• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.1
• /
• pp.1-15
• /
• 2020

As differential computation analysis attack(DCA) which is context of side-channel analysis on white-box cryptography is proposed, masking white-box cryptography based on table encoding has been proposed by Lee et al. to counter DCA. Existing higher-order DCA for the masked white box cryptography did not consider the masking implementation structure based on table encoding, so it is impossible to apply this attack on the countermeasure suggested by Lee et al. In this paper, we propose a new higher-order DCA method that can be applied to the implementation of masking based on table encoding, and prove its effectiveness by finding secret key information of masking white-box cryptography suggested by Lee et al. in practice.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.6
• /
• pp.1523-1537
• /
• 2018

The AI speaker is a simple operation that provides users with useful functions such as music playback, online search, and so the AI speaker market is growing at a very fast pace. However, AI speakers always wait for the user's voice, which can cause serious problems such as eavesdropping and personal information exposure if exposed to security threats. Therefore, in order to provide overall improved security of all AI speakers, it is necessary to identify potential security threats and analyze them systematically. In this paper, security threat modeling is performed by selecting four products with high market share. Data Flow Diagram, STRIDE and LINDDUN Threat modeling was used to derive a systematic and objective checklist for vulnerability checks. Finally, we proposed a method to improve the security of AI speaker by comparing the vulnerability analysis results and the vulnerability of each product.

• Korean Security Journal
• /
• no.15
• /
• pp.129-146
• /
• 2008

When the primary function of private security is to protect lives and property of clients, emergency management should be included in the security service and many countermeasure services should be carried out for that purpose. In theses contexts, private security should develop and maintain a educational program to meet their responsibilities to provide the protection and safety of the clients. Conclusionally, private security industry employers in Korea has not concerned with the importance of training and education by lack of recognition and has been passive about qualified guards. And the authorities supervising and the administrating the guards has not recognized the importance of private security and has neglected the training of the guards. In theses contexts, private security should develop and maintain a educational program of emergency management to meet their responsibilities to provide the protection and safety of the clients.

• Convergence Security Journal
• /
• v.13 no.4
• /
• pp.11-17
• /
• 2013

All u-Health system has security vulnerabilities. This vulnerability locally(local) or network(network) is on the potential risk. Smart environment of health information technology, Ad-hoc networking, wireless communication environments, u-health are major factor to increase the security vulnerability. u-health care information systems user terminal domain interval, interval public network infrastructure, networking section, the intranet are divided into sections. Health information systems by separating domain specific reason to assess vulnerability vulnerability countermeasure for each domain are different. u-Healthcare System 5 layers of security risk assessment system for domain-specific security vulnerability diagnosis system designed to take the security measures are needed. If you use this proposed model that has been conducted so far vaguely USN-based health information network security vulnerabilities diagnostic measures can be done more systematically provide a model.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.17 no.2
• /
• pp.145-185
• /
• 2007

A resident registration number is used to confirm and prove his/her identity in a government/non-governmental agency. It is a essential requirement to become the registered member on internet website in Korea. It is serious problem that the resident registration number and name are outflowed in internet and misused by others. So the MIC(Ministry of Information and Communication) in Korea plans and operates the identification system using I-PIN that integrate 5 alternative methods of resident registration number. In this paper, we analyze the problem about the method of 5 I-PIN services and show the security analysis on the implementation vulnerabilities of I-PIN services. we also analyze 17 websites that provides identification system using I-PIN. Finally, we analyze the overall problem of I-PIN service and propose the countermeasure about the problem.

• Journal of Digital Convergence
• /
• v.11 no.12
• /
• pp.453-458
• /
• 2013

In a wireless LAN environment, security is the most important. Security of 802.11 standard has many vulnerabilities of the network attack. IEEE has created mechanisms to security for this vulnerability. But the vulnerabilities is characteristic of broadcast in the air in wireless LAN, it is more disclosure then other network environments. In a wireless LAN environment, it can be accessed to the wireless LAN after authentication. Authentication process is one of most important because of the first security step. However, in the authentication process is not mentioned in the method of reducing the disclosure maximum fundamental. Therefore, in this research, the vulnerability of 802.11 are presented and how to do de-authentication in 802.11.

• Journal of the Korean Institute of Illuminating and Electrical Installation Engineers
• /
• v.19 no.6
• /
• pp.29-35
• /
• 2005

This paper presents the basic quench protection idea for the HTS(High-Temperature Superconducting) cable. In Korea power system, the transfer capability of transmission line is limited by the voltage stability, HTS cable could be one of the countermeasure to enhance the transfer limit with its higher current capacity and lower impedance[1]. However, the quench characteristic makes not only HTS cable to loss its superconductivity, but also change the impedance of the transmission line and power system operating condition dramatically. This pheonominum threats HTS cable safety as well as power system security, therefore a proper protection scheme and security control counterplan have to be established before HTS cable implementation. In this paper, the quench characteristics of HTS cable for the fault current based on heat balance equation was established and a proper protection method regarding conventional protection system was suggested.

• Journal of Advanced Navigation Technology
• /
• v.12 no.1
• /
• pp.28-33
• /
• 2008

VoIP provided voice service using Internet is receiving footlights when it escapes an initial curiosity. VoIP interest became larger, because it can transfer existing phone service and deliver voice data through internet technology. Is inheriting as it is threats of IP base because a VoIP technology provides audiocommunication service taking advantage of an existing IP technology, and have new threats that happen from new know-hows for VoIP service offer. In this paper, presented about problem and consideration and countermeasure of examines about security threat of VoIP service, and applies security.

• Proceedings of the Korea Information Assurance Society Conference
• /
• 2004.05a
• /
• pp.131-137
• /
• 2004

With the rapid development of information sharing through network, If system is exposed to various threatener and security incident are became a social problem. As a countermeasure, various security systems are been using such as IDS, Firewall, VPN etc.. But, expertise or expert is required to handle security system. In this paper, design and implementation of file access control module for secure operation system. The module, implemented in this paper, is based on Windows and has effect integrity and non-repudiation for a file.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2013.05a
• /
• pp.223-226
• /
• 2013

Information security breaches caused by malicious code is arising in various forms with exponential growth. The latest information security threats on computers are increasing, especially on smartphone, which has enabled malicious code to quickly surge. As a result, the leakage of personal information, such as billing information, is under threat. Meanwhile the attack vector o smartphone malware is difficult to detect. In this paper, we propose a smartphone security system to respond to the spread of malicious code by iPhone and Android OS-based malware analysis.