• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.12 no.4
• /
• pp.1876-1883
• /
• 2011

The TPM is a hardware chip for making a trusted environment on computing system. We previously need a command authorization process to use principal TPM commands. The command authorization is used to verify an user who knows a usage secret to TPM chip. Since the user uses a simple password to compute usage secret, an attacker can retrieve the password by evasdropping messages between user and TPM chip and applying off-line dictionary attack. In this paper, we simulate the off-line dictionary attack in real PC environment adopted a TPM chip and propose a novel countermeasure to defeat this attack. Our proposed method is very efficient due to its simplicity and adaptability without any modification of TPM command structures.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.9 no.2
• /
• pp.13-24
• /
• 1999

Electronic cash is a digital signature issued by bank. If the concept of the distributed secret sharing and magic ink signature is introduced in the existing electronic cash system we can increase the security level and the availability of electronic cash system and trace the electronic cash itself and the owner of electronic cash which was issued anonymously to a user in case of illegal usage of electronic cash by users. If the trust is concentrated on one bank system. the problem of misuse of bank can be occurred. To solve this problem, the distributed secrete sharing scheme need to be introduced in electronic cash system. In this paper We propose a DSS(Digital Signature Standard) distributed magic ink signature scheme and a KCDSA(Korea Certificate-based Digital Signature Algorithm) distributed magic ink signature scheme using a verifiable secret sharing method. and we compare two methods with respect to the required computation amount for the generation of magic-ink signature.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.9 no.5
• /
• pp.1938-1962
• /
• 2015

Security of information during transmission is a major issue in this modern era. All of the communicating bodies want confidentiality, integrity, and authenticity of their secret information. Researchers have presented various schemes to cope with these Internet security issues. In this context, both steganography and cryptography can be used effectively. However, major limitation in the existing steganographic methods is the low-quality output stego images, which consequently results in the lack of security. To cope with these issues, we present an efficient method for RGB images based on gray level modification (GLM) and multi-level encryption (MLE). The secret key and secret data is encrypted using MLE algorithm before mapping it to the grey-levels of the cover image. Then, a transposition function is applied on cover image prior to data hiding. The usage of transpose, secret key, MLE, and GLM adds four different levels of security to the proposed algorithm, making it very difficult for a malicious user to extract the original secret information. The proposed method is evaluated both quantitatively and qualitatively. The experimental results, compared with several state-of-the-art algorithms, show that the proposed algorithm not only enhances the quality of stego images but also provides multiple levels of security, which can significantly misguide image steganalysis and makes the attack on this algorithm more challenging.

• Journal of Korea Multimedia Society
• /
• v.8 no.12
• /
• pp.1638-1648
• /
• 2005

The SEM approach to PKl offers several advantages, such as immediate revocation of users' signing ability without CRLs and compatibility with the standard RSA. However, it has a weakness against denial of service attack caused by breaking down or being compromised. G. Vanrenen et al. proposed a distributed SEM approach to overcome the weaknesses. However, it does not provide the desirable properties such as instant availability and immunity against denial of service attack, due to inadequate usage of threshold cryptography and proactive secret sharing. In this paper, we point out its structural contradictions and propose a modified version of distributed SEM approach.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.3
• /
• pp.359-370
• /
• 2013

Lin and Chan proposed a reversible secret image sharing scheme in 2010. The advantages of their scheme are as follows: the low distortion ratio, high embedding capacity of shadow images and usage of the reversible. However, their scheme has some problems. First, the number of participants is limited because of modulus prime number m. Second, the overflow can be occurred by additional operations (quantized value and the result value of polynomial) in the secret sharing procedure. Finally, if the coefficient of (t-1)th degree polynomial become zero, (t-1) participants can access secret data. In this paper, an improved reversible secret image sharing scheme which solves the problems of Lin and Chan's scheme while provides the low distortion ratio and high embedding capacity is proposed. The proposed scheme solves the problems that are a limit of a total number of participants, and occurrence of overflow by new polynomial operation over GF($2^8$). Also, it solve problem that the coefficient of (t-1)th degree polynomial become zero by fixed MSB 4-bit constant. In the experimental results, PSNR of their scheme is decreased with the increase of embedding capacity. However, even if the embedding capacity increase, PSNR value of about 45dB or more is maintained uniformly in the proposed scheme.

• Convergence Security Journal
• /
• v.11 no.6
• /
• pp.9-15
• /
• 2011

It is difficult to identify attack requests from normal ones when those attacks are based on CSRF which enables an attacker transmit fabricated requests of a trusted user to the website. For the protection against the CSRF, there have been a lot of research efforts including secret token, custom header, proxy, policy model, CAPTCHA, and user reauthentication. There remains, however, incapacitating means and CAPTCHA and user reauthentication incur user inconvenience. In this paper, we propose a method to detect CSRF attacks by analyzing the structure of websites and the usage patterns. Potential victim candidates are selected and website usage patterns according to the structure and usage logs are analyzed. CSRF attacks can be detected by identifying normal usage patterns. Also, the proposed method does not damage users' convenience not like CAPTCHA by requiring user intervention only in case of detecting abnormal requests.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.12 no.1
• /
• pp.33-42
• /
• 2002

We present a systematic way to armor a zero-knowledge interactive proof based identification scheme that has badly chosen keys. Keys are sometimes mistakenly chosen to be weak(neither random nor long), and a weak key is often preferred to a strong key so that it might be easy for human to remember. Weak keys severely degrade the security of ZKIP based identification schemes. We show using off-line guessing attack how the weak key threats the security of ZlKIP based identification schemes. For the proper usage of ZKIP, we introduce a specialized form of ZKIP, which has a secret coin-tossing stage. Using the secret coin tossing, a secure framework is proposed for ZKIP based identification schemes with weak key in the ideal cipher model. The framework is very useful in password based authentication and key exchange protocol

• Philosophy of Education
• /
• no.66
• /
• pp.77-103
• /
• 2018

This study focused on the meaning of 'educational philosophy' by the method of corpus analysis. There is the difference of meaning on educational philosophy between professional researchers and publics. This semantic phenomenon implies that the image acoustics of 'educational philosophy' are not matched between two groups. This study, which originated from Saussure's linguistics theory, examined the semantics of educational philosophy in the . Unlike philosophical inquiry on education, the definition of educational philosophy, the general public use 'educational philosophy' like the connotation of secret of successful learning and child nurturing. Given the power of the media and the mass, these tendency could affect the meaning and definition of educational philosophy. Professional researchers should investigate these acoustic image from the sense of linguistic and educational approaches. These researches could contribute to clarify descriptive and normative meaning of the educational philosophy.

• The Journal of the Korea Contents Association
• /
• v.10 no.9
• /
• pp.57-67
• /
• 2010

Smart grid technology can expand energy efficiency into the home by monitoring consumer energy usage in real time and communicating with household devices that respond to demands to shut off during periods of non-use, allowing individual consumers to control their electricity usage more effectively. But, the information collected on a smart grid will form a library of personal information, the mishandling of which could be highly invasive of consumer privacy. There will be major concerns if consumer-focused principles of transparency and control are not treated as essential design principles from beginning to end. In this paper, using. All-Or-Nothing Transform encryption mode for providing smart grid security, we propose efficient distributed data Management based on XOR operation. The contribution of this paper is to provide a secure algorithm that manages efficiently distributed data in the field of private data in smart grid environment.

• JSTS:Journal of Semiconductor Technology and Science
• /
• v.12 no.2
• /
• pp.240-253
• /
• 2012

In this paper we propose a protection mechanism for the debug port. While debug ports are useful tools for embedded device development and maintenance, they can also become potential attack tools for device hacking in case their usage is permitted to hackers with malicious intentions. The proposed approach prevents illicit use of debug ports by controlling access through user authentication, where the device generates and issues authentication token only to the server-authenticated users. An authentication token includes user access information which represents the user's permitted level of access and the maximum number of authentications allowed using the token. The device authenticates the user with the token and grants limited access based on the user's access level. The proposed approach improves the degree of overall security by removing the need to expose the device's secret key. Availability is also enhanced by not requiring server connection after the initial token generation and further by supporting flexible token transfer among predefined device groups. Low implementation cost is another benefit of the proposed approach, enabling it to be adopted to a wide range of environments in demand of debug port protection.