• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.1
• /
• pp.73-81
• /
• 2021

When downloading files using an app or web-based application on the user's mobile phone, the path is set to be saved in the pre-defined default directory. Many applications requiring access to storage, including file managers, require a write or read permission of storage to provide numerous functions and services. This means that the application will have direct access to the download folder where the numerous files downloaded. In this paper, to prove our feasibility of attack using the security vulnerabilities mentioned above, we developed a file hacking function disguised as an encryption function in the file management application. The file that encrypted will be sent to hackers via E-mail simultaneously on the background. The developed application was evaluated from VirusTotal, a malicious analysis engine, was not detected as a malicious application in all 74 engines. Finally, in this paper, we propose a defense technique and an algorithm based on the Trusted Execution Environment (TEE) to supplement these storage vulnerabilities.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.12 no.6
• /
• pp.2801-2806
• /
• 2011

During data transmissions via Bluetooth networks, data to be encrypted, or plain text between the application layer and the device layer, can be hacked similar to a key-logger by the major function hooking technique of Windows Kernel Driver. In this paper, we introduce an improved protection module which provides data encryption transmission by modifying the data transmission driver of the Bluetooth device layer, and also suggest a self-protecting scheme which prevents data exposure by various hacking tools. We implement the protection module to verify the confidentiality guarantee. Our protection module which provides data encryption with minimal latency can be expected the widespread utilization in Bluetooth data transmission.

• Journal of KIISE:Information Networking
• /
• v.29 no.6
• /
• pp.635-644
• /
• 2002

We propose the PBSM(Protocol-Based Security Module) system which guarantees the secure data transmission under web environments. There are two modules in the PBSM architecture. One is Web Server Security Module(WSSM) which is working on a web server, the other is the Winsock Client Security Module(WSCSM) which is working on a client. The WSCSM security module decrypts the encrypted HTML document that is received from the security web server. The decrypted HTML document is displayed on the screen of a client. The WSSM module contains the encryption function for HTML file and the decryption function for CGI(Common Gateway Interface). The formal analysis methodology is imported from format theory for analyzing the data flow of the PBSM system. The formal analysis methodology is based on the order theory.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.13 no.7
• /
• pp.1279-1284
• /
• 2009

With the advance of multimedia technology, multimedia sharing among multiple devices has become the main issue. This allows users to expect the peer-to-peer distribution of unprotected and protected contents over public network. Inevitably, this situation has caused an incredible piracy activity and Web sites have begun to provide copyrighted A/V data for free. In order to, protect the contents from illegal attacks and distribution, digital right management (DRM) is required. In this paper, we present the minimal cost scrambling scheme for securing the copyrighted multimedia using the data encryption standard (DES) encryption technique. Experimental results indicate that the proposed scrambling techniques achieve a very good compromise between several desirable properties such as speed, security, and file size.

• The KIPS Transactions:PartD
• /
• v.13D no.3 s.106
• /
• pp.437-444
• /
• 2006

A chaos cipher system that focuses on the stream cipher system has a demerit that the longer the text is, the slower the speed of the encryption and description and the transmission and reception. On this study, we designed the cipher web mail system showing much better capabilities than the existing web mail system as the text is longer. In the embodiment of the cipher web mail system, we developed the key stream, the encryption and description of the text and the inside and outside mail viewer and so on. After the efficiency test, it was valued high in the respect of the speed of the encryption and description and the transmission and reception. And it made up for the defect of the stream cipher system. We expect that we can use it through the persistent applied study in the server system security, the file security, the security of the internet information, the protection of the e-commerce system information and other fields based on the cipher technique as the wide use cipher system that can replace the block cipher system.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.2
• /
• pp.295-301
• /
• 2018

Smartphone can save many data because it provide various function such as call, message, calendar, document, camera, and so on. They include a number of important things like personal information. Thus it is necessary to backup the data to deal with smartphone change and a threat like ransomware. In this paper, we analyze the backup method using PC among several backup methods and check the possibility of leakage of personal information such as contacts from backup file. It is expected to be used to check the problems of the PC backup method or to strengthen the more secure backup technology.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.3
• /
• pp.645-653
• /
• 2016

Ransomware was first created in 1999, but its existence become widely known in Korean by 2015. As information and communication technology have developed, the storage capacity of computer has enlarged, it accordingly is getting more important to effectively manage these information, rather than the information itself. In such situation, the ransomware break into other people's computer and encrypt an files without a user's permission. So, it adversely affect the user. In this paper, we monitor an access of a specific process to the file. And on the basis of this monitoring information, we detect whether the abnormal approach happened. Through the detection result, we block the permission about access to the file for a specific process. Using this method, we propose a blocking technique for the ransomeware's abnormal approach and encryption to the files.

• Proceedings of the Korean Information Science Society Conference
• /
• 2004.10b
• /
• pp.631-633
• /
• 2004

본 논문에서는 MPEG-4 비디오 포맷으로 인코딩(encoding)된 미디어 데이터에 적용할 수 있는 효과적인 암호화 방법에 대해서 제안하고 실험 결과에 대하여 기술한다 MPEG-4 파일로부터 추출한 I(Intra-coded)-VOP(Video Object Plane)의 매크로 블록(Macroblock)들 중의 최소부분 암호화, P(Predictive-coded)-VOP의 움직임 벡터(Motion Vector)들과 매크로블록들의 최소부분 암호화, 그리고 마지막으로 모든 VOP들의 최소 부분 암호화와 같은 3가지 암호화 방법을 구현하고 실험하였다. 이러한 방법은 모바일 또는 유비쿼터스 환경 하에서의 상용 서비스의 디지털 저작권 관리(Digital Rights Management)를 구축하는 데에 매우 용이하고 적합하게 적용되며, 주문형 비디오 서비스(Video On Demand)와 같은 비디오 스트리밍을 위한 DRM 시스템에 최소한의 부하만을 지우도록 설계되었다 미디어 데이터의 각 VOP들의 암호화에 소요되는 시간을 측정한 결과, 이러한 방법은 상용 멀티미디어 서비스에도 충분히 적용 가능한 성능을 나타내었다.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.6 no.3
• /
• pp.481-486
• /
• 2002

In this paper, we propose CELM(Cascade ELM) to improve stability. We could realize as cascade connected each other key value with N degree equation which has a initial value. And we could know to be improved in stability with the nature of Chaos in simulation result. In efficiency, this CELM algorithm identified sire of encrypted code with size of source code and we could know more efficient than existing RSA and ECC. In speed, CELM took average 0.18㎳ degree to encrypt a file. Although it was slower than DES, it was faster than ECC of RSA.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2017.04a
• /
• pp.382-383
• /
• 2017

최근 클라우드 기반의 스토리지 서비스가 지속적으로 성장하고 있다. 클라우드 스토리지 서비스는 데이터의 가용성 및 기밀성을 보장하기 위하여 다양한 암호화 방식을 사용한다. 그러나 기존 암호화 방식은 대용량 데이터 전송 시 처리 및 전송 속도가 저하되는 문제점이 발생한다. 이를 개선하기 위하여 파일 특성을 고려한 효율적인 부분 암호화 알고리즘을 설계하였다.