• Journal of the Korea Society of Computer and Information
• /
• v.26 no.1
• /
• pp.171-178
• /
• 2021

In this paper, the author proposes a method for detecting modification of transmitted messages in C/C++ based Discrete Event System Specification (DEVS) simulation. When a message generated by a model instance is delivered to other model instances, it may be modified by some of the recipients. Such modifications may corrupt simulation results, which may lead to wrong decision making. In the proposed method, every model instance stores a copy of every transmitted message. Before the deletion of the transmitted message, the instance compares them. Once a modification has been detected, the method interrupt the current simulation run. The procedure is automatically performed by a simulator instance. Thus, the method does not require programmers to follow secure coding or to add specific codes in their models. The performance of the method is compared with a DEVS simulator.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.10 no.5
• /
• pp.2427-2445
• /
• 2016

In contrast to traditional "store-and-forward" routing mechanisms, network coding offers an elegant solution for achieving maximum network throughput. The core idea is that intermediate network nodes linearly combine received data packets so that the destination nodes can decode original files from some authenticated packets. Although network coding has many advantages, especially in wireless sensor network and peer-to-peer network, the encoding mechanism of intermediate nodes also results in some additional security issues. For a powerful adversary who can control arbitrary number of malicious network nodes and can eavesdrop on the entire network, cryptographic signature schemes provide undeniable authentication mechanisms for network nodes. However, with the development of quantum technologies, some existing network coding signature schemes based on some traditional number-theoretic primitives vulnerable to quantum cryptanalysis. In this paper we first present an efficient network coding signature scheme in the standard model using lattice theory, which can be viewed as the most promising tool for designing post-quantum cryptographic protocols. In the security proof, we propose a new method for generating a random lattice and the corresponding trapdoor, which may be used in other cryptographic protocols. Our scheme has many advantages, such as supporting multi-source networks, low computational complexity and low communication overhead.

• KIPS Transactions on Computer and Communication Systems
• /
• v.5 no.4
• /
• pp.79-86
• /
• 2016

About 75% of software security incidents are caused by software vulnerability. In addition, the after-market repairing cost of the software is higher by more than 30 times than that in the design stage. In this background, the secure coding has been proposed as one of the ways to solve this kind of maintenance problems. Various institutions have addressed the weakness patterns of the standard software. A new Korean programming language Saesark has been proposed to resolve the security weakness on the language level. However, the previous study on Saesark can not resolve the security weakness caused by the API. This paper proposes a way to resolve the security weakness due to the API. It adopts a static analyzer inspecting dangerous methods. It classifies the dangerous methods of the API into two groups: the methods of using tainted data and those accepting in-flowing tainted data. It analyses the security weakness in four steps: searching for the dangerous methods, configuring a call graph, navigating a path between the method for in-flowing tainted data and that uses tainted data on the call graph, and reporting the security weakness detected. To measure the effectiveness of this method, two experiments have been performed on the new version of Saesark adopting the static analysis. The first experiment is the comparison of it with the previous version of Saesark according to the Java Secure Coding Guide. The second experiment is the comparison of the improved Saesark with FindBugs, a Java program vulnerability analysis tool. According to the result, the improved Saesark is 15% more safe than the previous version of Saesark and the F-measure of it 68%, which shows the improvement of 9% point compared to 59%, that of FindBugs.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.14 no.2
• /
• pp.501-506
• /
• 2010

The proposal set out in this paper, is the Adaptive-MCM(Modulation, Coding and MIMO) system, which results from the combination of adaptive modulation and coding (AMC) and multiple input multiple output (MIMO) schemes. The performance of this system is analyzed through computer simulation. By using the MIMO scheme adaptively as well, the proposed Adaptive-MCM system, presents a better improvement of data rate and error performance compared to the AMC system. The throughput performance of the Adaptive-MCM system is analyzed and compared with the throughput performance of Non-Adaptive-MCM Systems. As a result of the simulation, we can infer that, at a fixed MCM level, there is an improvement of the trade-off between secure Signal to Noise Ratio (SNR) and a high data rate. Consequently, this trade-off improvement results in a better average data rate.

• Journal of the Korea Convergence Society
• /
• v.10 no.8
• /
• pp.129-135
• /
• 2019

The purpose of this study is to propose the future development direction of the program which can apply the fusion education in the fourth industrial revolution era to the class and achieve creative problem solving ability. As a research method, we investigated cases of overseas coding education and conducted in - depth interviews with infants and parents. The results of the case study and in-depth interviews were as follows: First, the children were able to do their own preliminary and reviewing at home. Second, to provide an interesting play program for the young children to participate. Third, It is important that parents and children learn together. In future research, it is anticipated that there will be a positive effect by concrete proposal to secure the weaknesses and to combine existing coding education with interesting education in accordance with domestic characteristics.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.20 no.1
• /
• pp.94-102
• /
• 2016

In this work we propose a new method to countermeasure against the abatement attack to the security server that is induced by man-in-the-middle attack. To that purpose, we first investigate the state of the art in the current research about the abatement attack. After that, we propose a new countermeasure method that can cope with the unresolved problems in the current method, which can cover diverse types of network.

• Journal of Communications and Networks
• /
• v.12 no.6
• /
• pp.592-599
• /
• 2010

In recent years, significant improvements have been made to the techniques used for analyzing satellite communication and attacking satellite systems. In 2003, a research team at Los Alamos National Laboratory, USA, demonstrated the ease with which civilian global positioning system (GPS) spoofing attacks can be implemented. They fed fake signals to the GPS receiver so that it operates as though it were located at a position different from its actual location. Moreover, Galileo in-orbit validation element A and Compass-M1 civilian codes in all available frequency bands were decoded in 2007 and 2009. These events indicate that cryptography should be used in addition to the coding technique for secure and authenticated satellite communication. In this study, we address this issue by using an authenticated key-exchange protocol to build a secure and authenticated communication channel for satellite communication. Our protocol uses identity-based cryptography. We also prove the security of our protocol in the extended Canetti-Krawczyk model, which is the strongest security model for authenticated key-exchange protocols, under the random oracle assumption and computational Diffie-Hellman assumption. In addition, our protocol helps achieve high efficiency in both communication and computation and thus improve security in satellite communication.

• Journal of Korea Multimedia Society
• /
• v.14 no.10
• /
• pp.1335-1347
• /
• 2011

The dissemination and use of mobile applications have been rapidly expanding these days. And in such a situation, the security of mobile applications has emerged as a new issue. Although the safety of general software such as desktop and enterprise software is systematically achieved from the development phase to the verification phase through secure coding, there have been not sufficient studies on the safety of mobile applications yet. This paper deals with deriving weakness enumeration specialized in mobile applications and implementing a tool that can automatically analyze the derived weakness. Deriving the weakness enumeration can be achieved based on CWE(Common Weakness Enumeration) and CERT(Computer Emergency Response Team) relating to the event-driven method that is generally used in developing mobile applications. The analysis tool uses the dynamic tests to check whether there are specified vulnerabilities in the source code of mobile applications. Moreover, the derived vulnerability could be used as a guidebook for programmers to develop mobile applications.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.8 no.5
• /
• pp.181-186
• /
• 2008

Wireless data transmission is vulnerable to attackers and hackers. Recently, the fast development of wireless communication systems seamlessly increase the demand for security in this area. Moreover, error correction is especially important because various kinds of interferences among wireless devices. In order to solve two above problems, we propose to apply MCC (M-sequence Convolutional Code) in the system which is able to protect information and correct errors. The proposed system can obtain higher secure property by randomly changing the output connections by the proposed M-sequence. Performance of the system is analyzed according to BER (Bit Error Rate) and secure levels. The simulation results revealed that we can get the coding gain of 0.1 dB over conventional convolution coding technique. The proposed algorithm is installed in physical layer and easily implemented. Another advantage of our proposed (M-sequence and convolutional code) is that it can be applied to CDMA (Code Division Multiple Access) communication system.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.5
• /
• pp.1169-1178
• /
• 2012

Recently, since the most software intensive systems are using internet environment for data exchange, the software security is being treated as a big issue. And, to minimize vulnerability of software system, security ensuring steps which are applying secure coding rules, are introduced in the software development process. But, since actual attacks are using a variety of software vulnerabilities, it is hard to analyze software weakness by monotonic analysis. In this paper, it is tried to against the complex attack on the variety of software vulnerability using the coupling which is one of the important characteristic of software. Furthermore, pre-analysis of the complex attack patterns using a combination of various attack methods, is carried out to predict possible attack patterns in the relationship between software modules. And the complex attack pattern analysis method is proposed based on this result.