• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.5
• /
• pp.781-793
• /
• 2014

A Public Key Infrastructure (PKI) is security standards to manage and use public key cryptosystem. A PKI is used to provide digital signature, authentication, public key encryption functionality on insecure channel, such as E-banking and E-commerce on Internet. A soft-token private key in PKI is leaked easily because it is stored in a file at standardized location. Also it is vulnerable to a brute-force password attack as is protected by password-based encryption. In this paper, we proposed a new method that detects private key compromise and is probabilistically secure against a brute-force password attack though soft-token private key is leaked. The main idea of the proposed method is to use a genuine signature key pair and (n-1) fake signature key pairs to make an attacker difficult to generate a valid signature with probability 1/n even if the attacker found the correct password. The proposed method provides detection and notification functionality when an attacker make an attempt at authentication, and enhances the security of soft-token private key without the additional cost of construction of infrastructure thereby extending the function of the existing PKI and SSL/TLS.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.6
• /
• pp.1271-1283
• /
• 2019

The fourth industrial revolution and digital transformation are also bringing major changes to the financial ecosystem in Korea. Already, global financial firms overseas are opening their financial markets and exploring new financial businesses by seeking ways to co-prosperity with fintech firms. However, it is also true that the domestic financial environment has failed to respond to the changes due to its monopolistic and closed structure. In response, the government began pushing for the introduction of open banking in December 2019 with the aim of fully opening the financial settlement system. However, unlike the existing simple financial transaction structure, open banking still has an unresolved part due to the unclear relationship of responsibilities between interested parties in the event of financial accidents due to the complex linkage structure of transactions such as financial firms, fintech firms and customers. This study analyzed the security threat of open banking in depth. By doing so, the government and financial firms want to present policy proposals that need to be improved to enhance the safety of open banking in korea and protect financial consumers, as well as new financial models that have improved the vulnerable parts of existing models.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• v.9 no.2
• /
• pp.811-815
• /
• 2005

IPSec(Internet Protocol Security) is a framework for a set of protocols for security at the network or packet processing layer of network communication. IPSec is providing authentication, integrity and confidentiality security services. The specifications for Internet Key Exchange(IKEv1) were released to the world. Some criticisms of IKEv1 were that it was too complex and endeavored to define too much functionality in one place. Multiple options for multiple scenarios were built into the specification. The problem is that some of the included scenarios are rarely if ever encountered. For IPsec to work, the sending and receiving devices must chare a Public Key. This is accomplished through a protocol known as Internet Security Association and Key Management Protocol/Oakley(ISAKMP/Oakley), which allows the receiver to obtain a public key and authenticate the sender using digital certificates. This thesis is a study on the performance improvement of the security transmission using the SSFNet(Scalable Simulation Framework Network Models)

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2011.10a
• /
• pp.255-258
• /
• 2011

Wi-Fi is a rapidly spreading communications network with Smart phone's publication, the technology has become Ubiquitous-based core network which is connected to personal computers, laptops, and tablet PC. Wi-Fi can send currently a variety of data standard due to developed wireless LAN communications network. One of Wi-Fi standard protocols, which is IEEE 802.11n, use 2.4GHz and 5GHz band. 2.4GHz band is used for 802.11b/g protocol because wavelength is long, diffraction and receiving distance is enough to connect other device. 5GHz band has more available channels to use than 2.4GHz band, so there is no frequency interference of other wireless device such as Bluetooth, RFID. Moreover, there is low interference between channels due to small users in each bandwidth level. In the thesis, we are going to analyze 802.11a/b/g protocol which has used since the beginning of Wi-Fi protocol and 802.11n protocol which is used lately. Furthermore, we look into development and direction for standardization of the next generation wireless LANs which are 802.11ac and 802.11ad. In addition, we will consider for the security, vulnerabilities and its countermeasure in Wireless LAN.

• The KIPS Transactions:PartC
• /
• v.9C no.1
• /
• pp.97-106
• /
• 2002

In 3GPP2 standard, MIP is used and a PDSN performs the function of FA to support macro mobility. When a MS is roaming from a PDSN area to another, the mobility supported is called macro mobility, while it is called micro mobility when a MS is roaming from a RN area to another in a PDSN area. Since a PDSN performs the function of FA in 3GPP2 standard, it is possible to support mobility but its mechanism is actually for supporting macro mobility, not for micro mobility, thus it is weak in processing fast and seamless handoff to support micro mobility. In this paper, we suggest the seamless handoff algorithm barred on multicast group mechanism to support micro mobility. Depending on the moving direction and velocity of a MS, the suggested algorithm constructs a multicast group of RNs on the forecasted MS's moving path, and maximally delays RNs'joining to a multicast group to increase the network efficiency. Moreover, to resolve the buffer overhead problem of the existent multicast scheme, the algorithm suggests that each RN buffers data only after the forecasted handoff time. To prove deadlock freeness and liveness of the algorithm. we use state transition diagrams, a Petri-net modeling and its reachability tree. Then, we evaluate the performance by simulation.

• Journal of the Society of Disaster Information
• /
• v.8 no.4
• /
• pp.362-375
• /
• 2012

Tourist hotels are equipped with facilities such as accommodation and restaurants, exercise, recreation. Unspecified guests, visitors and management of tourist hotels are very vulnerable on the casualties and property losses due to fire peril exist. In this study, we analysis that the fire statistics status of tourist hotels from 2001 to 2010. And the 15 cases of a large hotel fire are reviewed. The total number of fires on hotel are consist of a hotel rooms fire(33.2%), a restaurant kitchen fire(11.8%). And the major causes of the fire are an electrical fire (40.8%), a cigarette fire (14.5%) and a hot-work fire (9.2%). In case study, the fire wall defect and combustible materials are major fire loss causes for 10year. Each tourist hotels are needed a development of suitable fire risk management and a field operations. A hotel is required an active fire risk management on a preventive inspection, an education and training, and a preventive maintenance. It is necessary that a fire wall maintenance to prevent of the spread of a fire and a sprinkler installation of whole area to protect fire. And it is very important an emergency response for evacuation of guest, and operate emergency procedures on a fire or emergency situation.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.1
• /
• pp.123-133
• /
• 2018

Cyber-Physical System (CPS) is a system in which a physical system and a cyber system are strongly integrated. In order to operate the target physical system stably, the CPS constantly monitors the physical system through the sensor and performs control using the actuator according to the current state. If a malicious attacker performs a forgery attack on the measured values of the sensors in order to conceal their attacks, the cyber system operated based on the collected data can not recognize the current operation status of the physical system. This causes the delay of the response of the automation system and the operator, and then more damage will occur. To protect the CPS from increasingly sophisticated and targeted attacks, countermeasures must be developed that can detect stealthy deception attacks. However, in the CPS environment composed of various heterogeneous devices, the process of analyzing and demonstrating the vulnerability to actual field devices requires a lot of time. Therefore, in this study, we propose a method of constructing the experiment environment of the PLCitM (PLC in the middle) which can verify the performance of the techniques to detect the CPS stealthy deception attack and present the experimental results.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.18 no.10
• /
• pp.2503-2508
• /
• 2014

This study is about the selection and noise test of electronic sensor which is preceded by electric Operating Cell(EOC) development using electronic sensor technology to solve the structural weakness of Mechanism Operated Cell(MOC) in VCB, and has a final target in product development minimizing contact malfunction of the chattering or rebounce states caused by existing MOC. In this test results, when opening and closing VCB, rising velocity of surge voltage in opening time was measured 4.2 times faster than closing time and noise decibel value was measured respectively 120dB and 110dB. When supplying 60kV power frequency overvoltage, we found that sensor output graph in VCB opening and closing times operated stably without distortion. When supplying 150kV $1.2{\times}50{\mu}s$ impulse frequency voltage, we found that voltage graph of output contact in sensor opening and closing sides maintained a normal condition without distortion, and when supplying 2500A current, we found that tested result of electric field noise operated stably without distortion.

• The KIPS Transactions:PartD
• /
• v.15D no.5
• /
• pp.713-720
• /
• 2008

Fingerprinting scheme uses digital watermarks to trace originator of unauthorized or pirated copies, however, multiple users may collude and escape identification by creating an average or median of their individually watermarked copies. Previous research works are based on ACC (anti-collusion code) for identifying each user, however, ACC are shown to be resilient to average and median attacks, but not to LCCA and cannot support large number of users. In this paper, we propose a practical SACC (scalable anti-collusion code) scheme and its angular decoding strategy to support a large number of users from basic ACC (anti-collusion code) with LCCA (linear combination collusion attack) robustness. To make a scalable ACC, we designed a scalable extension of ACC codebook using a Gaussian distributed random variable, and embedded the resulting fingerprint using human visual system based watermarking scheme. We experimented with standard test images for colluder identification performance, and our scheme shows good performance over average and median attacks. Our angular decoding strategy shows performance gain over previous decoding scheme on LCCA colluder set identification among large population.

• Journal of KIISE
• /
• v.42 no.8
• /
• pp.998-1009
• /
• 2015

In recent years, there has been a growing interest in RDFS Inference to build a rich knowledge base. However, it is difficult to improve the inference performance with large data by using a single machine. Therefore, researchers are investigating the development of a RDFS inference engine for a distributed computing environment. However, the existing inference engines cannot process data in real-time, are difficult to implement, and are vulnerable to repetitive tasks. In order to overcome these problems, we propose a method to construct an in-memory distributed inference engine that uses a parallel graph structure. In general, the ontology based on a triple structure possesses a graph structure. Thus, it is intuitive to design a graph structure-based inference engine. Moreover, the RDFS inference rule can be implemented by utilizing the operator of the graph structure, and we can thus design the inference engine according to the graph structure, and not the structure of the data table. In this study, we evaluate the proposed inference engine by using the LUBM1000 and LUBM3000 data to test the speed of the inference. The results of our experiment indicate that the proposed in-memory distributed inference engine achieved a performance of about 10 times faster than an in-storage inference engine.