• Journal of the Institute of Electronics Engineers of Korea CI
• /
• v.47 no.6
• /
• pp.1-7
• /
• 2010

This paper presents a novel implementation on multimedia fingerprinting algorithm based on BCH (Bose-Chaudhuri-Hocquenghem) code. The evaluation is put in force the colluder detection to n-1. In the proposed algorit hm, the used collusion attacks adopt logical combinations (AND, OR and XOR) and average computing (Averaging). The fingerprinting code is generated as below step: 1. BIBD {7,4,1} code is generated with incidence matrix. 2. A new encoding method namely combines BIBD code with BCH code, these 2 kind codes are to be fingerprinting code by BCH encoding process. 3. The generated code in step 2, which would be fingerprinting code, that characteristic is similar BCH {15,7} code. 4. With the fingerprinting code in step 3, the collusion codebook is constructed for the colluder detection. Through an experiment, it confirmed that the ratio of colluder detection is 86.6% for AND collusion, 32.8% for OR collusion, 0% for XOR collusion and 66.4% for Averaging collusion respectively. And also, XOR collusion could not detect entirely colluder and on the other hand, AND and Averaging collusion could detect n-1 colluders and OR collusion could detect k colluders.

• Journal of Platform Technology
• /
• v.9 no.3
• /
• pp.3-17
• /
• 2021

Advanced persistent threat (APT) attacks are attacks aimed at a particular entity as a set of latent and persistent computer hacking processes. These APT attacks are usually carried out through various methods, including spam mail and disguised banner advertising. The same name is also used for files, since most of them are distributed via spam mail disguised as invoices, shipment documents, and purchase orders. In addition, such Infostealer attacks were the most frequently discovered malicious code in the first week of February 2021. CDR is a 'Content Disarm & Reconstruction' technology that can prevent the risk of malware infection by removing potential security threats from files and recombining them into safe files. Gartner, a global IT advisory organization, recommends CDR as a solution to attacks in the form of attachments. There is a program using CDR techniques released as open source is called 'Dangerzone'. The program supports the extension of most document files, but does not support the extension of HWP files that are widely used in Korea. In addition, Gmail blocks malicious URLs first, but it does not block malicious URLs in mail systems such as Naver and Daum, so malicious URLs can be easily distributed. Based on this problem, we developed a 'Dangerzone' program that supports the HWP extension to prevent APT attacks, and a Chrome extension that performs URL checking in Naver and Daum mail and blocking banner ads.

• Journal of the Institute of Electronics Engineers of Korea CI
• /
• v.46 no.3
• /
• pp.50-56
• /
• 2009

Recently, according to the product variety of multimedia content some problems are occurred as like an illegal copying, an illegal distribution and a copyright infringement etc. So, for the solution of these problems, some methods were proposed as like watermarking which inserts the information of copyright to the content and the cipher for authentication to DRM which prevents an illegal copying using RSA. In this paper, the multimedia fingerprint based on BIBD code is inserted to the bit-plane of the image content for DRM with RSA, and while the decoding processing. The experiment is operated with the consideration of the image transmission and the transformation. As a result it confirmed that the multimedia fingerprint code inserted in image is detected 60% upper at AWGN 7dB and detected completely 100% at AWGN 10dB upper on PSNR 30, 40, 70 and 80 of Stirmark attacks.

• Journal of Positioning, Navigation, and Timing
• /
• v.9 no.2
• /
• pp.43-50
• /
• 2020

In this paper a low power Spreading Code Authentication (SCA) sequence with a BPSK(1) modulation at a frequency offset of +7.161 MHz is tested for authentication purposes, the Galileo E1OS is used as base signal. The tested signals comprise a Galileo constellation with 5 satellites including the Galileo OS Navigation Message Authentication (OSNMA) and a low power offset BPSK (OBPSK(7,1)) as SCA component. The signals are generated with the software based MuSNAT-Signal-Generator. The generated signals were transmitted Over-The-Air (OTA) using a Software-Defined-Radio (SDR) as pseudolite. With a real-environment-testbed the performance of the SCA in real channel conditions (fading and multipath) was tested. A new SCA evaluation scheme is proposed and was implemented. Under real channel conditions we derive experimental threshold values for the new SCA evaluation scheme which allow a robust authentication. A Security Code Estimation and Replay (SCER) spoofing attack was mimicked on the real-environment-testbed and analyzed with the SCA evaluation scheme. It was shown that the usage of an OBPSK is feasible as an authentication method and can be used in combination with the OSNMA to improve the authentication robustness against Security SCER attacks.

• Convergence Security Journal
• /
• v.15 no.4
• /
• pp.83-90
• /
• 2015

Recent, Cyber attacks such as hacking and malicious code techniques are evolving very rapidly changing cyber a ttacks are increasing, the number of malicious code techniques vary accordingly become intelligent. In the case of m alware because of the ambiguity in the number of malware have increased rapidly by name or classified as maliciou s code may have difficulty coping with. This paper investigated the naming convention of the vaccine manufacturer s in Korea to solve this problem, the analysis and offers a naming convention for security control event detection r ule analysis to compare the pattern of the detection rule out based on this current.

• Journal of KIISE:Computing Practices and Letters
• /
• v.7 no.6
• /
• pp.703-714
• /
• 2001

In C language, a local buffer overflow in stack can destroy control information stored near the buffer. In case the buffer overflow is used maliciously to overwrite the stored return address, the system is exposed to serious security vulnerabilities. This paper analyzes the process of buffer overflow hacking and methodologies to avoid the attacks in details. And it proposes a device of static buffer overflow detection by using function summary and tracking information flow of buffer domain at assembly source code level(SASS, Static Assembly Source code Scanner) and then show the feasibility and validity of it by implementing a prototype in Pentium based Linux environment.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.11 no.4
• /
• pp.81-87
• /
• 2015

Recently, with the development of the ICT environment, the use of the software is growing rapidly. And the number of the web server software used with a variety of users is also growing. However, There are also various damage cases increased due to a software security vulnerability as software usage is increasing. Especially web shell hacking which abuses software vulnerabilities accounts for a very high percentage. These web server environment damage can induce primary damage such like homepage modification for malware spreading and secondary damage such like privacy. Source code weaknesses checking system is needed during software development stage and operation stage in real-time to prevent software vulnerabilities. Also the system which can detect and determine web shell from checked code in real time is needed. Therefore, in this paper, we propose the system improving security for web server by detecting web shell attacks which are invisible to existing detection method such as Firewall, IDS/IPS, Web Firewall, Anti-Virus, etc. while satisfying existing secure coding guidelines from development stage to operation stage.

• Convergence Security Journal
• /
• v.13 no.1
• /
• pp.51-57
• /
• 2013

RSA is the most widely used public key algorithms. Payment via the SSL communications, and user authentication using RSA secure shopping mall that can protect the user's valuable information in the process of building. SSL-based electronic signature technology and encryption protocols for this technology are electronic documents are delivered to the other party through a separate encryption process, the information sender to enter information on a web browser (user) and the recipient (the Web server of the site Manager), except you will not be able to decrypt the contents. Therefore, the information is encrypted during the transfer of electronic documents even if hackers trying to Sniffing because its contents can never understand. Of internet shopping mall in the user authentication 'and' Communications' SSL secure shopping mall built with the goal of the methodology are presented.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.20 no.7
• /
• pp.1290-1295
• /
• 2016

Recently, as mobile internet usage has been increasing rapidly, malware attacks through user's web browsers has been spreading in a way of social engineering or drive-by downloading. Existing defense mechanism against drive-by download attack mainly focused on final download sites and distribution paths. However, detection and prevention of injection sites to inject malicious code into the comprised websites have not been fully investigated. In this paper, for the purpose of improving defense mechanisms against these malware downloads attacks, we focus on detecting the injection site which is the key source of malware downloads spreading. As a result, in addition to the current URL blacklist techniques, we proposed the enhanced method which adds features of detecting the injection site to prevent the malware spreading. We empirically show that the proposed method can effectively minimize malware infections by blocking the source of the infection spreading, compared to other approaches of the URL blacklisting that directly uses the drive-by browser exploits.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.20 no.4
• /
• pp.747-754
• /
• 2016

DHCP(Dynamic Host Configuration Protocol) is a protocol for efficiency and convenience of the IP address management. DHCP automatically assigns an IP address and configuration information needed to run the TCP/IP communication to individual host in the network. However, existing DHCP is vulnerable for network attack such as DHCP spoofing, release attack because there is no mutual authentication systems between server and client. To solve this problem, we have designed a new DHCP protocol supporting the following features: First, ECDH(Elliptic Curve Diffie-Hellman) is used to create session key and ECDSA(Elliptic Curve Digital Signature Algorithm) is used for mutual authentication between server and client. Also this protocol ensures integrity of message by adding a HMAC(Hash-based Message Authentication Code) on the message. And replay attacks can be prevented by using a Nonce. As a result, The receiver can prevent the network attack by discarding the received message from unauthorized host.