• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.27 no.1
• /
• pp.87-96
• /
• 2023

As the number of security vulnerabilities increases yearly, security threats continue to occur, and the vulnerability risk is also important. We devise a security threat score calculation reflecting trends to determine the risk of security vulnerabilities. The three stages considered key elements such as attack type, supplier, vulnerability trend, and current attack methods and techniques. First, it reflects the results of checking the relevance of the attack type, supplier, and CVE. Secondly, it considers the characteristics of the topic group and CVE identified through the LDA algorithm by the Jaccard similarity technique. Third, the latest version of the MITER ATT&CK framework attack method, technology trend, and relevance between CVE are considered. We used the data within overseas sites provide reliable security information to review the usability of the proposed final formula CTRS. The scoring formula makes it possible to fast patch and respond to related information by identifying vulnerabilities with high relevance and risk only with some particular phrase.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.34 no.3
• /
• pp.365-378
• /
• 2024

The operating system (OS) of mobiles or embedded devices is based on the Linux kernel. These OSs request random numbers from the Linux kernel for system operation, such as encryption keys and security features. To provide random numbers reliably, the Linux kernel has a dedicated random number generator (Linux Pseudo Random Number Generator, LPRNG). Recently, LPRNG has undergone a major structural changes. However, despite the major changes, no security analysis has been published on the structure of the new LPRNG. Therefore, we analyze these structural changes as a preliminary study to utilize the security analysis of the new LPRNG. Furthermore, the differences between before and after the changes are divided into cryptographic and performance perspectives to identify elements that require security analysis. This result will help us understand the new LPRNG and serve as a base for security analysis.

• Journal of the Institute of Electronics Engineers of Korea SD
• /
• v.42 no.6 s.336
• /
• pp.31-38
• /
• 2005

In this paper, we proposed an optical security system based on a gray-image exclusive-OR encryption using multi-phase separation and phase-wrapping method. For encryption, a gray image is sliced into binary images, which have the same pixel value, and these images are encrypted by modified XOR rules with binary random images. The XORed images and the binary images respectively combined and converted into full phase images, called an encrypted image and a key image. For decryption, when the encrypted image and key image are used as inputs on optical elements, Practically due to limited controllability of phase range in optical elements, the original gray image cannot be efficiently reconstructed by these optical elements. Therefore, by decreasing the phase ranges of the encrypted image and key image using a phase-wrapping method and separating these images into low-level phase images using multi-phase separation, the gray image can be reconstructed by optical elements which have limited control range. The decrytion process is simply implemented by interfering a multiplication result of encrypted image and key image with reference light. The validity of proposed scheme is verified and the effects, which are caused by phase limitation in decryption process, is analyzed by using computer simulations.

• Journal of the Korean housing association
• /
• v.18 no.1
• /
• pp.61-72
• /
• 2007

The purposes of this study were to summarize the concept of well-being and well-being apartment, to grasp the present condition of apartments which were introduced with well-being elements, and to find out the consumer preferences on well-being elements for apartment planning. Library and internet surveys were performed to summarize the concept of well-being and well-being apartment and to grasp the present condition of apartments which were introduced with well-being elements. Questionnaire survey was carried out from 2nd to 22nd of June 2005, to investigate the preferences on well-being elements for apartment planning. The respondents were 250 residents who are from thirties to fifties and living in urban area. As results, respondents think that 'living for health of body and mind' about concept of well-being and 'certificated apartments by green building rating system' or 'apartments introduced ecological factor' about concept of well-being apartment. They answered that 'yes' about 'Do you have intention to buy well-being apartment?'. The elements in aspect of complex planning having the preference were revealed that promenade for complex design, ecological garden or walking space for landscape design, outdoor exercise space for outdoor design, and security system for foundation equipment. The elements having the preference in aspect of public facilities were fitness room for sports & health facility and study room for cultural facility. The preferred elements in aspect of building and unit design were roof garden for building design, multi-functional room for unit floor plan, natural surface material for interior surface, ventilation system for indoor environment, control system for home automation, and food waste machine for home electronics.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.19 no.10
• /
• pp.8-15
• /
• 2018

This article investigates intelligent security integrated platform for real-time crime response and preventive crime prevention. This study analyzed intelligent crime prevention platform elements by analyzing crime prevention system/platform research, intelligent crime prevention research, and case study of municipality integrated operation center crime prevention system. Through this, we developed a practical intelligent security platform, and suggested a linkage with existing municipalities and smart city integrated platform system considering scalability. This enables CCTV monitoring, which is used only for existing post processing, to cope with real-time crime. It is expected that it will be able to solve the incidents in golden-time by grasping the precise position of the complainant not only in the outdoor but also indoors. It is also possible to provide citizen-centered crime-prevention social safety net information sharing service by enhancing citizen participation as well as improving control efficiency. The intelligent security platform has advantages that it is easy to spread the municipality because it is developed considering existing municipal system, smart city integration platform, and linkage and expansion with other security services.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.7 no.5
• /
• pp.1343-1356
• /
• 2013

Cloud computing has emerged as perhaps the hottest development in information technology at present. This new computing technology requires that the users ensure that their infrastructure is safety and that their data and applications are protected. In addition, the customer must ensure that the provider has taken the proper security measures to protect their information. In order to achieve fine-grained and flexible access control for cloud computing, a new construction of hierarchical attribute-based encryption(HABE) with Ciphertext-Policy is proposed in this paper. The proposed scheme inherits flexibility and delegation of hierarchical identity-based cryptography, and achieves scalability due to the hierarchical structure. The new scheme has constant size ciphertexts since it consists of two group elements. In addition, the security of the new construction is achieved in the standard model which avoids the potential defects in the existing works. Under the decision bilinear Diffie-Hellman exponent assumption, the proposed scheme is provable security against Chosen-plaintext Attack(CPA). Furthermore, we also show the proposed scheme can be transferred to a CCA(Chosen-ciphertext Attack) secure scheme.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.4
• /
• pp.929-940
• /
• 2016

The IMO e-navigation strategy has requested a communication infrastructure providing authorized seamless information transfer between stakeholders. The Maritime Cloud is the term used to describe the concept of an infrastructure that support authorized, seamless information transfer, adding those elements, that are necessary to support the e-navigation domain. It is necessary to consider the study on maritime cloud security, but the study is still an early stage. In this paper, we propose a secure synchronization method for the maritime cloud services. The proposed method can be synchronize between the vessel based on the SH-Tree, and it has the advantage that there is no exposure information in the synchronization process.

• The Journal of the Korea Contents Association
• /
• v.6 no.8
• /
• pp.157-164
• /
• 2006

According to the IT839 strategy which was announced by the Ministry of Information and Communication(MIC) in 2004, the convergence trend of the broadcasting and the communication would be much more promoted. Thus, the methods for protecting the broadcasting contents will be indispensible elements for the successful IPTV service achievement. This paper describes the characteristics of IPTV and the related contents protection techniques. To evaluate several security issues, we suggest a security model for IPTV, and speculate the most widespread, two security technologies for IPTV such as CAS and DRM. Moreover, candidate models of IPTV protection system are suggested based on these technologies.

• Convergence Security Journal
• /
• v.15 no.3_1
• /
• pp.83-90
• /
• 2015

Current PKI system will confront more dangerous elements in the wireless network. Accordingly, this study suggests a plan to strengthen authentication system plan with using access control and encryption to the location. Locational information collecting devices such as GPS and sensor are utilized to create a new key for authentication and collect locational information. Such a key encodes data and creates an authentication code for are access control. By using the method suggested by this study, it is possible to control access of a military secret from unauthorized place and to protect unauthorized user with unproposed technique. In addition, this technique enables access control by stage with utilizing the existing PKI system more wisely.

• Convergence Security Journal
• /
• v.16 no.7
• /
• pp.85-91
• /
• 2016

Block cipher is one of the prominent and important elements in cryptographic systems and study on the minimal construction is a major theme in the cryptographic research. Even and Mansour motivated by the study suggested a kind of block cipher called the Even-Mansour scheme in the early 1990s. It is a very simple cipher with one permutation and two secret keys. There have been many studies on the Even-Mansour scheme and security analysis of the scheme. We explain the Even-Mansour scheme and simplify those attacks on the Even-Mansour scheme with mathematical language. Additionally, we show that Pollard's rho attack to the discrete logarithm problem can be used to attack the Even-Mansour scheme with the same complexity of the Pollard's rho attack.