• Proceedings of the Korea Information Processing Society Conference
• /
• 2017.04a
• /
• pp.382-383
• /
• 2017

최근 클라우드 기반의 스토리지 서비스가 지속적으로 성장하고 있다. 클라우드 스토리지 서비스는 데이터의 가용성 및 기밀성을 보장하기 위하여 다양한 암호화 방식을 사용한다. 그러나 기존 암호화 방식은 대용량 데이터 전송 시 처리 및 전송 속도가 저하되는 문제점이 발생한다. 이를 개선하기 위하여 파일 특성을 고려한 효율적인 부분 암호화 알고리즘을 설계하였다.

• Journal of Information Processing Systems
• /
• v.15 no.6
• /
• pp.1265-1276
• /
• 2019

Data deduplication is a common method to improve cloud storage efficiency and save network communication bandwidth, but it also brings a series of problems such as privacy disclosure and dictionary attacks. This paper proposes a secure deduplication scheme for cloud storage based on Bloom filter, and dynamically extends the standard Bloom filter. A public dynamic Bloom filter array (PDBFA) is constructed, which improves the efficiency of ownership proof, realizes the fast detection of duplicate data blocks and reduces the false positive rate of the system. In addition, in the process of file encryption and upload, the convergent key is encrypted twice, which can effectively prevent violent dictionary attacks. The experimental results show that the PDBFA scheme has the characteristics of low computational overhead and low false positive rate.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2018.10a
• /
• pp.279-281
• /
• 2018

랜섬웨어는 사용자의 중요 파일을 암호화한 후 금전을 요구하는 형태의 악성코드로, 전 세계적으로 큰 피해를 발생시켰다. 안드로이드 환경에서의 랜섬웨어는 앱을 통해 동작하기 때문에, 앱의 악의적인 암호화 기능 수행을 실시간으로 탐지할 수 있는 방안에 대한 연구들이 진행되고 있다. 자원 제한적인 안드로이드 환경에서 중요한 파일들에 대한 암호화 수행 여부를 실시간으로 탐지하기 위한 방안으로 Shannon 엔트로피 값 비교가 있다. 하지만 파일의 종류에 따라 Shannon 엔트로피 값이 크게 달라질 수 있으며, 암호화 기능 수행에 대한 오탐이 발생할 수 있다. 따라서 본 논문에서는 파일에 대한 분할된 Shannon 엔트로피 값을 측정하여 암호화 기능 수행 탐지의 정확성을 높이고자 한다.

• Convergence Security Journal
• /
• v.23 no.3
• /
• pp.13-20
• /
• 2023

This study conducted a digital forensic analysis of Signal and Telegram, two secure messengers widely used in the Android environment. As mobile messengers currently play an important role in daily life, data management and security within these apps have become very important issues. Signal and Telegram, among others, are secure messengers that are highly reliable among users, and they safely protect users' personal information based on encryption technology. However, much research is still needed on how to analyze these encrypted data. In order to solve these problems, in this study, an in-depth analysis was conducted on the message encryption of Signal and Telegram and the database structure and encryption method in Android devices. In the case of Signal, we were able to successfully decrypt encrypted messages that are difficult to access from the outside due to complex algorithms and confirm the contents. In addition, the database structure of the two messenger apps was analyzed in detail and the information was organized into a folder structure and file format that could be used at any time. It is expected that more accurate and detailed digital forensic analysis will be possible in the future by applying more advanced technology and methodology based on the analyzed information. It is expected that this research will help increase understanding of secure messengers such as Signal and Telegram, which will open up possibilities for use in various aspects such as personal information protection and crime prevention.

• Journal of KIISE:Computing Practices and Letters
• /
• v.9 no.4
• /
• pp.470-485
• /
• 2003

The steganography is one of methods that users can hide data. Some steganography softwares use audio data among multimedia data. However, these commercialized audio steganography softwares have disadvantages that the existence of hidden messages can or easily recognized visually and only certain-sized data can be hidden. To solve these problems, this study suggested, designed and implemented Dynamic Message Embedding (DME) algorithm. Also, to improve the security level of the secret message, the file encryption algorithm has been applied. Through these, StegoWaveK system that performs audio steganography was designed and implemented. Then, the suggested system and the commercialized audio steganography system were compared and analyzed on criteria of the Human Visilable System (HVS), Human Auditory System (HAS), Statistical Analysis (SA), and Audio Measurement (AM).

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.3
• /
• pp.397-403
• /
• 2020

With the convenience of real-time conversation, multimedia file and contact sharing services, most people use instant messenger, and its usage time is increasing. Because the messengers contain a lot of user behavior information data, in the digital forensic investigation, they can be very useful evidence to identify user behavior. However, some of useful data can be difficult to acquire or recognize because they are encrypted or deleted. Thus, in order to use the messenger data as evidence, the study of message decryption process and message recovery is essential. In this paper, we analyze the database encryption process of the instant messenger, MalangMalang Talkafe, and propose the method to decrypt it. In addition, we propose the methods to identify the deleted messages and recover from the volatile memory area.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.6
• /
• pp.1345-1354
• /
• 2012

The modern society with the wide spread USB memory, witnesses the acceleration in the development of USB products that applied secure technology. Secure USB is protecting the data using the method as device-based access control, encryption of stored files, and etc. In terms of forensic analyst, to access the data is a lot of troubles. In this paper, we studied software-based data en/decryption technology and proposed for analysis mechanism to validation vulnerability that secured on removable storage media. We performed a vulnerability analysis for USB storage device that applied security mechanism. As a result, we found vulnerabilities that extracts a source file without a password.

• Journal of the Korean Association of Geographic Information Studies
• /
• v.26 no.4
• /
• pp.67-79
• /
• 2023

Service environments through laptops, smart devices, and various IoT devices are developing very rapidly. Recent security measures in these Internet environments mainly consist of network application level solutions such as firewall(Intrusion Prevention Systems) and IDS (intrusion detection system). In addition, various security data have recently been used on-site, and issues regarding the management and destruction of such security data have been raised. Products such as DRM(Digital Rights Management) and DLP(Data Loss Prevention) are being used to manage these security data. However despite these security measures, data security measures taken out to be used in the field are operated to the extent that the data is encrypted, delivered, and stored in many environments, and measures for encryption key management or data destruction are insufficient. Based on these issues we aim to propose a SecureOS Module, an OS-based security module. With this module users can manage and operate security data through a consistent interface, addressing the problems mentioned above.

• The Journal of the Convergence on Culture Technology
• /
• v.2 no.1
• /
• pp.79-85
• /
• 2016

Ransomware was a malicious code that active around the US, but now it spreads rapidly all over the world and emerges in korea recently because of exponential computer supply and increase in users. Initially ransomware uses e-mail as an attack medium in such a way that induces to click a file through the spam mail Pam, but it is now circulated through the smart phone message. The current trend is an increase in the number of damage, including attacks such as the domestic large community site by ransomware hangul version. Ransomware outputs a warning message to the user to encrypt the file and leads to monetary damages and demands for payment via bitcoin as virtual currency is difficult to infer the tracking status. This paper presents an analysis and solutions to damage cases caused by ransomware.

• Journal of KIISE
• /
• v.43 no.10
• /
• pp.1165-1172
• /
• 2016

In cloud storage environment, deduplication enables efficient use of the storage. Also, in order to save network bandwidth, cloud storage service provider has introduced client-side deduplication. Cloud storage service users want to upload encrypted data to ensure confidentiality. However, common encryption method cannot be combined with deduplication, because each user uses a different private key. Also, client-side deduplication can be vulnerable to security threats because file tag replaces the entire file. Recently, proof of ownership schemes have suggested to remedy the vulnerabilities of client-side deduplication. Nevertheless, client-side deduplication over encrypted data still causes problems in efficiency and security. In this paper, we propose a secure and practical client-side encrypted data deduplication scheme that has resilience to brute force attack and performs proof of ownership over encrypted data.