• Proceedings of the Korea Information Processing Society Conference
• /
• 2011.11a
• /
• pp.850-853
• /
• 2011

HPA(Host Protected Area) 영역과 DCO(Device Configuration Overlay) 영역은 사용자가 일반적으로 접근할 수 없는 영역이며 이 위치에 데이터를 저장하거나 은닉할 수 있다. HPA/DCO 영역은 저장 장치와의 통신을 위해 만들어진 규약인 ATA-4와 ATA-6에서 제시되었다. 디지털 포렌식 조사시 HPA/DCO 영역을 고려하지 않은 디스크 이미징 및 데이터 추출 방법은 해당 영역에 숨겨진 유용한 정보를 획득할 수 없다. 따라서 디지털 포렌식 관점에서 HPA/DCO 영역은 중요한 의미를 가지고 있으며, 해당 영역에 존재하는 데이터를 인식하여 획득하는 절차를 통해 디스크 이미징 또는 데이터 추출이 이루어져야 한다. 본 논문은 HPA/DCO 영역에 관한 기존 연구를 활용하여 포렌식 조사에서 해당 영역을 확인하고 접근할 수 있는 방법을 제시하며, HPA/DCO 영역에 저장되어 있는 데이터를 획득하여 디지털 포렌식 조사시 활용할 수 있도록 한다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.2
• /
• pp.363-374
• /
• 2015

Instrumentation and control(I&C) system has been mainly designed and operated based on analog technologies in existing Nuclear Power Plants(NPPs). However, As the development of Information Technology(IT), digital technologies are gradually being adopted in newly built NPPs. I&C System based on digital technologies has many advantages but it is vulnerable to cyber threat. For this reason, cyber threat adversely affects on safety and reliability of I&C system as well as the entire NPPs. Therefore, the software equipped to NPPs should be developed with cyber security attributes from the initiation phase of software development life cycle. Moreover through cyber security assessment, the degree of confidence concerning cyber security should be measured and if managerial, technical and operational work measures are implemented as intended should be reviewed in order to protect the I&C systems and information. Currently the overall cyber security program, including cyber security assessment, is not established on I&C systems. In this paper, we propose cyber security assessment methods in the Software Development Life Cycle by drawing cyber security activities and assessment items based on regulatory guides and standard technologies concerned with NPPs.

• ETRI Journal
• /
• v.30 no.1
• /
• pp.68-80
• /
• 2008

Since many efficient algorithms for implementing pairings have been proposed such as ${\eta}_T$ pairing and the Ate pairing, pairings could be used in constraint devices such as smart cards. However, the secure implementation of pairings has not been thoroughly investigated. In this paper, we investigate the security of ${\eta}_T$ pairing over binary fields in the context of side-channel attacks. We propose efficient and secure ${\eta}_T$ pairing algorithms using randomized projective coordinate systems for computing the pairing.

• Journal of Korea Multimedia Society
• /
• v.2 no.2
• /
• pp.166-175
• /
• 1999

Since the intranet is a combination of open internet technologies and private information systems, various technologies for information security are essentially needed. On recent, a lot of firewall systems are being constructed to be secure the informations from external networks such as Internet in many private companies. Even though internal attacks are more frequently happened than external ones in the intranet environments, there are quite few researches on secure intranet and the internal threats are underestimated so far. In this paper, we study the security threats for each service in the intranet and propose the security models appropriate to the intranet environments by using several cryptographic tools and protocols. Furthermore, we implement the proposed security models in Java applications through computer simulation.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.3 no.2
• /
• pp.163-177
• /
• 2009

The demand for services using digital technology is constantly increasing as new developments in digital consumer electronics and the Internet are made. This is especially true in terms of the demand for IPTV utilizing high speed Internet networks. Research on IPTV threats is important for facilitating financial transactions via IPTV and preventing illegal use or copying of digital content. Thus, this paper analyzes IPTV threats via the IPTV value chain. That is, the distribution system for IPTV service is analyzed along with the components of the value chain and corresponding IPTV security requirements or security technologies, in order to perform a threat analysis and research suitable for the IPTV service environment. This paper has a greater focus on the value chain of the IPTV business than the approach in previous research, in order to analyze security requirements and technologies that are more applicable to the business environment.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.21 no.1
• /
• pp.105-116
• /
• 2011

Mobile IPTV is a IPTV interactive broadcasting service through wireless Internet. Mobile IPTV service would be much more promoted. Thus, the methods for protecting the broadcasting contents will be indispensible elements for the successful Mobile IPTV service achievement. This paper describes the characteristics of Mobile IPTV and the related contents protection techniques. To evaluate several security issues, we suggest a DCAS security framework model for Mobile IPTV, and speculate the most widespread, a security technologies for Mobile IPTV such as DCSA. Moreover, candidate models of Mobile IPTV protection system are suggested based on these technologies.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.14 no.11
• /
• pp.4331-4354
• /
• 2020

Nepal is a sensitive and disaster-prone country where safety and security risk are of high concern for travelers. Digital technologies can play a vital role in addressing safety and security issues in the country. This research work proposes a Digital tourism security system design for addressing the safety and security issues in tourism industry of Nepal. The study uses Design science research methodology to identify artifacts, interactions, information flow and dependencies between them which are then mapped with existing prevalent technology to provide design solutions. Data is obtained from interview of tourist and experts as a primary source and technical documents/draft, software documentations, surveys as secondary source. Generalized information model, Use cases model, Network architecture model, Layered taxonomy model and Digital tourism technology reference model are the outcomes of the study. The work is very important as it talks specifically about implementation and integration of digital technologies in tourism security governance at federal, provincial, municipal and rural level. The research supplements as a knowledge document for design and implementation of digital tourism security system in practice. As there is very less work on digital systems in tourism security of Nepal, this work is a pioneer and first of its kind.

• The Journal of Society for e-Business Studies
• /
• v.4 no.2
• /
• pp.197-208
• /
• 1999

With developing computer and communication technologies, the concept of CALS system has been popular not only to military but also to commercial industries. The security problem is one of the most critical issues to construct CALS infrastructure. The CALS system needs some security functions such that data confidentiality, integrity, authenticity, availability, and non-repudiation. This paper proposes a security architecture model in CALS. The security architecture model is composed of 5 submodels such that network security model, authentication and key management model, operation and audit model, integrated database security model, and risk analysis model.

• Journal of the Institute of Electronics Engineers of Korea CI
• /
• v.40 no.6
• /
• pp.39-46
• /
• 2003

Biometric technologies using biometric information like fingerprints features are in wide use for the secure user authentication in many services including log-in of computer systems, entrance ID and E-commercial security. Nowadays, biometric technologies are ported into small embedded systems like security tokens or smart cards due to the merit of being secure and automatic in comparison with the previous method in user authentication such as using a PIN. In this paper, the security token developed as an embedded system and tile user authentication system implemented and tested using fingerprints information are described. Communications between the security token and tile host are tested and verified with USB. And, execution time and runtime memory on tile security token board was measured and performance improvement was described. In addition, requisites for the transit from the security token to the match-on-card was mentioned.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.6 no.11
• /
• pp.2866-2879
• /
• 2012

Among the various security threats in online games, the use of game bots is the most serious problem. Previous studies on game bot detection have proposed many methods to find out discriminable behaviors of bots from humans based on the fact that a bot's playing pattern is different from that of a human. In this paper, we look at the chatting data that reflects gamers' communication patterns and propose a communication pattern analysis framework for online game bot detection. In massive multi-user online role playing games (MMORPGs), game bots use chatting message in a different way from normal users. We derive four features; a network feature, a descriptive feature, a diversity feature and a text feature. To measure the diversity of communication patterns, we propose lightly summarized indices, which are computationally inexpensive and intuitive. For text features, we derive lexical, syntactic and semantic features from chatting contents using text mining techniques. To build the learning model for game bot detection, we test and compare three classification models: the random forest, logistic regression and lazy learning. We apply the proposed framework to AION operated by NCsoft, a leading online game company in Korea. As a result of our experiments, we found that the random forest outperforms the logistic regression and lazy learning. The model that employs the entire feature sets gives the highest performance with a precision value of 0.893 and a recall value of 0.965.