• Journal of Digital Convergence
• /
• v.13 no.8
• /
• pp.331-336
• /
• 2015

Lately, the development and utilization of technology of the Internet of Things(IoT), and Fintech have been on the rise and amid the emerging convergence of system and service, mobile payment system and location based service technology have received much attention. Considering the fact that smartphone users are currently utilizing mobile payment frequently, many corporations are introducing various methods to the market for easy payment process of consumers by grafting various technologies, and by utilizing the technology based on BLE technology and location based technology, it is emerging as new method applied to payment service such as ZEP, for easy payment process. And by checking the existence of security threats and studying the attack techniques in these payment services, we strive to suggest a method of response based on big data platform.

• Journal of Digital Convergence
• /
• v.12 no.1
• /
• pp.313-317
• /
• 2014

Smart-phone, PC or tablet platforms, such as smart terminals spread to the masses trying to capitalize. Smart TV also is increasing. In Korea, market size of TV is growing fast with growth of risk of hacking. In this paper, several kinds of Smart TV hacking cases are presented with the possibility of attacks against the vulnerability analysis and countermeasures. Most of the Linux operating system is open. Thus, it is vulnerable for latest hacking techniques. Most are based on the Linux OS to enhance security mount Sand-Box. However, bypass procedure using the technique, or APT attacks can avoid San-Box technique. New hacking techniques and a variety of ways will occur in the future. Therefore, this paper will develop Smart TV, and it analysis of a security threat and establishes better prepared in the future because new hacking attacks are expected to prepare more.

• Journal of Internet Computing and Services
• /
• v.17 no.5
• /
• pp.97-110
• /
• 2016

Cryptanalysis is very important step for auditing and checking strength of any cryptosystem. Some of these cryptosystem ensures confidentiality and security of large information exchange from source to destination using symmetric key cryptography. The cryptanalyst investigates the strengths and identifies weakness key as well as enciphering algorithm. With increase in key size the time and effort required to guess the correct key increases so trend is increase key size from 8, 16, 24, 32, 56, 64, 128 and 256 bits to strengthen the cryptosystem and thus algorithm continues without compromise on the cost of time and computation. Automatic Variable Key (AVK) approach is an alternative to the approach of fixing up key size and adding security level with key variability adds new dimension in the development of secure cryptosystem. Likewise, whenever any new cryptographic method is invented to replace per-existing vulnerable cryptographic method, its deep analysis from all perspectives (Hacker / Cryptanalyst as well as User) is desirable and proper study and evaluation of its performance is must. This work investigates AVK based cryptic techniques, in future to exploit benefits of advances in computational methods like ANN, GA, SI etc. These techniques for cryptanalysis are changing drastically to reduce cryptographic complexity. In this paper a detailed survey and direction of development work has been conducted. The work compares these new methods with state of art approaches and presents future scope and direction from the cryptic mining perspectives.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.6
• /
• pp.1411-1420
• /
• 2015

Lawful interception(LI) standard of telephone networks has technical limitations to lawfully intercept IMS/SIP-based mobile communication network subscriber who using Android and iPhone device. In addition, the technical standards related to legal interception of the IMS/SIP of the wireless network is insufficient compared to the systematic study of the development of a wireless network infrastructure. The architecture proposed in the standard of ETSI(European Telecommunications Standards Institute) for the seamless LI is insufficient to overcome the limitations of traditional voice-centric LI techniques. This paper proposes an IMS/SIP-based architecture to perform LI under 3G networks that focuses on mobility-supported environments with merging cellular networks and the Internet. We implemented the simulation to verify the efficiency of the proposed architecture, and the experimental results show that our method achieves higher lawful interception rate than that of existing interception methods.

• Journal of Internet Computing and Services
• /
• v.6 no.1
• /
• pp.27-38
• /
• 2005

Recently, the rapidly development of computing environments and the spread of Internet make possible to obtain and use of information easily. Immediately, by opposition function the Hacker's unlawful intrusion and threats rise for network environments as time goes on. Specially, the internet consists of Unix and TCP/IP had many vulnerability. the security techniques of authentication and access controls cannot adequate to solve security problem, thus IDS developed with 2nd defence line. In this paper, intrusion detection method using Bayesian Networks estimated probability values of behavior contexts based on Bayes theory. The contexts of behaviors or events represents Bayesian Networks of graphic types. We profiled concisely normal behaviors using behavior context. And this method be able to detect new intrusions or modificated intrusions. We had simulation using DARPA 2000 Intrusion Data.

• Journal of Electrical Engineering and Technology
• /
• v.6 no.6
• /
• pp.806-816
• /
• 2011

Interest about social security has recently increased in favor of safety for infrastructure. In addition, advances in computer vision and pattern recognition research are leading to video-based surveillance systems with improved scene analysis capabilities. However, such video surveillance systems, which are controlled by human operators, cannot actively cope with dynamic and anomalous events, such as having an invader in the corporate, commercial, or public sectors. For this reason, intelligent surveillance systems are increasingly needed to provide active social security services. In this study, we propose a core technique for intelligent surveillance system that is based on swarm robot technology. We present techniques for invader enclosing using swarm robots based on multiple distributed object environment. The proposed methods are composed of three main stages: location estimation of the object, specified object tracking, and decision of the cooperative behavior of the swarm robots. By using particle filter, object tracking and location estimation procedures are performed and a specified enclosing point for the swarm robots is located on the interactive positions in their coordinate system. Furthermore, the cooperative behaviors of the swarm robots are determined via the result of path navigation based on the combination of potential field and wall-following methods. The results of each stage are combined into the swarm robot-based invader-enclosing technique on multiple distributed object environments. Finally, several simulation results are provided to further discuss and verify the accuracy and effectiveness of the proposed techniques.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.1
• /
• pp.5-15
• /
• 2016

Power analysis attacks are techniques to analyze power signals to find out the secrets when cryptographic algorithm is performed. One of the most famous countermeasure against power analysis attacks is masking methods. Masking types are largely classified into two types which are boolean masking and arithmetic masking. For the cryptographic algorithm to be used with boolean and arithmetic masking at the same time, the converting algorithm can switch between boolean and arithmetic masking. In this paper we propose an algorithm for switching from boolean to arithmetic masking using storage size at less cost than ones. The proposed algorithm is configured to convert using the look-up table without the least significant bit(LSB), because of equal the bit of boolean and arithmetic masking. This makes it possible to design a converting algorithm compared to the previous algorithm at a lower cost without sacrificing performance. In addition, by applying the technique at the LEA it showed up to 26 percent performance improvement over existing techniques.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.2
• /
• pp.319-328
• /
• 2013

Considerable number of major countries have put great efforts to leverage the efficiency of power consumption using Smart Grid in order to resolve the critical issues with drastical growing demands regarding electricity, the crisis of environmental pollution and so on. There has been increasing number of researches to construct Smart Grid in Korea as well. The threats of cyber terror attacks which might cause national crisises in terms of economy and society have been climbing up because of the fact that Smart Grid employs bi-directional communications embedding the cyber threats from existing/legacy communication networks. Consequently, it is required to build concrete response processes including investigation and analysis on cyber breaches into Smart Grid. However, the digital evidence acquisition techniques do not suffice to be deployed in Smart Grid systems despite of the fact that the techniques, against cyber breaches into well-known networks, have been studied in plenty of time. This work proposes a novel digital evidence acquisition scheme appropriate to Smart Grid systems through intensive investigation of the evidence acquisition requirements in Smart Grid and the historical evidence acquisition methods.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.4
• /
• pp.669-677
• /
• 2020

As the number of Internet users exploded, attacks on the web increased. In addition, the attack patterns have been diversified to bypass existing defense techniques. Traditional web firewalls are difficult to detect attacks of unknown patterns.Therefore, the method of detecting abnormal behavior by artificial intelligence has been studied as an alternative. Specifically, attempts have been made to apply natural language processing techniques because the type of script or query being exploited consists of text. However, because there are many unknown words in scripts and queries, natural language processing requires a different approach. In this paper, we propose a new classification model which uses byte pair encoding (BPE) technology to learn the embedding vector, that is often used for web attack payloads, and uses an attention mechanism-based Bi-GRU neural network to extract a set of tokens that learn their order and importance. For major web attacks such as SQL injection, cross-site scripting, and command injection attacks, the accuracy of the proposed classification method is about 0.9990 and its accuracy outperforms the model suggested in the previous study.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.11 no.2
• /
• pp.576-583
• /
• 2010

U-City includes various information devices and network techniques, which connect among several information devices. Integrated Management Center, which is the core element of u-City, is designed to manage all services of u-City and carry out the control function for a city. Accordingly, u-City needs the methods of user authentication and security, so these methods must be implemented to integrated management center. This paper is devoted to describe some conventional authentication techniques, and authentication methods and procedures that may be available to u-City network context. Proposed u-City integrated authentication model assigns IP to only right user after authenticating information terminals and users in u-City and authorizes users according to the policy, so this model plays an important role for the security of integrated management center.