• IEMEK Journal of Embedded Systems and Applications
• /
• v.8 no.6
• /
• pp.303-309
• /
• 2013

Cloud storage services are used for efficient sharing or synchronizing of user's data across multiple mobile devices. Although cloud storages provide flexibility and scalability in storing data, security issues should be handled. Currently, typical cloud storage services offer data encryption for security purpose but we think such method is not secure enough because managing encryption keys by software and identifying users by simple ID and password are main defectives of current cloud storage services. We propose a secure data access method to cloud storage in mobile environment. Our framework supports hardware-based key management, attestation on the client software integrity, and secure key sharing across the multiple devices. We implemented our prototype using ARM TrustZone and TPM Emulator which is running on secure world of the TrustZone environment.

• Journal of Information Technology Services
• /
• v.19 no.2
• /
• pp.83-92
• /
• 2020

The current technology drain at small and medium-sized enterprises in Korea is very serious. According to the National Intelligence Service's survey data, 69 percent of technology leaks are made through employees of small and medium-sized enterprises. A document security system was introduced to compensate for the problem. However, small and medium-sized enterprises are not doing well due to their poor environment. Therefore, it proposes a document security system suitable for small businesses by developing a location information machine learning system that automatically creates a document security Green Zone through learning, and an ECM-based electronic document leakage prevention system that manages generated Green Zone information by reflecting it into the document authority system. And step by step, propose a universal solution through cloud services..

• Journal of Internet Computing and Services
• /
• v.16 no.5
• /
• pp.1-9
• /
• 2015

As attacks in cyber space become advanced and complex, monotonous defense approach of one-one matching manner between attack and defense may be limited to defend them. More efficient defense method is required. This paper proposes multi layers security scheme that can support to defend assets against diverse cyber attacks in systematical and adaptive. We model multi layers security scheme based on Defense Zone including several defense layers and also discuss essential technical elements necessary to realize multi layers security scheme such as cyber threats analysis and automated assignment of defense techniques. Also effects of multi layers security scheme and its applicability are explained. In future, for embodiment of multi layers security scheme, researches about detailed architecture design for Defense Zone, automated method to select the best defense technique against attack and modeling normal state of asset for attack detection are needed.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.6
• /
• pp.929-938
• /
• 2023

ARM processors, utilized in mobile devices, have integrated the hardware isolation framework, TrustZone technology, to implement two execution environments: the trusted domain "Secure World" and the untrusted domain "Normal World". Rootkit is a type of malicious software that gains administrative access and hide its presence to create backdoors. Detecting the presence of a rootkit in a Secure World is difficult since processes running within the Secure World have no memory access restrictions and are isolated. This paper proposes a technique that leverages the hardware based PMU(Performance Monitoring Unit) to measure events of the Secure World rootkit and to detect the rootkit using deep learning.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.5
• /
• pp.1151-1160
• /
• 2016

A TrustZone-based rootkit detecting solution using a secure timer ensures the integrity of monitoring system, because ARM TrustZone technology provides isolated environments from a monitored OS against intercepting and modifying invoke commands. However, it is vulnerable to transient attack due to periodic monitoring. Also, Address Translation Redirection Attack (ATRA) cannot be detected, because the monitoring is operated by using the physical address of memory. To ameliorate this problem, we propose a snoop-based kernel introspection system. The proposed system can monitor a kernel memory in real-time by using a snooper, and detect memory-bound ATRA by introspecting kernel pages every context switch of processes. Experimental results show that the proposed system successfully protects the kernel memory without incurring any significant performance penalty in run-time.

• IEMEK Journal of Embedded Systems and Applications
• /
• v.11 no.3
• /
• pp.135-141
• /
• 2016

Indoor zone-based services have continuously become popular by increased prevalence of smartphones. Bluetooth and ultrasound can be used for zone detection. However, bluetooth does not guarantee precise zone detection if the signal degrades due to the obstacles. Ultrasound can be easily forged by recording sound on the smartphone. For that reason, zone detection based on ultrasound has a security hole. To remedy each limitation, we propose an advanced zone detection method, that combines bluetooth and ultrasound. An authentication server issues a one-time password to the user over bluetooth. The user generates an ultrasound signal that encodes the password. In this manner, the proposed method ensures secure and accurate zone detection.

• Journal of Digital Convergence
• /
• v.15 no.8
• /
• pp.183-193
• /
• 2017

Digital accredited certificates issued under the Digital Signature Act provide essential functionalities for online service, so certificates are used for various services such as online banking, e-government. However, certificates can be stolen by hackers and users need to install separate software to use certificates. Recently FIDO, which aims to solve the problems of password-based authentication and the lack of interoperability between authentication methods, is used for biometric authentication and TrustZone, hardware-based secure environment, is used for safe smartphone usage. In this paper, the new service method is suggested which uses FIDO-based biometric authentication and stores certificates in TrustZone. This method can not only improve security and convenience but also be easily applied to the service because it uses built-in functionalities of new smartphones such as biometric sensors and TrustZone. It is expected that people can use certificates in a safe and convenient way with this method.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.2
• /
• pp.405-413
• /
• 2016

In this paper, we propose a proactive inference method of finding suspicious domains. Our method detects potential malicious domains from the seed domain information extracted from the TLD Zone files and WHOIS information. The inference process follows the three steps: searching the candidate domains, machine learning, and generating a suspicious domain pool. In the first step, we search the TLD Zone files and build a candidate domain set which has the same name server information with the seed domain. The next step clusters the candidate domains by the similarity of the WHOIS information. The final step in the inference process finds the seed domain's cluster, and make the cluster as a suspicious domain set. In experiments, we used .COM and .NET TLD Zone files, and tested 10 seed domains selected by our analysts. The experimental results show that our proposed method finds 55 suspicious domains and 52 true positives. F1 scores 0.91, and precision is 0.95 We hope our proposal will contribute to the further proactive malicious domain blacklisting research.

• The KIPS Transactions:PartC
• /
• v.11C no.1
• /
• pp.81-88
• /
• 2004

This paper analyzed the proper methods to solve the security problems of establishing trust zone which is changed by security policy in large scale networks containing multiple VPNs. Therefore, we surveyed the vulnerability of VPN technologies, it analyzed various models suitable for trust zone. By simulations of various models, we Propose the cascade perimeter defence policy model having the neit as such an efficient transit cost and the strictly isolation for trust tone. This model can protect the trust zone from the public network by dividing the trust Tone according to each VPN group and it shows the better transit performance by cascading the position of perimeter defence policy.

• Convergence Security Journal
• /
• v.9 no.1
• /
• pp.19-27
• /
• 2009

In this paper, we propose a safety management system which prevents the occurrence of crime and accident from rising in school neighborhood. This system offers a monitoring method for safety of children which make intelligent space from environment and location sensing data through wireless communication between sensors attached to children and fixed sensor network in school neighborhood. Also, We propose a strategic safety management plan using opportunistic network when node is out of school zone network. Many students can easily receive the service of low cost from WSN-based School zone network than existing service from GPS individually by using our scheme.