• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.6
• /
• pp.1199-1206
• /
• 2013

SNS is relationship based service and its users are increasing rapidly because it can be used in variety forms as penetration rate of Smartphone increased. Accordingly personal information can be exposed easily and spread rapidly in SNS so self-control on information management, right to control open and distribution of own personal information is necessary. This research suggest way of measuring personal information leaking risk factor through personal information leaking possible territory's, based on property value and relationship of personal information in SNS, personal information exposure frequency and access rate. Suggested method expects to used in strengthening self-control on information management right by arousing attention of personal information exposure to SNS users.

• Convergence Security Journal
• /
• v.19 no.5
• /
• pp.75-84
• /
• 2019

Recently, the value of video as an important data of medical information technology is increasing due to the feature of rich clinical information. On the other hand, video is also required to be de-identified as a medical image, but the existing methods are mainly specialized in the stereotyped data and still images, which makes it difficult to apply the existing methods to the video data. In this paper, we propose an automated system to index candidate elements of personal identification information on a frame basis to solve this problem. The proposed system performs indexing process using text and person detection after preprocessing by scene segmentation and color knowledge based method. The generated index information is provided as metadata according to the purpose of use. In order to verify the effectiveness of the proposed system, the indexing speed was measured using prototype implementation and real surgical video. As a result, the work speed was more than twice as fast as the playing time of the input video, and it was confirmed that the decision making was possible through the case of the production of surgical education contents.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2017.10a
• /
• pp.360-361
• /
• 2017

The infrastructure of the country and society is connected to cyberspace. Malicious codes that steal financial information from websites such as plastic surgeons, dentists, and hospitals that are confirmed as IP in Daegu South Korea area are spreading In particular, financial information is an important privacy target. Takeover of financial information leads to personal financial loss. In this paper, we analyze the recent pharming malicious code that takes financial information. Attack files with social engineering methods are spread as executables in the banner, disguised as downloaders. When the user selects the banner, the attack file infects the PC with malicious code to the user. The infected PC takes users to the farming site and seizes financial information and personal security card information. The fraudulent financial information causes a financial loss to the user. The research in this paper will contribute to secure financial security.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.19 no.2
• /
• pp.31-38
• /
• 2009

To provide the privacy of a keyword, a public key encryption with keyword search(PEKS) firstly was propsed by Boneh et al. The PEKS scheme enables that an email sender sends an encrypted email with receiver's public key to an email server and a server can obtain the relation between the given encrypted email and an encrypted query generated by a receiver. In this email system, we easily consider the situation that a user sends the one identical encrypted email to multi-receiver like as group e-mail. Hwang and Lee proposed a searchable public key encryption considering multi-receivers. To reduce the size of transmission data and the server's computation is important issue in multi-receiver setting. In this paper, we propose an efficient searchable public key encryption for multi-receiver (mPEKS) which is more efficient and reduces the server's pairing computation.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.20 no.1
• /
• pp.113-121
• /
• 2010

The system specification is a system theory based formal representation method for systems' structure and behavior modeling. When we make use of the system specification method in each step of software development, we can derive a hierarchical and modularized system design which enables us to manage the software development process flexibly. This research presents system specification based design of a mobile alarm system which sends alerts about illegal usage of private information and manages the response against the each alert. In our design of mobile alarm system, there are formal definition of alert message overcoming the functional limitation of mobile device and hierarchical modularized modeling of alarm processing using system specification. The efficiency of making use of the system specification is shown by applying the specification method to implementation of mobile alarm system. The contribution of this work is in design and implementation of mobile alarm system which enables us to handle the private information leakage situation more flexible way using system specification based software designing method.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.6
• /
• pp.1139-1150
• /
• 2022

With the rapid development of SW Industry, softwares are everywhere in our daily life. The number of vulnerabilities are also increasing with a large amount of newly developed code. Vulnerabilities can be exploited by hackers, resulting the disclosure of privacy and threats to the safety of property and life. In particular, since the large numbers of increasing code, manually analyzed by expert is not enough anymore. Machine learning has shown high performance in object identification or classification task. Vulnerability detection is also suitable for machine learning, as a reuslt, many studies tried to use RNN-based model to detect vulnerability. However, the RNN model is also has limitation that as the code is longer, the earlier can not be learned well. In this paper, we proposed a novel method which applied BERT to detect vulnerability. The accuracy was 97.5%, which increased by 1.5%, and the efficiency also increased by 69% than Vuldeepecker.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.4
• /
• pp.1037-1055
• /
• 2016

After the enactment of the Personal Information Protection Act, policies and activities for the personal information protection have been actively promoted. However the people are showing negative attitudes about personal information, as the ongoing personal data leakages. Therefore, authors tried to empirical analysis of the effectiveness of national policy on the protection of personal information, using SERVQUAL model, focused on the people's perception, in order to identify that how the people recognized current policy. Authors find that the public has perceived the effectiveness of the policy positively, but the level of their awareness is low. And we identify that the people are highly aware of the policy's effectiveness for Immediacy, Convenience and Responsibility, while they have the lowest effectiveness for Efficiency. The policy's improvement focused on the public's low expectations/perceptions and effectiveness awareness, is required in order to develop people-oriented national privacy policy that are satisfied by the people.

• Journal of Korea Multimedia Society
• /
• v.12 no.5
• /
• pp.644-652
• /
• 2009

New communication environments such as USN, WiBro and RFID have been realized nowadays. Thus, in order to ensure security and privacy protection, various light-weight block ciphers, e.g., mCrypton, HIGHT, SEA and PRESENT, have been proposed. The block cipher mCrypton, which is a light-weight version of Crypton, is a 64-bit block cipher with three key size options (64 bits, 96 bits, 128 bits). In this paper we show that 8-round mCrypton with 128-bit key is vulnerable to related-key rectangle attack. It is the first known cryptanalytic result on mCrypton. We first describe how to construct two related-key truncated differentials on which 7-round related-key rectangle distinguisher is based and then exploit it to attack 8-round mCrypton. This attack requires $2^{45.5}$dada and $2^{45.5}$time complexities which is faster than exhaustive key search.

• Journal of Digital Convergence
• /
• v.18 no.5
• /
• pp.249-256
• /
• 2020

The session initiation protocol (SIP) is a signaling protocol, which is used to controlling communication session creation, manage and finish over Internet protocol. Based on it, we can implement various services like voice based electronic commerce or instant messaging. Recently, Qiu et al. proposed an enhanced password authentication scheme for SIP. However, this paper withdraws that Qiu et al.'s scheme is weak against the off-line password guessing attack and has denial of service problem. Addition to this, we propose an improved password authentication scheme as a remedy scheme of Qiu et al.'s scheme. For this, the proposed scheme does not use server's verifier and is based on elliptic curve cryptography. Security validation is provided based on a formal validation tool ProVerif. Security analysis shows that the improved authentication scheme is strong against various attacks over SIP.

• The KIPS Transactions:PartC
• /
• v.9C no.4
• /
• pp.597-604
• /
• 2002

Changing group key is necessary for the remaining members when a new member joins or a member leaves the group in multicast communications. It is required to guarantee perfect forward and backward confidentiality. Unfortunately, in large groups with frequent membership changes, key changes become the primary bottleneck for scalable group. In this paper, we propose a novel approach for providing efficient group key distribution in large and dynamic groups. Unlike existing secure multicast protocols, our protocol is scalable to large groups because both the frequency and computational overhead of re-keying is determined by the size of a subgroup instead of the size of the whole group, and offers mechanism to prevent the subgroup managers with group access control from having any access to the multicast data that are transfered by sender. It also provides security service for preserving privacy in wireless computing environments.