• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.17 no.2
• /
• pp.83-92
• /
• 2007

In connectionless packet network, if a sender encrypts packets by block chaining mode and send it to receiver, the receiver should decrypt packets in encrypted order that is not received order. Therefore, the performance and efficiency are lowered for crypto communication system. To solve this problem, we propose packet encryption scheme for connectionless packet network that can decrypt the packets independently, even if the received order of packets are changed or packets are missed. The scheme makes new IV(Initial Vector) using IV that created by key exchange process and salt that made by random number. We propose extended Cryptoki API that added packet encryption/decryption functions and mechanism for improving convenience and performance. We implement the scheme and get result that the performance increased about $1.5{\sim}l5.6$ times compare with in case of implementing using Cryptoki API in the test environment.

• Proceedings of the Korean Information Science Society Conference
• /
• 2001.04a
• /
• pp.865-867
• /
• 2001

최근 활발하게 이루어지고 있는 정보 보안에 관한 연구 및 개발 중 보안 API는 보안 서비스를 제공하는 인터페이스 규격으로서의 중요성이 증대되고 있다. 그러나 대표적인 기존 보안 구조들인 CryptoKi, CryptoAPI, CSSM API, GSS-API, 및 GCS-API등의 보안 API는 응용개발자와 보안 장비 개발자의 편리성 및 독립성 보장 측면에서 다양한 문제점들을 가지고 있는 실정이다. 따라서 본 논문에서는 인터넷 응용환경에서의 신분위장, 통신내용의 도청 및 변조, 의도적인 업무 방해 등 수 많은 위협 요소들로부터의 정보 보호를 위한 사용자 인증, 데이터 기밀성 및 무결성 서비스를 제공하는 다중구조의 CAPI(Cryptographic Application Programming Interface) 보안 서비스 모듈을 설계한다. 설계된 다중구조 CAPI는 사용자 인증, 접근통제 등 상위 어플리케이션 계층에 보안 시스템 서비스 체계를 적용하여 운용 시스템 환경에 따라서 다양하게 개발 및 적용될 수 있다.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2018.10a
• /
• pp.264-267
• /
• 2018

본 연구에서는 API 호출을 은닉할 수 있는 새로운 유형의 유저모드 기반 루트킷으로 Cuckoo Sandbox를 회피하는 기법과 이를 탐지하기 위한 연구를 한다. Cuckoo Sandbox의 행위 분석을 회피하기 위해 잠재적으로 출현 가능한 은닉된 코드 이미지 기반의 신종 루트킷 원리를 연구하고 탐지하기 위한 방안을 함께 연구한다. 네이티브 API 호출 코드 영역을 프로세스 공간에 직접 적재하여 네이티브 API를 호출하는 기법은 Cuckoo Sandbox에서 여전히 잠재적으로 행위 분석 회피가 가능하다. 본 연구에서는 은닉된 외부주소 호출 코드 영역의 탐지를 위해 프로세스의 가상메모리 공간에서 실행 가능한 페이지 영역을 탐색 후 코사인 유사도 분석으로 이미지 탐지 실험을 하였으며, 코드 영역이 맵핑된 정렬 단위의 4가지 실험 조건에서 평균 83.5% 유사도 탐지 결과를 확인하였다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.6
• /
• pp.1235-1242
• /
• 2019

While several machine learning technique has been implemented for Android malware categorization, there is still difficulty in analyzing due to overfitting problem and including of un-executable code, etc. In this paper, we introduce our implemented tool to address these problems. Tool is consists of approximately 1,500 lines of Java code, and perform Flow analysis on set of APIs, or on control flow graph. Our tool groups all the API by its relationship and only perform analysis on actually executing code. Using our tool, we grouped 39032 APIs into 4972 groups, and 12123 groups with result of including class names. We collected 7,000 APKs from 7 families and evaluated our feature reduction technique, and we also reduced features again with selecting APIs that have frequency more than 20%. We finally reduced features to 263-numbers of feature for our collected APKs.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.4
• /
• pp.605-616
• /
• 2021

While malwares must be accurately identifiable from arbitrary programs, existing studies using classification techniques have limitations that they can only be applied to limited samples. In this work, we propose a method to utilize API call frequency to detect and classify malware families from arbitrary programs. Our proposed method defines a rule that checks whether the call frequency of a particular API exceeds the threshold, and identifies a specific family by utilizing the rate information on the corresponding rules. In this paper, decision tree algorithm is applied to define the optimal threshold that can accurately identify a particular family from the training set. The performance measurements using 4,443 samples showed 85.1% precision and 91.3% recall rate for family detection, 97.7% precision and 98.1% reproduction rate for classification, which confirms that our method works to distinguish malware families effectively.

• Asia-pacific Journal of Multimedia Services Convergent with Art, Humanities, and Sociology
• /
• v.9 no.1
• /
• pp.387-394
• /
• 2019

Recently, the importance of big data has been increased, and demand for data analysis for the big data is also increased. R language is developed for data analysis, and users are analyzing data by using algorithms of various statistics, machine learning and data mining packages in R language. However, it is difficult to develop an application using R. Early study proposed a method to call R script through another language such as PHP, Java, and so on. However, it is troublesome to write such a development method in addition to R in combination with other languages. In this study, we introduce how to write API using only R language without using another language by using Plumber package. We also propose a solution for security issues related with R API. If we use propose technology for developing web application, we can expect high productivity, easy of use, and easy of maintenance.

• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 2001.11a
• /
• pp.297-301
• /
• 2001

PC카드 형태로 개발되어 사용되는 보안토큰은 다양한 보안서비스를 바탕으로 차세대 정보보호 기술의 핵심기술로 떠오르고 있다. PC카드 보안토큰 휴대용 컴퓨터 운용을 위한 메모리 카드 표준 인터페이스를 수용하여 다양한 암호알고리즘 수행이 가능하고, 사용자의 요구조건을 비교적 쉽게 수용하고, 아울러 다양한 응용분야에 사용되는 등의 장점을 가지고 있다. 본 논문에서는 Motorola PowerPC 기반의 MPC860 마이크로 프로세서가 장착된 제어보드를 이용하여 PC카드 보안토큰에 대한 PCMCIA(Personal Computer Memory Card International Association) 카드 장치구동기 및 API(Application Program Interface)를 설계/구현하여 각각의 기능시험을 통해 그 기능들을 검증하였다.

• KIPS Transactions on Computer and Communication Systems
• /
• v.5 no.4
• /
• pp.79-86
• /
• 2016

About 75% of software security incidents are caused by software vulnerability. In addition, the after-market repairing cost of the software is higher by more than 30 times than that in the design stage. In this background, the secure coding has been proposed as one of the ways to solve this kind of maintenance problems. Various institutions have addressed the weakness patterns of the standard software. A new Korean programming language Saesark has been proposed to resolve the security weakness on the language level. However, the previous study on Saesark can not resolve the security weakness caused by the API. This paper proposes a way to resolve the security weakness due to the API. It adopts a static analyzer inspecting dangerous methods. It classifies the dangerous methods of the API into two groups: the methods of using tainted data and those accepting in-flowing tainted data. It analyses the security weakness in four steps: searching for the dangerous methods, configuring a call graph, navigating a path between the method for in-flowing tainted data and that uses tainted data on the call graph, and reporting the security weakness detected. To measure the effectiveness of this method, two experiments have been performed on the new version of Saesark adopting the static analysis. The first experiment is the comparison of it with the previous version of Saesark according to the Java Secure Coding Guide. The second experiment is the comparison of the improved Saesark with FindBugs, a Java program vulnerability analysis tool. According to the result, the improved Saesark is 15% more safe than the previous version of Saesark and the F-measure of it 68%, which shows the improvement of 9% point compared to 59%, that of FindBugs.

• Proceedings of the Korean Information Science Society Conference
• /
• 2002.04a
• /
• pp.826-828
• /
• 2002

최근 XML에 관련된 여러 가지 보안기술에 관한 연구가 진행되고 있다. 본 본문에서는 XML표준화 단체에서 규정한 XML 전자서명과 XML 암호화 표준 명세서를 준수하는 XML 보안 API를 설계하고 구현한다. 본 논문에서 제안된 시스템은 표준 명세서에서 요구하는 암호 알고리즘 및 국내 표준 암호알고리즘과 공개키 인증서를 처리 할 수 있도록 설계하였다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.5
• /
• pp.897-909
• /
• 2014

With the development of the Internet, the number of cyber threats is continuously increasing and their techniques are also evolving for the purpose of attacking our crucial systems. Since attackers are able to easily make exploit codes, i.e., malware, using dedicated generation tools, the number of malware is rapidly increasing. However, it is not easy to analyze all of malware due to an extremely large number of malware. Because of this, many researchers have proposed the malware classification methods that aim to identify unforeseen malware from the well-known malware. The existing malware classification methods used malicious information obtained from the static and the dynamic malware analysis as the criterion of calculating the similarity between malwares. Also, most of them used API functions and their sequences that are divided into a certain length. Thus, the accuracy of the malware classification heavily depends on the length of divided API sequences. In this paper, we propose an extraction method of optimized API sequence length and combination that can be used for improving the performance of the malware classification.