• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.18 no.3
• /
• pp.143-154
• /
• 2008

Information hiding is a very important technology recently. Having this technology can be a competitive power for secure communication. In this paper, it will be showed that hiding data in MS Office 2007 file is possible. Considering Microsoft (MS) Office 2007 file format is based on Open XML format, the feature of Open XML format makes it possible to hide data in MS Office 2007 file. In Open XML format, unknown XML files and their relationships can be defined by user. These parts and relationships are used to hide data in MS Office 2007 file. Considering unknown parts and unknown relationships are not in normal MS Office 2007 file, the hidden data can be detected by confirming of unknown parts and unknown relationships.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.9 no.3
• /
• pp.119-127
• /
• 2013

The merits of Smartphone are portability, convenience and especially a lot of information can be stored in the device. Especially in Smartphone, users can install programs that cannot install to normal cell phone and users can use many different services through these Smartphone programs. Also Smartphone can connect to Internet through network, so it can access information anytime, anywhere easily. Security of personal information and variety of information which stored in Smartphone are in risk. In Chapter 2 of thesis, it will discuss the definition and features of the Smartphone and market trends. In Chapter 3 of thesis, it will discuss security vulnerabilities of Smartphone and it will analyze and research security vulnerabilities of Smartphone in Chapter 4. In conclusion, it will check users' identification twice in useful application especially application that relate to finance and mobile payment. By checking users' identification several times, it will help to defend from security threats. Users can use Smartphone safely and convenience by know how to prevent from mobile hacking for personal and private information. the quality of APIs matching by the clustering and hierarchical relationships mechanism.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.3
• /
• pp.809-820
• /
• 2016

The smart grid, a new open platform, is a core application for facilitating a creative economy in the era of the Internet of Things (IoT). Advanced Metering Infrastructure (AMI) is one of the components of the smart grid and a two-way communications infrastructure between the main utility operator and customer. The smart meter records consumption of electrical energy and communicates that information back to the utility for monitoring and billing. This paper investigates the impact of a cybersecurity attack on the smart meter. We analyze the cost to the smart grid in the case of a smart meter attack by authorized users based on a high risk scenario from NESCOR. Our findings could be used by policy makers and utility operators to create investment decision-making models for smart grid security.

• The Journal of the Convergence on Culture Technology
• /
• v.7 no.4
• /
• pp.759-764
• /
• 2021

Because sensitive and private information should be exchanged between electric vehicles and a V2G service provider, reliable communication channel is essential to operate Vehicle-to-Grid (V2G) system which considers battery of electric vehicles as a factor of smart grid. The block chain is a platform for cryptocurrency transaction and fully distributed database system running by only equivalent node in the network without help of any central management or 3^rd party. In this paper, the structure and operation method of the blockchain are investigated, and the application of the blockchain for the V2G system was also explained and analyzed.

• Proceedings of the Korean Society of Computer Information Conference
• /
• 2010.07a
• /
• pp.43-46
• /
• 2010

전력산업분야는 스마트그리드 표준체계 및 고도화된 정보통신 인프라의 도입과 보안 그리고 분산전력 등에 대한 신기술 도입에 의해서 급격한 변화기를 맞이하고 있다. 현재 미국과 EU에서는 세계시장을 겨냥해서 스마트그리드의 국제표준화를 주도하고 있으며, 제3세계에서는 전력설비 시장의 지속적 성장이 예상되고 있다. 이에 국내에서도 국제 경쟁력 확보 및 신성장동력 창출을 목표로 연구가 진행 중이다. 전력체계의 운영망과 별개의 시험망 구성이 필요하며, 그 시험망을 통한 검증을 위해 시험망내 표준규격의 통신환경의 설계 및 기능검증은 매우 중요한 요소이다. 본 논문에서는 시험평가망 구성이후 평가를 위해 사용할 수 있는 주요 Component의 설계과정 중의 일부인 IEC 61850기반의 MMS 통신 환경구성 및 기능검증을 위한 연구결과에 대해 설명한다.

• The Journal of Society for e-Business Studies
• /
• v.9 no.3
• /
• pp.227-241
• /
• 2004

With the expansion of internet usage and the advanced technology for information and communication, the international e-Trade environment gradually migrates from the VAN/EDI to the global Internet-based e-Traed on an ebXML framework. In an effort to provide a Internet-based e-Trade environment with a security and trust, this paper analyzes security components and proposed the SSL and ebXML security technologies in order to assure of the trust and security over Internet-based e-Trade. In addition, this paper presents 3-phase methodology to realize the secure and trustworthy Internet-based e-Trade. In summary, as the first phase, the e-Trade business processes are re-engineered and the digital signature council for mutual recognition is orgainzed. And as the second phase, the Internet-based e-Trade system and the concerned digital signature technology are implemented. Finally as third phase, the PKI mutual recognition agreement is signed by parties concerned and then the Internet-based e-trade business is started. Furthermore, this paper presents the promising Internet-based e-Trade models where the digital signature can be applied.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.12 no.3
• /
• pp.103-118
• /
• 2002

To provide the privacy of transmitted message over network the use of cryptographic system is increasing gradually. Because the security and reliability of the cryptographic system is totally rely on the key, the key management is the most important part of the cryptographic system. Although there are a lot of security products providing encryption, the security of the key exchange protocols used in the product are not mostly proved yet. Therefore, we have to study properties and operation of key agreement protocols based on elliptic curve in ANSI X9.63. furthermore, we analyze the security of their protocols under passive and active attacker models and propose the most suitable application field taking the feature of the protocols into account.

• Journal of Internet Computing and Services
• /
• v.11 no.4
• /
• pp.129-141
• /
• 2010

In digital computing environment, for the mal functions in appliances and system errors, the unaccepted intrusion should be occurred. The evidence collecting technology uses the system which was damaged by intruders and that system is used as evidence materials in the court of justice. However the collected evidences are easily modified and damaged in the gathering evidence process, the evidence analysis process and in the court. That’s why we have to prove the evidence’s integrity to be valuably used in the court. In this paper, we propose a mechanism for securing the reliability and the integrity of digital evidence that can properly support the Computer Forensics. The proposed mechanism shares and manages the digital evidence through mutual authenticating the damaged system, evidence collecting system, evidence managing system and the court(TTP: Trusted Third Party) and provides a secure access control model to establish the secure evidence management policy which assures that the collected evidence has the corresponded legal effect.

• Journal of Korea Society of Industrial Information Systems
• /
• v.12 no.3
• /
• pp.47-59
• /
• 2007

IPv4 NAT, which often used in households or under SOHO environments, is one of the factors that delays IPv6 propagation. As IPv4 NAT does not operate properly under the transition mechanism like ISATAP or 6to4 that acts as IPv6-in-IPv4 tunneling type, Microsoft proposed Teredo in order to resolve this issue. However, tunneling transition mechanism like Teredo has a security problem. That is, being tunneled packets have dual IP headers; general firewall systems apply the filtering rules only to the outer header but not inner header when these packets pass the firewall. Furthermore, attacks using unregistered server and relay can take place in Teredo. To resolve these problems, we propose a new packet filtering mechanism exclusively for Teredo. The proposed packet filtering mechanism was designed and implemented by using Linux Netfilter and ip6tables. Through functional and experimental performance tests, this packet filtering system was found operating properly and solving the Teredo packet filtering problems without serious performance degradation.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.3
• /
• pp.429-442
• /
• 2020

The proportion of attacks via office documents is increasing in recent incidents. Although the security of office applications has been strengthened gradually, the attacks through the office documents are still effective due to the sophisticated use of social engineering techniques and advanced attack techniques. In this paper, we propose a method for detecting malicious OOXML(Office Open XML) documents and a framework for detection. To do this, malicious files used in the attack and benign files were collected from the malicious code repository and the search engine. By analyzing the malicious code types of collected files, we identified six "suspicious object" elements that are meaningful in determining whether they are malicious in a document. In addition, we implemented an OOXML document-based malware detection framework based on the detection method to classify the collected files and found that 98.45% of malicious filesets were detected.