• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.6
• /
• pp.1087-1098
• /
• 2023

The rapid advancement of artificial intelligence (AI) technology has led to its proactive utilization across various fields. However, this widespread adoption of AI-based systems has raised concerns about the increasing threat of attacks on these systems. In particular, deep neural networks, commonly used in deep learning, have been found vulnerable to adversarial attacks that intentionally manipulate input data to induce model errors. In this study, we propose a method to protect image classification models from visually imperceptible One-Pixel attacks, where only a single pixel is altered in an image. The proposed defense technique utilizes an autoencoder model to remove potential threat elements from input images before forwarding them to the classification model. Experimental results, using the CIFAR-10 dataset, demonstrate that the autoencoder-based defense approach significantly improves the robustness of pretrained image classification models against One-Pixel attacks, with an average defense rate enhancement of 81.2%, all without the need for modifications to the existing models.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.34 no.3
• /
• pp.431-437
• /
• 2024

Drones in the contemporary landscape have transcended their initial public utility, expanding into various industries and making significant inroads into the private sector. The majority of commercially available drones are presently equipped with GPS receivers to relay location signals from artificial satellites, aiming to inform users about the drone's whereabouts. However, a notable drawback arises from the considerable distance over which these location signals travel, resulting in a weakened signal intensity. This limitation introduces vulnerabilities, allowing for the possibility of location manipulation and jamming attacks if the drone receives a stronger signal than the intended location signal from satellites. Thus, this paper focuses on the safety assessment of drones relying on GPS-based location acquisition and addresses potential vulnerabilities in wireless communication scenarios. Targeting commercial drones, the paper analyzes and empirically demonstrates the feasibility of GPS spoofing attacks. The outcomes of this study are anticipated to serve as foundational experiments for conducting more realistic vulnerability analysis and safety evaluations.

• Journal of the Society of Naval Architects of Korea
• /
• v.28 no.2
• /
• pp.159-173
• /
• 1991

This paper describes a potential-based panel method formulated for the analysis of a super-cavitating two-dimensional hydrofoil. The method employs normal dipoles and sources distributed on the foil and cavity surfaces to represent the potential flow around the cavitating hydrofoil. The kinematic boundary condition on the wetted portion of the foil surface is satisfied by requiring that the total potential vanish in the fictitious inner flow region of the foil, and the dynamic boundary condition on the cavity surface is satisfied by requiring thats the potential vary linearly, i.e., the tangential velocity be constant. Green's theorem then results in a potential-based integral equation rather than the usual velocity-based formulation of Hess & Smith type. With the singularities distributed on the exact hydrofoil surface, the pressure distributions are predicted with improved accuracy compared to those of the linearized lilting surface theory, especially near the leading edge. The theory then predicts the cavity shape and cavitation number for an assumed cavity length. To improve the accuracy, the sources and dipoles on the cavity surface are moved to the newly computed cavity surface, where the boundary conditions are satisfied again. This iteration process is repeated until the results are converged. Characteristics of iteration and discretization of the present numerical method are much faster and more stable than the existing nonlinear theories. The theory shows good correlations with the existing theories and experimental results for the super-cavitating flow. In the region of small angles of attack, the present prediction shows and excellent comparison with the Geurst's linear theory. For the long cavity, the method recovers the trends of the Wu's nonlinear theory. In the intermediate regions of the short super-cavitation, the method compares very well with the experimental results of Parkin and also those of Silberman.

• Strategy21
• /
• s.41
• /
• pp.52-84
• /
• 2017

After finishing Cold War, the U.S. Navy's ability to Sea control has been gradually eroded last 15-20 years. The global security environment demands that the surface Navy rededicate itself to sea control, as a new group of potential adversaries is working to deny U.S. navy command of the sea. China has been increasing their sea denial capability, such as extended anti-surface cruise missile and anti-surface ballistic missile. To cope with this situation, the U.S. Naval Surface Forces Command has announced Surface Forces Strategy: Return to Sea Control. It is a new operating and organizing concept for the U.S. surface fleet called 'distributed lethality'. Under distributed lethality, offensive weapons such as new ASCMs are to be distributed more widely across all types of Navy surface ships, and new operational concept for Navy surface fleet's capability for attacking enemy ships and make it less possible for an enemy to cripple the U.S. fleet by concentrating its attack on a few very high-value Navy surface ships. By increasing the lethality of the surface ships and distributing them across wide areas, the Navy forces potential adversaries to not only consider the threat from our carrier-based aircraft and submarines, but they now consider the threat form all of those surface ships. This idea of using the distributed lethality template to generate surface action groups and adaptive force package and to start thinking about to increase the lethal efficacy of these ships. The U.S. Navy believes distributed lethality increases the Navy's sea control capability and expands U.S. conventional deterrence. Funding new weapons and renovated operating concept to field a more lethal and distributed force will enable us to establish sea control, even in contested area. The U.S. Navy's Surface Forces Strategy provides some useful implications for The ROK Navy. First the ROK Navy need to reconsider sea control mission. securing sea control and exploiting sea control are in a close connection. However, recently the ROK Navy only focuses on exploiting sea control, for instance land attack mission. the ROK Navy is required to reinvigorate sea control mission, such as anti-surface warfare and anti-air warfare. Second, the ROK Navy must seek the way to improve its warfighting capability. It can be achieved by developing high-edge weapons and designing renewed operating concept and embraced new weapon's extended capabilities.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.16 no.6
• /
• pp.43-54
• /
• 2016

The occurrence of cyber crime is on the rise every year, and the security control center, which should play a crucial role in monitoring and early response against the cyber attacks targeting various information systems, its importance has increased accordingly. Every endeavors to prevent cyber attacks is being attempted by information security personnel of government and financial sector's security control center, threat response Center, cyber terror response center, Cert Team, SOC(Security Operator Center) and else. The ordinary method to monitor cyber attacks consists of utilizing the security system or the network security device. It is anticipated, however, to be insufficient since this is simply one dimensional way of monitoring them based on signatures. There has been considerable improvement of the security control system and researchers also have conducted a number of studies on monitoring methods to prevent threats to security. In accordance with the environment changes from ESM to SIEM, the security control system is able to be provided with more input data as well as generate the correlation analysis which integrates the processed data, by extraction and parsing, into the potential scenarios of attack or threat. This article shows case studies how to detect the threat to security in effective ways, from the initial phase of the security control system to current SIEM circumstances. Furthermore, scenarios based security control systems rather than simple monitoring is introduced, and finally methods of producing the correlation analysis and its verification methods are presented. It is expected that this result contributes to the development of cyber attack monitoring system in other security centers.

• Journal of KIISE:Computer Systems and Theory
• /
• v.33 no.3
• /
• pp.178-192
• /
• 2006

The buffer overflow attack is the single most dominant and lethal form of security exploits as evidenced by recent worm outbreaks such as Code Red and SQL Stammer. In this paper, we propose microarchitectural techniques that can detect and recover from such malicious code attacks. The idea is that the buffer overflow attacks usually exhibit abnormal behaviors in the system. This kind of unusual signs can be easily detected by checking the safety of memory references at runtime, avoiding the potential data or control corruptions made by such attacks. Both the hardware cost and the performance penalty of enforcing the safety guards are negligible. In addition, we propose a more aggressive technique called corruption recovery buffer (CRB), which can further increase the level of security. Combined with the safety guards, the CRB can be used to save suspicious writes made by an attack and can restore the original architecture state before the attack. By performing detailed execution-driven simulations on the programs selected from SPEC CPU2000 benchmark, we evaluate the effectiveness of the proposed microarchitectural techniques. Experimental data shows that enforcing a single safety guard can reduce the number of system failures substantially by protecting the stack against return address corruptions made by the attacks. Furthermore, a small 1KB CRB can nullify additional data corruptions made by stack smashing attacks with only less than 2% performance penalty.

• KIPS Transactions on Computer and Communication Systems
• /
• v.11 no.12
• /
• pp.453-460
• /
• 2022

As high-performance quantum computers are expected to be developed, studies are being actively conducted to build a post-quantum security system that is safe from potential quantum computer attacks. When the Grover's algorithm, a representative quantum algorithm, is used to search for a secret key in a symmetric key cryptography, there may be a safety problem in that the security strength of the cipher is reduced to the square root. NIST presents the post-quantum security strength estimated based on the cost of the Grover's algorithm required for an attack of the cryptographic algorithm as a post-quantum security requirement for symmetric key cryptography. The estimated cost of Grover's algorithm for the attack of symmetric key cryptography is determined by the quantum circuit complexity of the corresponding encryption algorithm. In this paper, the quantum circuit of the SCHWAEMM algorithm, AEAD family of SPARKLE, which was a finalist in NIST's lightweight cryptography competition, is efficiently implemented, and the quantum cost to apply the Grover's algorithm is analyzed. At this time, the cost according to the CDKM ripple-carry adder and the unbounded Fan-Out adder is compared together. Finally, we evaluate the post-quantum security strength of the lightweight cryptography SPARKLE SCHWAEMM algorithm based on the analyzed cost and NIST's post-quantum security requirements. A quantum programming tool, ProjectQ, is used to implement the quantum circuit and analyze its cost.

• Journal of Internet Computing and Services
• /
• v.15 no.3
• /
• pp.79-90
• /
• 2014

User authentication based on ID and PW has been widely used. As the Internet has become a growing part of people' lives, input times of ID/PW have been increased for a variety of services. People have already learned enough to perform the authentication procedure and have entered ID/PW while ones are unconscious. This is referred to as the adaptive unconscious, a set of mental processes incoming information and producing judgements and behaviors without our conscious awareness and within a second. Most people have joined up for various websites with a small number of IDs/PWs, because they relied on their memory for managing IDs/PWs. Human memory decays with the passing of time and knowledges in human memory tend to interfere with each other. For that reason, there is the potential for people to enter an invalid ID/PW. Therefore, these characteristics above mentioned regarding of user authentication with ID/PW can lead to human vulnerabilities: people use a few PWs for various websites, manage IDs/PWs depending on their memory, and enter ID/PW unconsciously. Based on the vulnerability of human factors, a variety of information leakage attacks such as phishing and pharming attacks have been increasing exponentially. In the past, information leakage attacks exploited vulnerabilities of hardware, operating system, software and so on. However, most of current attacks tend to exploit the vulnerabilities of the human factors. These attacks based on the vulnerability of the human factor are called social-engineering attacks. Recently, malicious social-engineering technique such as phishing and pharming attacks is one of the biggest security problems. Phishing is an attack of attempting to obtain valuable information such as ID/PW and pharming is an attack intended to steal personal data by redirecting a website's traffic to a fraudulent copy of a legitimate website. Screens of fraudulent copies used for both phishing and pharming attacks are almost identical to those of legitimate websites, and even the pharming can include the deceptive URL address. Therefore, without the supports of prevention and detection techniques such as vaccines and reputation system, it is difficult for users to determine intuitively whether the site is the phishing and pharming sites or legitimate site. The previous researches in terms of phishing and pharming attacks have mainly studied on technical solutions. In this paper, we focus on human behaviour when users are confronted by phishing and pharming attacks without knowing them. We conducted an attack experiment in order to find out how many IDs/PWs are leaked from pharming and phishing attack. We firstly configured the experimental settings in the same condition of phishing and pharming attacks and build a phishing site for the experiment. We then recruited 64 voluntary participants and asked them to log in our experimental site. For each participant, we conducted a questionnaire survey with regard to the experiment. Through the attack experiment and survey, we observed whether their password are leaked out when logging in the experimental phishing site, and how many different passwords are leaked among the total number of passwords of each participant. Consequently, we found out that most participants unconsciously logged in the site and the ID/PW management dependent on human memory caused the leakage of multiple passwords. The user should actively utilize repudiation systems and the service provider with online site should support prevention techniques that the user can intuitively determined whether the site is phishing.

• Nuclear Engineering and Technology
• /
• v.41 no.5
• /
• pp.575-602
• /
• 2009

In the wake of the Three Mile Island accident, vigorous research efforts were initiated to acquire a basic knowledge of the progression and consequences of accidents that involve a substantial degree of core degradation and melting. The primary emphasis of this research was placed on containment integrity, with: i) hydrogen combustion-detonation, ii) steam explosion, iii) direct containment heating (DCH), and iv) melt attack on the BWR Mark-I containment shell identified as energetic processes that could lead to early containment failure (i.e., within the first 24 hours of the accident). Should the core melt fail the reactor vessel, then non-condensable gas production from Molten Core-Concrete Interaction (MCCI) was identified as a mechanism that could fail the containment by pressurization over the long term. One signification question that arose as part of this investigation was the effectiveness of water in terminating an MCCI by flooding the interacting masses from above, thereby quenching the molten core debris and rendering it permanently coolable. Successful quenching of the core melt would prevent basemat melt through, as well as continued containment pressurization by non-condensable gas production, and so the accident progression would be successfully terminated without release of radioactivity to the environment. Based on these potential merits, ex-vessel corium coolability has been the focus of extensive research over the last 20 years as a potential accident management strategy for current plants. In addition, outcomes from this research have impacted the accident management strategies for the Gen III+LWR plant designs that are currently being deployed around the world. This paper provides: i) an historical overview of corium coolability research, ii) summarizes the current status of research in this area, and iii) highlights trends in severe accident management strategies that have evolved based on the findings from this work.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.16 no.11
• /
• pp.2341-2346
• /
• 2012

Voice phishing against the old or weak persons have used the methods which are social engineering in the object and financial structure and function. Until recently Voice phishing from Chaina caused economic devastation and the economic loss by phishing grows with the South Koreans in the whole. Korean government and public organizations involved have been strengthening protection system and a financial security devices. But it is not easy to verify how much effects of security measures are. In this paper I will study the economic loss caused by voice phishing and potential economic effects of security measures and security device reinforcements of the Republic of Korea. Direct costs are reported about 100 million dollars and potential economic effects of voice phinshing secure measures may be around 320 million dollars.