• Title/Summary/Keyword: Function of Information Security

Search Result 1,046, Processing Time 0.025 seconds

Factors Affecting Intention to Use Security Functions in SNS (소셜 네트워크 서비스의 보안기능 사용의도에 영향을 미치는 요인 : Facebook을 중심으로)

  • Kim, Hyeob;Kim, Kyung Kyu;Lee, Ho
    • Journal of Information Technology Services
    • /
    • v.13 no.2
    • /
    • pp.1-17
    • /
    • 2014
  • Social networking service (SNS) is a service that allows people to share information, manage relationships with others, and express themselves on the Internet. The number of SNS users have increased explosively with the growth of mobile devices such as smartphones. As the influence of SNS has grown extensively, potential threats to privacy have also become pervasive. The purpose of this study is to empirically examine the main factors that affect users' intentions to use security functions provided by their SNS. The main theories for this study include the rational choice theory and the theory of planned behavior. This study has identified the factors that affect intention to use security functions. In addition, security function awareness and information security awareness are found to be important antecedents for intention to use security functions. The results of this study implies that when SNS providers develop security policies, they should consider the ways to improve users information security awareness and security function awareness simultaneously.

A tamper resistance software mechanism using MAC function and dynamic link key (MAC함수와 동적 링크키를 이용한 소프트웨어 변조 방지 기법)

  • Park, Jae-Hong;Kim, Sung-Hoon;Lee, Dong-Hoon
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.23 no.1
    • /
    • pp.11-18
    • /
    • 2013
  • In order to prevent tampering and reverse engineering of executive code, this paper propose a new tamper resistant software mechanism. This paper presents a cryptographic MAC function and a relationship which has its security level derived by the importance of code block instead of by merely getting the encryption and decryption key from the previous block. In this paper, we propose a cryptographic MAC function which generates a dynamic MAC function key instead of the hash function as written in many other papers. In addition, we also propose a relationships having high, medium and low security levels. If any block is determined to have a high security level then that block will be encrypted by the key generated by the related medium security level block. The low security block will be untouched due to efficiency considerations. The MAC function having this dynamic key and block relationship will make analyzing executive code more difficult.

Dynamic Pipe Hash Function (동적 파이프 해쉬 함수)

  • Kim, Hie-Do;Won, Dong-Ho
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.17 no.4
    • /
    • pp.47-52
    • /
    • 2007
  • In this paper, we proposed a constrution that creates Dynamic Pipe Hash Function with a pipe hash function. To increase security lever, dynamic hash function take and additional compression function. Proposed hash function based on the piped hash function. Our proposed Dynamic Pipe Hash Function is as secure against multicollision attack as an ideal hash function. And it have advantage for a number of reasons because of variable digest size. For example, in digital signature protocol, If a user requires increased security by selecting a large key size, useing a dynamic hash function in a protocol make implementation much easier when it is mandated that the size of the digest by increased.

AIT: A method for operating system kernel function call graph generation with a virtualization technique

  • Jiao, Longlong;Luo, Senlin;Liu, Wangtong;Pan, Limin
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.14 no.5
    • /
    • pp.2084-2100
    • /
    • 2020
  • Operating system (OS) kernel function call graphs have been widely used in OS analysis and defense. However, most existing methods and tools for generating function call graphs are designed for application programs, and cannot be used for generating OS kernel function call graphs. This paper proposes a virtualization-based call graph generation method called Acquire in Trap (AIT). When target kernel functions are called, AIT dynamically initiates a system trap with the help of a virtualization technique. It then analyzes and records the calling relationships for trap handling by traversing the kernel stacks and the code space. Our experimental results show that the proposed method is feasible for both Linux and Windows OSs, including 32 and 64-bit versions, with high recall and precision rates. AIT is independent of the source code, compiler and OS kernel architecture, and is a universal method for generating OS kernel function call graphs.

Study on Usable Security of Facebook (Facebook의 Usable Security에 관한 연구)

  • Kim, Chung-han;Park, Min-su;Kim, Seung-joo
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.26 no.1
    • /
    • pp.285-296
    • /
    • 2016
  • Recently, as the widespread use of Facebook through a smartphone or tablet PC, it has increased the threat that contains the malicious code to post a social attacks and comments that use personal information that has been published of Facebook. To solve these problems, Facebook is, by providing a security function, but would like to address these threats, in setting the security function, the security function of the user's convenience is not considered a properly there is a problem that is not in use. Thus, in this paper, on the basis of the information obtained via the cogTool, on Facebook security features, the user experience by presenting a method that can be quantitatively measured by this, the user convenience It classifies about Facebook security features to decrease.

Novel VNFI Security Management Function Block For Improved Security Framework For SDN/NFV Networks

  • Alruwaili, Rahaf Hamoud;Alanazi, Haifa Khaled;Hendaoui, Saloua
    • International Journal of Computer Science & Network Security
    • /
    • v.22 no.10
    • /
    • pp.303-309
    • /
    • 2022
  • Software Defined Networking (SDN) is a novel approach that have accelerated the development of numerous technologies such as policy-based access control, network virtualization, and others. It allows to boost network architectural flexibility and expedite the return on investment. However, this increases the system's complexity, necessitating the expenditure of dollars to assure the system's security. Network Function Virtualization (NFV) opens up new possibilities for network engineers, but it also raises security concerns. A number of Internet service providers and network equipment manufacturers are grappling with the difficulty of developing and characterizing NFVs and related technologies. Through Moodle's efforts to maintain security, this paper presents a detailed review of security-related challenges in software-defined networks and network virtualization services.

An Improved Cancelable Fingerprint Template Encryption System Research

  • Wang, Feng;Han, Bo;Niu, Lei;Wang, Ya
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.11 no.4
    • /
    • pp.2237-2253
    • /
    • 2017
  • For the existing security problem based on Fuzzy Vault algorithm, we propose a cancelable fingerprint template encryption scheme in this paper. The main idea is to firstly construct an irreversible transformation function, and then apply the function to transform the original template and template information is stored after conversion. Experimental results show it effectively prevents the attack from fingerprint template data and improves security of the system by using minutiae descriptor to encrypt abscissa of the vault. The experiment uses public FVC2004 fingerprint database to test, result shows that although the recognition rate of the proposed algorithm is slightly lower than the original program, but the improved algorithm security and complexity are better, and therefore the proposed algorithm is feasible in general.

Provable Security for New Block Cipher Structures against Differential Cryptanalysis and Linear Cryptanalysis (새로운 블록 암호 구조에 대한 차분/선형 공격의 안전성 증명)

  • Kim, Jong-Sung;Jeong, Ki-Tae;Lee, Sang-Jin;Hong, Seok-Hie
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.17 no.1
    • /
    • pp.121-125
    • /
    • 2007
  • Differential cryptanalysis and linear cryptanalysis are the most powerful approaches known for attacking many block ciphers and used to evaluating the security of many block ciphers. So designers have designed secure block ciphers against these cryptanalyses. In this paper, we present new three block cipher structures. And for given r, we prove that differential(linear) probabilities for r-round blockcipher structures are upper bounded by $p^2(q^2),\;2p^2(2q^2)$ if the maximum differential(linear) probability is p(q) and the round function is a bijective function.

Security Properties of Domain Extenders for Cryptographic Hash Functions

  • Andreeva, Elena;Mennink, Bart;Preneel, Bart
    • Journal of Information Processing Systems
    • /
    • v.6 no.4
    • /
    • pp.453-480
    • /
    • 2010
  • Cryptographic hash functions reduce inputs of arbitrary or very large length to a short string of fixed length. All hash function designs start from a compression function with fixed length inputs. The compression function itself is designed from scratch, or derived from a block cipher or a permutation. The most common procedure to extend the domain of a compression function in order to obtain a hash function is a simple linear iteration; however, some variants use multiple iterations or a tree structure that allows for parallelism. This paper presents a survey of 17 extenders in the literature. It considers the natural question whether these preserve the security properties of the compression function, and more in particular collision resistance, second preimage resistance, preimage resistance and the pseudo-random oracle property.

A Study on the Intrustion Tolerance System Applied To the Security System

  • Shin Seung-jung;Kim Jung-tae;Ryu Dae-hyun;Na Jong-Whoa
    • Journal of information and communication convergence engineering
    • /
    • v.3 no.1
    • /
    • pp.38-42
    • /
    • 2005
  • The cyber attacks on the computer system in nowadays are focused on works that do not operate specific application. The main key point that we protect information security system has an access control to keep an application. Most of system has a main function to protect an infrastructure such as hardware, network and operating system. In this paper, we have presented an intrusion tolerance system that can service an application in spite of cyber attacks. The proposed system is based on the middle ware integrating security mechanism and separate function of application and intrusion tolerance. The main factor we use security system in nowadays is service to keep a persistency. The proposed intrusion tolerance system is applicable to such as medical, national defense and banking system.