• International Journal of Computer Science & Network Security
• /
• 제23권4호
• /
• pp.95-102
• /
• 2023

The emergence of Internet of Things (IoT) into our daily lives has grown rapidly. It's been integrated to our homes, cars, and cities, increasing the intelligence of devices involved in communications. Enormous amount of data is exchanged over smart devices through the internet, which raises security concerns in regards of privacy evasion. This paper is focused on the forensics and intrusion detection on one of the most common protocols in IoT environments, especially smart home environments, which is the Message Queuing Telemetry Transport (MQTT) protocol. The paper covers general IoT infrastructure, MQTT protocol and attacks conducted on it, and multiple network forensics frameworks in smart homes. Furthermore, a machine learning model is developed and tested to detect several types of attacks in an IoT network. A forensics tool (MQTTracker) is proposed to contribute to the investigation of MQTT protocol in order to provide a safer technological future in the warmth of people's homes. The MQTT-IOT-IDS2020 dataset is used to train the machine learning model. In addition, different attack detection algorithms are compared to ensure the suitable algorithm is chosen to perform accurate classification of attacks within MQTT traffic.

• 융합보안논문지
• /
• 제23권3호
• /
• pp.37-47
• /
• 2023

코로나19로 인한 비대면 환경 수요 증가와 블록체인, NFT 등 기술의 발전으로 메타버스의 성장이 가속화되고 있다. 그러나 다양한 메타버스 플랫폼의 등장으로 사용자가 증가함에 따라, 메타버스 내에서 랜섬웨어 공격, 저작권 침해, 성범죄 등 범죄 사례가 발생하고 있다. 이로 인해 메타버스 시스템 내에서 디지털 증거로 활용 가능한 아티팩트의 필요성이 높아지고 있다. 그러나 메타버스 솔루션에 대한 표준화된 포렌식 절차가 부재하며, 메타버스 포렌식을 위한 아티팩트에 대해서도 알려진 정보가 없다. 또한, 보안성 평가 및 포렌식 분석 뿐만 아니라 관련 제도나 가이드라인 역시 미비하여 포렌식에 어려움이 있다. 이에 본 논문은 대표적 메타버스 게임 솔루션인 Roblox에 대한 동적 분석을 통해 사용자의 행위 분석 및 타임라인 분석에 활용 가능한 아티팩트를 제시한다. 메모리 포렌식 및 로그 분석으로 파악한 아티팩트 간 연계를 통해 메타버스 범죄 시나리오에서의 활용 가능성을 제시하고, 현행 법률 및 규정에 대한 검토를 통해 제도적 미비점을 분석하여 개선 방안을 제언한다.

• 정보보호학회논문지
• /
• 제24권1호
• /
• pp.123-134
• /
• 2014

최근 데이터의 대용량화로 인해 관계형 데이터베이스 관리 시스템(RDBMS)과 빅데이터 처리를 위한 NoSQL DBMS에 대한 수요가 꾸준히 늘고 있다. 관계형 DBMS에 대한 디지털 포렌식 조사 기법은 활발히 연구되어 왔으나 최근 사용이 급증하고 있는 NoSQL DBMS에 대한 포렌식 조사 기법에 대한 연구는 거의 없는 실정이다. 본 논문에서는 NoSQL DBMS 중 가장 많이 사용되고 있는 MongoDB에 대한 디지털 포렌식 조사 절차와 기법을 제안한다.

• Mass Spectrometry Letters
• /
• 제7권2호
• /
• pp.31-40
• /
• 2016

The analysis of nuclear materials and environmental samples is an important issue in nuclear safeguards and nuclear forensics. An analysis technique for safeguard samples has been developed for the detection of undeclared nuclear activities and verification of declared nuclear activities, while nuclear forensics has been developed to trace the origins and intended use of illicitly trafficked nuclear or radioactive materials. In these two analytical techniques, mass spectrometry has played an important role in determining the isotope ratio of various nuclides, contents of trace elements, and production dates. These two techniques typically use similar analytical instruments, but the analytical procedure and the interpretation of analytical results differ depending on the analytical purpose. The isotopic ratio of the samples is considered the most important result in an environmental sample analysis, while age dating and impurity analysis may also be important for nuclear forensics. In this review, important aspects of these techniques are compared and the role of mass spectrometry, along with recent progress in related technologies, are discussed.

• 정보학연구
• /
• 제10권3호
• /
• pp.93-120
• /
• 2007

A Smart Home is a technically expanded from home network that gives us a comfortable life. But still there is a problem such as mal function of devices and intrusions by malicious parties since it is based on home network. The intrusion by malicious parties causes a critical problem to the individual's privacy. Therefore to take legal actions against to the intruders, the intrusion evidence collecting and managing technology are widely researched in the world. The evidence collecting technology uses the system which was damaged by intruders and that system is used as evidence materials in the court of justice. However the collected evidences are easily modified and damaged in the gathering evidence process, the evidence analysis process and in the court. That's why we have to prove the evidence's integrity to be valuably used in the court. In this paper, we propose a mechanism for securing the reliability and the integrity of digital evidence that can properly support the Computer Forensics. The proposed mechanism shares and manages the digital evidence through mutual authenticating the damaged system, evidence collecting system, evidence managing system and the court(TTP: Trusted Third Party) and provides a secure access control model to establish the secure evidence management policy which assures that the collected evidence has the corresponded legal effect.

• 정보처리학회논문지C
• /
• 제15C권3호
• /
• pp.141-148
• /
• 2008

2006년 겨울 Microsoft사에서 새롭게 출시한 Windows Vista는 기존의 Windows 운영체제와 비교해서 강력한 보안 메커니즘을 제공하고 있다. 하지만 컴퓨터가 범죄에 사용될 경우, 포렌식 관점에서는 새로운 보안 메커니즘으로 인하여 저장 장치에 저장되어 있는 범죄와 관련된 데이터를 획득하기가 더욱 힘들어진다. 본 논문에서는 Windows Vista에서 새롭게 사용하는 보안 메커니즘인 BitLocker에 대해 분석하고, 이전 Windows 버전에서 사용했던 UAC과 EFS에 대해서 변경된 점에 대해서 살펴보고 포렌식 관점에서 주요 보안 이슈를 살펴본다. 또한 포렌식 관점에서 활용할 수 있는 기타 Windows Vista 특징에 대해서 살펴본다.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제11권3호
• /
• pp.1557-1569
• /
• 2017

In recent times, the Internet of Things (IoT) has rapidly emerged as one of the most influential information and communication technologies (ICT). The various constituents of the IoT together offer novel technological opportunities by facilitating the so-called "hyper-connected world." The fundamental tasks that need to be performed to provide such a function involve the transceiving, storing, and analyzing of digital data. However, it is challenging to handle voluminous data with IoT devices because such devices generally lack sufficient computational capability. In this study, we examine the IoT from the perspective of security and digital forensics. SQLite is a light-weight database management system (DBMS) used in many IoT applications that stores private information. This information can be used in digital forensics as evidence. However, it is difficult to obtain critical evidence from IoT devices because the digital data stored in these devices is frequently deleted or updated. To address this issue, we propose Schema Pattern-based Recovery (SPaRe), an SQLite recovery scheme that leverages the pattern of a database schema. In particular, SPaRe exhaustively explores an SQLite database file and identifies all schematic patterns of a database record. We implemented SPaRe on an iPhone 6 running iOS 7 in order to test its performance. The results confirmed that SPaRe recovers an SQLite record at a high recovery rate.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제14권8호
• /
• pp.3488-3500
• /
• 2020

At the present time, the economy continues to flourish, and private cars have become the means of choice for most people. Therefore, the license plate recognition technology has become an indispensable part of intelligent transportation, with research and application value. In recent years, the convolution neural network for image classification is an application of deep learning on image processing. This paper proposes a strategy to improve the YOLO model by studying the deep learning convolutional neural network (CNN) and related target detection methods, and combines the OpenCV and TensorFlow frameworks to achieve efficient recognition of license plate characters. The experimental results show that target detection method based on YOLO is beneficial to shorten the training process and achieve a good level of accuracy.

• 한국멀티미디어학회논문지
• /
• 제10권3호
• /
• pp.365-372
• /
• 2007

세계에서 생성되는 정보의 대부분은 디지털 데이터로 만들어지고 있다. 이러한 디지털 저작물들은 불법 사용이 손쉽기 때문에 법적인 보호 장치나 기법이 꼭 필요하다. 그래서 지금까지 많은 연구가들은 다양한 기법들을 개발하고 있다. 지금까지 대부분의 기법들은 디지털 저작물 침해에 관한 법적인 증거 자료 확보를 위해 디스크 검증과 같은 물리적 또는 화학적인 방법 개발에 초점을 두고 있다. 본 논문에서는 사용자가 부적당하게 저작물을 사용할 때 이를 인지하고 법적 위배 사항을 통지해 주도록 하는 컴퓨터 포렌식 기반 디지털 저작물 보호 시스템을 개발하였다. 또한 계속적으로 침해 사실이 진행된다면 이런 일련의 위배 행위를 지적재산권법 매핑에 의하여 법적 증거 자료로 사용할 수 있도록 시스템에 저장하도록 한다. 이 기법은 디지털 증거 조작이나 증거 인멸의 문제로부터 데이터를 보호할 수 있다.

• Journal of Information Processing Systems
• /
• 제14권1호
• /
• pp.6-31
• /
• 2018

With the rapid development of the science and technology, it has been becoming more and more convenient to obtain abundant information via the diverse multimedia medium. However, the contents of the multimedia are easily altered with different editing software, and the authenticity and the integrity of multimedia content are under threat. Forensics technology is developed to solve this problem. We focus on reviewing the blind image forensics technologies for copy-move forgery in this survey. Copy-move forgery is one of the most common manners to manipulate images that usually obscure the objects by flat regions or append the objects within the same image. In this paper, two classical models of copy-move forgery are reviewed, and two frameworks of copy-move forgery detection (CMFD) methods are summarized. Then, massive CMFD methods are mainly divided into two types to retrospect the development process of CMFD technologies, including block-based and keypoint-based. Besides, the performance evaluation criterions and the datasets created for evaluating the performance of CMFD methods are also collected in this review. At last, future research directions and conclusions are given to provide beneficial advice for researchers in this field.