• Corrosion Science and Technology
• /
• v.15 no.1
• /
• pp.6-12
• /
• 2016

Flow-Accelerated Corrosion (FAC) is a well-known degradation mechanism that attacks the secondary piping in nuclear power plants. Since the Surry Unit 2 event in 1986, most nuclear power plants have implemented management programs to deal with damages in carbon and low-alloy steel piping. Despite the utmost efforts, damage induced by FAC still occurs in power plants around the world. In order to predict FAC wear, some computer programs were developed such as CHECWORKS, CICERO, and COMSY. Various data need to be input to these programs; the chemical composition of secondary piping, flow operating conditions and piping geometries. CHECWORKS, developed by the Electric Power Research Institute (EPRI), uses a geometry code to calculate geometry effects. Such a relatively simple geometry code is limited in acquiring the accuracy of FAC prediction. Recently, EPRI revisited the geometry code with the intention of updating it. In this study, numerical simulations were performed for two adjacent $90^{\circ}$ elbows and the results were analysed in terms of the proximity effect between the two adjacent elbows.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.5
• /
• pp.1159-1168
• /
• 2012

Control Flow Integrity(CFI) and Control Flow Locking(CFL) prevent unintended execution of software and provide integrity in control flow. Attackers, however, can still hijack program controls since CFI and CFL does not support fine-granularity, context-sensitive protection. In this paper, we propose a new CFI scheme, Source-code CFI(SCFI), to overcome the problems. SCFI provides context-sensitive locking for control flow. Thus, the proposed approach protects software against the attacks on the previous CFI and CFL schemes and improves safety.

• The KIPS Transactions:PartC
• /
• v.11C no.7 s.96
• /
• pp.959-970
• /
• 2004

It has become more difficult to correspond an cyber attack quickly as patterns of attack become various and complex. However, current so curity mechanisms just have passive defense functionalities. In this paper, we propose new network suity architecture to respond various cyber attacks rapidly and to chase and isolate the attackers through cooperation between security zones. The proposed architecture makes it possible to deal effectively with cyber attacks such as IP spoofing or DDoS(Distributed Denial of Service), by using active packet technology including a mobile code on active network. Also, it is designed to have more active correspondent than that of existing mechanisms. We im-plemented these mechanisms in Linux routers and experimented on a testbed to verify realization possibility of attacker response framework using mobile code. The experimentation results are analyzed.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.4
• /
• pp.963-974
• /
• 2018

With the growing interest in cryptocurrency such as bitcoin, the blockchain technology has attracted much attention in various applications as a distributed security platform with excellent security. However, Cryptojacking, an attack that hijack other computer resources such as CPUs, has occured due to vulnerability to the Cryptomining process. In particular, browser-based Cryptojacking is considered serious because attacks can occur only by visiting a Web site without installing it on a visitor's PC. The current Cryptojacking detection system is mostly signature-based. Signature-based detection methods have problems in that they can not detect a new Cryptomining code or a modification of existing Cryptomining code. In this paper, we propose a Cryptojacking detection solution using a dynamic analysis-based that uses a headless browser to detect unknown Cryptojacking attacks. The proposed dynamic analysis-based Cryptojacking detection system can detect new Cryptojacking site that cannot be detected in existing signature-based Cryptojacking detection system and can detect it even if it is called or obfuscated by bypassing Cryptomining code.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.3
• /
• pp.429-442
• /
• 2020

The proportion of attacks via office documents is increasing in recent incidents. Although the security of office applications has been strengthened gradually, the attacks through the office documents are still effective due to the sophisticated use of social engineering techniques and advanced attack techniques. In this paper, we propose a method for detecting malicious OOXML(Office Open XML) documents and a framework for detection. To do this, malicious files used in the attack and benign files were collected from the malicious code repository and the search engine. By analyzing the malicious code types of collected files, we identified six "suspicious object" elements that are meaningful in determining whether they are malicious in a document. In addition, we implemented an OOXML document-based malware detection framework based on the detection method to classify the collected files and found that 98.45% of malicious filesets were detected.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.5
• /
• pp.881-893
• /
• 2020

CFI(Control Flow Integrity) is a mitigation mechanism that protects programs by verifying control flows. IFCC(Indirect Function Call Checks) and SCS(Shadow Call Stack), CFI supported by LLVM Clang compiler, were introduced to protect applications in Android. IFCC protects function calls and SCS protects function returns. In this paper, we propose attacks to bypass CFI on the application environment with IFCC and SCS. Even if IFCC and SCS were applied to user applications, it was confirmed that there were many code segments not protected by IFCC and SCS in the application memory. We execute code in CFI unprotected segments to construct 1) bypassing IFCC to call a protected function, 2) modulating return address via SCS bypass. We identify code segments not protected by IFCC and SCS in Android10 QP1A. 191005.007.A3. We also implement proof-of-concept exploits to demonstrate that modulation of control flow is possible in an environment where IFCC and SCS are applied.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.24 no.8
• /
• pp.1044-1051
• /
• 2020

The age of quantum computers is coming soon. In order to prepare for the upcoming future, the National Institute of Standards and Technology has recruited candidates to set standards for post quantum cryptography to establish a future cryptography standard. The submitted ciphers are expected to be safe from quantum algorithm attacks, but it is necessary to verify that the submitted algorithm is safe from quantum attacks using quantum algorithm even when it is actually operated on a quantum computer. Therefore, in this paper, we investigate an efficient quantum gate implementation for binary field multiplication of code based post quantum cryptography to work on quantum computers. We implemented the binary field multiplication for two field polynomials presented by Classic McEliece and three field polynomials presented by ROLLO in generic algorithm and Karatsuba algorithm.

• Journal of Electrical Engineering and Technology
• /
• v.7 no.4
• /
• pp.646-651
• /
• 2012

Meaningful logos or random sequences have been used in the current digital watermarking techniques of 2D bar code. The meaningful logos can not only be created by copyright holders based on their unique information, but are also very effective when representing their copyrights. The random sequences enhance the security of the watermark for verifying one's copyrights against intentional or unintentional attacks. In this paper, we propose a new watermarking technique taking advantage of Data Matrix as well as encryption keys. The Data Matrix not only recovers the original data by an error checking and correction algorithm, even when its high-density data storage and barcode are damaged, but also encrypts the copyright verification information by randomization of the barcode, including ownership keys. Furthermore, the encryption keys and the patterns are used to localize the watermark, and make the watermark robust against attacks, respectively. Through the comparison experiments of the copyright information extracted from the watermark, we can verify that the proposed method has good quality and is robust to various attacks, such as JPEG compression, filtering and resizing.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.15 no.8
• /
• pp.1720-1726
• /
• 2011

The DDoS attacks which are increasing recently must have many zombie PCs before attacking targeted systems by attacker. A zombie PC is infected by attacker's malignant code and may be operated by the his/her special malicious purposes. But most users generally don't know that their PCs are infected and used as zombies by illegal activities covertly. In this paper, we propose a new scheme that decreases vulnerable PCs and isolates them from Internet before being zombie PCs. The proposed scheme point the reputations of connected PCs and decide whether their Internet connections are keeping continuously or not. Also We show the figures how to infect susceptable PCs to zombie PCs, and analyze the decrease effects of DDoS attacks adapted by the proposed scheme with various experiments.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2013.05a
• /
• pp.219-222
• /
• 2013

The Side Channel attack methods proposed by P.Kocher are mainly used for cryptanalysis different cipher algorithms even though they are claimed to be strongly secured. Those kinds of attacks depend on environment implementation especially on the hardware implementation of the algorithm to the crypto module. side-channel attacks are a type of attack introduced by P.Kocher and is applicable according to each environment or method that is designed. This kind of attack can analyze and also extract important information by reading the binary code data via measurement of changes in electricity(voltage) consumption, running time, error output and sounds. Thus, in this paper, we discuss recent SPA and DPA attacks as well as recent countermeasure techniques.