계산상의 complexity는 주로 systematic trapdoor generator matrix를 도출하기 위해 사용되는 binary matrix multiplication에 기인한다. Systematic generator matrix로부터 쉽게 도출되어지는 parity-check matrix를 통해서 인위적 오류의 수정을 위한 Decoding이 이루어진다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.18 no.5
• /
• pp.181-188
• /
• 2008

E-Science Grid is designed to cope with computation-intensive tasks and to manage a huge volume of science data efficiently. However, certain tasks may involve more than one grid can offer in computation capability or incur a long wait time on other tasks. Resource sharing among Grids can solve this problem with proper processing-integrity check via audit. Due to their computing-intensive nature, the processing time of e-Science tasks tends to be long. This potential long wait before an audit failure encourages earlier audit mechanism during execution in order both to prevent resource waste and to detect any problem fast. In this paper, we propose a Light-weight, Adaptive and Reliable Audit, LARA, of processing Integrity for e-Science applications. With the LARA scheme. researchers can verify their processing earlier and fast.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.11 no.10
• /
• pp.5039-5061
• /
• 2017

Cloud storage becomes a new trend that more and more users move their data to cloud storage servers (CSSs). To ensure the security of cloud storage, many cloud auditing schemes are proposed to check the integrity of users' cloud data. However, most of them are based on public key infrastructure, which leads to complex certificates management and verification. Besides, most existing auditing schemes are inefficient when user uploads a large amount of data or a third party auditor (TPA) performs auditing for multiple users' data on different CSSs. To overcome these problems, in this paper, we propose an efficient and secure auditing scheme based on identity-based cryptography. To relieve user's computation burden, we introduce a proxy, which is delegated to generate and upload homomorphic verifiable tags for user. We extend our auditing scheme to support auditing for dynamic data operations. We further extend it to support batch auditing in multiple users and multiple CSSs setting, which is practical and efficient in large scale cloud storage system. Extensive security analysis shows that our scheme is provably secure in random oracle model. Performance analysis demonstrates that our scheme is highly efficient, especially reducing the computation cost of proxy and TPA.

• Journal of the Society of Disaster Information
• /
• v.8 no.1
• /
• pp.10-17
• /
• 2012

The purpose of this study is to make people acknowledge the danger of the air terror and provide measures to prevent a recurrence of the accident and find required security. Also, the air terror is categorized into aircraft and airport and take steps to come up with preventive measures against the air terror by finding a countermeasure and precaution. The following steps should be checked to take precautionary measures against the air terror. major security crackdown and the need for a further security check should be conducted to prevent terrorists from boarding the aircraft, security around the airport needs to be tightened up by training the airport workers and promoting emergency situations, airport sheriffs and armed guards should be on patrol for the safety of the cabin, new measures of efficient security for in and around the airport and its facilities should be set up to tighten up security of baggage.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.30 no.11B
• /
• pp.689-697
• /
• 2005

The IETF has created the v6ops Working Group to assist IPv6 transition and propose technical solutions to achieve it. But it's quite problem which security consideration for a stage of IPv4/IPv6 transition and co-existence. There are new security problem threat that it caused by the characteristics of heterogeneity. In this paper, we describe IPv6 transition mechanisms and analyze security problem for IPv6 transition mechanism. also we propose security consideration and new security mechanism. We analyzed DoS and DRDoS in 6to4 environment and presented a address sanity check as a solution. We also showed an attack of address exhaustion in address allocation server. To solve this problem, we proposed challenge-response mechanism in DSTM.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.6
• /
• pp.1489-1497
• /
• 2018

Web application services have diversified. At the same time, research on intrusion detection is continuing due to the surge of cyber threats. Also, As a single-defense system evolves into multi-level security, we are responding to specific intrusions by correlating security events that have become vast. However, it is difficult to check the OS, service, web application type and version of the target system in real time, and intrusion detection events occurring in network-based security devices can not confirm vulnerability of the target system and success of the attack A blind spot can occur for threats that are not analyzed for problems and associativity. In this paper, we propose the validation of effectiveness for intrusion detection events using TF-IDF. The proposed scheme extracts the response traffics by mapping the response of the target system corresponding to the attack. Then, Response traffics are divided into lines and weights each line with an TF-IDF weight. we checked the valid intrusion detection events by sequentially examining the lines with high weights.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.6
• /
• pp.1113-1120
• /
• 2022

Recently, the investigation has been difficult due to the emergence of messengers that encrypt and store data for the purpose of protecting personal information and provide services such as end-to-end encryption with a focus on security. Accordingly, the number of crime cases using security messengers is increasing, but research on data decoding for security messengers is needed. Element security messengers provide end-to-end encryption functions so that only conversation participants can check conversation history, but research on decoding them is insufficient. Therefore, in this paper, we analyze the instant messenger Element, which provides end-to-end encryption, and propose a plaintext verification of the history of encrypted secure chat rooms using decryption keys stored in the Windows Credential Manager service without user passwords. In addition, we summarize the results of analyzing significant general and secure chat-related artifacts from a digital forensics investigation perspective.

• Nuclear Engineering and Technology
• /
• v.52 no.5
• /
• pp.995-1001
• /
• 2020

With the development of digital instrumentation and control (I&C) devices, cyber security at nuclear power plants (NPPs) has become a hot issue. The Stuxnet, which destroyed Iran's uranium enrichment facility in 2010, suggests that NPPs could even lead to an accident involving the release of radioactive materials cyber-attacks. However, cyber security research on industrial control systems (ICSs) and supervisory control and data acquisition (SCADA) systems is relatively inadequate compared to information technology (IT) and further it is difficult to study cyber-attack taxonomy for NPPs considering the characteristics of ICSs. The advanced research of cyber-attack taxonomy does not reflect the architectural and inherent characteristics of NPPs and lacks a systematic countermeasure strategy. Therefore, it is necessary to more systematically check the consistency of operators and regulators related to cyber security, as in regulatory guide 5.71 (RG.5.71) and regulatory standard 015 (RS.015). For this reason, this paper attempts to suggest a template for cyber-attack taxonomy based on the characteristics of NPPs and exemplifies a specific cyber-attack case in the template. In addition, this paper proposes a systematic countermeasure strategy by matching the countermeasure with critical digital assets (CDAs). The cyber-attack cases investigated using the proposed cyber-attack taxonomy can be used as data for evaluation and validation of cyber security conformance for digital devices to be applied, and as effective prevention and mitigation for cyber-attacks of NPPs.

• International Journal of Computer Science & Network Security
• /
• v.21 no.5
• /
• pp.84-89
• /
• 2021

Medical tests are very important part of the health monitoring process. It is performed for various reasons like diagnosing diseases, determining medications effectiveness, etc. Due to that, patients should be able to read and understand the available online tests and results in order to take proper decisions regarding their health condition. In fact, people are varying in their educational level and health backgrounds that make providing such information in an easily readable format by the majority of people considered as a challenge in the health domain since ever. This paper describes the MTReadable corpus which constructed for evaluating the readability of online medical tests. It covered 32 basic periodic check-up tests with over 36k words. These tests information are annotated and labelled based on three readability levels which are easy, neutral and difficult by three non-specialists native Arabic speakers. This paper contributes to enriching the Arabic health research community with an investigation of the level of readability of online medical tests and to be a baseline for further complex health online reports and information.