• Journal of the Korea Society for Simulation
• /
• v.18 no.4
• /
• pp.149-155
• /
• 2009

Attacks in wireless sensor networks (WSN), are similar to the attacks in ad-hoc networks because there are deployed on a wireless environment. However existing security mechanism cannot apply to WSN, because it has limited resource and hostile environment. One of the typical attack in WSN is setting up wrong route that using wormhole. To overcome this threat, Ji-Hoon Yun et al. proposed WODEM (WOrmhole attack DEfense Mechanism) which can detect and counter with wormhole. In this scheme, it can detect and counter with wormhole attacks by comparing hop count and initial TTL (Time To Live) which is pre-defined. The selection of a initial TTL is important since it can provide a tradeoff between detection ability ratio and energy consumption. In this paper, we proposed a fuzzy rule-based system for TTL determination that can conserve energy, while it provides sufficient detection ratio in wormhole attack.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.2
• /
• pp.151-164
• /
• 2023

Recently, the development of quantum computers means a great threat to existing public key system based on discrete algebra problems or factorization problems. Accordingly, NIST is currently in the process of contesting and screening PQC(Post Quantum Cryptography) that can be implemented in both the computing environment and the upcoming quantum computing environment. Among them, SIKE is the only Isogeny-based cipher and has the advantage of a shorter public key compared to other PQC with the same safety. However, like conventional cryptographic algorithms, all quantum-resistant ciphers must be safe for existing cryptanlysis. In this paper, we studied power analysis-based cryptographic analysis techniques for SIKE, and notably we analyzed SIKE through wavelet transformation and deep learning-based clustering power analysis. As a result, the analysis success rate was close to 100% even in SIKE with applied masking response techniques that defend the accuracy of existing clustering power analysis techniques to around 50%, and it was confirmed that was the strongest attack on SIKE.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.3
• /
• pp.459-469
• /
• 2023

The number of IoT devices is explosively increasing due to the development of embedded equipment and computer networks. As a result, cyber threats to IoT are increasing, and currently, malicious codes are being distributed and infected to IoT devices and exploited for DDoS. Currently, IoT devices that are the target of such an attack have various installation environments and have limited resources. In addition, IoT devices have a characteristic that once set up, the owner does not care about management. Because of this, IoT devices are becoming a blind spot for management that is easily infected with malicious codes. Because of these difficulties, the threat of malicious codes always exists in IoT devices, and when they are infected, responses are not properly made. In this paper, we will design an malware detection system for IoT in consideration of the characteristics of the IoT environment and present detection rules suitable for use in the system. Using this system, it will be possible to construct an IoT malware detection system inexpensively and efficiently without changing the structure of IoT devices that are already installed and exposed to cyber threats.

• Convergence Security Journal
• /
• v.22 no.4
• /
• pp.65-73
• /
• 2022

Since cyber operations are performed in a virtual cyber battlefield, the measurement indicators that can evaluate and visualize the current state of the cyber environment in a consistent form are required for the commander to effectively support the decision-making of cyber operations. In this paper, we propose a method to define various evaluation indicators that can be collected on the cyber battlefield, normalized them, and evaluate the cyber status in a consistent form. The proposed cyber battlefield status element consists of cyber asset-related indicators, target network-related indicators, and cyber threat-related indicators. Each indicator has 6 sub-indicators and can be used by assigning weights according to the commander's interests. The overall status of the cyber battlefield can be easily recognized because the measured indicators are visualized in time series on a single screen. Therefore, the proposed method can be used for the situational awareness required to effectively conduct cyber warfare.

• Journal of Internet of Things and Convergence
• /
• v.10 no.1
• /
• pp.7-12
• /
• 2024

To trade cryptocurrency, traders require a personal cryptocurrency wallet. Cryptocurrency itself using blockchain technology is guaranteed excellent security and reliability, so the threat of blockchain hacking is almost impossible, but the exchange environment used by traders for transactions is most subject to hacking threats. Even if transactions are made safely through blockchain during the transaction process, if the trader's wallet information itself is hacked, security cannot be secured in these processes. Exchange hacking is mainly done by stealing a trader's wallet information, giving the hacker access to the victim's wallet assets. In this paper, to prevent this, we would like to reconstruct the existing Hyperledger Fabric structure and propose a system that verifies the identity integrity of traders during the transaction process using whitelisting. The advantage is that through this process, damage to cryptocurrency assets caused by hackers can be prevented and recognized. In addition, we aim to point out and correct problems in the transaction process that may occur if the victim's wallet information is stolen from the existing Hyperledger Fabric.

• International Journal of Computer Science & Network Security
• /
• v.23 no.11
• /
• pp.99-109
• /
• 2023

The darknet is frequently referred to as the hub of illicit online activity. In order to keep track of real-time applications and activities taking place on Darknet, traffic on that network must be analysed. It is without a doubt important to recognise network traffic tied to an unused Internet address in order to spot and investigate malicious online activity. Any observed network traffic is the result of mis-configuration from faked source addresses and another methods that monitor the unused space address because there are no genuine devices or hosts in an unused address block. Digital systems can now detect and identify darknet activity on their own thanks to recent advances in artificial intelligence. In this paper, offer a generalised method for deep learning-based detection and classification of darknet traffic. Furthermore, analyse a cutting-edge complicated dataset that contains a lot of information about darknet traffic. Next, examine various feature selection strategies to choose a best attribute for detecting and classifying darknet traffic. For the purpose of identifying threats using network properties acquired from darknet traffic, devised a hybrid deep learning (DL) approach that combines Recurrent Neural Network (RNN) and Bidirectional LSTM (BiLSTM). This probing technique can tell malicious traffic from legitimate traffic. The results show that the suggested strategy works better than the existing ways by producing the highest level of accuracy for categorising darknet traffic using the Black widow optimization algorithm as a feature selection approach and RNN-BiLSTM as a recognition model.

• Convergence Security Journal
• /
• v.23 no.5
• /
• pp.165-172
• /
• 2023

Nation-state social engineering attacks are steadily being carried out as they are highly effective attacks, primarily to gain an advantage over secret information, diplomatic negotiations or future policy changes. As The Ukraine-Russia war prolongs, the activities of global hacking organizations are steadily increasing, and large-scale cyberattack attempts against major infrastructure or global companies continue, so a countermeasure strategy is needed. To this end, we determined that the social engineering attack cycle excluding physical contact among various social engineering models is the most suitable model, and analyzed the preferred social engineering attack method by comparing it with geopolitical tactics through case analysis. AS a result China favors phishing attacks, which prefer quantity over quality, such as man-made tactics, Russia prefers covert and complex spear phishing reminiscent of espionage warfare, and North Korea uses geopolitical tactics such as spear phishing and watering holes for attacks on the US and South Korea Most of the other countries aimed to secure funds with ransomware. Accordingly, a Clean Pass policy for China, periodic compulsory education in Russia, and international sanctions against North Korea were presented as countermeasure strategies.

• The Journal of the Convergence on Culture Technology
• /
• v.10 no.3
• /
• pp.31-35
• /
• 2024

On October 7, 2023, Hamas launched a large-scale surprise attack against Israel and war broke out. On this day, in addition to supplying rockets, they directly invaded Israeli territory in multiple areas using parariders and motorcycles. Considering the security situation on the Korean Peninsula, it is meaningful to consider why Israel allowed Hamas to attack and why it failed to deter the war in advance. Deterrence can only be successful if it is supported by capability, will, communication, and credibility. Although the capability and will were sufficient, and the communication through punitive deterrence had been sufficiently communicated, the failure to deter this war was problematic in terms of credibility. In order to increase deterrence against North Korea's threat, we need to improve customized extended deterrence, convey the will of both Korea and the United States to deter, and increase credibility in deterrence capabilities and execution ability.

• Journal of Intelligence and Information Systems
• /
• v.19 no.3
• /
• pp.45-55
• /
• 2013

Thereby using smartphone and mobile device be more popular the more people utilize mobile device in many area such as education, news, financial. In January, 2007 Apple release i-phone it touch off rapid increasing in user of smartphone and it create new market and these broaden its utilization area. Smartphone use WiFi or 3G mobile radio communication network and it has a feature that can access to internet whenever and anywhere. Also using smartphone application people can search arrival time of public transportation in real time and application is used in mobile banking and stock trading. Computer's function is replaced by smartphone so it involves important user's information such as financial and personal pictures, videos. Present smartphone security systems are not only too simple but the unlocking methods are spreading out covertly. I-phone is secured by using combination of number and character but USA's IT magazine Engadget reveal that it is easily unlocked by using combination with some part of number pad and buttons Android operation system is using pattern system and it is known as using 9 point dot so user can utilize various variable but according to Jonathan smith professor of University of Pennsylvania Android security system is easily unlocked by tracing fingerprint which remains on the smartphone screen. So both of Android and I-phone OS are vulnerable at security threat. Compared with problem of password and pattern finger recognition has advantage in security and possibility of loss. The reason why current using finger recognition smart phone, and device are not so popular is that there are many problem: not providing reasonable price, breaching human rights. In addition, finger recognition sensor is not providing reasonable price to customers but through continuous development of the smartphone and device, it will be more miniaturized and its price will fall. So once utilization of finger recognition is actively used in smartphone and if its utilization area broaden to financial transaction. Utilization of biometrics in smart device will be debated briskly. So in this thesis we will propose fingerprint numbering system which is combined fingerprint and password to fortify existing fingerprint recognition. Consisted by 4 number of password has this kind of problem so we will replace existing 4number password and pattern system and consolidate with fingerprint recognition and password reinforce security. In original fingerprint recognition system there is only 10 numbers of cases but if numbering to fingerprint we can consist of a password as a new method. Using proposed method user enter fingerprint as invested number to the finger. So attacker will have difficulty to collect all kind of fingerprint to forge and infer user's password. After fingerprint numbering, system can use the method of recognization of entering several fingerprint at the same time or enter fingerprint in regular sequence. In this thesis we adapt entering fingerprint in regular sequence and if in this system allow duplication when entering fingerprint. In case of allowing duplication a number of possible combinations is $\sum_{I=1}^{10}\;{_{10}P_i}$ and its total cases of number is 9,864,100. So by this method user retain security the other hand attacker will have a number of difficulties to conjecture and it is needed to obtain user's fingerprint thus this system will enhance user's security. This system is method not accept only one fingerprint but accept multiple finger in regular sequence. In this thesis we introduce the method in the environment of smartphone by using multiple numbered fingerprint enter to authorize user. Present smartphone authorization using pattern and password and fingerprint are exposed to high risk so if proposed system overcome delay time when user enter their finger to recognition device and relate to other biometric method it will have more concrete security. The problem should be solved after this research is reducing fingerprint's numbering time and hardware development should be preceded. If in the future using fingerprint public certification becomes popular. The fingerprint recognition in the smartphone will become important security issue so this thesis will utilize to fortify fingerprint recognition research.

• Korean Security Journal
• /
• no.22
• /
• pp.37-64
• /
• 2010

Since the September 11, 2001, the motives and objectives of terrorism that have been targeted at hard targets such as key national facilities have now shifted towards soft targets such as subways, department stores, and tourist hotels; the attacks on these soft targets are steadily increasing. Simultaneous, unconventional, and indiscriminate terrorist attacks on civilians has also increased. In November, 2010, nearly forty states of the G20 and B20 (Business 20) will join in international summits to be hosted in Seoul. This coming July, an additional 350 troops will be deployed to Afghanistan for the sustainment of public security. Such events are sensitive topics, and there is the possibility of terrorist movement. Korea has successfully hosted various international events such as the APEC and ASEM Summits, and the 2002 Korea-Japan World Cup. The experiences from these events must be applied to ensure the safety of public facilities against the dangers of terrorism. First, counter-terrorism center must be established for the long-term, above the General Officer level to ensure the safety and efficiency of multilateral, international summits, as well as promoting policies and legislation aimed at preventing terrorism. Second, a terrorist threat management system must be secured and safety measures must be emphasized. Third, a fundamental structure must be established for the prevention of terrorism on public facilities, as well as legal and government action against the new threat of IED. Fourth, the police and fire fighting networks' must have a firm rapid response posture on the scene of an attack. Fifth, the state of mentality on the recognition of terrorist threats must be changed and restructured by promoting to and educating the population. Sixth, prevention measures must be established via research and academia. Seventh, for the guarantee of security in public facilities, safety management should employ cutting edge technology such as the 3D SICS and further develop and apply such technology. All methods and resources must be fully utilized for the establishment and strengthening terrorism prevention measures.