• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.17 no.2
• /
• pp.29-40
• /
• 2007

The purpose of this research is to propose a method for scoring the quality of a fingerprint image using the local information derived from the fingerprint image. In previous works for the quality measuring, most of the quality scores are related to the performance of a matching algorithm, and this makes the quality result more subjective. The quality score of a fingerprint image proposed in this work is sensor-independent, source-independent and matcher-independent one, and this concept of fingerprint sample quality results in effective improvement of the system performance. In this research, a new definition of fingerprint image quality and a new method for measuring the quality are proposed. For the experiments, several sub-databases from FVCs are used and the proposed method showed reasonable results for the test database. The proposed method can be used in various systems for the numerous purposes since the quality scores generated by the proposed method are based on the idea that the quality of fingerprint should be sensor-independent, source-independent and matcher-independent.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.16 no.4
• /
• pp.83-89
• /
• 2006

In H/W implementation for the finite field, the use of normal basis has several advantages, especially, the optimal normal basis is the most efficient to H/W implementation in GF($2^m$). In this paper, we propose a new, simpler, parallel multiplier over GF($2^m$) having a type II optimal normal basis, which performs multiplication over GF($2^m$) in the extension field GF($2^{2m}$). The time and area complexity of the proposed multiplier is same as the best of known type II optimal normal basis parallel multiplier.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.5
• /
• pp.1133-1143
• /
• 2012

Currently, Many Cyber Security Centers(CSC) are established and being operated in our country. But, in the absence of indicators to evaluate activities of the Managed Security Service(MSS), We can't identify the CSC's level of overall job performance. Therefore, we can't derive strengths and weaknesses from the CSC. From these reasons, The purpose of this research is to develop an objective indicator to evaluate activities of the MSS. I studied both international and domestic Information Security Management System(ISMS) as related standards(ISO/IEC 27001, G-ISMS). Moreover, I analysed the NIST Computer Security Incident Handing Guide and the Incident Management Capability Metrics(IMCM) of Carnegie Mellon Software Engineering Institute(SEI). The implications for this analysis and domestic hands-on experience are reflected in the research. So I developed 10 evaluation domains and 62 detail evaluation items. This research will contribute to our understanding the level of the CSC's job performance.

• Journal of Information Technology Services
• /
• v.21 no.4
• /
• pp.63-74
• /
• 2022

Globally researchers at medical institutions are actively sharing COHORT data of patients to develop vaccines and treatments to overcome the COVID-19 crisis. OMOP-CDM, a common data model that efficiently shares medical data research independently operated by individual medical institutions has patient personal information (e.g. PII, PHI). Although PII and PHI are managed and shared indistinguishably through de-identification or anonymization in medical institutions they could not be guaranteed at 100% by complete de-identification and anonymization. For this reason the security of the OMOP-CDM database is important but there is no detailed and specific OMOP-CDM security inspection tool so risk mitigation measures are being taken with a general security inspection tool. This study intends to study and present a model for implementing a tool to check the security vulnerability of OMOP-CDM by analyzing the security guidelines for the US database and security controls of the personal information protection of the NIST. Additionally it intends to verify the implementation feasibility by real field demonstration in an actual 3 hospitals environment. As a result of checking the security status of the test server and the CDM database of the three hospitals in operation, most of the database audit and encryption functions were found to be insufficient. Based on these inspection results it was applied to the optimization study of the complex and time-consuming CDM CSF developed in the "Development of Security Framework Required for CDM-based Distributed Research" task of the Korea Health Industry Promotion Agency. According to several recent newspaper articles, Ramsomware attacks on financially large hospitals are intensifying. Organizations that are currently operating or will operate CDM databases need to install database audits(proofing) and encryption (data protection) that are not provided by the OMOP-CDM database template to prevent attackers from compromising.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.26 no.8
• /
• pp.1205-1212
• /
• 2022

Cyber threat targeting ICS (Industrial Control System) has indicated drastic increases over the past decade and Cyber Incident in Critical Infrastructure such as Energy, Gas Terminal and Petrochemical industries can lead to disaster-level accidents including casualties and large-scale fires. In order to effectively respond to cyber attacks targeting ICS, a multi-layered defense-in-depth strategy considering Control System Architecture is necessary. In particular, the centralized security log system integrating OT (Operational Technology) and IT (Information Technology) plays an important role in the ICS incident response plan. The paper suggests the way of implementing centralized security log system that collects security events and logs using OPC Protocol from Level 0 to Level 5 based on IEC62443 Purdue Model to integrate ICS security logs with SIEM (Security Information Event Management) operated in IT environment.

• Nuclear Engineering and Technology
• /
• v.54 no.9
• /
• pp.3317-3323
• /
• 2022

Half Value Layer calculations theoretically need prior specification of linear attenuation calculations, since the HVL value is derived by dividing ln(2) by the linear attenuation coefficient. The purpose of this study was to establish a direct computational model for determining HVL, a vital parameter in nuclear radiation safety studies and shielding material design. Accordingly, a typical gamma-ray transmission setup has been modeled using MCNPX (version 2.4.0) general-purpose Monte Carlo code. The MCNPX code's INPUT file was designed with two detection locations for primary and secondary gamma-rays, as well as attenuator material between those detectors. Next, Half Value Layer values of some well-known gamma-ray shielding materials such as lead and ordinary concrete have been calculated throughout a broad gamma-ray energy range. The outcomes were then compared to data from the National Institute of Standards and Technology. The Half Value Layer values obtained from MCNPX were reported to be highly compatible with the HVL values obtained from the NIST standard database. Our results indicate that the developed INPUT file may be utilized for direct computations of Half Value Layer values for nuclear safety assessments as well as medical radiation applications. In conclusion, advanced simulation methods such as the Monte Carlo code are very powerful and useful instruments that should be considered for daily radiation safety measures. The modeled MCNPX input file will be provided to the scientific community upon reasonable request.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.6
• /
• pp.1045-1057
• /
• 2022

Recently, the National Institute of Standards and Technology (NIST) announced four cryptographic algorithms as a standard candidates of Post-Quantum Cryptography (PQC). In this paper, we show that private key can be exposed by a non-profiling-based power analysis attack such as Correlation Power Analysis (CPA) and Differential Deep Learning Analysis (DDLA) on CRYSTALS-KYBER algorithm, which is decided as a standard in the PKE/KEM field. As a result of experiments, it was successful in recovering the linear polynomial coefficient of the private key. Furthermore, the private key can be sufficiently recovered with a 13.0 Normalized Maximum Margin (NMM) value when Hamming Weight of intermediate values is used as a label in DDLA. In addition, these non-profiling attacks can be prevented by applying countermeasures that randomly divides the ciphertext during the decryption process and randomizes the starting point of the coefficient-wise multiplication operation.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2022.05a
• /
• pp.620-623
• /
• 2022

최근 이메일 해킹사고의 유형을 살펴보면 사회공학적인 기법을 활용한 피싱메일 공격이 대다수를 차지하고 있는 상황이다. 그중 사용자의 패스워드를 빼내기 위한 공격메일이 기존 첨부파일에 악성코드를 삽입해서 보내지는 방식보다 월등히 높아졌다고 할 수 있다. 이는 공격자가 이메일 내용에 관심이 높아진 것으로 이메일은 사용자의 성향, 직업, 라이프스타일 파악뿐만 아니라 해커가 원하는 중요자료가 저장되어 있을 가능성이 매우 높으며 또 다른 공격대상자를 선정할 수 있는 좋은 창구가 될 수 있을 것이기 때문이다. 만일 피싱메일에 노출되어 패스워드가 해커의 손에 넘어 갔다면 많은 보안대책이 무용지물이 된다. 많은 보안 전문가들은 패스워드를 8자리 이상으로 하되 영문대·소문자와 숫자 그리고 특수문자를 포함하고, 사이트별 규칙성이 없이 모두 다르게 설정해야 하며, 정기적으로 바꿔야 한다고 조언한다. 이러한 조언은 패스워드를 크랙할 경우 안전할 수 있지만 요즘처럼 한 개인이 100여개 이상의 사이트에 대한 패스워드를 관리해야 한다면 현실적으로 불가능한 조언이 되고 말 것이다. 이러한 상황에 2017년 6월 미국 국립표준기술연구소(NIST)에서 '특별 간행 800-63-3: 디지털 인증 가이드라인'을 발표하게 된다. 내용은 그동안 보안전문가들이 권고했던 내용과는 많은 차이가 있다. 오히려 자주 바꾸는 것이 문제가 될 수 있다는 내용이다. 자세한 내용은 본 논문에서 살펴보도록 한다. 우리는 스마트폰 등을 사용함으로써 2-Factor인증에 활용하고 있다. 스마트폰 인증의 대표적인 방법은 지문·얼굴인식 등 생체인증 방식을 사용한다. 패스워드 없이도 편리하고 안전하게 인증을 할 수 있다는 점이 장점이다. 이러한 상황에 FIDO라는 인증 프레임워크가 인기를 얻고 있다. FIDO(Fast IDentity Online)는 비밀번호의 문제점을 해결하기 위한 목적으로 FIDO 얼라이언스에 의해 제안된 사용자 인증 프레임워크다. 향후 FIDO로의 대체가 패스워드 문제의 대안이 될 수 있을 것이다. 이제는 패스워드 대신 생체인증 체계로 대체할 수 있는 시대가 되었다고 할 수 있다. 본 논문에서는 패스워드의 문제점을 살펴보고 이를 대체할 수 있는 FIDO기반의 인증체계가 대안이 될 수 있는 근거를 제시하고자 한다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.2
• /
• pp.243-252
• /
• 2023

As an efficient key recovery attack on SIDH/SIKE was proposed, CSIDH is drawing attention again. CSIDH is an isogeny-based key exchange algorithm that is safe against known attacks to date, and provide efficient NIKE by modernizing CRS scheme. In this paper, we firstly present the optimized implementation of CSIDH-512 on ARM Cortex-M7. We use three-level hybrid Montgomery reduction and present the results of our implementation, limitations, and future research directions. This is a CSIDH implementation in 32-bit embedded devices that has not been previously presented, and it is expected that the results of this paper will be available to implement CSIDH and derived cryptographic algorithms in various embedded environments in the future.

• Korean Journal of Agricultural Science
• /
• v.48 no.4
• /
• pp.1015-1026
• /
• 2021

The objective of this study was to determine amino acid and protein contents of brown and milled non-glutinous rice of 13 cultivars in Korea. Protein contents of MRs (milled rices) were in order of Haepum (7.27%) > Hanareum No. 4 (7.14%) > Odae (6.84%). Protein contents of BRs (brown rices) were in order of Haepum (7.68%) > Odae (7.63%) > Hanareum No. 4 (7.60%). The amino acid content was the highest in Haepum (MR 5.76%, BR 6.49%), followed by Haedeul (MR 5.71%, BR 6.30%), and Odae (MR 5.63%, BR 6.29%). The essential amino acid contents of non-glutinous rices were in order of Haepum (MR 2.34%, BR 2.57%) > Haedeul (MR 2.31%, BR 2.48%) > Odae (MR 2.20%, BR 2.56%). The contents of amino acid and protein in BRs were considerably higher than those in MRs. Protein and most of amino acid contents were higher in Haepum than the other cultivars. The certificated reference material (CRM) 1849a (infant/adults nutritional formular) from National Institute of Standard and Technology (NIST) was used as the test sample to determine the precision and accuracy of the analytical method. The regression analyses revealed good correlations (correlation coefficient), greater than 0.99. The recovery values of the amino acids ranged from 93.17 to 99.59%. The limit of detection (LODs) ranged from 0.01 - 0.07 mg·100 g^-1 and the limit of quantitation (LOQs) ranged from 0.03 - 0.21 mg·100 g^-1 for all analytes.