• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.9 no.5
• /
• pp.1920-1937
• /
• 2015

Network environment has been under constant threat from both malicious attackers and inherent vulnerabilities of network infrastructure. Existence of such threats calls for exhaustive vulnerability analyzing to guarantee a secure system. However, due to the diversity of security hazards, analysts have to select from massive alternative hardening strategies, which is laborious and time-consuming. In this paper, we develop an approach to seek for possible hardening strategies and prioritize them to help security analysts to handle the optimal ones. In particular, we apply a Risk Flow Attack Graph (RFAG) to represent network situation and attack scenarios, and analyze them to measure network risk. We also employ a multi-objective genetic algorithm to infer the priority of hardening strategies automatically. Finally, we present some numerical results to show the performance of prioritizing strategies by network risk and hardening cost and illustrate the application of optimal hardening strategy set in typical cases. Our novel approach provides a promising new direction for network and vulnerability analysis to take proper precautions to reduce network risk.

• International Journal of Computer Science & Network Security
• /
• v.22 no.12
• /
• pp.57-62
• /
• 2022

The Sambodana project is a mobile communication security system development project using Hardening Android. The initial idea for this project is that information leakage occurs outside of a communications application with end-to-end cryptographic security. Android hardening prevents unwanted applications and bloatware from being installed, such as unavailable Google Play Store or install restrictions.

• Korean Security Journal
• /
• no.56
• /
• pp.9-30
• /
• 2018

Crime prevention strategies are introduced to reduce the loss caused by crimes, and Target hardening against domestic burglary attacks is broadly accepted as one of such physical security strategies. In terms of business and home security, target hardening is one of the suite of protective measures that are included in crime prevention through environmental design(CPTED). This can include ensuring all doors and windows are sourced and fitted in such a way that they can resist forcible and surreptitious from the attack of intruder. Target hardening with certified security doors, security windows and secure locks are revealed to be much more effective to deter burglary attacks than other security devices, such as CCTV, lightings and alarms which have largely psychological and indirect impact. A pilot program of target hardening utilizing certified security window and locks was carried out in Ansan city, South Korea in 2016. This study is based on the quasi-experimental design of this program for a residential area. The researchers tried to verify the crime displacement effect of the target hardening program and the diffusion effects of crime prevention benefits by analysing the crime statistics. The evaluation utilized WDQ(Weighted Displacement Quotient) technique to analyze whether the crime displacement occurred, compared the crime statistics of the experimental area with that of buffer zone and controlled areas. The result showed that the target hardening program was significantly effective in crime prevention. The number of burglary in the experimental site with target hardening intervention reduced by 100%, although the areas without the intervention showed reduction in the burglary. The crime displacement was not found at all, and the number of burlary at the buffer zone also reduced significantly.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.12 no.2
• /
• pp.906-918
• /
• 2018

The advent of the Internet of Things (IoT) technology, which brings many benefits to our lives, has resulted in numerous IoT devices in many parts of our living environment. However, to adapt to the rapid changes in the IoT market, numerous IoT devices were widely deployed without implementing security by design at the time of development. As a result, malicious attackers have targeted IoT devices, and IoT devices lacking security features have been compromised by attackers, resulting in many security incidents. In particular, an attacker can take control of an IoT device, such as Mirai Botnet, that has insufficient security features. The IoT device can be used to paralyze numerous websites by performing a DDoS attack against a DNS service provider. Therefore, this study proposes a scheme to minimize security vulnerabilities and threats in IoT devices to improve the security of the IoT service environment.

• International Journal of Computer Science & Network Security
• /
• v.24 no.6
• /
• pp.41-48
• /
• 2024

Existing PoS (Point of Sale) based payment frameworks are vulnerable as the Payment Application's integrity in the smart phone and PoS are compromised, vulnerable to reverse engineering attacks. In addition to these existing PoS (Point of Sale) based payment frameworks do not perform point-to-point encryption and do not ensure communication security. We propose a Smart and Secure PoS (SSPoS) Framework which overcomes these attacks. Our proposed SSPoS framework ensures point-to-point encryption (P2PE), Application hardening and Application wrapping. SSPoS framework overcomes repackaging attacks. SSPoS framework has very less communication and computation cost. SSPoS framework also addresses Heartbleed vulnerability. SSPoS protocol is successfully verified using Burrows-Abadi-Needham (BAN) logic, so it ensures all the security properties. SSPoS is threat modeled and implemented successfully.

• KIPS Transactions on Computer and Communication Systems
• /
• v.13 no.1
• /
• pp.31-37
• /
• 2024

Conventional secret sharing techniques often derive shares from randomly generated polynomials or planes, resulting in lengthy and complex shares that are challenging to memorize and/or manage without the aid of a separate computer or specialized device. Modifying existing secret sharing methods to use a predetermined value, such as a memorizable password or bio-metric information, offers a solution. However, this approach raises concerns about security, especially when the predetermined value lacks randomness or has low entropy. In such cases, adversaries may deduce a secret S with just (t - 1) shares by guessing the predetermined value or employing brute force attacks. In this paper, we introduce a share hardening method designed to ensure the security of secret sharing while enabling the use of memorizable passwords or biometric information as predetermined shares.

• Korean Security Journal
• /
• no.40
• /
• pp.57-86
• /
• 2014

As the revision of Building Code including applying crime prevention design to buildings passed recently and target hardening ought to be evidence-based, we studied the Modus Operandi (MO) and intrusion tools of domestic burglary to earn basic data for improvement of crime prevention hardware in the future. To be specific, we reviewed related academic literature and police official statistics of domestic burglary critically and interviewed detectives in charge of burglary to specify and categorize MO and tools. We can derive some implications from research findings, including improvement of the statistical system for the MO of burglary, active sharing of the MO of burglary among the criminal justice agencies and related industries and experts. Also, crime prevention advice and education for the local residents focused on MO of burglary can be recommended. Based on this research, to enhance the level of community safety significantly, performance tests of crime prevention hardware such as security doors and windows etc. and the study on related certification system should be vitalized.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.5
• /
• pp.1209-1223
• /
• 2018

Android apps are made up of bytecode, so they are vulnerable to reverse engineering, and protection services are emerging that robustly repackage the app to compensate. Unlike cryptographic algorithms, the robustness of these protection services depends heavily on hiding the protection scheme. Therefore, there are few systematic discussions about the protection method even if destruction techniques of the protection service are various. And it is implemented according to the intuition of the developer. There is a need to discuss systematic protection schemes for robust security chains, rather than simple deployment of techniques disrupting static or dynamic analysis. In this paper, we analyze bangcle, a typical commercial Android app protection service, to examine the protection structure and vulnerable elements. We propose the requirements for robust structure and principles of protection structure.

• Journal of the Korean Graphic Arts Communication Society
• /
• v.29 no.3
• /
• pp.55-63
• /
• 2011

The convex printing plate in particular securities is classified three physical properties. The main ingredient(component)of photosensitive plastic is composed of thermosetting polyamide. After being hardened specimen at $80^{\circ}C$ is shown to resist highly, the Glass Transition Temperatures of photosensitive plastic are $85^{\circ}C$. When hardened plate has reached at $80^{\circ}C$, abrasion loss is minimized. the cause is considered it is more effective in hardening when the temperature of photosensitive plastic is $80^{\circ}C$-the vitrification temperature of those. The hardness and the durability of the convex printing plate in particular securities are affected to the hardening treatment temperature. And the resolution of original drawing has being better when the durability is superior.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.12 no.12
• /
• pp.6139-6160
• /
• 2018

For ease of use and access, web browsers are now being used to access and modify sensitive data and systems including critical control systems. Due to their computational capabilities and network connectivity, browsers are vulnerable to several types of attacks, even when fully updated. Browsers are also the main target of phishing attacks. Many browser attacks, including phishing, could be prevented or mitigated by using site-, user-, and device-specific security configurations. However, we discovered that all major browsers expose disparate security configuration procedures, option names, values, and semantics. This results in an extremely hard to secure web browsing ecosystem. We analyzed more than a 1000 browser security configuration options in three major browsers and found that only 13 configuration options had syntactic and semantic similarity, while 4 configuration options had semantic similarity, but not syntactic similarity. We: a) describe the results of our in-depth analysis of browser security configuration options; b) demonstrate the complexity of policy-based configuration of web browsers; c) describe a knowledge-based solution that would enable organizations to implement highly-granular and policy-level secure configurations for their information and operational technology browsing infrastructures at the enterprise scale; and d) argue for necessity of developing a common language and semantics for web browser configurations.