• Title/Summary/Keyword: code security

Search Result 982, Processing Time 0.028 seconds

Efficient Scheme for Secret Hiding in QR Code by Improving Exploiting Modification Direction

  • Huang, Peng-Cheng;Li, Yung-Hui;Chang, Chin-Chen;Liu, Yanjun
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.12 no.5
    • /
    • pp.2348-2365
    • /
    • 2018
  • QR codes as public patent are widely used to acquire the information in various fields. However, it faces security problem when delivering the privacy message by QR code. To overcome this weakness, we propose a secret hiding scheme by improving exploiting modification direction to protect the private message in QR code. The secret messages will be converted into octal digit stream and concealed to the cover QR code by overwriting the cover QR code public message bits. And the private messages can be faithfully decoded using the extraction function. In our secret hiding scheme, the QR code public message still can be fully decoded publicly from the marked QR codes via any standard QR Code reader, which helps to reduce attackers' curiosity. Experiments show that the proposed scheme is feasible, with high secret payload, high security protection level, and resistant to common image post-processing attacks.

System implementation for Qshing attack detection (큐싱(Qshing) 공격 탐지를 위한 시스템 구현)

  • Hyun Chang Shin;Ju Hyung Lee;Jong Min Kim
    • Convergence Security Journal
    • /
    • v.23 no.1
    • /
    • pp.55-61
    • /
    • 2023
  • QR Code is a two-dimensional code in the form of a matrix that contains data in a square-shaped black-and-white grid pattern, and has recently been used in various fields. In particular, in order to prevent the spread of COVID-19, the usage increased rapidly by identifying the movement path in the form of a QR code that anyone can easily and conveniently use. As such, Qshing attacks and damages using QR codes are increasing in proportion to the usage of QR codes. Therefore, in this paper, a system was implemented to block movement to harmful sites and installation of malicious codes when scanning QR codes.

McEliece Type PKC Based on Algebraic Geometry Code over Hyperelliptic Curve (초타원 곡선위에서 생성된 대수기하 부호를 이용한McEliece유형의 공개키 암호시스템)

  • 강보경;한상근
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.12 no.1
    • /
    • pp.43-54
    • /
    • 2002
  • McEliece introduced a public-key cryptosystem based on Algebraic codes, specially binary classical Goppa which have a good decoding algorithm and vast number of inequivalent codes with given parameters. And the advantage of this system low cost of their encryption and decryption procedures compared with other public-key systems specially RSA, ECC based on DLP(discrete logarithm problem). But in [1], they resent new attack based on probabilistic algorithm to find minimum weight codeword, so for a sufficient security level, much larger parameter size [2048, 1608,81]is required. Then the big size of public key make McEliece PKC more inefficient. So in this paper, we will propose New Type PKC using q-ary Hyperelliptic code so that with smaller parameter(1 over 3) but still work factor as hi인 as McEliece PKC and faster encryption, decryption can be maintained.

Precise control flow protection based on source code (소스코드 기반의 정밀도 높은 실행 흐름 보호 기법)

  • Lee, JongHyup;Kim, Yong Seung
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.22 no.5
    • /
    • pp.1159-1168
    • /
    • 2012
  • Control Flow Integrity(CFI) and Control Flow Locking(CFL) prevent unintended execution of software and provide integrity in control flow. Attackers, however, can still hijack program controls since CFI and CFL does not support fine-granularity, context-sensitive protection. In this paper, we propose a new CFI scheme, Source-code CFI(SCFI), to overcome the problems. SCFI provides context-sensitive locking for control flow. Thus, the proposed approach protects software against the attacks on the previous CFI and CFL schemes and improves safety.

Research on Minimizing the Damage from Ransomware Attack by Case Study (사례로 살펴본 렌섬웨어 공격에 의한 피해를 최소화하는 연구 고찰)

  • Choi, Heesik;Cho, Yanghyun
    • Journal of Korea Society of Digital Industry and Information Management
    • /
    • v.13 no.1
    • /
    • pp.103-111
    • /
    • 2017
  • Recently, new variants of Ransomware are becoming a new security issue. Ransomware continues to evolve to avoid network of security solutions and extort users' information to demand Bitcoin using social engineering technique. Ransomware is damaging to users not only in Korea but also in all around the world. In this thesis, it will present research solution to prevent and cope from damage by new variants Ransomware, by studying on the types and damage cases of Ransomware that cause social problems. Ransomware which introduced in this paper, is the most issued malicious code in 2016, so it will evolve to a new and more powerful Ransomware which security officers cannot predict to gain profit. In this thesis, it proposes 4 methods to prevent the damage from the new variants of Ransomware to minimize the damage and infection from Ransomware. Most importantly, if user infected from Ransomware, it is very hard to recover. Thus, it is important that users understand the basic security rules and effort to prevent them from infection.

Analysis and Countermeasure of Malicious Code in Small Businesses (중소기업 환경에서 악성코드 유형 분석과 대응 방안)

  • Hong, Jun Suk;Kim, Young hee;Park, Won Hyung;Kook, Kwang Ho
    • Convergence Security Journal
    • /
    • v.15 no.7
    • /
    • pp.55-62
    • /
    • 2015
  • Due to the development of various information systems and PC, usage of Internet has rapidly increaced which lead to malicious codes rapidly spreading throughout the Internet. By the increasing use of the Internet, the threat by malicious codes has become a serious problem. In particular, Small businesses which lack investments in security personnels makes it impossible to verify and measure the servers and PC infected with malicious codes. We have analized malware infection types by using malicious code detection technology of security monitoring service and proposed countermeasures in small businesses.

Trends in Digital Security Policies and Trade Rules in Major Overseas Countries (디지털 보안에 대한 해외 주요국의 통상 규범 동향)

  • J.E. Kim
    • Electronics and Telecommunications Trends
    • /
    • v.38 no.4
    • /
    • pp.1-11
    • /
    • 2023
  • Trade rules in service and digital sectors mainly focus on reducing regulatory uncertainties by improving transparency and minimizing unnecessary requirements. Recognizing the importance of digital trade rules and trade in information and communication technology (ICT) sectors, governments worldwide have rapidly adopted and expanded rules on free flow of data, personal data protection, electronic authentication, and cybersecurity. On the other hand, advances in technology have led governments to face multiple threats related to cybersecurity, intellectual property (including that related to source code and algorithms), and unauthorized access to proprietary information of their suppliers. This study presents digital trade rules related to digital security emphasizing cybersecurity, source code, and ICT products that use cryptography in different trade agreements. Additionally, it introduces various approaches that major countries are taking to both address digital security issues and seek balance between security enhancement and trade liberalization.

Security Improvement of File System Filter Driver in Windows Embedded OS

  • Seong, Yeon Sang;Cho, Chaeho;Jun, Young Pyo;Won, Yoojae
    • Journal of Information Processing Systems
    • /
    • v.17 no.4
    • /
    • pp.834-850
    • /
    • 2021
  • IT security companies have been releasing file system filter driver security solutions based on the whitelist, which are being used by several enterprises in the relevant industries. However, in February 2019, a whitelist vulnerability was discovered in Microsoft Edge browser, which allows malicious code to be executed unknown to users. If a hacker had inserted a program that executed malicious code into the whitelist, it would have resulted in considerable damage. File system filter driver security solutions based on the whitelist are discretionary access control (DAC) models. Hence, the whitelist is vulnerable because it only considers the target subject to be accessed, without taking into account the access rights of the file target object. In this study, we propose an industrial device security system for Windows to address this vulnerability, which improves the security of the security policy by determining not only the access rights of the subject but also those of the object through the application of the mandatory access control (MAC) policy in the Windows industrial operating system. The access control method does not base the security policy on the whitelist; instead, by investigating the setting of the security policy not only for the subject but also the object, we propose a method that provides improved stability, compared to the conventional whitelist method.

VR Threat Analysis for Information Assurance of VR Device and Game System (VR 기기와 게임 시스템의 정보보증을 위한 VR 위협 분석)

  • Kang, Tae Un;Kim, Huy Kang
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.28 no.2
    • /
    • pp.437-447
    • /
    • 2018
  • Virtual Reality (VR) is becoming a new standard in the game industry. PokeMon GO is a representative example of VR technology. The day after the launch of PokeMon Go in the U.S, It has achieved the highest number of iOS App Store downloads. This is an example of the power of VR. VR comprises gyroscopes, acceleration, tactile sensors, and so on. This allow users could be immersed in the game. As new technologies emerge, new and different threats are created. So we need to research the security of VR technology and game system. In this paper, we conduct a threat analysis for information assurance of VR device (Oculus Rift) and game system (Quake). We systematically analyze the threats (STRIDE, attack library, and attack tree). We propose security measures through DREAD. In addition, we use Visual Code Grepper (VCG) tool to find out logic errors and vulnerable functions in source code, and propose a method to solve them.

Security of Image Information using Steganography and QR Code in IoT (IoT에서 스테가노그라피와 QR 코드를 이용한 영상 정보의 보안)

  • Im, Yong-Soon;Kang, Eun-Young;Park, Jae-Pyo
    • The Journal of the Institute of Internet, Broadcasting and Communication
    • /
    • v.15 no.2
    • /
    • pp.31-37
    • /
    • 2015
  • The security of the image information is very important in many areas of the IoT(Internet of Things), and study a number of ways to display the security (copyright, etc.). In this paper, information of image that is used by the IoT is converted to a DCT(Discrete Cosine Transform) and QC(Quantization Coefficient). And watermark (message) is to create a new encoded message(WMQR) through a QR Code. QC and WMQR applies LSB steganography techniques, can get the security (copyright, etc.) of image information. LSB steganographic techniques may be inserted according to a message (Watermark) to determine the location (Secret Key). The encoded image is sent to the recipient via the Internet. The reverse process can be obtained image and a QR code, a watermark (Message). A method for extracting a watermark from the security of the image information is coded using only the image and Secret Key, through the DCT and quantization process, so obtained by separating the watermark (Message) for the image. In this paper, we were able to improve the security of the method of image information, the image quality of the image by the simulations (PSNR), in turn, benefits were also normalized correlation (NC) and security.