• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 2003.12a
• /
• pp.13-20
• /
• 2003

웹 서비스는 기존 분산 처리기술과 인터넷 기술에 기반한 기술이며, 이기종 시스템간의 데이터를 자연스럽게 공유하고 통신하는 것을 목적으로 등장한 기술이다. 또한 웹서비스 기술로 구현된 프로그램은 필요한 곳에서 proxy object를 생성해서 사용할 수 있으므로, 다른 개발 환경에서 작성된 프로그램이라도 호출해서 사용할 수 있게 되었다. 본 논문에서는 프로그램을 공유하는 과정에서 발생할 수 있는 보안 요구사항을 도출해보고 보안을 위해 XML Signature와 XML Encryption을 적용한 안전한 프로그램 공유 시스템을 제시해 본다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.2
• /
• pp.339-346
• /
• 2018

Ransomware is a malicious program that requires money by encrypting data. The damage to ransomware is increasing worldwide, and targeted attacks for corporations, public institutions and hospitals are increasing. As a ransomware is serviced and distributed, its various usually emerge. Therefore, the accurate analysis of ransomware can be a decryption solution not only for that ransomware but also for its variants. In this paper, we analyze a cryptographic elements and encryption process for Erebus found in June, 2017, and investigate its cryptographic vulnerability and memory analysis.

• Journal of the Korea Convergence Society
• /
• v.8 no.11
• /
• pp.21-27
• /
• 2017

Internet of Things(IoT), which is developing for the hyper connection society, is based on OSHW (Open Source Hardware) such as Arduino and various small products are emerging. Because of the limitation of low performance and low memory, the IoT is causing serious information security problem that it is difficult to apply strong security technology. In this paper, we analyze the vulnerability that can occur as a result of compiling and loading the application program of Arduino on the host computer. And we propose a new attack method that allows an attacker to arbitrarily change the value input from the sensor of the arduino board. Such as a proposed attack method may cause the arduino board to misinterpret environmental information and render it inoperable. By understanding these attack techniques, it is possible to consider how to build a secure development environment and cope with these attacks.

• Journal of Korea Multimedia Society
• /
• v.13 no.12
• /
• pp.1843-1854
• /
• 2010

The utilization of underground space has recently increased with the complication of road, the rise of the land price, and the development of green technology. Underground space ranges from classical excavations to subway, underground cities, and shopping malls where there are crowds of people. At this time, government has spent a lot of money in installing various types of safety facilities for preparations of increasing potential disasters. Therefore, an effective facility management system is required. In this paper, we propose an information retrieval process to effectively extract the facilities' information based on the ontology and spatial analysis in underground space. The ontology-based searching supports hierarchical and associated results as well as knowledge sharing with hierarchy concepts. The spatial analysis based searching has "Buffer" and "Near" functions to operate on a map without understanding any property of the facility information.

• Annual Conference of KIPS
• /
• 2015.10a
• /
• pp.664-667
• /
• 2015

사물인터넷(IoT)은 시간과 장소의 제약 없이 모든 사물이 인터넷을 기반으로 정보 교환 및 의사소통을 지원하는 지능형 기술 및 서비스를 의미한다. IoT 기술의 발전과 이를 활용한 서비스 분야는 새로운 융합 서비스 형태로 발전함에 따라 리소스 서비스에 대한 모델 관리 방안 연구가 필요하다. 본 논문에서는 CapSG(Capability Service Gateway)를 이용한 IoT 서비스 접근 제어 플랫폼을 살펴보고, IoT 테스트베드 환경에서 리소스 서비스에 대한 모델 관리 방안을 제시한다.

• Annual Conference of KIPS
• /
• 2010.04a
• /
• pp.154-157
• /
• 2010

현재 자동차 네비게이션의 위치검색 기능은 사용자가 해당 지역과 주유소 선택을 하면 사용자에게 리스트로 결과를 출력하는 일반적인 검색 방법을 사용한다. 그러나 대부분의 운전자들은 주로 이용하는 주유 업체가 정해져 있고 현재 자동차의 연료 잔량, 리터당 연료의 가격 등의 조건이 정해져 있다. 따라서 본 논문에서는 운전자가 주유소를 결정하는 상황정보 등, 몇 가지 주요 조건을 제시하고, 운전자에게 불필요한 주유소 정보를 제공하지 않도록 운전자의 개인정보에 의한 지능형 검색을 하게 한다. 최종적으로 GIS 분석을 통해 최적의 주유소 검색을 제공하는 시스템을 설계한다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.6
• /
• pp.1483-1492
• /
• 2016

Ducky USB is one of rarely-known keyboard-emulating BadUSBs. The attacking strategy using Ducky USB is taking and executing the scripted keystroke automatically whenever the USB is inserted into PC. Prior works exhibit some problems such as performance loss and additional device requirement. To solve this problem, this paper devised a countermeasure program to efficiently block the Duck USB in Windows. The experiment proves its effectiveness.

• Journal of Korea Multimedia Society
• /
• v.17 no.12
• /
• pp.1402-1411
• /
• 2014

Buyer-seller watermarking protocol is defined as the practice of imperceptible altering a digital content to embed a message using watermarking in the encryption domain. This protocol is acknowledged as one kind of copyright protection techniques in electronic commerce. Buyer-seller watermarking protocol is fundamentally based on public-key cryptosystem that is operating using the algebraic property of an integer. However, in general usage, digital contents which are handled in watermarking scheme mostly exist as real numbers in frequency domain through DCT, DFT, DWT, etc. Therefore, in order to use the watermarking scheme in a cryptographic protocol, digital contents that exist as real number must be transformed into integer type through preprocessing beforehand. In this paper, we presented a new watermarking scheme in an encrypted domain in an image that is based on the block-DCT framework and homomorphic encryption method for buyer-seller watermarking protocol. We applied integral-processing in order to modify the decimal layer. And we designed a direction-adaptive watermarking scheme by analyzing distribution property of the frequency coefficients in a block using JND threshold. From the experimental results, the proposed scheme was confirmed to have a good robustness and invisibility.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.19 no.4
• /
• pp.137-142
• /
• 2009

By known attacks against cryptographic technology and decline of security, internal and external major institutions have defined their recommendations in kinds, expiration, safe parameters of cryptographic technology and so on. Internal financial fields will change some cryptographic technology to follow these recommendations. To keep strong security of financial systems against sudden security changes of cryptographic technology, this article finds pre-steps : status of applied cryptographic technology, selection of vulnerable cryptographic technology. And plans for management of cryptographic technology in financial fields will be proposed.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.17 no.6
• /
• pp.99-119
• /
• 2007

The USB flash drive is common used for portable storage. That is able to store large data and transfer data quickly and carry simply. But when you lose your USB flash drive without any security function in use, all stored data will be exposed. So the new USB flash drive supported security function was invented to compensate for the problem. In this paper, we analyze vulnerability of 6 control access program for secure USB flash drives. And we show that exposed password on communication between secure USB flash drive and PC. Also we show the vulnerability of misapplication for initialization. Further we develop a protection profile for secure USB flash drive based on the common criteria version 3.1. Finally, we examine possible threat of 6 secure USB flash drives and supports of security objectives which derived from protection profile.