• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.1
• /
• pp.73-81
• /
• 2021

When downloading files using an app or web-based application on the user's mobile phone, the path is set to be saved in the pre-defined default directory. Many applications requiring access to storage, including file managers, require a write or read permission of storage to provide numerous functions and services. This means that the application will have direct access to the download folder where the numerous files downloaded. In this paper, to prove our feasibility of attack using the security vulnerabilities mentioned above, we developed a file hacking function disguised as an encryption function in the file management application. The file that encrypted will be sent to hackers via E-mail simultaneously on the background. The developed application was evaluated from VirusTotal, a malicious analysis engine, was not detected as a malicious application in all 74 engines. Finally, in this paper, we propose a defense technique and an algorithm based on the Trusted Execution Environment (TEE) to supplement these storage vulnerabilities.

• Journal of Convergence for Information Technology
• /
• v.11 no.7
• /
• pp.21-30
• /
• 2021

With the development of IoT technology, various cloud computing-based services such as smart cars, smart healthcare, smart homes, and smart farms are expanding. With the advent of a new environment, various problems continue to occur, such as the possibility of exposure of important information such as personal information or company secrets, financial damage cases due to hacking, and human casualties due to malicious attack techniques. In this paper, we propose a message communication protocol for smart home-based secure communication and user data protection. As a detailed process, secure device registration, message authentication protocol, and renewal protocol were newly designed in the smart home environment. By referring to the security requirements related to the smart home service, the stability of the representative attack technique was verified, and as a result of performing a comparative analysis of the performance, the efficiency of about 50% in the communication aspect and 25% in the signature verification aspect was confirmed.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.24 no.11
• /
• pp.1437-1444
• /
• 2020

With the development of computer vision systems, many advances have been made in the fields of surveillance, biometrics, medical imaging, and autonomous driving. In the field of autonomous driving, in particular, the object detection technique using deep learning are widely used, and the paved road detection is a particularly crucial problem. Unlike the ROI detection algorithm used in general object detection, the structure of paved road in the image is heterogeneous, so the ROI-based object recognition architecture is not available. In this paper, we propose a deep neural network architecture for atypical paved road detection using Semantic segmentation network. In addition, we introduce the multi-scale semantic segmentation network, which is a network architecture specialized to the paved road detection. We demonstrate that the performance is significantly improved by the proposed method.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.25 no.2
• /
• pp.280-285
• /
• 2021

When VNDN technology is used as a communication technology for infotainment application services of connected vehicles, it is possible to realize data-centric networking technology in which data is the subject of communication.Vehicle security attacks and hacks, performance degradation during long-distance data transmission, and frequent data loss It is possible to innovate the limitations of the current host-oriented Internet-based infotainment application service technology of connected vehicles. The data packet forwarding issue to deliver critical information data that is very sensitive to delay in the VNDN on a push-based basis to RSU (Road Side Unit), etc. is one of the issues to be solved for realizing VNDN-based application services. We comprehensively analyze existing forwarding techniques to support push-based data traffic under the environment, and compare and analyze each technique in terms of performance.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.22 no.5
• /
• pp.394-402
• /
• 2021

Electronic voting systems have been widely used in many countries around the world since the mid-1990s. In recent years, studies have applied blockchain to existing electronic voting systems in order to provide reliability, fairness, and transparency for voters. This approach is highly useful as a technology that promotes decentralized citizen participation. However, the existing electronic voting systems using blockchain have not sufficiently considered anonymity. Lack of anonymity acts as an important constraint in cases of small- and medium-sized voting, which is often required in decentralized citizen participation. In this study, we propose a model that provides anonymity to a voting system using blockchain by applying the concept of the master node in Dash cryptocurrency. First, we define the differences in the requirements of the transfer and voting systems in blockchain. We propose a parallel and autonomous model and algorithm to provide anonymity in the blockchain-that is, a decentralized development environment. In addition, a discussion of security and the environment for the proposed model is described.

• Journal of Internet of Things and Convergence
• /
• v.7 no.4
• /
• pp.77-83
• /
• 2021

In the 4^th industrial revolution, research on various new technologies is being actively conducted. Among the new technologies of the 4^th industrial revolution, interest in blockchain is very high. A lot of research on this kind of block chain is being actively conducted, centered on graduate schools. It is not easy for a university to operate a dedicated blockchain curriculum centered on undergraduate students. In such a situation, a variety of new blockchain ecosystems have been created to revitalize the blockchain-related industry, and many developments are being made with a lot of interest and effort. In this research, we intend to propose a university curriculum model for blockchain, which is important in the 4^th industrial revolution. Regarding the blockchain education model, we propose a related blockchain education model focusing on the contents of operating an industry-oriented education course through the human resource nurturing process, and various blockchain education will be activated to achieve the blockchain industry development.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.2
• /
• pp.371-379
• /
• 2022

Darknet is based on the characteristics of anonymity and security, and this leads darknet to be continuously abused for various crimes and illegal activities. Therefore, it is very important to detect and classify darknet traffic to prevent the misuse and abuse of darknet. This work proposes a novel approach, which uses the Gradient Boosting techniques for darknet traffic detection and classification. XGBoost and LightGBM algorithm achieve detection accuracy of 99.99%, and classification accuracy of over 99%, which could get more than 3% higher detection accuracy and over 13% higher classification accuracy, compared to the previous research. In particular, LightGBM algorithm could detect and classify darknet traffic in a way that is superior to XGBoost by reducing the learning time by about 1.6 times and hyperparameter tuning time by more than 10 times.

• KIPS Transactions on Computer and Communication Systems
• /
• v.11 no.12
• /
• pp.445-452
• /
• 2022

Class distribution of unbalanced data is an important part of the digital world and is a significant part of cybersecurity. Abnormal activity of unbalanced data should be found and problems solved. Although a system capable of tracking patterns in all transactions is needed, machine learning with disproportionate data, which typically has abnormal patterns, can ignore and degrade performance for minority layers, and predictive models can be inaccurately biased. In this paper, we predict target variables and improve accuracy by combining estimates using Synthetic Minority Oversampling Technique (SMOTE) and Light GBM algorithms as an approach to address unbalanced datasets. Experimental results were compared with logistic regression, decision tree, KNN, Random Forest, and XGBoost algorithms. The performance was similar in accuracy and reproduction rate, but in precision, two algorithms performed at Random Forest 80.76% and Light GBM 97.16%, and in F1-score, Random Forest 84.67% and Light GBM 91.96%. As a result of this experiment, it was confirmed that Light GBM's performance was similar without deviation or improved by up to 16% compared to five algorithms.

• Journal of Software Assessment and Valuation
• /
• v.16 no.2
• /
• pp.53-62
• /
• 2020

In the end-user domain of an IoT environment, there are more and more intelligent M2M devices that provide resources to create and share application services. Therefore, it can be very useful to manage trust by transferring the role of the existing centralized service provider to end users in a P2P environment. However, in a decentralized M2M computing environment where end users independently provide or consume services, mutual trust building is the most important factor. This is because malicious users trying to build malfunctioning services can cause security problems in M2M computing environments such as IoT. In this paper, we provide an integrated analysis and approach for trust evaluation of M2M application services, and an optimized trust evaluation model that can guarantee reliability among users of the M2M community.

• Journal of Software Assessment and Valuation
• /
• v.16 no.2
• /
• pp.143-151
• /
• 2020

The digital content's security and authentication are important in the field of digital content application. There are some methods to perform the authentication. The digital watermarking is one of authentication methods. Paper presents a digital watermark authentication method that works in the application of digital image. The proposed watermark has the triple status information and performs the embedding and the detection without original Content. When authenticating the owner information of digital content, an autocorrelation function is used. In addition, a spread spectrum method is used to be adaptive to the signal of the original content in the frequency domain(DWT Domain). Therefore, the possibility of errors occurring in the detection of hidden information was reduced. it also has a advantage what Watermarking in DWT has faster embedding and detection time than other transformation domains(DFT, DCT, etc.). if it has a an image of size N=mXm, the computational amount can be reduced from O(N·logN) to O(N). The particular advantage is that it can hide more information(bits) per bit.