• International Journal of Computer Science & Network Security
• /
• v.23 no.4
• /
• pp.172-178
• /
• 2023

When the mobile device moves from the coverage of one access point to the radio coverage of another access point it needs to maintain its connection with the current access point before it successfully discovers the new access point, this process is known as handoff. During handoff the acceptable delay a voice over IP application can bear is of 50ms whereas the delay on medium access control layer is high enough that goes up to 350-500ms. This research provides a suitable methodology on medium access control layer of the IEEE 802.11 network. The medium access control layer comprises of three phases, namely discovery, reauthentication and re-association. The discovery phase on medium access control layer takes up to 90% of the total handoff latency. The objective is to effectively reduce the delay for discovery phase to ensure a seamless handoff. The research proposes a scheme that reduces the handoff latency effectively by scanning channels prior to the actual handoff process starts and scans only the neighboring access points. Further, the proposed scheme enables the mobile device to scan first the channel on which it is currently operating so that the mobile device has to perform minimum number of channel switches. The results show that the mobile device finds out the new potential access point prior to the handoff execution hence the delay during discovery of a new access point is minimized effectively.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2021.10a
• /
• pp.449-451
• /
• 2021

Cyber-attacks targeting endpoints have developed sophisticatedly into targeted and intelligent attacks, Advanced Persistent Threat (APT) targeting the Industrial Internet of Things (IIoT) has increased accordingly. Machine learning-based Endpoint Detection and Response (EDR) solutions combine and complement rule-based conventional security tools to effectively defend against APT attacks are gaining attention. However, universal EDR solutions have a high false positive rate, and needs high-level analysts to monitor and analyze a tremendous amount of alerts. Therefore, the process of optimizing machine learning-based EDR solutions that consider the characteristics and vulnerabilities of IIoT environment is essential. In this study, we analyze the flow and impact of IIoT targeted APT cases and compare the method of machine learning-based APT detection EDR solutions.

• Convergence Security Journal
• /
• v.22 no.4
• /
• pp.17-24
• /
• 2022

Recently, machine learning-based cyber attack detection and classification research has been actively conducted, achieving a high level of detection accuracy. However, low-spec IoT devices and large-scale network traffic make it difficult to apply machine learning-based detection models in IoT environment. Therefore, In this paper, we propose an efficient IoT attack detection and classification method through PCA(Principal Component Analysis) and LightGBM(Light Gradient Boosting Model) using datasets collected in a MQTT(Message Queuing Telementry Transport) IoT protocol environment that is also used in the defense field. As a result of the experiment, even though the original dataset was reduced to about 15%, the performance was almost similar to that of the original. It also showed the best performance in comparative evaluation with the four dimensional reduction techniques selected in this paper.

• Journal of IKEEE
• /
• v.27 no.4
• /
• pp.548-555
• /
• 2023

With the advancement of the internet, the use of personal information in online interactions has increased, underscoring the significance of data protection. Breaches of personal data due to unauthorized access can result in psychological and financial damage to individuals, and may even enable wide-ranging societal attacks aimed at those associated with the victims. In response to such threats, there is active research into security measures using blockchain to safeguard personal information. This study proposes a system that uses middleware and IAM (Identity and Access Management) services to protect personal information in a BaaS (Blockchain as a Service) environment where blockchain is provided via the Internet. The middleware operates on servers where IAM roles and policies are applied, authenticates users, and performs access control to allow only legitimate users to access blockchain data existing in the cloud. Additionally, to understand the impact of the proposed personal information protection method on the system, we measure the response time according to the time taken and the number of users under three assumed scenarios, and compare the proposed method and research related to personal information protection using blockchain in terms of security characteristics such as idea, type of blockchain, authentication, and confidentiality.

• Journal of Practical Engineering Education
• /
• v.15 no.3
• /
• pp.641-647
• /
• 2023

In the fintech environment, ensuring secure financial transactions with smartphones requires authenticating the device owner. Smartphone authentication techniques encompass a variety of approaches, such as passwords, biometrics, SMS authentication, and more. Among these, password-based authentication is commonly used and highly convenient for user authentication. Although it is a simple authentication mechanism, it is susceptible to eavesdropping and keylogging attacks, alongside other threats. Security keypads have been proposed to address vulnerabilities in password input on smartphones. One such innovation is a group keypad, resistant to attacks that guess characters based on touch location. However, improvements are needed for user convenience. In this study, we aim to propose a method that enhances convenience while being resistant to eavesdropping and recording attacks on the existing group keypad. The proposed method uses new signs to allow users to verify instead of the last character confirmation easily and employs dragging-to-touch for blocking recording attacks. We suggest diverse positioning methods tailored for domestic users, improving efficiency and security in password input compared to existing methods.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.5
• /
• pp.761-773
• /
• 2023

This paper proposes a method to increase the power-analysis resistance of the neural network model's feedforward process by replacing the exponential-based activation function, used in the deep-learning field, with an approximated function especially at the multi-layer perceptron model. Due to its nature, the feedforward process of neural networks calculates secret weight and bias, which already trained, so it has risk of exposure of internal information by side-channel attacks. However, various functions are used as the activation function in neural network, so it's difficult to apply conventional side-channel countermeasure techniques, such as masking, to activation function(especially, to exponential-based activation functions). Therefore, this paper shows that even if an exponential-based activation function is replaced with approximated function of simple form, there is no fatal performance degradation of the model, and than suggests a power-analysis resistant feedforward neural network with exponential-based activation function, by masking approximated function and whole network.

• Journal of Korean Society of Disaster and Security
• /
• v.16 no.3
• /
• pp.35-43
• /
• 2023

This study introduces a study on the adjustment methods of the Life Safety Index. The Life Safety Index is a service provided by the Life Safety Prevention Service System. It comprehensively evaluates individuals' levels of safety in their daily lives, continually monitors their safety status, and presents a comprehensive index to prevent safety accidents in advance. Previous studies have developed the Life Safety Index using evaluation criteria (items) for assessing life safety prevention services, incorporating both the AHP (Analytic Hierarchy Process) and Likert Scale techniques. In this study, we build upon this existing Life Safety Index and explore methods for applying adjustment factors based on individuals' characteristics to enhance its accuracy and customization. We develop adjustment factors using existing national statistics to provide personalized services tailored to individual profiles. Therefore, this paper proposes a method for providing customized services by applying adjustment factors to the Life Safety Index, contributing to the development and application of life safety index adjustment methodologies.

• Convergence Security Journal
• /
• v.23 no.3
• /
• pp.29-36
• /
• 2023

With the recent surge in exposure to fake advertising phishing sites in search engines, the damage caused by poor search quality and personal information leakage is increasing. In particular, the seriousness of the problem is worsening faster as the possibility of automating the creation of advertising phishing sites through tools such as ChatGPT increases. In this paper, the source code of fake advertising phishing sites was statically analyzed to derive structural commonalities, and among them, a detection crawler that filters sites step by step based on foreign domains and redirection was developed to confirm that fake advertising posts were finally detected. In addition, we demonstrate the need for new guide lines by verifying that the redirection page of fake advertising sites is divided into three types and returns different sites according to each situation. Furthermore, we propose new detection guidelines for fake advertising phishing sites that cannot be detected by existing detection methods.

• International Journal of Computer Science & Network Security
• /
• v.23 no.10
• /
• pp.57-66
• /
• 2023

Since 2009, Morocco has had a law governing the processing of personal data, the law 09-08, and a supervisory authority, the CNDP (National Commission for the Protection of Personal Data). Since May 2018, the European General Regulation on the Protection of Personal Data (GDPR) entered into force, which applies outside the EU in certain cases and therefore to certain Moroccan companies. The question of the protection of personal data is primarily addressed to the customer. The latter may not only be a victim of crime linked to ICT, but also have to face risks linked to the collection and abusive processing of his personal data by the private and public sectors. Often the customer does not really know how their data is stored, nor for how long and for what purpose. This fact raises the question of satisfying customer requirements, in particular for organizations that have adopted a quality approach based on ISO 9001 standard.In order to master these constraints, Moroccan companies have to adopt strategies based on modern quality management techniques, especially the adoption of principles issued from the international standard ISO 9001 while being confirmed by the law 09-08. It is through ISO 9001 and the law 09-08 that these companies can refer to recognized approaches in terms of quality and compliance. The major challenge for these companies is to have a Quality approach that allows the coexistence between the law 09-08 and ISO 9001 standard and this article deals within this specific context.

• Convergence Security Journal
• /
• v.23 no.3
• /
• pp.73-81
• /
• 2023

The progress in science and technology has widened the scope of the battlefield, leading to the emergence of cyber electronic warfare that exploits electromagnetic waves and networks. Drones have become more important due to advancements in battery technology and navigation systems. Nevertheless, tackling drone threats comes with its own set of difficulties. Radar plays a vital role in detecting drones, offering long-range capabilities and independence from weather conditions. However, the battlefield presents unique challenges like dealing with high levels of signal noise and ensuring the safety of the detection assets. This paper proposes various approaches to improve the operation of drone detection radar in cyber electronic warfare, with a focus on enhancing signal processing techniques, utilizing low probability of interception (LPI) radar, and implementing optimized deployment strategies.