• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.21 no.2
• /
• pp.149-156
• /
• 2011

In the recent years, power analysis attacks were widely investigated, and so various countermeasures have been proposed. In the case of block ciphers, masking methods that blind the intermediate values in the en/decryption computations are well-known among these countermeasures. But the cost of non-linear part is extremely high in the masking method of block cipher, and so the countermeasure for S-box must be efficiently constructed in the case of AES, ARIA and SEED. Existing countermeasures for S-box use the masked S-box table to require 256 bytes RAM corresponding to one S-box. But, the usage of the these countermeasures is not adequate in the lightweight security devices having the small size of RAM. In this paper, we propose the new countermeasure not using the masked S-box table to make up for this weak point. Also, the new countermeasure reduces time-complexity as well as the usage of RAM because this does not consume the time for generating masked S-box table.

• The Journal of the Korea Contents Association
• /
• v.21 no.2
• /
• pp.499-506
• /
• 2021

Hackers' cyber attack techniques are becoming more sophisticated and diversified, with a form of attack that has never been seen before. In terms of information security vulnerability standard code (CVE), about 90,000 new codes were registered from 2015 to 2020. This indicates that security threats are increasing rapidly. When new security vulnerabilities occur, damage should be minimized by preparing countermeasures for them, but in many cases, companies are insufficient to cover the security management level and response system with a limited security IT budget. The reason is that it takes about a month for analysts to discover vulnerabilities through manual analysis, prepare countermeasures through security equipment, and patch security vulnerabilities. In the case of the public sector, the National Cyber Safety Center distributes and manages security operation policies in a batch. However, it is not easy to accept the security policy according to the characteristics of the manufacturer, and it takes about 3 weeks or more to verify the traffic for each section. In addition, when abnormal traffic inflow occurs, countermeasures such as detection and detection of infringement attacks through vulnerability analysis must be prepared, but there are limitations in response due to the absence of specialized security experts. In this paper, we proposed a method of using the security policy information sharing site "snort.org" to prepare effective countermeasures against new security vulnerability attacks.

• Journal of KIISE:Computer Systems and Theory
• /
• v.36 no.5
• /
• pp.380-386
• /
• 2009

It is most important that identifying security threats(or vulnerabilities) of critical IT assets and checking the propriety of related security countermeasures in advance for enhancing security level. In this paper, we present a new security risk evaluation scheme based on critical assets and threats for this. The presented scheme provides the coverage and propriety of the countermeasures(e.g., intrusion detection rules and vulnerability scan rules, etc.), and the quantitative risk level of identified assets and threats. So, it is expected that the presented scheme will be utilized in threat management process efficiently compared to previous works.

• International Journal of Computer Science & Network Security
• /
• v.23 no.9
• /
• pp.100-110
• /
• 2023

The Internet of Things (IoT) is the most creative and focused technology to be employed today. It increases the living conditions of both individuals and society. IoT offers the ability to recognize and incorporate physical devices across the globe through a single network by connecting different devices by using various technologies. As part of IoTs, significant questions are posed about access to computer and user privacy-related personal details. This article demonstrates the three-layer architecture composed of the sensor, routing, and implementation layer, respectively, by highlighting the security risks that can occur in various layers of an IoT architecture. The article also involves countermeasures and a convenient comparative analysis by discussing major attacks spanning from detectors to application. Furthermore, it deals with the basic protocols needed for IoT to establish a reliable connection between objects and items.

• Convergence Security Journal
• /
• v.10 no.4
• /
• pp.83-91
• /
• 2010

Information security is a critical issue for national defense. This paper provides a result of a study on the countermeasures to the North Korean Asymmetric Strategy-'Cyber Surprise Attack'. After the attack on Yeonpyeong island, the North Korea threatened there will be more surprise attack to the South Korea. Based on the analysis of 'Stuxnet' cyber attack to Iran and China, the North Korean surprise attack may be 'Stuxnet'class cyber attack. This paper several strategic countermeasures in order to overcome the anticipated the North Korean cyber surprise attack.

• Journal of Digital Convergence
• /
• v.10 no.5
• /
• pp.37-51
• /
• 2012

The purpose of this study is to approach information security from a more comprehensive perspective. Particularly, information countermeasures includes a technological tool for end users, thereby increasing the end users' technological stresses. Based on the technostress framework, we investigate a effect of security awareness training on technostress, and also examine a effect of technostress on the persistent security compliance. Results showed that security awareness training influenced on techno-overload and techno-uncertainty. We also found that techno-overload and techno-uncertainty have a significant effect on the persistent security compliance. Conclusion and implications are discussed.

• Journal of Digital Convergence
• /
• v.10 no.2
• /
• pp.1-10
• /
• 2012

The growth in computer use has ushered increased concerns of information security throughout the world. Historically, researchers interested in the security of information systems have long investigated extensively themselves with building technological countermeasures in order to prevent several information security problems. However, due to infusion of more procedures and logical or physical devices within the information environment, no system can be completely secure. Therefore, keeping IT environment safe demands a more comprehensive understanding of the phenomenon, which requires broadening information security far beyond the technical aspects. This study is aimed at proposing a information security framework from holistic view.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.8 no.3
• /
• pp.3-15
• /
• 1998

본 논문에서는 다중보호대책으로 구성된 정보보호시스템의 보호효과를 평가하기 위한 새로운 모델을 제안한다. 제안한 모델은 정보보호시스템이 요구되는 보호수준에 부합하는지 결정할 수 있게 하며, 또한 구축된 정보보호시스템의 위혐분석을 위하여 활용될 수 있다.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.15 no.6
• /
• pp.283-290
• /
• 2015

As society has evolved to the knowledge and information society, the importance of internal information of the company has increased gradually. Especially in financial institutions which must maintain the trust of customers, the disclosure of inside information is a big problem beyond the a company's business information disclosure level to break down sales-based businesses because it contains personal or financial transaction information. Recently, since massive outflow of internal information are occurring in several enterprises, many companies including financial companies have been working a lot in order to prevent the leakage of customer information. This paper describes the internal information leakage incidents occurred in the finance companies, the PC security vulnerabilities exists despite the main security system and internal information leakage prevention and suggests countermeasures against increasing cyber infringement threats.

• Journal of Information Processing Systems
• /
• v.19 no.1
• /
• pp.118-129
• /
• 2023

The expansion of smart cities drives the growth of data generated from sensor devices, benefitting citizens with enhanced governance, intelligent decision-making, optimized and sustainable management of available resources. The exposure of user data during its collection from sensors, storage in databases, and processing by artificial intelligence-based solutions presents significant security and privacy challenges. In this paper, we investigate the various threats and attacks affecting the growth of future smart cities and discuss the available countermeasures using artificial intelligence and blockchain-based solutions. Open challenges in existing literature due to the lack of countermeasures against quantum-inspired attacks are discussed, focusing on postquantum security solutions for resource-constrained sensor devices. Additionally, we discuss future research and challenges for the growing smart city environment and suggest possible solutions.