• International Journal of Computer Science & Network Security
• /
• v.23 no.11
• /
• pp.169-177
• /
• 2023

Network security is now more crucial than ever for consumers, companies, and military clients. Security has elevated to the top of the priority list since the Internet's creation. The evolution of security technology is now better understood. The area of community protection as a whole is broad and dynamic. News from the days before the internet and more recent advancements in community protection are both included in the topic of observation. Recognize current research techniques, previous Defence strategies that were significant, and network attack techniques that have been used before. The security of various domain names is the subject of this article's description of bibliographic research.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.18 no.2
• /
• pp.478-493
• /
• 2024

In this paper, the Mixed Integer Linear Programming (MILP) model is improved for searching differential characteristics of block cipher Midori-64, and 4 search strategies of differential path are given. By using strategy IV, set 1 S-box on the top of the distinguisher to be active, and set 3 S-boxes at the bottom to be active and the difference to be the same, then we obtain a 5-round differential characteristics. Based on the distinguisher, we attack 12-round Midori-64 with data and time complexities of 2⁶³ and 2^103.83, respectively. To our best knowledge, these results are superior to current ones.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.2
• /
• pp.261-270
• /
• 2015

In information security devices, such as Smart Cards, vulnerabilities of the RSA algorithm which is used to protect the data were found in the Side Channel Analysis. The RSA is especially vulnerable to Power Analysis which uses power consumption when the algorithm is working. Typically Power Analysis is divided into SPA(Simple Power Analysis) and DPA(Differential Power Analysis). On top of this, there is a CA(Collision Analysis) which is a very powerful attack. CA makes it possible to attack using a single waveform, even if the algorithm is designed to secure against SPA and DPA. So Message blinding, which applies the window method, was considered as a countermeasure. But, this method does not provide sufficient safety when the window size is small. Therefore, in this paper, we propose a new countermeasure that provides higher safety against CA. Our countermeasure is a combination of message and exponent blinding which is applied to the window method. In addition, through experiments, we have shown that our countermeasure provides approximately 124% higher attack complexity when the window size is small. Thus it can provide higher safety against CA.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.22 no.5
• /
• pp.818-828
• /
• 2018

Nowadays, various security systems are developed and used for protecting information on the network. Although security solutions can prevent some of the security risks, they provide high performance only if used appropriately in accordance with their purposes and functionality. Security solutions commonly used in information protection systems include firewalls, IDS, and IPS. However, despite various information protection systems are introduced, there are always techniques that can threaten the security systems through bypassing them. The purpose of this paper is to develop effective training techniques for responding to the bypass attack techniques in the information security systems and to develop effective techniques that can be applied to the training. In order to implement the test bed we have used GNS3 network simulator, and deployed it on top of virtual operating system using VirtualBox. The proposed correspondence training scenario against bypassing information protection system attacks could be very effectively used to counteract the real attacks.

• Korean Journal of Applied Biomechanics
• /
• v.24 no.3
• /
• pp.217-227
• /
• 2014

The purpose of this study was to investigate the relationship between distance and factors of javelin in korean male's javelin throwing. To accomplish this purpose, the analyzed trail selected total 29 trails (subjects 9) recorded more than 65 m in the 93rd National Sports Festival. The Kwon3D 3.1 version was used to obtain the three dimensional coordinates about the top, grip, end of javelin. And the kinematic data such as projection factors and direction angle of javelin calculated using Matlab2009a program. The statical analysis on the records (n=29) were used to Pearson's product moment correlation coefficient. There was a statistically positive relationship between the records and horizontal velocity (r=.866, ${\rho}$<.01), height (r=.541, ${\rho}$ <.001), height rate (r=.373, ${\rho}$ <.05) and horizontal displacement of javelin (r=.749, ${\rho}$ <.01), but the medial/lateral velocity showed a negative relationship to r=-.663 (${\rho}$ <.01). The attack and yaw angle showed not a significant relationship between the records, but the medial-lateral tilt (E1:r =-.557 [p<.01)] E2:r=-.629 [${\rho}$<.01], E3:r=-.528 [${\rho}$ <.01]) and attitude angle (E2:r=-.629 [[${\rho}$<.01], E3:r=-.619 [${\rho}$ <.01]) of javelin showed a negative relationship between the records, as well as the projection angle of javelin (r=-.419, ${\rho}$ <.05) showed a negative relationship between the records.

• Steel and Composite Structures
• /
• v.37 no.5
• /
• pp.589-603
• /
• 2020

This paper presents an investigation of the thermal performance of composite floor slabs with profiled steel decking exposed to fire effects from floor. A detailed finite-element model has been developed by representing the concrete slab with steel decking under of it and steel beam both steel parts protected by intumescent coating. Although this type of floor systems offers a better fire resistance, passive fire protection materials should be applied when a higher fire resistance is desired. Moreover, fire exposed side is so crucial for composite slab systems as the total fire behaviour of the floor system changes dramatically. When the fire attack from steel parts, the temperature rises rapidly resulting in a sudden decrease on the strength of the beam and decking. Herein this paper, the fire attack side is assumed from the face of the concrete floor (top of the concrete assembly). Therefore, the heat is transferred through concrete to the steel decking and reaching finally to the steel beam both protected by intumescent coating. In this work, the numerical model has been established to predict the heat transfer performance including material properties such as thermal conductivity, specific heat and dry film thickness of intumescent coating. The developed numerical model has been divided into different layers to understand the sensitivity of steel temperature to the number of layers of intumescent coating. Results show that the protected composite floors offer a higher fire resistance as the temperature of the steel section remains below 60℃ even after 60-minute Standard (ISO) fire and Fast fire exposure. Obtaining lower temperatures in steel due to the great fire performance of the concrete itself results in lesser reductions of strength and stiffness hence, lesser deflections.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2014.05a
• /
• pp.606-608
• /
• 2014

Recent smartphone users constantly increases, an increase in malicious applications smartphones indiscretions exists within the Terminal, through the deployment of privacy disclosure, Singh and other victims also are on the rise. A typical personal way to malicious code masquerading as a normal application and install it on the handset of my text message or a personal note, such as personal information, the certificate directory, is the way that leaked. Therefore, to obtain permission to attack the root Terminal event by collecting malware infections and respond to determine whether it is necessary for the technique. In this paper, check the features of a Smartphone in real time systems, to carry out a study on the application throughout the Terminal to collect my attack event analysis, malware infection can determine whether or not the mobile security monitoring system. This prevents a user's personal information and take advantage of the top and spill are expected to be on the field.

• Journal of Platform Technology
• /
• v.9 no.2
• /
• pp.26-37
• /
• 2021

E-mail is one of the important tools for communicating with people in everyday life. With COVID-19 (Coronavirus) increasing non-face-to-face activity, security incidents through e-mail such as spam, phishing, and ransomware are increasing. E-mail security incidents are increasing as social engineering attack using human psychology rather than arising from technological weaknesses that e-mails have. Security incidents using human psychology can be prevented and defended by improving security awareness. This study empirically studies the analysis of changes in response to malicious e-mail due to improved security awareness through malicious e-mail simulations on executives and employees of domestic and foreign company. In this study, the factors of security training, top-down security management, and security issue sharing are found to be effective in safely responding to malicious e-mail. This study presents a new study by conducting empirical analysis of theoretical research on security awareness in relation to malicious e-mail responses, and results obtained from simulations in a practical setting may help security work.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.6
• /
• pp.1031-1041
• /
• 2020

Cloud computing technology plays an important role in the deep learning industry as deep learning services are deployed frequently on top of cloud infrastructures. In such cloud environment, virtualization technology provides logically independent and isolated computing space for each tenant. However, recent studies demonstrate that by leveraging vulnerabilities of virtualization techniques and shared processor architectures in the cloud system, various side-channels can be established between cloud tenants. In this paper, we propose a novel attack scenario that can steal internal information of deep learning models by exploiting the Meltdown vulnerability in a multi-tenant system environment. On the basis of our experiment, the proposed attack method could extract internal information of a TensorFlow deep-learning service with 92.875% accuracy and 1.325kB/s extraction speed.

• International Journal of Computer Science & Network Security
• /
• v.23 no.2
• /
• pp.199-202
• /
• 2023

Carriage return (CR) and line feed (LF), also known as CRLF injection is a type of vulnerability that allows a hacker to enter special characters into a web application, altering its operation or confusing the administrator. Log poisoning and HTTP response splitting are two prominent harmful uses of this technique. Additionally, CRLF injection can be used by an attacker to exploit other vulnerabilities, such as cross-site scripting (XSS). Email injection, also known as email header injection, is another way that can be used to modify the behavior of emails. The Open Web Application Security Project (OWASP) is an organization that studies vulnerabilities and ranks them based on their level of risk. According to OWASP, CRLF vulnerabilities are among the top 10 vulnerabilities and are a type of injection attack. Automated testing can help to quickly identify CRLF vulnerabilities, and is particularly useful for companies to test their applications before releasing them. However, CRLF vulnerabilities can also lead to the discovery of other high-risk vulnerabilities, and it fosters a better approach to mitigate CRLF vulnerabilities in the early stage and help secure applications against known vulnerabilities. Although there has been a significant amount of research on other types of injection attacks, such as Structure Query Language Injection (SQL Injection). There has been less research on CRLF vulnerabilities and how to detect them with automated testing. There is room for further research to be done on this subject matter in order to develop creative solutions to problems. It will also help to reduce false positive alerts by checking the header response of each request. Security automation is an important issue for companies trying to protect themselves against security threats. Automated alerts from security systems can provide a quicker and more accurate understanding of potential vulnerabilities and can help to reduce false positive alerts. Despite the extensive research on various types of vulnerabilities in web applications, CRLF vulnerabilities have only recently been included in the research. Utilizing automated testing as a recurring task can assist companies in receiving consistent updates about their systems and enhance their security.