• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.1
• /
• pp.1-15
• /
• 2020

As differential computation analysis attack(DCA) which is context of side-channel analysis on white-box cryptography is proposed, masking white-box cryptography based on table encoding has been proposed by Lee et al. to counter DCA. Existing higher-order DCA for the masked white box cryptography did not consider the masking implementation structure based on table encoding, so it is impossible to apply this attack on the countermeasure suggested by Lee et al. In this paper, we propose a new higher-order DCA method that can be applied to the implementation of masking based on table encoding, and prove its effectiveness by finding secret key information of masking white-box cryptography suggested by Lee et al. in practice.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.4
• /
• pp.897-912
• /
• 2017

This paper focuses on how the protection of information security incident is effective in via Information security awareness when conducting information security activities of enterprises. Research models have theorized that the information security activity and the information security awareness will reduce the incidence of information security. The general characteristics of analysis targets have been carried out in the frequency analysis, and the reliability of the measuring tool has been utilized to calculate the coefficient of Cronbach's information protection. Evidence has been demonstrated regarding the relationship between information security activities and information security awareness and information security incidents.

• Journal of Digital Convergence
• /
• v.13 no.12
• /
• pp.193-202
• /
• 2015

The development of the security solutions that can provide a variety of security services is needed urgently. For development of the security solutions, analysis of international standard security technology is the key. In this paper, international organizations' standardization(ISO/IEC JTC1 SC27, ITU-T SG-17, IETF Security Area, etc.) and the current trend of the standard security technology are mainly analyzed. The core of the latest security technology(Application Bridging, DNS-based Authentication, HTTP Authentication, IP Security, Javascript Security, Authentication Technology Next Generation, Managed Incident, Web Authorization Protocol, Security Automation, Transport Layer Security, etc.) is analyzed focusing on 18 working groups of the IETF.

• KIPS Transactions on Computer and Communication Systems
• /
• v.2 no.12
• /
• pp.541-552
• /
• 2013

Recently software security of the smart phone is an important issue in the field of information science and technology due to fast propagation of smart technology in our life. The smart phone as the security critical systems which are utilizing in terminal systems of the banking, ubiquitous home management, airline passengers screening, and so on are related to the risk of costs, risk of loss, risk of availability, and risk by usage. For the security issues, software hazard analysis of smart phone is the key approaching method by use of observed failures. In this paper, we propose an efficient integrative framework for software security analysis of the smart phone using Fault Tree Analysis (FTA) and Failure Mode Effect Analysis (FMEA) to gain a convergence security and reliability analysis technique on hand handle devices. And we discuss about that if a failure mode effect analysis performs simpler, not only for improving security but also reducing failure effects on this smart device, the proposed integrative framework is a key solution.

• Journal of Communications and Networks
• /
• v.18 no.1
• /
• pp.105-111
• /
• 2016

Trust models in the literature of MANETs commonly assume that packets have different security requirements. Before a node forwards a packet, if the recipient's trust level does not meet the packet's requirement level, then the recipient must perform certain security association procedures, such as re-authentication. We present in this paper an analysis of the epidemic broadcast delay in such context. The network, mobility and trust models presented in this paper are quite generic and allow us to obtain the delay component induced only by the security associations along a path. Numerical results obtained by simulations also confirm the accuracy of the analysis. In particular, we can observe from both simulation's and analysis results that, for large and sparsely connected networks, the delay caused by security associations is very small compared to the total delay of a packet. This also means that parameters like network density and nodes' velocity, rather than any trust model parameter, have more impact on the overall delay.

• Journal of Korea Multimedia Society
• /
• v.18 no.2
• /
• pp.218-232
• /
• 2015

According to the development of information processing technology and mobile communication technology, the utilization of mobile banking systems is drastically increasing in banking system. In the foreseeable future, it is expected to increase rapidly the demands of mobile banking in bank systems with the prevalence of smart devices and technologies. However, the keeping 'security' is very important in banking systems that handles personal information and financial assets. But it is very difficult to improve the security of banking systems only with the vulnerabilities and faults analysis methods of information security. Hence, in this paper, we accomplish the analysis of security risk factor and security vulnerability that occur in mobile banking system. With analyzed results, we propose the information security control and management processes for assessing and improving security based on the mechanisms which composes mobile banking system.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.20 no.2
• /
• pp.91-108
• /
• 2010

Universities are one of leading R&D institutes, however, their scarce security investment allows research information to leak outside. This paper proposes methods for improving security level of academic institutes to protect research information by analyzing security awareness and activities. To do that, we verified the current status of information security and awareness level by analyzing the survey which was conducted for a member of Seoul National University. As a result of statistical analysis using correlation, analysis of variance, multi regression and so on, we concluded that it is essential to improve security awareness, activities, professor's security level and management process for research labs. Thus, we suggest the following methods, security awareness and knowledge development through education, security management for research labs through provision, introduction of data protection softwares and physical control of visitors which are to be adopted to improve security level.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2012.05a
• /
• pp.456-460
• /
• 2012

Privacy Protection Act of 30 March 2012 was performed. In general, personal information management to enhance security in the DB server has a security system but, PC for the protection of the privacy and security vulnerability analysis is needed to research on self-diagnosis. In this paper, from a PC to search information relating to privacy and enhance security by encrypting and for delete file delete recovery impossible. In pc found vulnerability analysis is Check user accounts, Checking shared folders ,Services firewall check, Screen savers, Automatic patch update Is checked. After the analysis and quantification of the vulnerability checks through the expression, enhanced security by creating a checklist for the show, PC security management, server management by semi-hwahayeo activates. In this paper the PC privacy and PC security enhancements a economic damage and of the and Will contribute to reduce complaints.

• Convergence Security Journal
• /
• v.15 no.3_2
• /
• pp.83-93
• /
• 2015

In this research, we used KOSPI, KOSDAQ and a stock price of Information Security related Company - S1, Ahnlab, Suprema, Raonscure and Igloosecurity. From August 2010 to July 2014, that is during 208 weeks(4 years), we had grasped index and stock price trend. Also we had attempted various Empirical analysis - Basic statistics of Security related Stock, Analysis of variance, Correlation analysis and Weekly Rate of Rise trends. The first purpose of this research is to see correlation between Security related Company and KOSPI, KOSDAQ. The second purpose of this research is to analyze whether stock items have investment value or not while watching features of flow of stock price per item. We expect possibility and merit of investment when we suppose Security industry's high potential to grow. It seems that Security related Company deserves to be invested. We expect investment for Security related Company that has high possibility of growing will create high yields compared to Market yields.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.2
• /
• pp.249-258
• /
• 2012

Cyber attacks expose sensitive information and cause fatal damage in both the public and the private sectors. Therefore, MKE (Ministry of Knowledge Economy) Cyber Security Center was founded on July 25, 2008, to perform three major roles. First, it detects and analyzes cyber attacks for the both sectors. Second, its ISAC (Information Sharing & Analysis Center) service analyzes and evaluates the vulnerability of the communication and network infrastructure to security threats, including control systems. Third, it provides CERT/CC (Computer Emergency Response Team Coordination Center) service to prevent and to respond to computer security incidents. This study focuses on the MKE Cyber Security Center's service analysis, which is playing an increasingly larger role in the both sectors. Based on this analysis, after grasping the response services activity and pointing out the problems, this study suggests improvements to the MKE Cyber Security Center.