• Proceedings of the Korea Information Processing Society Conference
• /
• 2011.04a
• /
• pp.844-847
• /
• 2011

Wireless mesh network (WMN) is a type of mobile ad-hoc network consists of wireless router, mobile clients and gateway which connects the network with the Internet. To provide security in the network it is required to encrypt the message sent among the communicating nodes in such way so that only legitimate user can retrieve the original data. Several security mechanisms have been proposed so far to enhance the security of WMN. However, there still exists a need for a comprehensive mechanism to prevent attacks in data communication. Considering the characteristic of mesh network, in this paper we proposed a public key cryptography based security architecture to establish a secure key agreement among communicating nodes in mesh network. The proposed security architecture consists of two major sections: client data protection and network data protection. Client data protection deals with the mutual authentication between the client and the access router and provide client to access router encryption for data confidentiality using standard IEEE 802.11i protocol. On the other hand, network data protection ensures encrypted routing and data transfer in the multi hop backbone network. For the network data protection, we used the pre-distributed public key to form a secure backbone infrastructure.

• Convergence Security Journal
• /
• v.22 no.3
• /
• pp.19-24
• /
• 2022

Metaverse is a compound word of the English words 'meta', meaning 'virtual' and 'transcendence', and 'universe' meaning the universe. dimensional virtual world. Metaverse is a concept that has evolved one step further than virtual reality (VR, a cutting-edge technology that enables people to experience life-like experiences in a virtual world created by a computer). It has the characteristic of being able to engage in social and cultural activities similar to reality. However, there are many security issues related to this, and cybersecurity vulnerabilities may occur. This paper analyzes cybersecurity threats that may occur in the metaverse environment and checks vulnerabilities.

• Korean Security Journal
• /
• no.32
• /
• pp.7-32
• /
• 2012

This study aimed to evaluate the relative status using Analytic Hierarchy Process(AHP) on the spiritual factors of the security martial arts for the guards to perform the best security service. There were 540 participants who were students majored in security martial arts, workers for security and specialists of practical and theoretical security martial arts for this study. The exploratory and confirmatory factor analysis were carried out using the selecting data through literature reviews in the level of the factor-extraction about the spiritual characteristics. The specialists' survey was conducted on the relative status among factors using the spiritual concept structure based on the studied above. Selected data was calculated with SPSS 18.0 for windows, AMOS 5.0, and Expert Choice 2000 software. The conclusion can be made through those process above. First, 4 general factors and 20 detailed factors were found as the result of the factor exploration related to the spiritual characteristics of the security martial arts. The result which was verified on Construction validity of searched factors had stable figures on every standard. In other words, the participants for survey on this study "Spiritual characteristic concepts of the security martial arts" can be evaluated it is valid. The general factors of security martial arts' spirit were conceptualized with Psychological spirit, ethical spirit, martial art spirit, practical spirit through the naming process on the general factors of the security martial arts' spiritual characteristic concepts. The detailed factors of security martial arts' spirit were concentration, self-confidence, self-management, immersion, self-esteem in psychological spirit and sacrifice, justice, royalty, peace, sense of duty in ethical spirit and courtesy, toughness, defense, balance of mind and body, bravery in martial arts and responsibility, cooperation, modesty, determination, professionalism in practical spirit of security martial arts. That is, the conceptualization of security martial arts' spirit was verified that it had validity. Second, the hierarchical model of the security martial arts was composed with 4 superordinate concepts and 20 subordinate concepts. As the result of evaluating relative status based on Spiritual characteristics-hierarchy model, the impotance was proven in order of ethical spirit(.482), martial art spirit(.248), practical spirit(.188), psychological spirit(.083). Also the importance related to spiritual characteristics of security martial arts on subordinate concepts was proven in order of sacrifice(.252), courtesy(.110), sense of duty(.108), responsibility(. 073), royalty(.053), toughness(.052), justice(.049), defense(.038), professionalism(.038), determination(.035), cooperation(.029), self-confidence (.026), bravery(.025), self-esteem(.024), balance of mind and body(.023), peace(.019), concentration(.014), modesty(.013), self-management(.011), flow (.007). To sum up, the spiritual factor related to ethics such as sacrifice, justice, royalty, peace, sense of duty was the most important for the security martial arts.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.5
• /
• pp.1059-1070
• /
• 2018

The block cipher Zorro is designed to reduce the implementation cost for side-channel countermeasure. It has a structure similar to AES, but the number of S-Boxes used is small. However, since the master key is used as the round key, it can be vulnerable to related key attacks. In this paper, we show key recovery attacks on Zorro using related-key differential characteristics. In addition, the related key differential characteristics are fatal when Zorro is used as the base block cipher of the hash function. In this paper, we describe how these characteristics can be linked to collision attacks in the PGV models.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.5
• /
• pp.1145-1157
• /
• 2012

Google Android employs a security model based on application permissions to control accesses to system resources and components of other applications from a potentially malicious program. But, this model has security vulnerabilities due to lack of user comprehension and excessive permission requests by 3rd party applications. Broadcast intent message is widely used as a primary means of communication among internal application components. However, this mechanism has also potential security problems because it has no security policy related with it. In this paper, we first present security breach scenarios caused by inappropriate use of application permissions and broadcast intent messages. We then analyze and compare usage patterns of application permissions and broadcast intent message for popular applications on Android market and malwares, respectively. The analysis results show that there exists a characteristic set for application permissions and broadcast intent receiver that are requested by typical malwares. Based on the results, we propose a scheme to detect applications that are suspected as malicious and notify the result to users at installation time.

• Korean Security Journal
• /
• no.15
• /
• pp.199-219
• /
• 2008

This study analyzed the contents of the 225 papers included in Korea Security Science Association during the decade -from 1997 to 2007. This study was classified the study method qualitative. First, characteristic of researchers(distinction of sex, distinction of academic degree, regional distribution, one's position and regional distribution, participants per paper). Second, study trends classified by fields of study(where receiving research expenses support or not, change of study subject). Third, study trends classified by methods of study(study method by year, study method by study subject, statistical analysis by year) were subdivided. Analysis shows that there are some shortcomings on the research of Korea Security Science Association as compared with other fields. However, it shows advanced trends for example participation in different study field, evenly distributed regional study participation, variety trial of analysis method. Then again, the distinction of sex, one's position, too much emphasis on independence research, vulnerability about support of research expenses, emphasis on study fields and study trends wandering from industrial circles are getting deeper In study methods, generalized research form such as document study and phenomenon technical case study is limited so deduction of kernel result is not thoroughgoing enough as well as it shows the trend that limits to duplicate and generalized proposal technic.

• Journal of information and communication convergence engineering
• /
• v.7 no.2
• /
• pp.157-163
• /
• 2009

With the wide usage of internet in many fields, networks are being exposed to many security threats, such as DDoS attack and worm/virus. For enterprise network, prevention failure of network security causes the revealing of commercial information or interruption of network services. In this paper, we propose a method of prevention of DDoS attacks for enterprise network based on traceback and network traffic analysis. The model of traceback implements the detection of IP spoofing attacks by the cooperation of trusted adjacent host, and the method of network traffic analysis implements the detection of DDoS attacks by analyzing the traffic characteristic. Moreover, we present the result of the experiments, and compare the method with other methods. The result demonstrates that the method can effectively detect and block DDoS attacks and IP spoofing attacks.

• Proceedings of the Korean Information Science Society Conference
• /
• 2010.06d
• /
• pp.56-60
• /
• 2010

악성코드의 기능들이 날로 정교해 지면서 악성 행위를 숨기거나 악성코드 분석이 어렵도록 만들기 위한 기법들이 적용되는 것을 쉽게 볼 수 있다. 이 중 악성코드 분석을 어렵게 만드는 대표적인 방식이 Packing이다. 그러므로 악성코드의 분석을 위해 Packing된 악성코드가 어떤 Packer로 Packing되어 있는 지 확인할 필요가 있다. 그러나 현재 사용하는 대부분의 시그니처 기반 탐지 방식은 오탐율 및 미탐율이 높다. 본 논문에서는 Packer 탐지를 위한 새로운 시그니처 생성 방식을 제안하고 성능을 검증한다.

• Convergence Security Journal
• /
• v.7 no.4
• /
• pp.23-28
• /
• 2007

In this research, we suggest the unknown intrusion detection system with SVM(Support Vector Machines). At the system, at first, collected training-packets are processed through packet image creating module. And then, it is studied by the SVM module. Finally, the studied SVM module classifies the test-data unsing test-packet-image. This system's stability and efficient characteristic of security is far superior than the existing it.

• The Transactions of The Korean Institute of Electrical Engineers
• /
• v.57 no.8
• /
• pp.1334-1341
• /
• 2008

This paper introduces an approach of Hybrid Particle Swarm Optimization(HPSO) for a security-constrained economic dispatch(SCED) with line flow constraints. To reduce a early convergence effect of PSO algorithm, we proposed HPSO algorithm considering a mutation characteristic of Genetic Algorithm(GA). In power system, for considering N-1 line contingency, we have chosen critical line contingency through a process of Screening and Selection based on PI(performance Index). To prove the ability of the proposed HPSO in solving nonlinear optimization problems, SCED problems with nonconvex solution spaces are considered and solved with three different approach(Conventional GA, PSO, HPSO). We have applied to IEEE 118 bus system for verifying a usefulness of the proposed algorithm.