• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.34 no.3
• /
• pp.379-392
• /
• 2024

With the rapid increase in data, saving storage space and improving the efficiency of data transmission have become critical issues, making the research on the efficiency of data compression technologies increasingly important. Lossless algorithms can precisely restore original data but have limited compression ratios, whereas lossy algorithms provide higher compression rates at the expense of some data loss. There has been active research in data compression using deep learning-based algorithms, especially the autoencoder model. This study proposes a new side-channel analysis data compressor utilizing autoencoders. This compressor achieves higher compression rates than Deflate while maintaining the characteristics of side-channel data. The encoder, using locally connected layers, effectively preserves the temporal characteristics of side-channel data, and the decoder maintains fast decompression times with a multi-layer perceptron. Through correlation power analysis, the proposed compressor has been proven to compress data without losing the characteristics of side-channel data.

• International Journal of Computer Science & Network Security
• /
• v.24 no.3
• /
• pp.23-28
• /
• 2024

The multi-tenancy and high scalability of the cloud have inspired businesses and organizations across various sectors to adopt and deploy cloud computing. Cloud computing provides cost-effective, reliable, and convenient access to pooled resources, including storage, servers, and networking. Cloud service models, SaaS, PaaS, and IaaS, enable organizations, developers, and end users to access resources, develop and deploy applications, and provide access to pooled computing infrastructure. Despite the benefits, cloud service models are vulnerable to multiple security and privacy attacks and threats. The SaaS layer is on top of the PaaS, and the IaaS is the bottom layer of the model. The software is hosted by a platform offered as a service through an infrastructure provided by a cloud computing provider. The Hypertext Transfer Protocol (HTTP) delivers cloud-based apps through a web browser. The stateless nature of HTTP facilitates session hijacking and related attacks. The Open Web Applications Security Project identifies web apps' most critical security risks as SQL injections, cross-site scripting, sensitive data leakage, lack of functional access control, and broken authentication. The systematic literature review reveals that data security, application-level security, and authentication are the primary security threats in the SaaS model. The recommended solutions to enhance security in SaaS include Elliptic-curve cryptography and Identity-based encryption. Integration and security challenges in PaaS and IaaS can be effectively addressed using well-defined APIs, implementing Service Level Agreements (SLAs), and standard syntax for cloud provisioning.

• Journal of Korea Society of Industrial Information Systems
• /
• v.29 no.1
• /
• pp.107-116
• /
• 2024

Copper Filter Dryer (CFD) are responsible for removing impurities from the circulation of refrigerant in refrigeration and cooling systems to maintain clean refrigerant, and defects in CFD can lead to product defects such as leakage and reduced lifespan in refrigeration and cooling systems, making quality assurance essential. In the quality inspection stage, human inspection and defect judgment methods are traditionally used, but these methods are subjective and inaccurate. In this paper, YOLOv7 object detection algorithm was used to detect defects occurring during the CFD Shaft pipe and welding process to replace the existing quality inspection, and the detection performance of F1-Score 0.954 and 0.895 was confirmed. In addition, the cause of defects occurring during the welding process was analyzed by analyzing the sensor data corresponding to the Timestamp of the defect image. This paper proposes a method for manufacturing quality assurance and improvement by detecting defects that occur during CFD process and analyzing their causes.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.19 no.3
• /
• pp.119-131
• /
• 2009

The world's widely used key exchange protocols are open cryptographic communication protocols, such as TLS/SSL, whereas in the financial field in Korea, key exchange protocols developed by industrial classification group have been used that are based on PKI(Public Key Infrastructure) which is suitable for the financial environments of Korea. However, the key exchange protocols are not only vulnerable to client impersonation attacks and known-key attacks, but also do not provide forward secrecy. Especially, an attacker with the private keys of the financial security server can easily get an old session-key that can decrypt the encrypted messages between the clients and the server. The exposure of the server's private keys by internal management problems, etc, results in a huge problem, such as exposure of a lot of private information and financial information of clients. In this paper, we analyze the weaknesses of the cryptographic communication protocols in use in Korea. We then propose two key exchange protocols which reduce the replacement cost of protocols and are also secure against client impersonation attacks and session-key and private key reveal attacks. The forward secrecy of the second protocol is reduced to the HDH(Hash Diffie-Hellman) problem.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.1
• /
• pp.31-49
• /
• 2021

IoT devices refer to embedded devices that can communicate with networks. Since there are various types of IoT devices and they are widely used around us, in the event of an attack, damages such as personal information leakage can occur depending on the type of device. While the security team analyzes IoT devices, they should target firmware as well as software interfaces since IoT devices are operated by both of them. However, the problem is that it is not easy to extract and analyze firmware and that it is not easy to manage product quality at a certain level even if the same target is analyzed according to the analyst's expertise within the security team. Therefore, in this paper, we intend to establish a vulnerability analysis process for the firmware of IoT devices and present available tools for each step. Besides, we organized the process from firmware acquisition to analysis of IoT devices produced by various commercial manufacturers, and we wanted to prove their validity by applying it directly to drone analysis by various manufacturers.

• Information Systems Review
• /
• v.23 no.3
• /
• pp.97-125
• /
• 2021

Blockchain is a core technology to solve personal information leakage and data management issues, which are limitations of existing Genomic Sequencing services. Due to continuous cost reduction and deregulation, the market size of Genomic Sequencing has been increasing, also the potential of services is expected to increase when Blockchain's security and connectivity are combined. We created our research model by combining the Technology Acceptance Model (TAM) and the Innovation Resistance Theory also analyzed the factors affecting the acceptance intention and innovation resistance of the Blockchain Based Genomic Sequencing Information Platform. A survey was conducted on 150 potential users of Blockchain and Genomic Sequencing services. The analysis was conducted by setting the four Blockchain variables: Security, transparency, availability, and diversity). Also, we set the Perceived Usefulness, Perceived risk, and Perceived Complexity for Technology Acceptance and Innovation Resistance variables and analyzed the effect of the characteristics of the Blockchain on acceptance intention and innovation resistance through these variables. Through this analysis, key variables that need to be considered important to reduce resistance and increase acceptance intention could be identified. This study presents innovation factors that should be considered in companies preparing a new Blockchain Based Genomic Sequencing Information Platform.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.39C no.10
• /
• pp.920-929
• /
• 2014

Recently, embedded system which demand is explosively increasing in the fields of communication, traffic, medical and industry facilities, expands to cyber physical system (CPS) which monitors and controls the networked embedded systems. In addition, internet of things(IoT) technology using wearable devices such as Google Glass, Samsung Galaxy Gear and Sony Smart Watch are gaining attention. In this situation, Samsung Smart Home and LG Home Chat are released one after another. However, since these services can be available only between smart phones and home appliances, there is a disadvantage that information cannot be passed to other terminals without commercial global messaging server. In this paper, to solve above issues, we propose the structure of an indoor location network based on unit space, which prevents the information of the devices or each individual person from leaking to outside and can selectively communicate to all existent terminals in the network using IoT chatting. Also, it is possible to control general devices and prevent external leakage of private information.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.1
• /
• pp.5-14
• /
• 2017

Many web services which use OAuth Protocol offer users to log in using their personal profile information given by resource servers. This method reduces the inconvenience of the users to register for new membership. However, at the time a user finishes using OAuth client web service, even if he logs out of the client web service, the resource server remained in the login state may cause the problem of leaking personal information. In this paper, we propose a solution to mitigate the threat by providing an additional security behavior check: when a user requests to log out of the Web Client service, he or she can make decision whether or not to log out of the resource server via confirmation notification regarding the state of the resource server. By utilizing the proposed method, users who log in through the OAuth Protocol in the public PC environment like department stores, libraries, printing companies, etc. can prevent the leakage of personal information issues that may arise from forgetting to check the other OAuth related services. To verify our study, we implement a Client Web Service that uses OAuth 2.0 protocol and integrate it with our security behavior check. The result shows that with this additional function, users will have a better security when dealing with resource authorization in OAuth 2.0 implementation.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.19 no.4
• /
• pp.125-135
• /
• 2009

Logs from various security system can reveal the attack trials for accessing private data without authorization. The logs can be a kind of confidence deriving factors that a certain IP address is involved in the trial. This paper presents a rule-based expert system for derivation of privacy violation confidence using various security systems. Generally, security manager analyzes and synthesizes the log information from various security systems about a certain IP address to find the relevance with privacy violation cases. The security managers' knowledge handling various log information can be transformed into rules for automation of the log analysis and synthesis. Especially, the coverage of log analysis for personal information leakage is not too broad when we compare with the analysis of various intrusion trials. Thus, the number of rules that we should author is relatively small. In this paper, we have derived correlation among logs from IDS, Firewall and Webserver in the view point of privacy protection and implemented a rule-based expert system based on the derived correlation. Consequently, we defined a method for calculating the score which represents the relevance between IP address and privacy violation. The UI(User Interface) expert system has a capability of managing the rule set such as insertion, deletion and update.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.2
• /
• pp.267-280
• /
• 2023

With development of computing and communications technologies, IoT environments based on high-speed networks have been extending rapidly. Especially, from home to an office or a factory, applications of IoT devices with sensing environment and performing computations are increasing. Unfortunately, IoT devices which have limited hardware resources can be vulnerable to cyber attacks. Hence, there is a concern that an IoT botnet can give rise to information leakage as a national cyber security crisis arising from abuse as a malicious waypoint or propagation through connected networks. In order to response in advance from unknown cyber threats in IoT networks, in this paper, We firstly define four types of We firstly define four types of characteristics by analyzing darknet traffic accessed from an IoT botnet. Using the characteristic, a suspicious IP address is filtered quickly. Secondly, the filtered address is identified by Cyber Threat Intelligence (CTI) or Open Source INTelligence (OSINT) in terms of an unknown suspicious host. The identified IP address is finally fingerprinted to determine whether the IP is a malicious host or not. To verify a validation of the proposed method, we apply to a Darknet on real-world SOC. As a result, about 1,000 hosts who are detected and blocked preemptively by the proposed method are confirmed as real IoT botnets.