• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.2
• /
• pp.151-164
• /
• 2023

Recently, the development of quantum computers means a great threat to existing public key system based on discrete algebra problems or factorization problems. Accordingly, NIST is currently in the process of contesting and screening PQC(Post Quantum Cryptography) that can be implemented in both the computing environment and the upcoming quantum computing environment. Among them, SIKE is the only Isogeny-based cipher and has the advantage of a shorter public key compared to other PQC with the same safety. However, like conventional cryptographic algorithms, all quantum-resistant ciphers must be safe for existing cryptanlysis. In this paper, we studied power analysis-based cryptographic analysis techniques for SIKE, and notably we analyzed SIKE through wavelet transformation and deep learning-based clustering power analysis. As a result, the analysis success rate was close to 100% even in SIKE with applied masking response techniques that defend the accuracy of existing clustering power analysis techniques to around 50%, and it was confirmed that was the strongest attack on SIKE.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.1
• /
• pp.1-12
• /
• 2023

It is very time-intensive to obtain data with labels on anomaly detection tasks for multivariate time series. Therefore, several studies have been conducted on unsupervised learning that does not require any labels. However, a well-done integrative survey has not been conducted on in-depth discussion of learning architecture and property for multivariate time series anomaly detection. This study aims to explore the characteristic of well-known architectures in anomaly detection of multivariate time series. Additionally, architecture was categorized by using top-down and bottom-up approaches. In order toconsider real-world anomaly detection situation, we trained models with dataset such as power grids or Cyber Physical Systems that contains realistic anomalies. From experimental results, we compared and analyzed the comprehensive performance of each architecture. Quantitative performance were measured using precision, recall, and F1 scores.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2022.05a
• /
• pp.374-376
• /
• 2022

The Malware App Analysis Tool is a system that analyzes Android-based apps by the AI-based algorithm defined in the tool and detects whether malware code is included. Currently, as the spred of smartphones is activated, crimes using malware apps have increased, and accordingly, security for malware apps is required. Android operating systems used in smartphones have a share of more than 70% and are open-source-based, so not only will there be many vulnerabilities and malware, but also more damage to malware apps, increasing demand for tools to detect and analyze malware apps. However, this paper is proposed because there are many difficulties in designing and developing a malware app analysis tool because the security functional requirements for the malware app analysis tool are not clearly specified. Through the developed protection profile, technology can be improved based on the design and development of malware app analysis tools, safety can be secured by minimizing damage to malware apps, and furthermore, trust in malware app analysis tools can be guaranted through common criteria.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.34 no.2
• /
• pp.301-321
• /
• 2024

Generative artificial intelligence is currently developing rapidly and expanding industrially. The development of generative AI is expected to improve productivity in most industries. However, there is a probability for exploitation of generative AI, and cases that actually lead to crime are emerging. Compared to the fast-growing AI, there is no legislation to regulate the generative AI. In the case of Korea, the crimes and risks related to generative AI has not been clearly classified for legislation. In addition, research on the responsibility for illegal data learned by generative AI or the illegality of the generated data is insufficient in existing research. Therefore, this study attempted to classify crimes related to generative AI for domestic legislation into generative AI for target crimes, generative AI for tool crimes, and other crimes based on ECRM. Furthermore, it suggests technical countermeasures against crime and risk and measures to improve the legal system. This study is significant in that it provides realistic methods by presenting technical countermeasures based on the development stage of AI.

• International Journal of Computer Science & Network Security
• /
• v.24 no.4
• /
• pp.60-66
• /
• 2024

Host's data during transmission. Data tempering results in loss of host's sensitive information, which includes number of VM, storage availability, and other information. In the distributed cloud environment, each server (computing server (CS)) configured with Local Resource Monitors (LRMs) which runs independently and performs Virtual Machine (VM) migrations to nearby servers. Approaches like predictive VM migration [21] [22] by each server considering nearby server's CPU usage, roatative decision making capacity [21] among the servers in distributed cloud environment has been proposed. This approaches usage underlying server's computing power for predicting own server's future resource utilization and nearby server's resource usage computation. It results in running VM and its running application to remain in waiting state for computing power. In order to reduce this, a decentralized decision making hybrid model for VM migration need to be proposed where servers in decentralized cloud receives, future resource usage by analytical computing system and takes decision for migrating VM to its neighbor servers. Host's in the decentralized cloud shares, their detail with peer servers after fixed interval, this results in chance to tempering messages that would be exchanged in between HC and CH. At the same time, it reduces chance of over utilization of peer servers, caused due to compromised host. This paper discusses, an roatative decisive (RD) approach for VM migration among peer computing servers (CS) in decentralized cloud environment, preserving confidentiality and integrity of the host's data. Experimental result shows that, the proposed predictive VM migration approach reduces extra VM migration caused due over utilization of identified servers and reduces number of active servers in greater extent, and ensures confidentiality and integrity of peer host's data.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.34 no.5
• /
• pp.1149-1159
• /
• 2024

With the rapid increase in the construction of smart ships and the growing proportion of IT equipment on vessels, the frequency and severity of maritime cyber incidents have significantly escalated. Recognizing this situation, the International Association of Classification Societies recently enacted the UR E26 regulation. This study investigates the definition of cyber resilience and reviews existing research, using the Analytic Hierarchy Process to determine the priority of factors across the ship lifecycle as presented in the E26 regulation. Additionally, the E26 regulation is compared and analyzed against Cybersecurity Framework and Cyber Resiliency System of the NIST. Through this analysis, the study aims to assist companies that are unfamiliar with maritime cybersecurity in effectively responding to the IACS UR E26 regulation and proposes recommendations for the improvement of the UR E26 regulation.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.34 no.5
• /
• pp.1021-1035
• /
• 2024

This paper proposes the TEE-BOP (Trusted Execution Environment-Based Blockchain Offline Payment) protocol for blockchain-based offline payments. TEE-BOP securely manages offline balances within a Trusted Execution Environment (TEE) and efficiently verifies initial deposit proofs recorded on the blockchain using Merkle trees. Additionally, it ensures secure and tamper-proof transactions in offline environments by guaranteeing the reliability of keys and the system through TEE Attestation. Unlike previous studies, TEE-BOP enhances real-world applicability by eliminating dependence on central authorities and avoiding assumptions of ideal models. The protocol solves the double-spending problem through multi-layered defense mechanisms and addresses forgery prevention by allowing recipients to directly verify data consistency between the TEE and the blockchain. This enables reliable blockchain-based offline payments in areas with unstable network infrastructure. It demonstrates that this research can expand the application of blockchain technology and contribute to improving access to financial services in developing countries or disaster situations.

• Asian-Australasian Journal of Animal Sciences
• /
• v.31 no.7
• /
• pp.933-950
• /
• 2018

In Japan, Wagyu cattle include four Japanese breeds; Black, Brown, Shorthorn, and Polled. Today, the renowned brand name Wagyu includes not only cattle produced in Japan, but also cattle produced in countries such as Australia and the United States. In recent years, the intramuscular fat percentage in beef (longissimus muscle) from Japanese Black cattle has increased to be greater than 30%. The Japanese Black breed is genetically predisposed to producing carcass lipids containing higher concentrations of monounsaturated fatty acids than other breeds. However, there are numerous problems with the management of this breed including high production costs, disposal of untreated excrement, the requirement for imported feed, and food security risks resulting from various viral diseases introduced by imported feed. The feeding system needs to shift to one that is more efficient, and improves management for farmers, food security for consumers, and the health environment for residents of Japan. Currently, we are developing a metabolic programming and an information and communications technology (ICT, or Interne of Things) management system for Wagyu beef production as future systems. If successful, we will produce safe, high-quality Wagyu beef using domestic pasture resources while solving the problems of how to utilize increasing areas of abandoned agricultural land and to make use of the plant-based feed resources in Japan's mountainous areas.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.7 no.5
• /
• pp.1041-1051
• /
• 2012

Attack on Cloud Computing, an intensive service solution using network infrastructure recently released, generates service breakdown or intrusive incidents incapacitating developmental platforms, web-based software, or resource services. Therefore, it is needed to conduct research on security for the operational information of three kinds of services (3S': laaS, PaaS, SaaS) supported by the Cloud Computing system and also generated data from the illegal attack on service blocking. This paper aims to build a system providing optimal services as a 4-stage defensive method through the test on the attack and defense of Cloud Computing services. It is a defense policy that conducts 4-stage, orderly and phased access control as follows: controlling the initial access to the network, controlling virtualization services, classifying services for support, and selecting multiple routes. By dispersing the attacks and also monitoring and analyzing to control the access by stage, this study performs defense policy realization and analysis and tests defenses by the types of attack. The research findings will be provided as practical foundational data to realize Cloud Computing service-based defense policy.

• Journal of KIISE:Computing Practices and Letters
• /
• v.14 no.6
• /
• pp.589-593
• /
• 2008

These days, as a side effect of the growth of the mobile devices, malwares for the mobile devices also tend to increase and become more dangerous. Because embedded Linux is one of the advanced OSes on mobile devices, a solution to preventing malwares from infecting and destroying embedded Linux will be needed. We present a scheme using signature verification for embedded Linux that prevents executallle-Infecting malwares. The proposed scheme works under collaboration between mobile devices and a server. Malware detection is delegated to the server. In a mobile device, only integrity of all executables and dynamic libraries is checked at kernel level every time by kernel modules using LSM hooks just prior to loading of executables and dynamic libraries. All procedures in the mobile devices are performed only at kernel level. In experiments with a mobile embedded device, we confirmed that the scheme is able to prevent all executable-Infecting malwares while minimizing damage caused by execution of malwares or infected files, power consumption and performance overheads caused by malware check routines.