• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.1
• /
• pp.165-174
• /
• 2019

They are frequently used today in public places such as street, subway, school or library. Since users can sometimes print documents that contain confidential data using Printer Kiosks, the devices should store and manage the documents securely. In this paper, we identify potential security threats in Printer Kiosks and suggest practical attack scenarios that can take place. To show the feasibility of suggested attack, we analyzed network traffic that were generated by the real Printer Kiosk device. As a result of our analysis, we have found that attackers can access other users' scanned files and access other users' documents from Printer Kiosk's home page. We confirmed that using our attack, we could retrieve other users' personal data.

• Journal of the Korea Society of Computer and Information
• /
• v.24 no.5
• /
• pp.27-33
• /
• 2019

One of serious security threats is a botnet-based attack. A botnet in general consists of numerous bots, which are computing devices with networking function, such as personal computers, smartphones, or tiny IoT sensor devices compromised by malicious codes or attackers. Such botnets can launch various serious cyber-attacks like DDoS attacks, propagating mal-wares, and spreading spam e-mails over the network. To establish a botnet, attackers usually inject malicious URLs into web source codes stealthily by using data hiding methods like Javascript obfuscation techniques to avoid being discovered by traditional security systems such as Firewall, IPS(Intrusion Prevention System) or IDS(Intrusion Detection System). Meanwhile, it is non-trivial work in practice for software developers to manually find such malicious URLs which are hidden in numerous web source codes stored in web servers. In this paper, we propose a security defense system to discover such suspicious, malicious URLs hidden in web source codes, and present experiment results that show its discovery performance. In particular, based on our experiment results, our proposed system discovered 100% of URLs hidden by Javascript encoding obfuscation within sample web source files.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.15 no.1
• /
• pp.20-34
• /
• 2021

Today, IoT devices are flooding, and traffic is increasing rapidly. The Internet of Things creates a variety of added value through connections between devices, while many devices are easily targeted by attackers due to security vulnerabilities. In the IoT environment, security diagnosis has problems such as having to provide different solutions for different types of devices in network situations where various types of devices are interlocked, personal leakage of security solutions themselves, and high cost, etc. To avoid such problems, a TCP-based active scan was presented. However, the TCP-based active scan has limitations that it is difficult to be applied to real-time systems due to long detection times. To complement this, this study uses UDP-based approaches. Specifically, a lightweight active scan algorithm that effectively identifies devices using UPnP protocols (SSDP, MDNS, and MBNS) that are most commonly used by manufacturers is proposed. The experimental results of this study have shown that devices can be distinguished by more than twice the true positive and recall at an average time of 1524 times faster than Nmap, which has a firm position in the field.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.21 no.5
• /
• pp.451-457
• /
• 2020

Format recognition and OCR techniques are widely used as methods for detecting and protecting personal information from electronic documents. However, due to the poor recognition rate of the OCR engine, personal information cannot be detected or false positives commonly occur. It also takes a long time to analyze a large amount of electronic documents. In this paper, we propose a method to improve the speed of image analysis of electronic documents, character recognition rate of the OCR engine, and detection rate of personal information by improving the existing method. The analysis speed was increased using the format recognition method while the analysis speed and character recognition rate of the OCR engine was improved by image correction. An algorithm for analyzing personal information from images was proposed to increase the reconnaissance rate of personal information. Through the experiments, 1755 image format recognition samples were analyzed in an average time of 0.24 seconds, which was 0.5 seconds higher than the conventional PAID system format recognition method, and the image recognition rate was 99%. The proposed method in this paper can be used in various fields such as public, telecommunications, finance, tourism, and security as a system to protect personal information in electronic documents.

• International Journal of Computer Science & Network Security
• /
• v.21 no.12
• /
• pp.316-322
• /
• 2021

The problem of corruption and the spread of corruption crime today is not only one of the main social problems, but also an obstacle to the implementation of reforms in Ukraine. Given the complexity, scale and diversity of the impact of corruption, it is an undisputed threat to national security. At the state level, corruption threatens, firstly, state security as a result of its spread in public authorities and the combination of political and business spheres; secondly, in the domestic political sphere as a result of non-compliance and violation by officials of public authorities and local governments of the laws of Ukraine; thirdly, in the economic sphere as a result of the dominance of personal interests of civil servants over national ones; fourthly, in other spheres, namely, military, social, ecological, informational, foreign policy, etc. The origins of corruption are diverse and are formed not only in the country but also abroad. The current corruption threat is the result of the country's ineffective domestic and foreign anticorruption policies. Acceleration of the spread and manifestation of external corruption threats is associated with a number of unresolved foreign policy issues against the background of the development of globalization and integration processes, in particular: economic and financial dependence of the country on international financial institutions and organizations; as well as from foreign countries that pose a potential threat due to their ambitious plans to expand our country; unresolved issues regarding the international legal consolidation of borders, etc. It is noted that the current conditions for the development of state security, due to new challenges and threats, need to improve and implement new measures to prevent corruption as a negative impact of the main threats to national economic security. As a result of the study, the main measures to counter the main threats to the economic security of the state were identified.

• Journal of Digital Convergence
• /
• v.14 no.6
• /
• pp.253-261
• /
• 2016

As many people use internet through the various programs of PC and mobile devices, the possibility of private data leak is increasing. A program should be used after checking security of information flow. Security analysis of information flow is a method that analyzes security of information flow in program. If the information flow is secure, there is no leakage of personal information. If the information flow not secure, there may be a leakage of personal information. This paper proposes a method of analyzing information flow that facilitates SAT solver. The method translates a program that includes variables where security level is set into propositional formula representing control and information flow. The satisfiability of the formula translated is determined by using SAT solver. The security of program is represented through the result. Counter-example is generated if the program is not secure.

• Journal of information and communication convergence engineering
• /
• v.12 no.4
• /
• pp.252-256
• /
• 2014

Traditional block cipher Advanced Encryption Standard (AES) is widely used in the field of network security, but it has high overhead on each operation. In the 15th international workshop on information security applications, a novel lightweight and low-power encryption algorithm named low-power encryption algorithm (LEA) was released. This algorithm has certain useful features for hardware and software implementations, that is, simple addition, rotation, exclusive-or (ARX) operations, non-Substitute-BOX architecture, and 32-bit word size. In this study, we further improve the LEA encryptions for cloud computing. The Web-based implementations include JavaScript and assembly codes. Unlike normal implementation, JavaScript does not support unsigned integer and rotation operations; therefore, we present several techniques for resolving this issue. Furthermore, the proposed method yields a speed-optimized result and shows high performance enhancements. Each implementation is tested using various Web browsers, such as Google Chrome, Internet Explorer, and Mozilla Firefox, and on various devices including personal computers and mobile devices. These results extend the use of LEA encryption to any circumstance.

• Journal of National Security and Military Science
• /
• s.7
• /
• pp.91-128
• /
• 2009

Society is developing fast. Nobody could expect that computer could be used in purpose of trajectory calculation when the ANIAC was developed in the past. However, nowadays technology development brought computerization which substitutes to mankind's working. And personal computer including internet make our society to be IT age. Such age is in revolutionizing now that could be able to bring a new paradigm. We should prepare to such change which scholars predict the end of revolution could be reached at ubiquitous age. This study is purposing firstly for predicting which changes are arisen in the defence sector when social system will become ubiquitous age. That is how change of ubiquitous paradigm could influence to the defence sector and which appearance could be arisen in ubiquitous defence environment. The second purpose of this study is to predict the characteristics of Planing, Programing, Budgeting, Executing, Evaluating, System (PPBEES) of the defence sector.

• Journal of the Optical Society of Korea
• /
• v.4 no.1
• /
• pp.19-22
• /
• 2000

A new image encoding and identification scheme is proposed for security verification by us-ing a CGH(computer generated hologram), random phase mask, and a correlation technique. The encrypted image, which is attached to the security product, is made by multiplying a QP- CGH(quadratic phase CGI) with a random phase function. The random phase function plays a key role when the encrypted image is decrypted. The encrypted image can be optically recovered by a 2-f imaging system and automatically verified for personal identification by a 4-f correlation system. Simulation results show the proposed method can be used for both the reconstruction of an original image and the recognition of an encrypted image.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2017.11a
• /
• pp.357-359
• /
• 2017

기존의 공인인증서는 한번 은행에서 발급 후 다른 은행에서 사용하려면 다시 등록해야 하는 번거로움이 존재한다. 또한 중앙 기관에서 공인인증서를 관리하기에 공격을 당했을 경우 개인정보 유출의 위험이 있다. 이에 대한 해결방안으로 은행 간에 블록체인을 사용하여 공인인증서를 발급 및 관리할 것을 제안한다. 블록체인은 다른 누구나 네트워크에 참여할 수 있고, 참여자 모두가 블록에 대한 검증을 하는 분산원장(Distribute Ledger) 기술을 사용하고 있다. 분산원장 기술로 공인인증서를 관리하면 사용자의 편의성 증대 및 보안 위협으로부터 안전할 것이다.