• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.18 no.6A
• /
• pp.27-37
• /
• 2008

In the traditional signature techniques, anyone can verify the signed message. It may cause a problem since a receiver of the signature can transfer the conviction of signature to a third party. In 1996, Jakobsson introduced a designate verifier signature(DVS) which is allowed to verify only specific verifier. DVS is the solution of conflict between authenticity and privacy because it provides message authentication without non-repudiation property. In this paper based on the notion of certificateless, we suggest a certificateless strong designated verifier signature scheme including the notion of strong which provides privacy of the signer. We suggest a scheme which is first trial to propose a certificateless strong designated verifier signature scheme including the notion of strong and non-delegatability, although it is not more efficient than previous one.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.5
• /
• pp.1069-1078
• /
• 2012

It is known that memory has been frequently a target threatening the computer system's security while attacks on the system utilizing the memory's weakness are actually increasing. Accordingly, various memory protection mechanisms have been studied on OS while new attack techniques bypassing the protection systems have been developed. Especially, buffer overflow attacks have been developed as attacks of Return to Library or Return-Oriented Programing and recently, a technique bypassing the countermeasure against Return-Oriented Programming proposed. Therefore, this paper is intended to suggest a detection mechanism at binary level by analyzing the procedure and features of Jump-Oriented Programming. In addition, we have implemented the proposed detection mechanism and experimented it may efficiently detect Jump-Oriented Programming attack.

• The Journal of the Korea Contents Association
• /
• v.21 no.6
• /
• pp.51-61
• /
• 2021

In the era of the 4th industrial revolution symbolized by the Internet of Things, big data and artificial intelligence, various embedded devices are increasing exponentially. These devices have communication functions despite their low specifications, so the possibility of personal information leakage is increasing, and security threats are also increasing. Embedded devices can have security issues at most levels, from hardware to services over the network. In addition, it is difficult to apply general security techniques because it has characteristics of resource constraints such as low specifications and low power, and the related technology has not been standardized. In this study, we present vulnerabilities and possible problems and considerations in applying SDN to embedded devices in consideration of structural characteristics and real-world discovered cases. This study presents vulnerabilities and possible problems and considerations when applying SDN to embedded devices. From a hardware perspective, we consider the problems of Wi-Fi chips and Bluetooth, the problems of open flow implementation, SDN controllers, and examples of structural properties. SDN separates the data plane and the control plane, and provides a standardized interface between the two, enabling efficient communication control. It can respond to the security limitations of existing network technologies that are difficult to respond to rapid changes.

• International Journal of Computer Science & Network Security
• /
• v.22 no.6
• /
• pp.390-399
• /
• 2022

Cyber security and resilience are phrases that describe safeguards of ICTs (information and communication technologies) from cyber-attacks or mitigations of cyber event impacts. The sole purpose of Risk models are detections, analyses, and handling by considering all relevant perceptions of risks. The current research effort has resulted in the development of a new paradigm for safeguarding services offered online which can be utilized by both service providers and users. customers. However, rather of relying on detailed studies, this approach emphasizes task selection and execution that leads to successful risk treatment outcomes. Modelling intelligent CSGs (Cyber Security Games) using MLTs (machine learning techniques) was the focus of this research. By limiting mission risk, CSGs maximize ability of systems to operate unhindered in cyber environments. The suggested framework's main components are the Threat and Risk models. These models are tailored to meet the special characteristics of online services as well as the cyberspace environment. A risk management procedure is included in the framework. Risk scores are computed by combining probabilities of successful attacks with findings of impact models that predict cyber catastrophe consequences. To assess successful attacks, models emulating defense against threats can be used in topologies. CSGs consider widespread interconnectivity of cyber systems which forces defending all multi-step attack paths. In contrast, attackers just need one of the paths to succeed. CSGs are game-theoretic methods for identifying defense measures and reducing risks for systems and probe for maximum cyber risks using game formulations (MiniMax). To detect the impacts, the attacker player creates an attack tree for each state of the game using a modified Extreme Gradient Boosting Decision Tree (that sees numerous compromises ahead). Based on the findings, the proposed model has a high level of security for the web sources used in the experiment.

• Asia-pacific Journal of Multimedia Services Convergent with Art, Humanities, and Sociology
• /
• v.7 no.6
• /
• pp.871-880
• /
• 2017

Recently, service based on internet is inter-connected and integrated with a variety of connection. This kind of internet of things consist of heterogenous devices such as sensor node, devices and end-to end equipment which used in conventional protocols and services. The representative system is healthcare system. From healthcare appliance used by IoT, patient and doctor can utilize healthcare information with safety and high speed management. It is very convenient management to operate mobility. But it induced security and vulnerability issues because it has small memory capacity, low power supply and low computing power. This made impossible to implement security algorithm with embedded engine based on hardware. Nowdays, we can't realize conventional standard algorithm due to these kinds of reasons. From the critical issues, it occurred security and vulnerability issues. Therefore, we analysed and compared with conventional method and proposed techniques. Finally, we evaluated security issues and requirement for end-to-end point healthcare system based on internet of things.

• Smart Media Journal
• /
• v.12 no.5
• /
• pp.46-57
• /
• 2023

As the COVID-19 pandemic and the development of IT technology have led to the gradual popularization of remote and telecommuting, cloud computing technology is advancing, and cyber attack techniques are becoming more sophisticated and advanced. In response to these trends, companies are increasingly moving away from traditional perimeter-based security and adopting Zero Trust to strengthen their security. Zero Trust, based on the core principle of doubting and not trusting everything, identifies all traffic and grants access permissions through a strict authentication process to enhance security. In this paper, we analyze the background of Zero Trust adoption and the adoption policies and trends of countries that are proactively promoting its implementation. Additionally, we propose necessary efforts from governments and organizations to strengthen corporate security and considerations for companies when applying Zero Trust.

• Korean Security Journal
• /
• no.48
• /
• pp.113-146
• /
• 2016

Criminal profiling is a effective and efficient measure for enhancing industrial security of casino business. Particularly, developing criminal profiling of deviant behaviors in casino will help security management to become more effective and efficient in practical ways. Unfortunately, however, there is lack of empirical profiling study in this regard. To fill the vacuum of literature on this topic, this study was purported to create offender profiles of different types of deviant behaviors in casino based on various theories and techniques in criminal profiling literature, such as investigative psychology, linkage analysis, and behavioral evidence analysis. To fulfill the purposes, this study collected behavioral evidence from 90 casino security officers in South Korea. Offenders' behavioral evidence was analyzed to develop offender profiles of seven different types of deviant behaviors, and then the profiles were compared with each profiles that security officers focus on to identify offenders during their work hours. Results showed that, first, there were unique profiles of each type of seven different categories of deviant behaviors in terms of offenders' ways of speaking and acting, their appearance and attitudes. In addition, this study found that there were some amount of gaps between actual offenders' profiles and profiles that security officers have in mind. Based on the results, this study provided policy implications in terms of managing casino industrial security, education and training for security officers, and future study on casino security.

• Proceedings of the Korea Contents Association Conference
• /
• 2009.05a
• /
• pp.614-619
• /
• 2009

This study aims at diagnosing the relationship among user's security need Sufficiency, customer satisfaction and life satisfaction in electronic security system. For the achievement of this study selected electronic security system users in Seoul as a population for about 25 days from June 20th, 2008 to July 15th, 2008, segmented Han river based in 5 areas and extracted 1 dong per each area. This study selected 378 peoples by distributing 400 unities in total for each 80 peoples throughout purposive sampling method. The final 302 samples were used in statistics. Collected data was analyzed based on the aim of this study using SPSSWIN 16.0, and factor analysis, reliability analysis, stepwise multiple regression analysis and path analysis were used as statistic techniques to analyze. The conclusions are the followings; First, The higher bodily, environmental, mental, informational, and physical security need the more body and property protection satisfaction and facility customer satisfaction. The higher bodily, environmental, and mental security need the more employee service satisfaction. Second, The higher bodily, environmental, informational, and physical security need are perceived, the more influence is marked with life satisfaction and security life satisfaction. Third, The higher personal and property protection, facility, and employee service satisfaction the more security life satisfaction. Also, the higher customer service and personal and property protection satisfaction are perceived, the more influence is marked with life satisfaction. Fourth, Security need sufficiency has little influence on life satisfaction directly, but it has high influences on life satisfaction through customer satisfaction of electronic security system.

• Convergence Security Journal
• /
• v.12 no.6
• /
• pp.11-17
• /
• 2012

Network security performance evaluation is a complex and diverse system environments, a single, specific performance measurements alone performance evaluation measure itself and the meaning of the reliability of the evaluation results do not limit the number of days only. In this paper, we propose a method to measure the security features of security, QoS measurement techniques using MOS satisfaction. MOS(Mean Opinion Score) Rating specifications for network security, QoS satisfaction and how to operate the development and operational model for future customer's satisfaction for information systems that can be used to evaluate the QoS measurement/analysis be utilized in the field. Objectified in the form of standards and performance measurement system provider (supplier development) and consumers(users) all the results available so that how to develop a system. Development is the development of information security features, the performance of these two features networking capabilities and a comprehensive evaluation of a three-gaeyoungyeok Correlating performance measurement methodology. Systematic measurement environment designed using the proposed methodology of this study, when the operating system is on the satisfaction of the security, QoS can be calculated. Forward In addition, a variety of performance metrics and performance measurement methods by extending the network security system satisfaction rating upgrade by the way will be.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.4
• /
• pp.847-857
• /
• 2018

As the number of malicious code increases steeply, cyber attack victims targeting corporations, public institutions, financial institutions, hospitals are also increasing. Accordingly, academia and security industry are conducting various researches on malicious code detection. In recent years, there have been a lot of researches using machine learning techniques including deep learning. In the case of research using Convolutional Neural Network, ResNet, etc. for classification of malicious code, it can be confirmed that the performance improvement is higher than the existing classification method. However, one of the characteristics of the target attack is that it is custom malicious code that makes it operate only for a specific company, so it is not a form spreading widely to a large number of users. Since there are not many malicious codes of this kind, it is difficult to apply the previously studied machine learning or deep learning techniques. In this paper, we propose a method to classify malicious codes when the amount of samples is insufficient such as targeting type malicious code. As a result of the study, we confirmed that the accuracy of 97% can be achieved even with a small amount of data by applying the Memory Augmented Neural Networks model.