• The Journal of the Korea Contents Association
• /
• v.20 no.2
• /
• pp.15-26
• /
• 2020

Secure boot is security technology that verifies the integrity of the computer system in boot stage and controls the boot process accordingly. The computer system can establish a secure execution environment from the threat of various malwares by security boot and also supports the recovery when system in emergency case. Recently, Secure boot has been adopted by various modern computer manufacturers to protect users' information from hacker attacks and to prevent abuse of their products by malicious users. In this paper, we classify security boot developed by various companies and organizations by platform, and analyze the design and development purpose of each security boot and investigate the limitation of design. It can be used as a reference for system security designers in various information of security boot development method and security design of system.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2013.05a
• /
• pp.650-652
• /
• 2013

As VANET(Vehicular Ad-hoc NETwork) improves road safety, efficiency, and comfort, and provides a value-added service such as commerce information or internet access. it is the most important technology in ITS(Intelligent Transportation System). But, In VANETs, better communication efficiency can be achieved by sacrificing security and vice versa. VANETs cannot get started without either of them. Therefore, to solve these problems simultaneously, this paper proposes MAC(Message Authentication Code) based SDAP(Secure Data Aggregation Protocol) which removes redundant data or abnormal data between vehicles and verifies the integrity of message. The MAC based SDAP not only improves the efficiency of data delivery but also enhances the security by detecting malicious attacks such as propagation jamming attack, forgery attack, and disguised attack.

• The Transactions of the Korea Information Processing Society
• /
• v.5 no.5
• /
• pp.1246-1256
• /
• 1998

MIB(Management Information Base), one of the key components of network management system, is a conceptual repository for the information of the various managed objects. MIB stores and manages all the structural and operational data of each managed resources. Therefore, MIB should be protected properly from inadvertant user access or malicious attacks. International standard ISO/IEC 10164-9 describes several managed object classes for the enforcement of MIB security. Those managed object classes described access control rules for security policy. But the exact authorization procedures using those newly added managed object classes are not presented. In this paper, we divide managed object classes into two groups, explicit and implicit ones, and describe the access authorization procedure in Z specification language. Using Z as a description method for both authorization procedure and GDMO's action part, the behaviour of each managed object class and access authorization procedure is more precisely and formally defined than those of natural language form.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.35 no.4B
• /
• pp.610-619
• /
• 2010

RFID (radio frequency identification) systems, recently being used in a wide range of areas, are vulnerable to relay attack from malicious attackers. For that reason, Brands, et al. proposed a certification protocol between a certifier and a verifier based on the concept of distance-bounding, and in addition Hancke et al. introduced the concept of RFID. However, the delivery of tag IDs, one of the main RFID features, is not still available, and there are two important demerits: anonymity in the delivery of tag IDs suggested by Kim et al. and inefficiency in finding a tag ID with regard to how to check errors which may occur in the process of data exchange between readers and tags. Therefore, this study proposes a protocol that meets the requirements of tag anonymity and location untraceability, has resistance to errors which may take place in the phase of tag data exchange, and is very efficient in finding tag IDs.

• Journal of Internet Computing and Services
• /
• v.9 no.6
• /
• pp.37-48
• /
• 2008

VoIP service is a transmission of voice data using SIP protocol on IP based network, The SIP protocol has many advantages such as providing IP based voice communication and multimedia service with cheap communication cost and so on. Therefore the SIP protocol spread out very quickly. But, SIP protocol exposes new forms of vulnerabilities on malicious attacks such as Message Flooding attack and protocol parsing attack. And it also suffers threats from many existing vulnerabilities like on IP based protocol. In this paper, we propose a new Virtual Proxy Server system in front of the existed Proxy Server for anomaly detection of SIP attack and stateful management of SIP session with enhanced security. Based on stateful virtual proxy server, out solution shows promising SIP Message Flooding attack verification and detection performance with minimized latency on SIP packet transmission.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.8 no.12
• /
• pp.4568-4587
• /
• 2014

Authentication of videos and images based on the content is becoming an important problem in information security. Unfortunately, previous studies lack the consideration of Kerckhoffs's principle in order to achieve this (i.e., a cryptosystem should be secure even if everything about the system, except the key, is public knowledge). In this paper, a solution to the problem of finding a relationship between a frame's index and its content is proposed based on the creative utilization of a robust manifold feature. The proposed solution is based on a novel semi-fragile watermarking scheme for H.264/AVC video content authentication. At first, the input I-frame is partitioned for feature extraction and watermark embedding. This is followed by the temporal feature extraction using the Isometric Mapping algorithm. The frame index is included in the feature to produce the temporal watermark. In order to improve security, the spatial watermark will be encrypted together with the temporal watermark. Finally, the resultant watermark is embedded into the Discrete Cosine Transform coefficients in the diagonal positions. At the receiver side, after watermark extraction and decryption, temporal tampering is detected through a mismatch between the frame index extracted from the temporal watermark and the observed frame index. Next, the feature is regenerate through temporal feature regeneration, and compared with the extracted feature. It is judged through the comparison whether the extracted temporal watermark is similar to that of the original watermarked video. Additionally, for spatial authentication, the tampered areas are located via the comparison between extracted and regenerated spatial features. Experimental results show that the proposed method is sensitive to intentional malicious attacks and modifications, whereas it is robust to legitimate manipulations, such as certain level of lossy compression, channel noise, Gaussian filtering and brightness adjustment. Through a comparison between the extracted frame index and the current frame index, the temporal tempering is identified. With the proposed scheme, a solution to the Kerckhoffs's principle problem is specified.

• Smart Media Journal
• /
• v.4 no.4
• /
• pp.80-85
• /
• 2015

As the number of applications using the internet the rapidly increasing incidence of cyber attacks made on the internet has been increasing. In the equipment of L3 DDoS attack detection equipment in the world and incomplete detection of application layer based intelligent. Next-generation networks domestic product in high-performance wired and wireless network threat response techniques to meet the diverse requirements of the security solution is to close one performance is insufficient compared to the situation in terms of functionality foreign products, malicious code detection and signature generation research primarily related to has progressed malware detection and analysis of the research center operating in Window OS. In this paper, we describe the current status survey and analysis of the latest variety of new attack techniques and analytical skills with the latest cyber-attack analysis prejudice the security situation.

• Journal of Communications and Networks
• /
• v.17 no.5
• /
• pp.453-462
• /
• 2015

Body area networks (BANs) have emerged as an enabling technique for e-healthcare systems, which can be used to continuously and remotely monitor patients' health. In BANs, the data of a patient's vital body functions and movements can be collected by small wearable or implantable sensors and sent using shortrange wireless communication techniques. Due to the shared wireless medium between the sensors in BANs, it may be possible to have malicious attacks on e-healthcare systems. The security and privacy issues of BANs are becoming more and more important. To provide secure and correct association of a group of sensors with a patient and satisfy the requirements of data confidentiality and integrity in BANs, we propose a novel enhanced secure sensor association and key management protocol based on elliptic curve cryptography and hash chains. The authentication procedure and group key generation are very simple and efficient. Therefore, our protocol can be easily implemented in the power and resource constrained sensor nodes in BANs. From a comparison of results, furthermore, we can conclude that the proposed protocol dramatically reduces the computation and communication cost for the authentication and key derivation compared with previous protocols. We believe that our protocol is attractive in the application of BANs.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.42 no.1
• /
• pp.250-256
• /
• 2017

Recently, the use of mobile devices has increased in order to provide a variety of services, and thus there has been a surge in the number of application malicious attacks on the Android platform. To resolve the problem, the domestic financial sector has been introducing the app anti-tamper solution based on cryptographic algorithms. However, since the capacity of apps installed in smartphones continues to increase and environments with limited resources as wearables and IoTs spread, there are limitations to the processing speed of the anti-tamper solutions. In this paper, we propose a novel anti-tamper solution by using lightweight hash function LEA and LSH. We also present the test results of a simulation program that implements this method and compare the performance with anti-tamper solutions based on the previous cryptographic algorithms.

• Journal of the Korea Society of Computer and Information
• /
• v.15 no.4
• /
• pp.19-25
• /
• 2010

In this paper, the performance of the DoS information security algorithm is evaluated to provide the multimedia traffic between the nodes using the multicasting services. The essence technology for information security to distribute the multimedia contents is presented. Under the multicasting services, a node participating new group needs a new address and the node compares the collision with the existing nodes, then DoS attack can be occurred between the nodes by a malicious node. Using the NS2 simulator, the number of DoS attacks, the average number of trials to generate new address, and the average time to create address are analyzed. From simulation results, the efficient algorithm with relevant random number design according to the DRM network is needed to provide secure multimedia contents distribution.