• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.4
• /
• pp.761-770
• /
• 2012

CAPTCHAs(Completely Automated Public Turing tests to tell Computer and Human Apart) have been widely used for preventing the automated attacks such as spam mails, DDoS attacks, etc.. In the early stages, the text-based CAPTCHAs that were made by distorting random characters were mainly used for frustrating automated-bots. Many researches, however, showed that the text-based CAPTCHAs were breakable via AI or image processing techniques. Due to the reason, the image-based CAPTCHAs, which employ images instead of texts, have been considered and suggested. In many image-based CAPTCHAs, however, the huge number of source images are required to guarantee a fair level of security. In 2008, Kang et al. suggested a new image-based CAPTCHA that uses test images made by composing multiple source images, to reduce the number of source images while it guarantees the security level. In their paper, the authors showed the convenience of their CAPTCHA in use through the use study, but they did not verify its security level. In this paper, we verify the security of the image-based CAPTCHA suggested by Kang et al. by performing several attacks in various scenarios and consider other possible attacks that can happen in the real world.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.27 no.1
• /
• pp.87-96
• /
• 2023

As the number of security vulnerabilities increases yearly, security threats continue to occur, and the vulnerability risk is also important. We devise a security threat score calculation reflecting trends to determine the risk of security vulnerabilities. The three stages considered key elements such as attack type, supplier, vulnerability trend, and current attack methods and techniques. First, it reflects the results of checking the relevance of the attack type, supplier, and CVE. Secondly, it considers the characteristics of the topic group and CVE identified through the LDA algorithm by the Jaccard similarity technique. Third, the latest version of the MITER ATT&CK framework attack method, technology trend, and relevance between CVE are considered. We used the data within overseas sites provide reliable security information to review the usability of the proposed final formula CTRS. The scoring formula makes it possible to fast patch and respond to related information by identifying vulnerabilities with high relevance and risk only with some particular phrase.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.4
• /
• pp.723-736
• /
• 2022

Steganography is being used as a means of secret communication for crimes that threaten national security such as terrorism and espionage. With the development of computers, steganography technologies develop and criminals produce and use their own programs. However, the research for steganography is not active because detailed information on national security cases is not disclosed. The development of investigation technologies and the responses of criminal law are insufficient. Therefore, in this paper, the detection and decoding process was examined for steganography investigation, and the method was analyzed for 'the spy case of Pastor Kim', who was convicted by the Supreme Court. Multiple security devices were prepared using symmetric steganography using the pre-promised stego key. Furthermore, the three criminal legal issues: (1) the relevance issue, (2) the right to participate, and (3) the public trial issue a countermeasure were considered in national security cases. Through this paper, we hope that the investigative agency will develop analysis techniques for steganography.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.34 no.2
• /
• pp.245-261
• /
• 2024

The COVID-19 pandemic has led to the widespread adoption of contactless transactions, resulting in a noticeable increase in the trend towards fully unmanned stores. In such stores, all operational processes are automated, primarily using artificial intelligence (AI) technology. However, this AI technology has several security vulnerabilities, which can be critical in the environment of fully unmanned stores. This paper analyzes the security vulnerabilities that AI-based fully unmanned stores may face, focusing particularly on the object detection model YOLO, demonstrating that Hiding Attacks and Altering Attacks using adversarial patches are possible. It is confirmed that objects with adversarial patches attached may not be recognized by the detection model or may be incorrectly recognized as other objects. Furthermore, the paper analyzes how Data Augmentation techniques can mitigate security threats by providing a defensive effect against adversarial patch attacks. Based on these results, we emphasize the need for proactive research into defensive measures to address the inherent security threats in AI technology used in fully unmanned stores.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.15 no.5
• /
• pp.1871-1890
• /
• 2021

The transition toward a contactless society has been rapidly progressing owing to the recent COVID-19 pandemic. As a result, the IT environment of organizations and enterprises is changing rapidly; in particular, data security is expanding to the private sector. To adapt to these changes, organizations and companies have started to securely transfer confidential data to residential PCs and personally owned devices of employees working from home or from other locations. Therefore, organizations and companies are introducing streaming data services, such as the virtual desktop infrastructure (VDI) or cloud services, to securely connect internal and external networks. These methods have the advantage of providing data without the need to download to a third terminal; however, while the data are being streamed, attacks such as screen shooting or capturing are performed. Therefore, there is an increasing interest in prevention techniques against screen capture threats that may occur in a contactless environment. In this study, we analyze possible screen capture methods in a PC and a mobile phone environment and present techniques that can protect the screens against specific attack methods. The detection and defense for screen capture of PC applications on Windows OS and Mac OS could be solved with a single agent using our proposed techniques. Screen capture of mobile devices can be prevented by applying our proposed techniques on Android and iOS.

• Journal of the Ergonomics Society of Korea
• /
• v.30 no.2
• /
• pp.319-330
• /
• 2011

In computer forensics investigation, the investigators collect, protect, analyze and interpret massive amount of data which were used in cyber crime. However, due to its huge amount of information, it takes a great deal of time and errors often result even when they use forensics investigation tool in the process. The information visualization techniques will greatly help to improve the information processing ability of human when they deal with the overwhelming amount of data and have to find out significant information in it. The importance of Intrusion Detection System(IDS) among network forensics is being emphasized in computer forensics. In this study, we apply the information visualization techniques which are proposed to be a great help to IDS and carry out the usability test to find out the most effective information visualization techniques for IDS.

• IEMEK Journal of Embedded Systems and Applications
• /
• v.19 no.5
• /
• pp.243-250
• /
• 2024

This study explores enhancing facial recognition performance in low-light environments using deep learning-based low-light enhancement techniques. Facial recognition technology is widely used in edge devices like smartphones, smart home devices, and security systems, but low-light conditions reduce accuracy due to degraded image quality and increased noise. We reviewed the latest techniques, including Zero-DCE, Zero-DCE++, and SCI (Self-Calibrated Illumination), and applied them as preprocessing steps in facial recognition on edge devices. Using the K-face dataset, experiments on the Qualcomm QRB5165 platform showed significant improvements in F1 SCORE from 0.57 to 0.833 with SCI. Processing times were 0.15ms for SCI, 0.4ms for Zero-DCE, and 0.7ms for Zero-DCE++, all much shorter than the facial recognition model MobileFaceNet's 5ms. These results indicate that these techniques can be effectively used in resource-limited edge devices, enhancing facial recognition in low-light conditions for various applications.

• ETRI Journal
• /
• v.32 no.6
• /
• pp.950-960
• /
• 2010

In response to increased security concerns, biometrics is becoming more focused on overcoming or complementing conventional knowledge and possession-based authentication. However, biometric authentication requires special care since the loss of biometric data is irrecoverable. In this paper, we present a biometric authentication framework, where several novel techniques are applied to provide security and privacy. First, a biometric template is saved in a transformed form. This makes it possible for a template to be canceled upon its loss while the original biometric information is not revealed. Second, when a user is registered with a server, a biometric template is stored in a special form, named a 'soft vault'. This technique prevents impersonation attacks even if data in a server is disclosed to an attacker. Finally, a one-time template technique is applied in order to prevent replay attacks against templates transmitted over networks. In addition, the whole scheme keeps decision equivalence with conventional face authentication, and thus it does not decrease biometric recognition performance. As a result, the proposed techniques construct a secure face authentication framework in open networks.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.13 no.11
• /
• pp.5692-5716
• /
• 2019

One of the best means to safeguard the confidentiality, security, and privacy of an image within the IoT-Cloud is through encryption. However, looking through encrypted data is a difficult process. Several techniques for searching encrypted data have been devised, but certain security solutions may not be used in IoT-Cloud because such solutions are not lightweight. We propose a lightweight scheme that can perform a content-based search of encrypted images, namely EEIRI. In this scheme, the images are represented using local features. We develop and validate a secure scheme for measuring the Euclidean distance between two descriptor sets. To improve the search efficiency, we employ the k-means clustering technique to construct a searchable tree-based index. Our index construction process ensures the privacy of the stored data and search requests. When compared with more familiar techniques of searching images over plaintexts, EEIRI is considered to be more efficient, demonstrating a higher search cost of 7% and a decrease in search accuracy of 1.7%. Numerous empirical investigations are carried out in relation to real image collections so as to evidence our work.

• The Journal of the Korea Contents Association
• /
• v.9 no.8
• /
• pp.113-120
• /
• 2009

XML can supply the standard data type in information exchange format on a lot of data generated in running database or applied programs for a company by using the advantage that it can describe meaningful information directly. Therefore, as it becomes more and more necessary to manage and protect massive XML data in an efficient way, the development of safe XML access control techniques needs a new method. In this study access authorization policies are defined to design access control systems. The findings demonstrated that algorithm suggested in this study improved system performance which was low due to the complex authorization evaluation process in the existing access control techniques. It is consequently proved that the safe XML access control policy presented in this study is in an improved form as compared with the existing access control methods.