• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.1
• /
• pp.15-23
• /
• 2017

Template attack is a powerful side-channel analysis technique which can be performed by an attacker who has a test device that is identical to target device. Template attack is consisted of building template in profiling phase and matching the target device using template that were calculated in profiling phase. One methods to improve the success rate of template attack is to better estimate template which is consisted sample mean and sample covariance matrix of gaussian distribution in template profiling. However restriction of power trace in profiling phase led to poor template estimation. In this paper, we propose new method to select noisy power trace in profiling phase. By eliminating noisy power trace in profiling phase, we can construct more advanced mean and covariance matrix which relates to better performance in template attack. We proved that the proposed method is valid through experiments.

• Journal of the Korea Convergence Society
• /
• v.6 no.4
• /
• pp.225-234
• /
• 2015

With the growing number of people that use web services, the perception of the importance of securing web applications is also increasing. There are many different types of attacks that target web applications. In the rapidly-changing knowledge and information society, which came into being with the advancements made in information and communication technology, there is currently an urgent need for building web sites for the purposes of developing one's creativity and character. In this paper, attack schemes that use SQL injections and XSS and target educational digital curation systems which provide educational contents with the aim of developing of one's creativity and character are analyze, in terms of how the attacks are carried out and their vulnerabilities. Furthermore, it suggests ways of dealing appropriately with these web-based attacks that use SQL injections and XSS.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.5
• /
• pp.1247-1258
• /
• 2018

The Cyber Kill Chain originally proposed by Lockheed Martin defines the standard procedure of general cyber attacks and suggests tailored defensive actions per each step, eventually neutralizing the intent of the attackers. Defenders can effectively deal with Advanced Persistent Threat(APT)s which are difficult to be handled by other defensive mechanisms under the Cyber Kill Chain. Recently, however, social engineering techniques that exploits the vulnerabilities of humans who manage the target systems are prevail rather than the technical attacks directly attacking the target systems themselves. Under the circumstance, the Cyber Kill Chain model should evolve to encompass social engineering attacks for the improved effectiveness. Therefore, this paper aims to establish a definite concept of Cyber Kill Chain for social engineering based cyber attacks, called Social Engineering Cyber Kill Chain, helping future researchers in this literature.

• Journal of Korean Society of societal Security
• /
• v.1 no.4
• /
• pp.73-81
• /
• 2008

Electromagnetic induction surveys are one of the useful methods to detect the location and buried depth of underground utilities by measuring horizontal and vertical magnetic fields. It can effectively detects single buried utility with the accuracy of within 20 cm. However when another utility is buried near to target one, the accuracy of utility location considerably decreases due to the distortion of magnetic fields caused from adjacent utility. This study shows the ways to verify the location and buried depth of target utility when magnetic fields does not show symmetric distribution due to adjacent another utility. Using Bluetooth wireless communication tools, we developed the way to records measured magnetic fields to handheld PDA. We investigated the criteria for minimum distance of two adjacent utilities to separate the individual responses through field model test.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.21 no.10
• /
• pp.454-460
• /
• 2020

In recent years, the rapid increases in video distribution and viewing over the Internet have increased the risk of personal information exposure. In this paper, a method is proposed to robustly identify areas in images where a person's privacy is compromised and simultaneously blocking the object area by blurring it while rapidly tracking it using a prediction algorithm. With this method, the target object area is accurately identified using artificial neural network-based learning. The detected object area is then tracked using a location prediction algorithm and is continuously blocked by blurring it. Experimental results show that the proposed method effectively blocks private areas in images by blurring them, while at the same time tracking the target objects about 2.5% more accurately than another existing method. The proposed blocking method is expected to be useful in many applications, such as protection of personal information, video security, object tracking, etc.

• Convergence Security Journal
• /
• v.7 no.2
• /
• pp.17-25
• /
• 2007

In this paper, an algorithm that provisions proportional differentiation of packet delays is proposed with an objective for enhancing quality of service (QoS) in future packet networks. It features an adaptive scheme that adjusts the target delay every time slot to compensate the deviation from the target delay which is caused by the prediction error on the traffic to be arrived in the next time slot. It predicts the traffic to be arrived at the beginning of a time slot and measures the actual arrived traffic at the end of the time slot. The difference between them is utilized to the delay control operation for the next time slot to offset it. As it compensates the prediction error continuously, it shows superior adaptability to the bursty traffic as well as the exponential rate traffic. It is demonstrated through simulations that the algorithm meets the quantitative delay bounds and shows superiority to the traffic fluctuation in comparison with the conventional non-adaptive mechanism. The algorithm is implemented with VHDL on a Xilinx Spartan XC3S1500 FPGA and the performance is verified under the test board based on the XPC860P CPU.

• Korean Security Journal
• /
• no.53
• /
• pp.11-33
• /
• 2017

Terrorism has existed in the entire human history and has become a significant topic in criminology while prior studies has focused on North Korea as the perpetrator, and this prevents an in-depth discussion of the international trends of terrorism. As soft targets are the main target of new terrorism and because we never ignore the significance of the consequences, there are needs for more studies on the topic. This study conducted a case study of major terrorism attacks and surveyed professionals in the field via an AHP analysis in order to find the characteristics of terrorism and its potential patterns in South Korea. As a result, we found that North Korea or the left-wing may utilize homemade bomb, motor vehicle or drone for the purpose of attacking multi-use facilities in South Korea. For policy implications, we insist developing a better CPTED approach on those facilities, improving professionalism of cyber-watchdog via more training and education, stricter control on drone permit, and operation of counseling centers for preventing radicalization.

• The KIPS Transactions:PartC
• /
• v.14C no.5
• /
• pp.411-416
• /
• 2007

The General security method of wireless network provides a confidentiality of communication contents based on the cryptographic stability against a malicious host. However, this method exposes the logical and physical addresses of both sender and receiver, so transmission volume and identification of both may be exposed although concealing that content. Covered address scheme that this paper proposes generates an address to which knapsack problem using super increasing sequence is applied, and replaces the addresses of sender and receiver with addresses from super increasing sequence. Also, proposed method changes frequently secret addresses, so a malicious user cannot watch a target system or try to attack the specific host. Proposed method also changes continuously a host address that attacker takes aim at. Accordingly, an attacker who tries to use DDoS attack cannot decide the specific target system.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.6
• /
• pp.1595-1606
• /
• 2018

Recently, there has been an increase in the number of social engineering techniques that indirectly attack the target system administrators or organizational weaknesses rather than the traditional technical cyber attacks that directly attacked the target systems. Accordingly, the type analysis and case study of social engineering techniques are being actively conducted. There has been, however, little effort to derive an analysis model that systematically analyzes social engineering based cyberspace operations. Therefore, this paper aims at building a Social Engineering Based Cyberspace Operations Analysis Model, which can be used as a reference framework for a case study or attack scenario generation of social engineering based cyberspace operations.

• Convergence Security Journal
• /
• v.19 no.2
• /
• pp.163-174
• /
• 2019

RAM analysis determines the range of resources to be invested by presenting the development goals of the weapon system. If the RAM analysis is not performed properly, it can cause a huge increase in business costs. While the cumulative cost ratio in the concept study is less than 1% of the total cost, 65-70% of the total lifecycle cost is determined and can't be reduced later. Therefore, RAM analysis is crucial in precedent study. When calculating the target RAM value by writing an existing OMS/MP, new functions and the future missions are hardly considered and reflected. Therefore, this paper proposes a method to establish OMS/MP by deriving arguments based on Delphi and Bayesian theory focusing on unmanned combat vehicle.