• Journal of Communications and Networks
• /
• v.18 no.3
• /
• pp.273-287
• /
• 2016

White-box cryptography presented by Chow et al. is an obfuscation technique for protecting secret keys in software implementations even if an adversary has full access to the implementation of the encryption algorithm and full control over its execution platforms. Despite its practical importance, progress has not been substantial. In fact, it is repeated that as a proposal for a white-box implementation is reported, an attack of lower complexity is soon announced. This is mainly because most cryptanalytic methods target specific implementations, and there is no general attack tool for white-box cryptography. In this paper, we present an analytic toolbox on white-box implementations of the Chow et al.'s style using lookup tables. According to our toolbox, for a substitution-linear transformation cipher on n bits with S-boxes on m bits, the complexity for recovering the $$O\((3n/max(m_Q,m))2^{3max(m_Q,m)}+2min\{(n/m)L^{m+3}2^{2m},\;(n/m)L^32^{3m}+n{\log}L{\cdot}2^{L/2}\}\)$$, where $m_Q$ is the input size of nonlinear encodings,$m_A$ is the minimized block size of linear encodings, and $L=lcm(m_A,m_Q)$. As a result, a white-box implementation in the Chow et al.'s framework has complexity at most $O\(min\{(2^{2m}/m)n^{m+4},\;n{\log}n{\cdot}2^{n/2}\}\)$ which is much less than $2^n$. To overcome this, we introduce an idea that obfuscates two advanced encryption standard (AES)-128 ciphers at once with input/output encoding on 256 bits. To reduce storage, we use a sparse unsplit input encoding. As a result, our white-box AES implementation has up to 110-bit security against our toolbox, close to that of the original cipher. More generally, we may consider a white-box implementation of the t parallel encryption of AES to increase security.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.14 no.3
• /
• pp.1409-1415
• /
• 2013

With the development of Internet communication and the use of a variety of online services has been greatly expanded. Therefore, the importance of authentication techniques for users of online services has increased. The most commonly used methods for user authentication is a technique that utilizes a prearranged password. However, the existing password scheme for authentication must use the same password every time. Therefore, the password being leaked by attackers, it can be used maliciously. In this paper, we proposed the Variable Password Generation Method in Internet Authentication System that generates a new password using information such as the access date, time, and IP address when user logs in. The method proposed in this paper prevents disclosure of personal information due to password exposure and improves the reliability and competitiveness in the field of security systems.

• Journal of Korea Multimedia Society
• /
• v.14 no.5
• /
• pp.703-709
• /
• 2011

State-based infrastructure on IT-based network are prone to numerous cyber attack including subsequent hacking and internet infringement. These acts of terrorism are increasing because of the expanding IT convergence technology. Recently, the trend on cyber security monitoring and control researches focus on combining the general idea of security monitoring and control along with IT field and other control systems. This convergence trend has been increasing in both the use and importance. This research analyzes the state-based infrastructure monitoring and control system, its vulnerability as well as its improvement by incorporating the cyber convergence systems to existing systems. The subject of this research is for extensive use of CCTV systems which is expanded for 'CCTV Monitoring and Control Field' as well as 'Traffic Monitoring and Control Field' operated by 'Intelligent Traffic Information System' and Disaster Management Area which is studied in various fields. Eventually, the objective of the paper is to solve these issues, to apply related systems and to suggest improvement on the convergence system.

• The KIPS Transactions:PartC
• /
• v.18C no.4
• /
• pp.207-212
• /
• 2011

Vehicular Ad Hoc Network(VANET) is a communication technology between vehicles and vehicles(V2V) or vehicles and infrastructures(V2I) for offering a number of practical applications. Considering the importance of communicated information through VANET, data authentication, confidentiality and integrity are fundamental security elements. Recently, to enhance a security of VANET in various circumstances, message authentication is widely researched by many laboratories. Among of them, Zhang. et. al. is an efficient method to authenticate the message with condition of anonymity in dense space. In the scheme, to obtain the vehicular ID with condition of anonymity, the k-anonymity is used. However it has a disadvantage, which conducts hash operations in case of determining the vehicular ID. In the paper, we present a location based algorithm using received signal strength for the location based authentication and encryption technique as well, and to enhance the accuracy of algorithm we apply a location determination technique over the 3-dimensional space.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.5
• /
• pp.1019-1026
• /
• 2019

Due to limitations of existing methods for detecting newly introduced malware, the importance of the development of artificial intelligence vaccines arises. Existing artificial intelligence vaccines have a disadvantage that the accuracy of the detection rate is low because those vaccines do not scan all parts of the file. In this paper, we suggest an enhanced method for detecting malware which is composed of unique OP Code features in the malware files. Specifically, we tested the method with text datasets trained on Random Forest algorithm and with image datasets trained on the Inception V3 model. As a result, the highest accuracy of the detection rate was about 80%.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.19 no.5
• /
• pp.19-24
• /
• 2019

The development of ICT technology has a huge impact on the existing closed CCTV security equipment market. With the importance of video data particularly highlighted in areas such as self-driving cars, unmanned vehicles and smart cities, various technologies using video are emerging. In this paper, we proposed a method to transmit videos and metadata as a part of smart city integration, and to solve the traffic, environment and security problems caused in urban life by utilizing the metadata instead of using CCTV videos for simple recording purposes, and reverse tunneling technique was designed and implemented as a method for accessing CCTV videos for vehicles from remote locations. Integrated management of CCTV videos and metadata for vehicles that have been used only for limited purposes in closed environments will enable efficient operation of integrated centers in real time required by smart cities, such as vehicle status check, road conditions and facility management.

• The Journal of the Convergence on Culture Technology
• /
• v.5 no.4
• /
• pp.37-41
• /
• 2019

The following study, as the importance of military role in a national disaster is emerging as a part of comprehensive security, there has been a number of elements of social disaster-related support in support of each type of national disaster aimed to improve the military's role towards comprehensive security but there has been no regular study of this topic. The point of this study is to analyze various aspects and hardships during the mission and improve the effectiveness of future support missions by observing and interviewing the military personnel which substituted the role of train drivers in the Seoul Metro in 2016, when the Korean Railroad Corporation [KORAIL] Workers Union was on strike [72 days] which is the longest period of a national disaster requiring military assistance.

• Journal of Korea Society of Industrial Information Systems
• /
• v.26 no.5
• /
• pp.21-35
• /
• 2021

In this study, in order to find out how the quality factors of information system affected the technology acceptance model and user intention, the importance of IT security which had been recently emerged by including the security in the system, information and service is considered as the factors of information system quality. To verify how the information system quality affected the technology acceptance model and user intention, the study was conducted with expanded information system by classifying the technology acceptance model with perceived usefulness and perceived ease of use and classifying user intention with acceptance and utilization whether user had only acceptance intention or both acceptance and utilization intentions. The study results are as follows. First, the hypothesis that quality factors of information system affected the technology acceptance model significantly was partially adopted. Second, the hypothesis that the technology acceptance model affected user intention significantly was adopted.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.5
• /
• pp.951-958
• /
• 2021

With the growing cyber threat to information assets, it has become important to share threat information quickly. This paper examines the sharing of cyber threat information and presents a method to determine the importance of threat indicators in the information sharing market by calculating weights. The analysis was conducted using AHP techniques, with a pairwise comparison of the four factors(attacker & infected system indicators, role indicators, malicious file indicators, technique & spread indicators) and the details of each factor. Analysis shows that malicious file indicators are the most important among the higher evaluation factors and infected system IP, C&C and Smishing are the most important factors in comparison between detailed items. These findings could be used to measure the preference of consumers and the contribution of information provider for facilitating information sharing.

• International Journal of Computer Science & Network Security
• /
• v.21 no.7
• /
• pp.70-76
• /
• 2021

The relevance of intelligence involves the definition of such communication systems of PR-management and branding of media channels with the use of social networks, which are already implemented in practice by modern representatives of professional PR product. The purpose of the investigation is to determine the system of implementation of technologies of PR-management and branding of media channels with the use of social networks based on a survey of PR and brand of different media channels on the basis of a survey of brand managers and PR. 980 respondents from Ukraine took part in the survey. The survey was conducted on the Google-forms platform. The results outline a list of the most popular social networks and messengers for the implementation of PR management and branding technologies, including Facebook, Twitter, Google, LinkedIn, Tumblr; Telegram, WhatsApp, Viber, Skype. It is determined that the criteria of branding analysis are informativeness, centralization/distribution, content, feedback intensity. Identified 2 prospects for the development of branding in an interactive media environment (creation of a presentation system; integration of websites of social media and companies in universal centers). The criteria of general importance of the factors influencing the behavioral intention of consumers to use social media channels are presented (satisfaction, accessibility, perceived usefulness, trust, ease of use, attitude, social influence, self-efficacy). The meaning of the content of social media channels (public, informational and communication) is indicated. The practical significance of the study was to present the links between the criteria, development prospects and the values of branding factors.