• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.16 no.7
• /
• pp.575-597
• /
• 1991

As an elegant solution of the key management scheme for a conventional cryptosystem. Diffie and Hellman introduced a public key distrbution system, whose security depends on the intractabliity of discrete loganthm problem over a finite field, and since then a lot of vartants of DH KDSS have been proposed. In this paper, we present the systematic approach to analyzing the security of a generalized DH KDS and designing an efficient and secure scheme. We classify vanous attacking methods and point out a possible way to avoid these attacks through the examples of successful attacking methods and point out a possible way to avoid these attacks through the examples of successful attack against those systems proposed so far or designed for this purpose. As security analysis tools, we present the redueiblity test, the information theoretic approach, and the protocol analysis technique, which we apply to variations of DH scheme to examine their security under all possble attacks.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2014.05a
• /
• pp.267-270
• /
• 2014

As Smart Device research processes, the needs of information security in light devices is increasing. For example, Zigbee provide Information Security by applying $AES-CCM^*$ defined IEEE 802.15.4 standard. However, according to information security law in Korea, only devices with KCMVP certification can be used in government organization and facilities. Therefore, this paper provide a solution to apply ARIA-CCM and ARIA-GCM for KCMVP in reserved field of IEEE 802.15.4 standard. For analyzing performance, we provide the speed test result of ARIA-CCM and ARIA-GCM comparing with $AES-CCM^*$.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.21 no.6
• /
• pp.83-99
• /
• 2011

OTP (One Time Password) is widely used for protecting accounts on Internet banking, portal services and online game services in Korea. OTP is very strong method for enforcing account security but there are several ways for exploiting vulnerabilities caused by implementation errors. These attacks can work because of the weakness from OTP enabled system's vulnerabilities, not for OTP's algorithm itself. In this paper, we present the known attack scenarios such as MITM (Man-in-the-Middle) attack and various reverse engineering techniques; also, we show the test result of the attacks and countermeasures for these attacks.

• Nuclear Engineering and Technology
• /
• v.55 no.1
• /
• pp.25-36
• /
• 2023

Nuclear power plants have recognized the importance of nuclear cybersecurity. Based on regulatory guidelines and security-related standards issued by regulatory agencies around the world including IAEA, NRC, and KINAC, nuclear operating organizations and related systems manufacturing organizations, design companies, and regulatory agencies are considering methods to prepare for nuclear cybersecurity. Cryptographic algorithms have to be developed and applied in order to meet nuclear cybersecurity requirements. This paper presents methodologies for validating cryptographic algorithms that should be continuously applied at the critical control system of I&C in NPPs. Through the proposed schemes, validation programs are developed in the PLC, which is a critical system of a NPP's I&C, and the validation program is verified through simulation results. Since the development of a cryptographic algorithm validation program for critical digital systems of NPPs has not been carried out, the methodologies proposed in this paper could provide guidelines for Cryptographic Module Validation Modeling for Control Systems in NPPs. In particular, among several CMVP, specific testing techniques for ECB mode-based block ciphers are introduced with program codes and validation models.

• Membrane and Water Treatment
• /
• v.13 no.2
• /
• pp.105-110
• /
• 2022

Al₂O₃ positively charged nanofiltration composite membrane was successfully prepared with aluminate coupling agent (ACA) as modifier, sodium bisulfite (NaHSO₃) and potassium persulfate (K₂S₂O₈) as initiator and methacryloyloxyethyl trimethylammonium chloride (DMC) as crosslinking monomer. The surface of the membrane before grafting and after polymerization were characterized by SEM and FT-IR. Three factor and three-level orthogonal experiments were designed to explore the optimal conditions for membrane preparation, and the optimal group was successfully prepared. The filtration experiments of different salt solutions were carried out, and the retention molecular weight was determined by polyethylene glycol (PEG). The results showed that the polymerization temperature had the greatest effect on the rejection rate, followed by the reaction time, and the concentration of DMC had the least effect on the rejection rate. The rejection rates of CaCl₂, MgSO₄, NaCl and Na₂SO₄ in the optimal group were 83.8%, 81.3%, 28.1% and 23.6% (average value), respectively. The molecule weight cut-off of 90% (MWCO) of the optimal group was about 460, which belongs to nanofiltration membrane.

• International Journal of Computer Science & Network Security
• /
• v.24 no.3
• /
• pp.93-100
• /
• 2024

In this paper, we propose a novel robust blind crypto-watermarking method for medical images security based on hiding of DICOM patient information (patient name, age...) in the medical imaging. The DICOM patient information is encrypted using the AES standard algorithm before its insertion in the medical image. The cover image is divided in blocks of 8x8, in each we insert 1-bit of the encrypted watermark in the hybrid transform domain by applying respectively the 2D-LWT (Lifting wavelet transforms), the 2D-DCT (discrete cosine transforms), and the SVD (singular value decomposition). The scheme is tested by applying various attacks such as noise, filtering and compression. Experimental results show that no visible difference between the watermarked images and the original images and the test against attack shows the good robustness of the proposed algorithm.

• Asia pacific journal of information systems
• /
• v.31 no.2
• /
• pp.236-256
• /
• 2021

Online financial technology products are an important consumer finance innovation. While a large body of previous research has focused on initial adoption and consumer willingness to use these products, little research explores the continued use of these products beyond the initial adoption phase. In particular, special attention should be paid to how users' trust and perceptions of privacy and security affect continued use behavior. This paper integrates the expectation confirmation model of information system continuance (ECM-ISC), the information system success model (ISSM) and the security and trust literatures to investigate continued use of online financial technology. To test the research model, we collected 398 valid questionnaires from Ant Credit Pay users. The research results show that system and service quality positively impact users' expectation confirmation, while information quality has no significant impact. Expectation confirmation and perceived usefulness positively affect user satisfaction. Moreover, the user's perception of privacy and security plays a vital role in user satisfaction. Satisfaction and perceived trust jointly promote users' continuance behaviors. Findings of this study indicates the importance of the information system success factors and security factors due to their influence on the continued use of Fintech products. This conclusion has implications for enterprises in improving the product qualities and enhancing the degree of security to meet user needs.

• Convergence Security Journal
• /
• v.21 no.1
• /
• pp.177-189
• /
• 2021

Defense R&D is a key process for securing weapons systems determined by mid- and long-term needs to cope with changing future battlefield environments. In particular, the test and evaluation provides information necessary to determine whether or not to switch to mass production as the last gateway to research and development of weapons systems and plays an important role in ensuring performance linked to the life cycle of weapons systems. Meanwhile, if you look at the recent changes in the operational environment of the Korean Peninsula and the defense acquisition environment, you can see three main characteristics. First of all, continuous safety accidents occurred during the operation of the weapon system, which increased social interest in the safety of combatants, and the efficient execution of the limited defense budget is required as acquisition costs increase. In addition, strategic approaches are needed to respond to future battlefield environments such as robots, autonomous weapons systems (RAS), and cyber security test and evaluation. Therefore, in this study, we would like to present strategies for improving the testing and evaluation of weapons systems by considering the characteristics of the security environment that has changed recently. To this end, the improvement strategy was derived by analyzing the complementary elements of the current weapon system operational test and evaluation system in a multi-dimensional model and prioritized through the hierarchical analysis method (AHP).

• Journal of The Korean Association of Information Education
• /
• v.14 no.2
• /
• pp.157-164
• /
• 2010

This study proposed the information security integrated learning model-based KASP. By analyzing the teaching materials regarding information security in the regular curriculum, and by investigating preliminary studies, the information security contents were examined in terms of knowledge, attitudes, skills and ways to practice(KASP). And, the KASP-information security learning model integrating knowledge, attitudes, and ways to practice was developed, and the teaching plan and learning material hand-out were accordingly made out. Moreover, the developed model was tested in an experimental group, and common information security learning content centered on ethics in the comparison group in order to compare the results of two groups. As the test result analysis, it was verified that the developed KASP-information security integrated learning model was effective to help the students learn the knowledge, attitudes, skills and ways to practice.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.6 no.11
• /
• pp.2866-2879
• /
• 2012

Among the various security threats in online games, the use of game bots is the most serious problem. Previous studies on game bot detection have proposed many methods to find out discriminable behaviors of bots from humans based on the fact that a bot's playing pattern is different from that of a human. In this paper, we look at the chatting data that reflects gamers' communication patterns and propose a communication pattern analysis framework for online game bot detection. In massive multi-user online role playing games (MMORPGs), game bots use chatting message in a different way from normal users. We derive four features; a network feature, a descriptive feature, a diversity feature and a text feature. To measure the diversity of communication patterns, we propose lightly summarized indices, which are computationally inexpensive and intuitive. For text features, we derive lexical, syntactic and semantic features from chatting contents using text mining techniques. To build the learning model for game bot detection, we test and compare three classification models: the random forest, logistic regression and lazy learning. We apply the proposed framework to AION operated by NCsoft, a leading online game company in Korea. As a result of our experiments, we found that the random forest outperforms the logistic regression and lazy learning. The model that employs the entire feature sets gives the highest performance with a precision value of 0.893 and a recall value of 0.965.