• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2007.06a
• /
• pp.799-802
• /
• 2007

Broadcast encryption has been applied to transmit digital information such as multimedia, software and paid TV programs on the open networks. This paper presents a method called Traitor Tracing to solve all these problems. Traitor tracing can check attackers and trace them. It also utilizes a proactive way for each user to have effective renewal cycle to generate keys.

• 제어로봇시스템학회:학술대회논문집
• /
• 2005.06a
• /
• pp.1590-1593
• /
• 2005

Security defects occurring within corporate networks and the Internet may be abused by internal or external malicious attackers. Such abuses cause a financial toll through expenditures on additional human resources, the impact of down-time as problems are fixed, as well as damage from divulging corporate informational assets. Hence, through the precise analysis of the possible defects in network security and the identification of risks, preventative policy should be established to ensure maximum security. This report reviews methodologies that calculate and analyze levels of network security in order to resolve these problems, and generates appropriate test steps, test methods, and test items.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.11 no.4
• /
• pp.2196-2218
• /
• 2017

Multicast communication has been widely used in the Internet. However, multicast communication is vulnerable to DoS attack due to static router configuration. In this paper, HMC, a hopping multicast communication method based on SDN, is proposed to tackle this problem. HMC changes the multicast tree periodically and makes it difficult for the attackers to launch an accurate attack. It also decreases the probability of multicast communication being attacked by DoS and in the meanwhile, the QoS constrains are not violated. In this research, the routing problem of HMC is proven to be NP-complete and a heuristic algorithm is proposed to solve it. Experiments show that HMC has the ability to resist DoS attack on multicast route effectively. Theoretically, the multicast compromised probability can drop more than 0.6 when HMC is adopt. In addition, experiments demonstrate that HMC achieves shorter average multicast delay and better robustness compared with traditional method, and more importantly, it better defends DoS attack.

• Journal of Korea Society of Industrial Information Systems
• /
• v.17 no.5
• /
• pp.37-42
• /
• 2012

Audio steganography is quite similar to the procedure of modifying the least significant bit(LSB) of image media files. The most widely used technique today is hiding of secret messages into a digitized audio signal. In this paper, I propose a new method for hiding messages from attackers, high data inserting rate is achieved. In other words, based on the LSB hiding method and digitized to change the bit position of a secret message, an encrypted stego medium sent to the destination in safe way.

• Journal of the Korea Society for Simulation
• /
• v.10 no.1
• /
• pp.83-92
• /
• 2001

For the prevention of the network intrusion from damaging the system, both IDS (Intrusion Detection System) and Firewall are frequently applied. The collaboration of IDS and Firewall efficiently protects the network because of making up for the weak points in the each demerit. A model has been constructed based on the DEVS (Discrete Event system Specification) formalism for the simulation of the system that consists of IDS and Firewall. With this model we can simulation whether the intrusion detection, which is a core function of IDS, is effectively done under various different conditions. As intrusions become more sophisticated, it is beyond the scope of any one IDS to deal with them. Thus we placed multiple IDS agents in the network where the information helpful for detecting the intrusions is shared among these agents to cope effectively with attackers. If an agent detects intrusions, it transfers attacker's information to a Firewall. Using this mechanism attacker's packets detected by IDS can be prevented from damaging the network.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.14 no.3
• /
• pp.1280-1300
• /
• 2020

In the modern financial sector, interest in providing financial services that employ blockchain technology has increased. Blockchain technology is efficient and can operate without a trusted party to store all transaction information; additionally, it provides transparency and prevents the tampering of transaction information. However, new security threats can occur because blockchain technology shares all the transaction information. Furthermore, studies have reported that the private keys of users who use the same signature value two or more times can be recovered. Because private keys of blockchain identify users, private key leaks can result in attackers stealing the ownership rights to users' property. Therefore, as more financial services use blockchain technology, actions to counteract the threat of private key recovery must be continually investigated. Private key recovery studies are presented here. Based on these studies, duplicated signatures generated by blockchain users are defined. Additionally, scenarios that generate and use duplicated signatures are applied in an actual bitcoin environment to demonstrate that actual bitcoin users' private keys can be recovered.

• Annual Conference of KIPS
• /
• 2016.10a
• /
• pp.234-237
• /
• 2016

Address Resolution Protocol (ARP) is used for mapping a network address to physical address in many network technologies. However, since ARP protocol has no security feature, it always abused by attackers for performing ARP-based attacks. Researchers presented many technologies to improve ARP protocol, but most of them require a high implementation cost or scarify the network performance for using ARP protocol securely. In this paper, we present an ARP-disabled network system to neutralize the ARP-based attacks. "ARP-disabled" means suppress the ARP messages like request, response and broadcast messages, but not the ARP table. In our system, ARP tables are used for managing static ARP entries without prior knowledge (e.g. IP, MAC list of client devices). This is possible because the MAC address was designed to be derived from IP address. In general, our system is safe from the ARP-based attacks even the attacker has a strong power. Moreover, we saved network bandwidth by disabling the ARP messages.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.7 no.3
• /
• pp.600-612
• /
• 2013

In 2006, Zhang and Wang proposed a data hiding scheme based on Exploiting Modification Direction (EMD) to increase data hiding capacity. The major benefit of EMD is providing embedding capacity greater than 1 bit per pixel. Since then, many EMD-type data hiding schemes have been proposed. However, a serious disadvantage common to these approaches is that the embedded data is compromised when the embedding function is disclosed. Our proposed secure data hiding scheme remedies this disclosure shortcoming by employing an additional modulus function. The provided security analysis of our scheme demonstrates that attackers cannot get the secret information from the stegoimage even if the embedding function is made public. Furthermore, our proposed scheme also gives a simple solution to the overflow/underflow problem and maintains high embedding capacity and good stegoimage quality.

• Journal of KIISE:Computing Practices and Letters
• /
• v.10 no.2
• /
• pp.199-208
• /
• 2004

In this paper, we propose and implement SIA System for filtering redundant alert messages and dividing them into four statuses. Also, we confirm that our system can find and analyze vulnerability types of network intrusion by attackers in a managed network, so that it provides very effective means for security managers to cope with security threats in real time.

• Convergence Security Journal
• /
• v.8 no.4
• /
• pp.31-40
• /
• 2008

Recently, network forensic research which analyzes intrusion-related information for tracing of attackers, has been becoming more popular than disk forensic which analyzes remaining evidences in a system. Analysis and correlation of logs from firewall, IDS(Intrusion Detect System) and web server are important part in network forensic procedures. This work suggests integrated graphical user interface of network forensic for private information leakage detection. This paper shows the necessity of various log information for network forensic and a design of graphical user interface for security managers who need to monitor the leakage of private information.