• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.3
• /
• pp.625-633
• /
• 2018

Realm is an open source database developed to replace SQLite, which is commonly used in mobile devices. The data stored in the database must be checked during the digital forensic analysis process for mobile devices because it can help to understand the behavior of the user and whether the mobile device is operating or not. In addition, since the user can intentionally use anti-forensic techniques such as deleting data stored in the database, research on how to recover deleted records is needed. In this paper, we propose a method to recover records that have not been overwritten after deletion based on the analysis of the structure and record and deletion process of the Realm database file.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.6
• /
• pp.1399-1410
• /
• 2015

Gartner is requiring companies to considerably change their survival paradigms insisting that companies need to understand and provide again the upcoming era of data competition. With the revealing of successful business cases through statistic algorithm-based predictive analytics, also, the conversion into preemptive countermeasure through predictive analysis from follow-up action through data analysis in the past is becoming a necessity of leading enterprises. This trend is influencing security analysis and log analysis and in reality, the cases regarding the application of the big data analysis framework to large-scale log analysis and intelligent and long-term security analysis are being reported file by file. But all the functions and techniques required for a big data log analysis system cannot be accommodated in a Hadoop-based big data platform, so independent platform-based big data log analysis products are still being provided to the market. This paper aims to suggest a framework, which is equipped with a real-time and non-real-time predictive analysis engine for these independent big data log analysis systems and can cope with cyber attack preemptively.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.2
• /
• pp.475-487
• /
• 2016

Recently, various risks of smartphone hacking are emerging. Smishing crime techniques become more cunning and its damage has been increasing, thereby requiring effective ways of preventing and coping with smishing. Especially, it is emphasized the need for smartphone users' security awareness and training besides technological approach. This study investigates the effective method for providing news messages in order to improve the perception of risk from smishing. This research empirically examines that the degree of optimistic bias on risk perception can vary depending on news frame, topic type, and involvement regarding smishing. Based on the findings, it identifies the factors influencing risk perception and verifies effective ways of promoting individual security awareness on smishing. The results of this study provide implications that assist in educating, campaigning and promoting information security awareness for smart device users.

• Journal of the Korea Convergence Society
• /
• v.8 no.11
• /
• pp.21-27
• /
• 2017

Internet of Things(IoT), which is developing for the hyper connection society, is based on OSHW (Open Source Hardware) such as Arduino and various small products are emerging. Because of the limitation of low performance and low memory, the IoT is causing serious information security problem that it is difficult to apply strong security technology. In this paper, we analyze the vulnerability that can occur as a result of compiling and loading the application program of Arduino on the host computer. And we propose a new attack method that allows an attacker to arbitrarily change the value input from the sensor of the arduino board. Such as a proposed attack method may cause the arduino board to misinterpret environmental information and render it inoperable. By understanding these attack techniques, it is possible to consider how to build a secure development environment and cope with these attacks.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.2
• /
• pp.169-177
• /
• 2020

Malware analysis is one of the important concerns of computer security, and advances in analysis techniques have become important for computer security. In the past, the signature-based method was used to detect malware. However, as the percentage of packed malware increased, it became more difficult to detect using the conventional method. In this paper, we propose a method for identifying packers of packed programs using machine learning. The proposed method parses the packed program to extract specific PE information that can identify the packer and identifies the packer using the Adaptive Boosting algorithm among the machine learning models. To verify the accuracy of the proposed method, we collected and tested 391 programs packed with 12 types of packers and found that the packers were identified with an accuracy of about 99.2%. In addition, we presented the results of identification using PEiD, a signature-based PE identification tool, and existing machine learning method. The proposed method shows better performance in terms of accuracy and speed in identifying packers than existing methods.

• Journal of Advanced Navigation Technology
• /
• v.13 no.6
• /
• pp.991-997
• /
• 2009

Recently, many countries are developing and investing in various homeland security technologies against terrorism. The importance of homeland security has been growing because of nuclear weapon threat from North Korea, the burning of cultural assets, and violence crimes. Therefore, in this paper, we have described and analyzed the trends related to homeland security technology. The main techniques toward homeland security are aggregation technology, integration technology, collaboration technology, categorization technology, intelligence technology, and mining technology. Those are likely to become the growth potentials until fade out of threat. Therefore, we require more government policies to support a budget enlargement.

• Convergence Security Journal
• /
• v.13 no.6
• /
• pp.83-89
• /
• 2013

When applying web hacking techniques and methods it needs to configure the integrated step-by-step and run an information security. Web hackings rely upon only one way to respond to any security holes that can cause a lot. In this study the diagnostic process of cross-site scripting attacks and web hacking response procedures are designed. Response system is a framework for configuring and running a step-by-step information security. Step response model of the structure of the system design phase, measures, operational step, the steps in the method used. It is designed to secure efficiency of design phase of the system development life cycle, and combines the way in secure coding. In the use user's step, the security implementation tasks to organize the details. The methodology to be applied to the practice field if necessary, a comprehensive approach in the field can be used as a model methodology.

• Journal of Digital Convergence
• /
• v.12 no.10
• /
• pp.299-308
• /
• 2014

Today, a number of users using smartphone is very rapidly increasing by development of smartphone performance and providing various services. Also, they are using it for enjoying various services(cloud service, game, banking service, mobile office, etc.). today's mobile security solution is simply to detect malicious code or stay on the level of mobile device management. In particular, the services which use sensitive information, such as certificate, corporation document, personal credit card number, need the technology which are prevented from hacking and leaking it. Recently, interest of these mobile security problems are increasing, as the damage cases been occurred. To solve the problem, there is various security research such as mobile virtualization, ARM trustzone, GlobalPlatform for mobile device. Therefore, in this paper, I suggested efficient method that uses the mobile virtualization techniques of certification, security policy and access control, password/key management, safe storage, etc. and Trustzone of ARM for preventing information leakage and hacking.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.8 no.10
• /
• pp.1485-1490
• /
• 2013

The demonstration project of the electrical grid for Smart grid is progressed, the smart digital appliances AV technology, Smart home energy management technology charging the management function of complex energy for the automation management of air conditioning and heating, humidity and air, the health care technology charging the design of housing for the elderly and disabled and the measurement of individual bio information, and the Smart home security technology dealing with the biometric security and motion sensors, etc. have been studied. The power monitoring terminal which uses a variety of wired and wireless networks and protocol is the target additionally to be considered in addition to the security vulnerabilities that was occurred in the existing terminal. In this research paper, the author analyzes the cryptographic techniques corresponding to the smart meter occurred by the problems that are exposed on the outside which are vulnerable to physical attacks, and intends to propose the design of the security systems for the Smart meter terminal being able to maximize the efficiency of the terminal.

• Journal of the Korea Convergence Society
• /
• v.10 no.6
• /
• pp.33-39
• /
• 2019

As cyber attack methods are becoming more intelligent, incidents such as security breaches and international crimes are increasing. In order to predict and respond to these cyber attacks, the characteristics, methods, and types of attack techniques should be identified. To this end, many security companies are publishing security intelligence reports to quickly identify various attack patterns and prevent further damage. However, the reports that each company distributes are not structured, yet, the number of published intelligence reports are ever-increasing. In this paper, we propose a method to extract structured data from unstructured security intelligence reports. We also propose an automatic intelligence report analysis system that divides a large volume of reports into sub-groups based on their topics, making the report analysis process more effective and efficient.