• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제13권9호
• /
• pp.4706-4726
• /
• 2019

The paper is devoted to the detailed description of the distributed system for gathering data from Windows-based workstations and servers. The research presented in the beginning demonstrates that neither a solution for gathering data on attacks against Windows based PCs is available at present nor other security tools and supplementary programs can be combined in order to achieve the required attack data gathering from Windows computers. The design of the newly proposed system named Colander is presented, too. It is based on a client-server architecture while taking much inspiration from previous attempts for designing systems with similar purpose, as well as from IDS systems like Snort. Colander emphasizes its ease of use and minimum demand for system resources. Although the resource usage is usually low, it still requires further optimization, as is noted in the performance testing. Colander's ability to detect threats has been tested by real malware, and it has undergone a pilot field application. Future prospects and development are also proposed.

• Journal of Electrical Engineering and Technology
• /
• 제12권2호
• /
• pp.495-501
• /
• 2017

The introduction of smart grid, which is an innovative application of digital processing and communications to the power grid, might lead to more and more cyber threats originated from IT systems. In other words, The Energy Management System (EMS) and other communication networks interact with the power system on a real time basis, so it is important to understand the interaction between two layers to protect the power system from potential cyber threats. This paper aims to identify and clarify the cyber security risks and their interaction with the power system in Smart Grid. In this study, the optimal power flow (OPF) and Power Flow Tracing are used to assess the interaction between the EMS and the power system. Through OPF and Power Flow Tracing based analysis, the physical and economic impacts from potential cyber threats are assessed, and thereby the quantitative risks are measured in a monetary unit.

• International Journal of Internet, Broadcasting and Communication
• /
• 제8권4호
• /
• pp.11-18
• /
• 2016

Due to open source policy, Android systems are exposed to a variety of security problems. In particular, app reuse attacks are detrimental threat to the Android system security. This is because attacker can create core malign components and quickly generate a bunch of malicious apps by reusing these components. Hence, it is very imperative to discern whether Android apps contain reused components. To meet this need, we propose an Android app reuse analysis technique based on the Sequential Hypothesis Testing. This technique quickly makes a decision with a few number of samples whether a set of Android apps is made through app reuse. We performed experimental study with 6 malicious app groups, 1 google and 1 third-party app group such that each group consists of 100 Android apps. Experimental results demonstrate that our proposed analysis technique efficiently judges Android app groups with reused components.

• 디지털산업정보학회논문지
• /
• 제11권1호
• /
• pp.59-67
• /
• 2015

A novel authentication mechanism is biometric authentication where users are identified by their measurable human characteristics, such as fingerprint, voiceprint, and iris scan. The technology of biometrics is becoming a popular method for engineers to design a more secure user authentication scheme. In terms of physiological and behavioral human characteristics, biometrics is used as a form of identity access management and access control, and it services to identity individuals in groups that are under surveillance. In this article, we review the biometric-based authentication protocol by Althobati et al. and provide a security analysis on the scheme. Our analysis shows that Althobati et al.'s scheme does not guarantee server-to-user authentication. The contribution of the current work is to demonstrate this by mounting threat of data integrity and bypassing the gateway node on Althobati et al.'s scheme. In addition, we analysis the security vulnerabilities of Althobati et al.'s protocol.

• 한국융합학회논문지
• /
• 제4권1호
• /
• pp.27-31
• /
• 2013

최근 IT기술의 발전에 따라 언제 어디서나 이용할 수 있는 M2M기반의 무선 충전 분야의 기술 개발이 빠르게 진행되고 있다. M2M에서 무선충전기술은 무선 네트워크를 기반으로 하기 때문에 다양한 보안의 위협요소가 발생된다. 본 논문에서는 무선 충전 시 무선 네트워크 공격 기반의 인증 및 지불 공격에 대한 위협을 알아보고, 기존의 인증 및 지불을 위하여 무선충전 서비스 상황에 맞는 대응 기법을 제안한다.

• 한국기술혁신학회:학술대회논문집
• /
• 한국기술혁신학회 2003년도 추계학술대회
• /
• pp.369-386
• /
• 2003

Radiation technologies are being utilized in a wide range of daily modern life and provide the public with valuable benefits through applications in fields of medical, industrial, agricultural, and science & engineering research. On the other hand, there is a high possibility that radioactive materials can be used for malevolent purposes such as dirty bombs. The International community, therefore, has made efforts to improve the security of radioactive sources aimed at protecting the public from radiological terrorism. The paper investigated high-risk radioactive sources which could be used as dirty bombs. The paper reviewed the possibility of radiological weapon attacks and analyzed international trends to enhance security of radioactive sources. This study also proposed our countermeasures to reduce the threat of radiological terrorism and to properly respond to the radiological emergency caused by the radiological weapon attack.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제9권11호
• /
• pp.4680-4700
• /
• 2015

Broadcast encryption is an efficient way to distribute confidential information to a set of receivers using broadcast channel. It allows the broadcaster to dynamically choose the receiver set during each encryption. However, most broadcast encryption schemes in the literature haven't taken into consideration the receiver's privacy protection, and the scanty privacy preserving solutions are often less efficient, which are not suitable for practical scenarios. In this paper, we propose an efficient dynamic anonymous broadcast encryption scheme that has the shortest ciphertext length. The scheme is constructed over the composite order bilinear groups, and adopts the Lagrange interpolation polynomial to hide the receivers' identities, which yields efficient decryption algorithm. Security proofs show that, the proposed scheme is both secure and anonymous under the threat of adaptive adversaries in standard model.

• 한국융합학회논문지
• /
• 제3권4호
• /
• pp.1-5
• /
• 2012

최근 IT기술의 발전에 따라 언제 어디서나 이용할 수 있는 U-Healthcare분야의 기술 개발이 빠르게 진행되고 있다. U-Healthcare 기술은 네트워크를 기반으로 하기 때문에 다양한 보안의 위협요소가 발생된다. 본 논문에서는 네트워크 공격 기반의 DOS/DDOS공격에 대한 위협을 알아보고, 기존 Detecting Early DOS/DDOS attacks through Packet Counting을 수정하여 U-Healthcare서비스 상황에 맞는 대응 기법을 제안한다.

• 한국정보통신학회:학술대회논문집
• /
• 한국해양정보통신학회 2006년도 춘계종합학술대회
• /
• pp.749-753
• /
• 2006

1986년 컴퓨터 바이러스가 발견된 후, 매년 새로운 바이러스들이 나타나고 있다. 최근에는 모바일 기기(휴대폰, PDA)들을 대상으로 하는 악성코드(바이러스, 웜, 트로이목마)들이 발생하고 있다. 향후 모바일 기기의 보급과 업무 활용이 증가함에 따라 이에 대한 대비가 필요하다. 본 논문에서는 악성코드들의 종류와 특징들을 조사 운석하고 모바일 환경에서의 보안 고려사항들을 살펴본다.

• 한국정보처리학회:학술대회논문집
• /
• 한국정보처리학회 2018년도 추계학술발표대회
• /
• pp.282-284
• /
• 2018

ICT 기술의 발전에 따라 다양한 서비스들이 등장하고 있다. 특히 스마트 홈은 가전제품들을 인터넷에 접목시켜 집안 내에서뿐만 아니라 외부에서도 원격으로 제어가 가능하다. 이러한 편리성 때문에 여러 방면으로 이용성이 급증하고 있다. 하지만 아직까지 보안 기술에 있어 취약점이 많기 때문에 사생활이 노출될 가능성이 있다. 본 논문에서는 스마트 홈 환경에서 국내외 위협사례를 살펴보고, 발생 가능한 위험시나리오를 통해 위협요소를 분석한다. 또 대응방안을 제시하여 기기 개발시 보안 관점에서의 체계를 개선을 하기 위한 방안을 논하고자 한다.