• The Journal of Information Technology
• /
• v.2 no.2
• /
• pp.89-105
• /
• 1999

In this paper, we present a countermeasure for a various trouble occurred in secure communication of document image. We Propose a security system for transmission of document image using mixing algorithm that the third party cannot conceive secure transmission of information instead of existing scheme which depend on crypto-degree of security algorithm, itself. For this, RM, DM and RDM algorithm for mixing of secure bits are proposed and applied to digital signature for mixing for secure document and mixing for non-secure document by secure document. Security system for document image involves not only security scheme for document image transmission itself, but also digital signature scheme. The transmitter embeds secretly the signatures onto secure document, embeds it to non-secure document and transfers it to the receiver. The receiver makes a check of any forgery on the signature and the document. Because the total amount of transmitted data and the image quality are about the same to those of the original document image, respectively, the third party cannot notice the fact that signatures and secure document are embedded on the document image. Thus, the probability of attack will be reduced.

• Journal of KIISE:Computing Practices and Letters
• /
• v.16 no.6
• /
• pp.693-697
• /
• 2010

In current e-commerce system, it happens that client's confidential information such as credit card numbers, pin numbers, or digital certificate may pass through a web proxy server or an altered proxy server without client's awareness. Even though the confidential information is encrypted and sent through SSL(Secure Sockets Layer) or TLS(Transport Layer Security) protocol, it can be exposed to the risk of sniffing by the digital certificate forgery at the proxy server, which is called the SSL MITM(Man-In-The-Middle) Proxy attack. In this paper, current credit card web-payment systems, which is weak at proxy information alternation attack, are analyzed. A resolution with certificate proxy server is also proposed to prevent the MITM attack.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.12 no.1
• /
• pp.35-41
• /
• 2016

Internet of Things (IoT) services are widely used in appliances of daily life and industries. IoT services also provide various conveniences to users and are expected to affect value added of all industries and national competitiveness. However, a variety of security threats are increased in IoT environments and lowers reliability of IoT devices and services that make some obstacles for commercialization. The attacks arising in IoT environments are making industrial and normal life accidents unlike existing information leak and monetary damages, and can expand damage scale of leakage of personal information and privacy more than existing them. To solve these problems, we design a session key based access control scheme for secure communications in IoT environments. The proposed scheme reinforces message security by generating session key between device and access control network system. We analyzed the stability of the proposed access scheme in terms of data forgery and corruption, unauthorized access, information disclosure, privacy violations, and denial of service attacks. And we also evaluated the proposed scheme in terms of permission settings, privacy indemnity, data confidentiality and integrity, authentication, and access control.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.14 no.1
• /
• pp.35-43
• /
• 2018

MANET composed of only wireless nodes is increasingly utilized in various fields. However, it is exposed to many security vulnerabilities because it doesn't have any infrastructure and transmits data by using multi-hop method. Therefore, MANET should be applied the intrusion detection technique that can detect efficiently malicious nodes and decrease impacts of various attacks. In this paper, we propose a distributed intrusion detection technique that can detect the various attacks while improving the efficiency of attack detection and reducing the false positive rate. The proposed technique uses the cluster structure to manage the information in the center and monitor the traffic of their neighbor nodes directly in all nodes. We use three parameters for attack detection. We also applied an efficient authentication technique using only key exchange without the help of CA in order to provide integrity when exchanging information between cluster heads. This makes it possible to free the forgery of information about trust information of the nodes and attack nodes. The superiority of the proposed technique can be confirmed through comparative experiments with existing intrusion detection techniques.

• Phonetics and Speech Sciences
• /
• v.6 no.2
• /
• pp.21-28
• /
• 2014

We propose a novel scheme for digital audio authentication of given audio files which are edited by inserting small audio segments from different environmental sources. The purpose of this research is to detect inserted sections from given audio files. We expect that the proposed method will assist human investigators by notifying suspected audio section which considered to be recorded or transmitted on different environments. GMM-UBM and GSV-SVM are applied for modeling the dominant environment of a given audio file. Four kinds of likelihood ratio based scores and SVM score are used to measure the likelihood for a dominant environment model. We also use an ensemble score which is a combination of the aforementioned five kinds of scores. In the experimental results, the proposed method shows the lowest average equal error rate when we use the ensemble score. Even when dominant environments were unknown, the proposed method gives a similar accuracy.

• Proceedings of the KAIS Fall Conference
• /
• 2010.11a
• /
• pp.239-242
• /
• 2010

웹 애플리케이션 해킹 방법인 CSRF(Cross Site Request Forgery) 공격은 2008년 2월에 온라인 경매사이트인 옥션에서의 1800만명의 개인정보를 유출 사고 피해를 입힌 공격이다. OWASP(Open Web Application Security Project)에서는 이 공격의 해결방안으로 동기화되고 고유한 토큰 값을 생성하여 페이지 요청 시에 이를 검증하는 시스템을 권고하고 있다. 따라서 본 논문에서는 이 공격을 방어하기 위한 방법으로 타임스탬프와 사용자 고유의 값인 전자서명을 토큰형태로 생성하여 Hidden Field에 삽입함으로써 검증하는 기법에 대해 연구하고자 한다.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2003.11c
• /
• pp.1885-1888
• /
• 2003

본 논문에서는 인쇄물의 위조방지를 위해 에러에 강한 디지털 워터마킹을 제안한다. 제안한 알고리즘은 워터마크 삽입을 위해 먼저 원영상을 웨이브릿 변환하여 근사(approximation) 이미지를 얻고, 워터마크는 근사 이미지의 DC계수를 제외한 중요한 DCT계수에 삽입된다. 워터마크의 강건도 향상을 위해 에러정정코드와 반복을 적용하고, 디지털 기기사이의 변환에 의한 차이를 줄이기 위해 CIE Lab 칼라 공간을 사용하였다. 표준 칼라 영상을 사용하여 실험한 결과, 기존 방법에 비하여 적은 반복으로도 비트에러가 발생을 감소하였으며, 알고리즘은 1차의 프린트 스캔에서는 robust 하고 2차의 프린트 스캔에서는 fagile 한 성격을 나타내었다, 본 알고리즘은 여권, 지폐, 신분증, 면허증등과 같은 인쇄물의 위조방지에 이용될 수 있다.

• Proceedings of the Korean Information Science Society Conference
• /
• 2003.04a
• /
• pp.503-505
• /
• 2003

현재 인터넷을 통한 상대방의 신뢰성을 보장해 주는 인증서 사용이 빈번해지고 있다. 그러나 오프라인상의 전자문서는 상대방의 신뢰성 보장과 전자문서의 위변조의 위험성이 많다. 또한 전자문서는 오프라인상의 이동성에 제악을 받게 된다. 본 논문에서는 이러한 문제를 해결하고, 사용자가 온라인과 오프라인에서도 사용하게 편리하도록 문서내용, 문서작성자의 인증서 그리고 전자서명값을 이차원 바코드로 변환하여 출력된 전자문서에서 상대방의 신뢰성과 문서의 무결성을 보장하도록 제안한다. 제안된 시스템에서는 문서내용, 문서작성자의 인증서, 전자서명값을 변환해 출력문서에 이차원 바코드를 첨부하게 된다. 출력된 문서에서 첨부된 이차원 바코드를 스케닝 하고 문서내용, 문서작성자의 인증서 그리고 전자서명값을 얻어오고 검증을 통해 위변조 여부 판단하여 상대방의 신뢰성과 문서의 무결성을 확인 하도록 한다.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2004.05a
• /
• pp.1213-1216
• /
• 2004

본 논문에서는 의료계의 PACS의 도입으로 디지털 의료영상 보안을 위한 방법으로, 디지털 워터마킹 기법(Digital Watermarking Technique)중 불법적인 위/변조 검증을 위한 워터마킹 기법을 제안한다. 제안된 워터마킹 방법은 의료영상의 인증과 무결성을 확인 할 수 있는 워터마킹 기법으로, 워터마크 삽입 추출시 블록 이산여현변환(discrete cosine transform)을 사용하여, 저주파 성분을 해쉬함수의 입력으로 하여 해쉬된 값을 시각적으로 인지할 수 있는, 이진영상과 함께 고주파 성분에 워터마크로서 선택적으로 삽입하여, 인증을 통한 국부화(localization)로 영상의 위/변조를 검증하고, 저작권도 확인할 수 있는 의료영상에 적합한 세미 프라질 워터마킹(semi-fragile watermarking)이다.

• International journal of advanced smart convergence
• /
• v.10 no.3
• /
• pp.207-213
• /
• 2021

Informatization and digital transformation across industries are big trends in the world. However, although a few food groups are investing in informatization on a pilot basis, informatization is still delayed in related industries, such as distribution, logistics, etc. Therefore, consumers often are not able to have easy access to detailed information about products. In this paper, to improve these problems, we propose a fresh food logistics solution that adopts Proof of Nonce (PoN) consensus algorithm with Internet of Thing (IoT) technology. The recently developed PoN algorithm dramatically reduces a time for generating a block and is suitable for a platform that collects and services real-time information. We expect to improve their trust in the platform by preventing forgery/falsification of information recorded in real time through this paper.