• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제17권2호
• /
• pp.609-625
• /
• 2023

This study is a demand research for the selection of public safety science and technology equipment and suggests an empirical research method. The technology demand survey is the beginning of the selection of innovative technology. And it is the basis of collecting information required for the technology required in the market and helping to apply it to the field. The demand survey for police science and technology can reduce the uncertainty of crime prevention and help the smooth implementation of security policies. However, in Korea, adoption of security science and technology equipment was centered on social issues or researchers' opinions rather than the demands of field users. Until, there was no research has been conducted on the demands of field police officers for selection of security science and technology equipment in Korea. Also, there was no preferential study for the demand for security science and technology equipment. Therefore, this study proposes a methodology that can systematically identify the needs for the technology and equipment of field experts suitable for the public security situation for the selection of security science and technology equipment. Specifically, we propose a sample design for a technology classification system and a survey tool for technology awareness and satisfaction. It is expected that this tool will provide a classification system for security science and technology equipment selected for the Korean police and will help determine the priority of equipment suitable for the field.

• 한국정보보호학회:학술대회논문집
• /
• 한국정보보호학회 2002년도 종합학술발표회논문집
• /
• pp.81-83
• /
• 2002

Group signature schemes allow a group member to sign a document on behalf of the group anonymously. In addition, in case of anonymity misuse, a group authority can recover the issuer of a signature. In this paper, we analyze the security of a group signature scheme proposed by Popescu which is a modification of the Tseng-Jan group signature scheme. We show that the scheme can't provide an important requirement of the group signature, unlikability. Thus, other members are allowed to identify whether two signatures have been issued by the same group member or not.

• 한국정보보호학회:학술대회논문집
• /
• 한국정보보호학회 2002년도 종합학술발표회논문집
• /
• pp.266-269
• /
• 2002

As a simulation or replacement of analog money in cyber space, the e-cash was introduced by using cryptographic primitives. Since a perfect anonymity system causes some illegal activities, such as money laundering, blackmailing, and illegal purchase, a revocable electronic system was paid a great attention to control the anonymity. In general, Trust Third Party(TTP) is introduced to detect any dubious user and coin, namely user tracing and coin tracing. In this paper we propose a new revocable anonymity e-cash system, and verify the security requirement as well. In our scheme a user first withdraws the e-coin from bank by using blind signature, and then TTP verifies the bank's signature and records the tracing information.

• 대한전자공학회:학술대회논문집
• /
• 대한전자공학회 2002년도 ITC-CSCC -1
• /
• pp.313-316
• /
• 2002

This paper presents the design and implementation of a crypto processor, a special-purpose microprocessor optimized for the execution of cryptography algorithms. This crypto processor can be used fur various security applications such as storage devices, embedded systems, network routers, etc. The crypto processor consists of a 32-bit RISC processor block and a coprocessor block dedicated to the SEED and triple-DES (data encryption standard) symmetric key crypto (cryptography) algorithms. The crypto processor has been designed and fabricated as a single VLSI chip using 0.5 $\mu\textrm{m}$ CMOS technology. To test and demonstrate the capabilities of this chip, a custom board providing real-time data security for a data storage device has been developed. Testing results show that the crypto processor operates correctly at a working frequency of 30MHz and a bandwidth o1240Mbps.

• 한국정보보호학회:학술대회논문집
• /
• 한국정보보호학회 2006년도 하계학술대회
• /
• pp.584-587
• /
• 2006

모바일 RFID는 휴대 단말에 RFID 리더를 장착하여 다양한 응용 서비스를 모바일 RFID 리더 사용자에게 제공하는 기술이다. 본 논문에서는 안전한 모바일 RFID 서비스 제공을 목표로, 도매인간 보안, 개인 프라이버시 보호, 인증, 단대단 보안, 위치 추적방지 등과 같은 다양한 보안 이슈들을 해결할 수 있는 모바일 RFID 정보보호 모델을 제안하고 분석한다.

• Journal of Communications and Networks
• /
• 제18권1호
• /
• pp.105-111
• /
• 2016

Trust models in the literature of MANETs commonly assume that packets have different security requirements. Before a node forwards a packet, if the recipient's trust level does not meet the packet's requirement level, then the recipient must perform certain security association procedures, such as re-authentication. We present in this paper an analysis of the epidemic broadcast delay in such context. The network, mobility and trust models presented in this paper are quite generic and allow us to obtain the delay component induced only by the security associations along a path. Numerical results obtained by simulations also confirm the accuracy of the analysis. In particular, we can observe from both simulation's and analysis results that, for large and sparsely connected networks, the delay caused by security associations is very small compared to the total delay of a packet. This also means that parameters like network density and nodes' velocity, rather than any trust model parameter, have more impact on the overall delay.

• International Journal of Internet, Broadcasting and Communication
• /
• 제15권1호
• /
• pp.23-32
• /
• 2023

Since NFTs can be used like certificates due to the nature of blockchain, their use in various digital asset trading markets is expanding. This is because NFTs are expected to be actively used as a core technology of the metaverse virtual economy as non-transferable NFTs are developed. However, concerns about NFT security threats are also growing. Therefore, the purpose of this study is to investigate and analyze NFT-related infringement cases and to clearly understand the current security status and risks. As a research method, we determined NFT security areas based on previous studies and analyzed infringement cases and threat types for each area. The analysis results were systematically mapped in the form of domain, case, and threat, and the meaning of the comprehensive results was presented. As a result of the research, we want to help researchers clearly understand the current state of NFT security and seek the right research direction.

• 한국정보처리학회:학술대회논문집
• /
• 한국정보처리학회 2008년도 추계학술발표대회
• /
• pp.1489-1492
• /
• 2008

전자 ID 지갑은 일상생활에서 사용하는 지갑처럼 인터넷 상에서 사용되는 사이버 지갑으로, 사용자의 개인정보(주소, 전화번호 등), 인증정보, 지불정보 등과 같은 사용자의 Identity 정보를 보관하고 있다가 필요한 시점에 저장된 정보를 사용자의 통제 하에 자유롭게 이용할 수 있는 서비스 시스템이다. 모바일 전자 ID 지갑 시스템은 전자 ID 지갑 시스템의 구성 요소 중 하나로 개인의 모바일 단말장치에서 운영될 수 있는 소프트웨어로 구현되었으며, 사용자 인터페이스가 빈약한 모바일 단말장치에서도 사용자의 불편 없이 모바일 인터넷을 보다 안전하게 이용할 수 있는 방법들을 제공한다. 논문에서는 안전하고 신뢰할 수 있는 인터넷 환경 구축을 위해 개발된 기술들 중 하나인 모바일 전자 ID 지갑 시스템을 소개하고자 한다.

• Nuclear Engineering and Technology
• /
• 제44권8호
• /
• pp.919-928
• /
• 2012

The applications of computers and communication system and network technologies in nuclear power plants have expanded recently. This application of digital technologies to the instrumentation and control systems of nuclear power plants brings with it the cyber security concerns similar to other critical infrastructures. Cyber security risk assessments for digital instrumentation and control systems have become more crucial in the development of new systems and in the operation of existing systems. Although the instrumentation and control systems of nuclear power plants are similar to industrial control systems, the former have specifications that differ from the latter in terms of architecture and function, in order to satisfy nuclear safety requirements, which need different methods for the application of cyber security risk assessment. In this paper, the characteristics of nuclear power plant instrumentation and control systems are described, and the considerations needed when conducting cyber security risk assessments in accordance with the lifecycle process of instrumentation and control systems are discussed. For cyber security risk assessments of instrumentation and control systems, the activities and considerations necessary for assessments during the system design phase or component design and equipment supply phase are presented in the following 6 steps: 1) System Identification and Cyber Security Modeling, 2) Asset and Impact Analysis, 3) Threat Analysis, 4) Vulnerability Analysis, 5) Security Control Design, and 6) Penetration test. The results from an application of the method to a digital reactor protection system are described.

• International Journal of Computer Science & Network Security
• /
• 제23권2호
• /
• pp.199-202
• /
• 2023

Carriage return (CR) and line feed (LF), also known as CRLF injection is a type of vulnerability that allows a hacker to enter special characters into a web application, altering its operation or confusing the administrator. Log poisoning and HTTP response splitting are two prominent harmful uses of this technique. Additionally, CRLF injection can be used by an attacker to exploit other vulnerabilities, such as cross-site scripting (XSS). Email injection, also known as email header injection, is another way that can be used to modify the behavior of emails. The Open Web Application Security Project (OWASP) is an organization that studies vulnerabilities and ranks them based on their level of risk. According to OWASP, CRLF vulnerabilities are among the top 10 vulnerabilities and are a type of injection attack. Automated testing can help to quickly identify CRLF vulnerabilities, and is particularly useful for companies to test their applications before releasing them. However, CRLF vulnerabilities can also lead to the discovery of other high-risk vulnerabilities, and it fosters a better approach to mitigate CRLF vulnerabilities in the early stage and help secure applications against known vulnerabilities. Although there has been a significant amount of research on other types of injection attacks, such as Structure Query Language Injection (SQL Injection). There has been less research on CRLF vulnerabilities and how to detect them with automated testing. There is room for further research to be done on this subject matter in order to develop creative solutions to problems. It will also help to reduce false positive alerts by checking the header response of each request. Security automation is an important issue for companies trying to protect themselves against security threats. Automated alerts from security systems can provide a quicker and more accurate understanding of potential vulnerabilities and can help to reduce false positive alerts. Despite the extensive research on various types of vulnerabilities in web applications, CRLF vulnerabilities have only recently been included in the research. Utilizing automated testing as a recurring task can assist companies in receiving consistent updates about their systems and enhance their security.