• Proceedings of the Korean Information Science Society Conference
• /
• 2003.04a
• /
• pp.233-235
• /
• 2003

인터넷에 노출되어 있는 시스템 흑은 내부 네트워크에 대한 해커들의 공격은 날이 갈수록 심각한 상태에 이르고 있으며 이에 따라 이를 방어하기 위한 기법들에 대한 개발도 활발한 상태이다. 아무리 우수한 보안 시스템이라도 이를 어떻게 관리하고 사용하는가에 따라 그 효과가 크게 변한다. 본 논문은 RBAC 모델을 보안 관리에 적용시켜 보안 개체들 간의 효율적 역할 분담 및 상호 견제를 통해 보안 관리 체계를 개선하는 방안을 제안한다.

• Proceedings of the Korean Information Science Society Conference
• /
• 2003.04a
• /
• pp.305-307
• /
• 2003

일반적으로 해킹이 이루어지기 위해서는 공격의 대상이 되는 시스템과 네트워크의 정보를 수집하는 사전단계가 필수적이다. 네트워크 포트 스캐닝은 이 시스템 정보 수집단계에서 중요한 역할을 하는 방법으로 주로 통신 프로토콜의 취약점을 이용하여 비정상적인 패킷을 보낸 후 시스템의 반응을 살피는 방법으로 수행된다. 본 논문에서는 마르코프 체인 모델을 이용한 비정상행위기법 기반의 포트 스캐닝을 탐지방법을 제안하고 여러 가지 은닉/비은닉 포트 스캐닝 방법에 대하여 좋은 성능을 나타냄을 보인다.

• Annual Conference of KIPS
• /
• 2007.05a
• /
• pp.1110-1112
• /
• 2007

내부 정보 유출 방지체계는 침입탐지시스템이나 방화벽 같은 외부 공격자에 대한 방어 대책으로는 한계가 있어 새로운 정보보호 체계가 필요하다. 본 논문은 내부정보 유통 구조에 내재되어 있는 내부 정보 유출 취약점을 분석하고 이에 대한 대책으로서 새로운 정보보호 모델을 제안하며, 제안된 정보보호 모델을 구현하는 한 방법으로서 DRM 기술을 적용한 정보보호 기술구조를 제안한다.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.11 no.8
• /
• pp.3045-3052
• /
• 2010

The international standard signature algorithm DSA has been guaranteed its security based on discrete logarithm problem. Recently, the DSA was known to be vulnerable to some fault analysis attacks in which the secret key stored inside of the device can be extracted by occurring some faults when the device performs signature algorithm. After analyzing an existing fault attack presented by Bao et al., this paper proposed a new fault analysis attack by disturbing the random number. Furthermore, we presented a countermeasure to compute DSA signature that has its immunity in the two types of fault attacks. The security and efficiency of the proposed countermeasure were verified by computer simulations.

• Journal of Digital Convergence
• /
• v.13 no.4
• /
• pp.205-210
• /
• 2015

The auto industry has significantly evolved to the extent that much attention is paid to M2M (Machine-to-Machine) communication. In M2M communication which was first used in meteorology, environment, logistics, national defense, agriculture and stockbreeding, devices automatically communicate and operate in accordance with varying situations. M2M system is applied to vehicles, specifically to device-to-device communication inside cars, vehicle-to-vehicle communication, communication between vehicles and traffic facilities and that between vehicles and surroundings. However, communication systems are characterized by potential intruders' attacks in transmission sections, which may cause serious safety problems if vehicles' operating system, control system and engine control parts are attacked. Thus, device-to-device secure communication has been actively researched. With a view to secure communication between vehicular devices, the present study drew on hash functions and complex mathematical formulae to design a protocol, which was then tested with Casper/FDR, a tool for formal verification of protocols. In brief, the proposed protocol proved to operate safely against a range of attacks and be effective in practical application.

• Journal of Digital Convergence
• /
• v.12 no.5
• /
• pp.249-254
• /
• 2014

Recent advancement of USN technology has lent itself to the evolving communication technology for implantable devices in the field of medical service. The wireless transmission section for communication between implantable medical devices and patients is a cause of concern over invasion of privacy, resulting from external attackers' hacking and thus leakage of private medical information. In addition, any attempt to manipulate patients' medical information could end up in serious medical issues. The present study proposes an authentication protocol safe against intruders' attacks when RFID/USN technology is applied to implantable medical devices. Being safe against spoofing, information exposure and eavesdropping attacks, the proposed protocol is based on hash-function operation and adopts session keys and random numbers to prevent re-encryption. This paper verifies the security of the proposed protocol using the formal verification tool, Casper/FDR.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.1
• /
• pp.59-74
• /
• 2020

The web space where web applications run is the cyber information warfare of attackers and defenders due to the open HTML. In the cyber attack space, about 84% of worldwide attacks exploit vulnerabilities in web applications and software. It is very difficult to detect web vulnerability attacks with security products such as web firewalls, and high labor costs are required for security verification and assurance of web applications. Therefore, rapid vulnerability detection and response in web space by automated software is a key and effective cyber attack defense strategy. In this paper, we establish a security risk management model by intensively analyzing security threats against web applications and software, and propose a method to effectively diagnose web and application vulnerabilities. The testing results on the commercial service are analyzed to prove that our approach is more effective than the other existing methods.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.3
• /
• pp.453-460
• /
• 2014

Fault injection attack is the process of attempting to acquire the information on-chip through inject artificially generated error code into the cryptographic algorithms operation (or perform) which is implemented in hardware or software. From the details above, the laser-assisted failure injection attacks have been proven particularly successful. In this paper, we propose an improved laser probing system for fault injection attack which is called the Dual-Laser FA tool set, a hybrid approach of the Flash-pumping laser and fiber laser. The main concept of the idea is to improve the laser probe through utilizing existing equipment. The proposed laser probe can be divided into two parts, which are Laser-I for laser cutting, and Laser-II for fault injection. We study the advantages of existing equipment, and consider the significant parameters such as energy, repetition rate, wavelength, etc. In this approach, it solves the high energy problem caused by flash-pumping laser in higher repetition frequency from the fiber laser.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.1
• /
• pp.99-107
• /
• 2022

In the current technological society, where various technologies are converged into one and being transformed into new technologies, new cyber attacks are being made just as they keep pace with the changes in society. In particular, due to the convergence of various attacks into one, it is difficult to protect the system with only the existing security system. A lot of information is being generated to respond to such cyber attacks. However, recklessly generated vulnerability information can induce confusion by providing unnecessary information to administrators. Therefore, this paper proposes a mechanism to assist in the analysis of emerging cyberattack convergence technologies by providing differentiated vulnerability information to managers by learning documents using deep learning-based language learning models, extracting vulnerability information and classifying them according to the MITRE ATT&CK framework.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.3
• /
• pp.549-559
• /
• 2023

As mobile edge computing (MEC) is gaining attention as a core technology of 5G networks, edge AI technology of 5G network environment based on mobile user data is recently being used in various fields. However, as in traditional AI security, there is a possibility of adversarial interference of standard 5G network functions within the core network responsible for edge AI core functions. In addition, research on data poisoning attacks that can occur in the MEC environment of standalone mode defined in 5G standards by 3GPP is currently insufficient compared to existing LTE networks. In this study, we explore the threat model for the MEC environment using NWDAF, a network function that is responsible for the core function of edge AI in 5G, and propose a feature selection method to improve the performance of detecting data poisoning attacks for Leaf NWDAF as some proof of concept. Through the proposed methodology, we achieved a maximum detection rate of 94.9% for Slowloris attack-based data poisoning attacks in NWDAF.