• Title/Summary/Keyword: Related-key Attack

Search Result 67, Processing Time 0.026 seconds

Importance-Performance Analysis (IPA) of Cyber Security Management: Focused on ECDIS User Experience

  • Park, Sangwon;Chang, Yeeun;Park, Youngsoo
    • Journal of the Korean Society of Marine Environment & Safety
    • /
    • v.27 no.3
    • /
    • pp.429-438
    • /
    • 2021
  • The mandatory installation of the ECDIS (Electronic Chart Display and Information System) became an important navigational equipment for navigation officer. In addition, ECDIS is a key component of the ship's digitalization in conjunction with various navigational equipment. Meanwhile, cyber-attacks emerge as a new threat along with digitalization. Damage caused by cyber-attacks is also reported in the shipping sector, and IMO recommends that cybersecurity guidelines be developed and included in International Security Management (ISM). This study analyzed the cybersecurity hazards of ECDIS, where various navigational equipment are connected. To this end, Importance-Performance Analysis (IPA) was conducted on navigation officer using ECDIS. As a result, the development of technologies for cyber-attack detection and prevention should be priority. In addition, policies related to 'Hardware and Software upgrade', 'network access control', and 'data backup and recovery' were analyzed as contents to be maintained. This paper is significant in deriving risk factors from the perspective of ECDIS users and analyzing their priorities, and it is necessary to analyze various cyber-attacks that may occur on ships in the future.

Guess-then-Reduce Methods for Convolution Modular Lattices (순환 법 격자에 대한 추정 후 축소 기법)

  • Han Daewan;Hong Jin;Yeom Yongjin
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.15 no.2
    • /
    • pp.95-103
    • /
    • 2005
  • Convolution modular lattices appeared in the analysis of NTRU public key cryptosystem. We present three guess-then-reduce methods on convolution modular lattices, and apply them to practical parameters of NTRU. For the present our methods don't affect significantly the security of them. However, Hey have room for improvement and can be used to estimate mole closely the security of systems related to convolution modular lattices.

Open Research Problem for effective IoT Authentication

  • Mihir Mehta;Kajal Patel
    • International Journal of Computer Science & Network Security
    • /
    • v.24 no.8
    • /
    • pp.174-178
    • /
    • 2024
  • IoT is collection of different "things" which are associated with open web. As all the things are connected to the Internet, it offers convenience to end users for accessing the resources from "Any Where, Any Time" throughout the globe. At the same time, open nature of IoT provides a fertile ground to an intruder for launching different security related threats. If we can no apply proper security safeguards to the IoT System, then it will be not useful to society. Authentication, Encryption, Trust Management and Secure Routing are different domains to offer security in IoT system. Among them, Authentication is very much important security service as it validates device identity before granting access to system services/ resources. Existing IoT Authentication algorithms are fail to verify device identity in unambiguous way. They are vulnerable to different security threats such as Key Stolen threat, MITM threat and Location Spoofing threat. So, it is a demand of time to design an efficient and secure Multi-factor IoT algorithm which can offer better security and validate device identity in unambiguous way.

A Study on Enhanced 3PAKE Scheme against Password Guessing Attack in Smart Home Environment (스마트홈 환경에서 패스워드 추측 공격에 안전한 개선된 3PAKE 기법에 대한 연구)

  • Lee, Dae-Hwi;Lee, Im-Yeong
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.26 no.6
    • /
    • pp.1471-1481
    • /
    • 2016
  • As concern about IoT is increasing recently, various IoT services are being launched. Smart home is closely related to our daily life by combining IoT with user's residential space. Therefore, if an unauthorized user accesses a device inside a Smart home, it can cause more serious damage to user as it is related with daily lives. For instance executing the command allowing unauthenticated access for the internal locking device can be a real harm to user's property like a home invasion. To prevent this problem, this paper introduces 3PAKE Techniques, which provides authenticated Key exchange through Home gateway using Password-based Authenticated Key Exchange(PAKE).

Basic Configuration Design and Performance Prediction of an 1 MW Wind Turbine Blade (1 MW 풍력터빈 블레이드 형상기본설계 및 성능해석)

  • Kim, Bum-Suk;Kim, Mann-Eung;Lee, Young-Ho
    • The KSFM Journal of Fluid Machinery
    • /
    • v.11 no.5
    • /
    • pp.15-21
    • /
    • 2008
  • In modem wind power system of large capacity above 1MW, horizontal axis wind turbine(HAWT) is a common type. And, the optimum design of wind turbine to guarantee excellent power performance and its reliability in structure and longevity is a key technology in wind Industry. In this study, mathematical expressions based upon the conventional BEMT(blade element momentum theory) applying to basic 1MW wind turbine blade configuration design. Power coefficient and related flow parameters, such as Prandtl's tip loss coefficient, tangential and axial flow induction factors of the wind turbine analyzed systematically. X-FOIL was used to acquire lift and drag coefficients of the 2-D airfoils and we use Viterna-Corrigan formula to interpolate the aerodynamic characteristics in post-stall region. In order to predict the performance characteristics of the blade, a performance analysis carried out by BEMT method. As a results, axial and tangential flow factors, angle of attack, power coefficient investigated in this study.

Building More Secure Femtocell with Improved Proxy Signature (개선된 위임 서명 방식을 이용해서 더 안전한 펨토셀 환경 구축)

  • Choi, Hyoung-Kee;Han, Chan-Kyu;Kim, Seung-Ryong
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.24 no.1
    • /
    • pp.75-86
    • /
    • 2014
  • Demand for the femtocell is largely credited to the surge in a more always best connected communication conscious public. 3GPP defines new architecture and security requirement for Release 9 to deal with femtocell, Home eNode B referred as HeNB. In this paper, we analyze the HeNB security with respect to mutual authentication, access control, and secure key agreement. Our analysis pointed out that a number of security vulnerabilities have still not been addressed and solved by 3GPP technical specification. These include eavesdropping, man-in-the-middle attack, compromising subscriber access list, and masquerading as valid HeNB. To the best of our knowledge, any related research studying HeNB security was not published before. Towards this end, this paper proposes an improved authentication and key agreement mechanism for HeNB which adopts proxy-signature and proxy-signed proxy-signature. Through our elaborate analysis, we conclude that the proposed not only prevents the various security threats but also accomplishes minimum distance from use-tolerable authentication delay.

Securing the Private Key in the Digital Certificate Using a Graphic Password (그래픽 비밀번호를 활용한 공인인증서 개인키 보호방법에 관한 연구)

  • Kang, Byung-Hoon;Kim, Beom-Soo;Kim, Kyung-Kyu
    • The Journal of Society for e-Business Studies
    • /
    • v.16 no.4
    • /
    • pp.1-16
    • /
    • 2011
  • A digital certificate mandated by the Electronic Signature Act has become familiar in our daily lives as 95% of the economically active population hold certificates. Due to upgrades to 256 bit level security that have become effective recently, the security and reliability of digital certificates are expected to increase. Digital certificates based on Public Key Infrastructure (PKI) have been known as "no big problem," but the possibility of password exposure in cases of leaked digital certificates still exists. To minimize this vulnerability, various existing studies have introduced alternative password methods, expansion of certificate storage media, and multiple certification methods. These methods perform enhanced functions but also have limitations including the fact that the secureness of passwords is not guaranteed. This study suggests an alternative method for enhancing the level of password secureness as a way to improve password security. This new method improves security management and enhances the convenience of using digital technologies. The results may be used for developing digital certificate related security technologies and research in the future.

A Study on Open API Security Protocol based on Multi-Channel (다중 채널 기반 오픈 API 보안 프로토콜에 관한 연구)

  • Kim, Sang-Geun
    • Journal of Convergence for Information Technology
    • /
    • v.10 no.11
    • /
    • pp.40-46
    • /
    • 2020
  • Safe security technology is required for the startup ecosystem according to the construction and service of a joint open platform in the financial sector. Financial industry standard open API recommends that payment-related fintech companies develop/apply additional security technologies to protect core API authentication keys in the mutual authentication process. This study proposes an enhanced API security protocol using multiple channels. It was designed in consideration of the compatibility of heterogeneous platforms by further analyzing the problems and weaknesses of existing open API related research. I applied the method of concealment to remove the additional security channels into a single channel of the existing security protocols. As a result of the performance analysis, the two-way safety of the communication session of the multi-channel and the security of the man-in-the-middle attack of the enhanced authentication key were confirmed, and the computational performance of the delay time (less than 1 second) in the multi-session was confirmed.

A Study on Risk Assessments and Protection Improvement for Electric Power Infrastructures against High-altitude Electromagnetic Pulse (전력기반시설의 고 고도 핵 전자기파에 대한 위험성 검토 및 방호 개선방안 연구)

  • Chung, Yeon-Choon
    • Convergence Security Journal
    • /
    • v.19 no.3
    • /
    • pp.43-50
    • /
    • 2019
  • In a hyper-connected society, electric power infrastructures and information and communication infrastructures are the core of critical national infrastructures. However, electric power infrastructure is very deadly to high-frequency nuclear electromagnetic pulse (HEMP) threats recently issued by North Korea, so the resilience through rapid recovery after attack is directly related to the survivability of our country. Therefore, electric power infrastructure should take precedence over any other key infrastructure, with preemptive protection measures and fast recovery plans. In this paper, the characteristics of the HEMP threats was examined, and the risks and effective major protection measures of the electric power infrastructures are discussed. In the future, it is expected that it will be able to help establish the direction of enactment and revision of legal schems related to the 'high power EMP infringement prevention' for Korea's electric power infrastructures.

Effect of Time-dependent Diffusion and Exterior Conditions on Service Life Considering Deterministic and Probabilistic Method (결정론 및 확률론적 방법에 따라 시간의존성 염화물 확산계수 및 외부 영향인자가 내구수명에 미치는 영향)

  • Kwon, Seung-Jun
    • Journal of the Korea institute for structural maintenance and inspection
    • /
    • v.20 no.6
    • /
    • pp.65-72
    • /
    • 2016
  • Service life evaluation for RC Structures exposed to chloride attack is very important, however the previous two methods(deterministic and probabilistic method) show a big difference. The paper presents a service life simulation using deterministic and probabilistic method with time-dependent diffusion coefficient. Three different cases are considered for diffusion coefficient, concrete cover depth, and surface chloride content respectively, and then the PDF(probability of durability failure) and the related service life are obtained. Through adopting time-dependent diffusion, the discrepancy between the two methods can be reduced, which yields reasonable service life. When diffusion coefficient increases from $2.5{\times}10^{-12}m^2/sec$ to $7.5{\times}10^{-12}m^2/sec$, the service life decreases to 25.5~35.6% level, and cover depth does from 75 mm to 125 mm, it increases to 267~311% level as well. In the case of surface chloride content from $5.0kg/m^3$ to $15.0kg/m^3$, it changes to 40.9~54.5%. The effect of cover depth is higher than the others by 8~10 times and also implies it is a key parameter to service life extension.