• Journal of Korea Society of Industrial Information Systems
• /
• v.21 no.3
• /
• pp.7-12
• /
• 2016

In a hostile Internet environment, steganography has focused to hide a secret message inside the cover medium for increasing the security. That is the complement of the encryption. This paper presents a text steganography techniques using the Hangul text. To enhance the security level, secret messages have been encrypted first through the genetic algorithm operator crossover. And then embedded into an cover text to form the stego text without changing its noticeable properties and structures. To maintain the capacity in the cover media to 3.69%, the experiments show that the size of the stego text was increased up to 14%.

• Convergence Security Journal
• /
• v.20 no.3
• /
• pp.71-78
• /
• 2020

Bitcoin-based blockchain technology provides an infrastructure that enables anonymous smart contracts, low-cost remittances, and online payments. However, the block-chain technology that implements the bitcoin has scalability constraints in tradeoffs between throughput and latency. To solve these problems, the Byzantine fault tolerant block-chain technique has been proposed. This technique improves throughput without increasing latency by selecting a leader and constructing many microblocks that do not contain proofs of work within the existing block by the leader. However, this technique may be less secure than existing techniques in selecting the reader.

• Journal of the Korea Society of Computer and Information
• /
• v.10 no.1 s.33
• /
• pp.27-34
• /
• 2005

Current security reinforcement systems are Passive defense system that only blocks filter to all traffic from the attacker. So, Those are weak re-attack and Stepping Stones attack because active response about attacker is lacking. Also, present techniques of traceback need much time and manpower by log information collection and trace through the personal inspection and active response is lacking. In this paper, We propose technique for TCP connection traceback that can apply in present internet and trace to inserted marking on IP header to correspond re-attack and Stepping Stones attack. Therefore, Proposed technique is unnecessary correction of existing network component and can reduce size of marked information and overhead of resources.

• The Journal of Society for e-Business Studies
• /
• v.8 no.4
• /
• pp.167-181
• /
• 2003

The contents for multimedia are very activated along to revolution of Internet. So this fact allows the contents for multimedia to be commercialized. These contents , however, included much vulnerability that it is difficult to be commercialized because attackers easily reproduce that. Many developers want to use watermarking method as the technique to protect the contents for multimedia, but it is very vulnerable to use only one method. This paper proposes the Secure DRM system which protects the contents for multimedia using Public Key Infrastructure and steganography methods. The SDRM system is more powerful than general DRM systems in that it has the special feature of watermarking and steganography techniques. We can prevent the attackers from reproducing and stealing the contents illegally, and authenticating users through SDRM systems.

• Journal of Korean Society of Industrial and Systems Engineering
• /
• v.32 no.2
• /
• pp.76-84
• /
• 2009

Since too much information has been generated, it became very difficult to find out valuable and necessary information. In order to deal with the problem of information overload, the taxonomy for information visualization techniques has been based upon visualized shapes such as tree map, fisheye view and parallel coordinates, so that it was difficult to choose the right representation technique by data characteristics. Therefore, this study was designed to introduce a new taxonomy for the information visualization by data characteristics which defined by space (3D vs. multi-dimensions), time (continuous vs. discrete), and relations of data (qualitative vs. quantitative). To verify the new taxonomy, forensic data which were generated to investigate the culprit of network security was used. The result showed that the new taxonomy was found to be very efficient and effective to choose the right visualized shape for forensic data for network security. In conclusion, the new taxonomy was proven to be very helpful to choose the right information visualization technique by data characteristics.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.1
• /
• pp.51-58
• /
• 2020

The use of malware in cyber threats continues to be used in all ages, and will continue to be a major attack method even if IT technology advances. Therefore, researches for detecting such malicious codes are constantly tried in various ways. Recently, with the development of AI-related technology, many researches related to machine learning have been conducted to detect malware. In this paper, we propose a method to detect malware using machine learning. For machine learning detection, we create a feature around each call interval, ie Time Interval, in which API calls occur among dynamic analysis data, and then apply the result to machine learning techniques.

• Convergence Security Journal
• /
• v.8 no.4
• /
• pp.1-8
• /
• 2008

Not only the recent hacking techniques are becoming more malicious with the sophisticated technology but also its consequences are bringing more damages as the broadband Internet is growing rapidly. These may include invasion of information leakage, or identity theft over the internet. Its intent is very destructive which can result in invasion of information leakage, hacking, one of the most disturbing problems on the net. This thesis describes the technology of how you can effectively analyze and detect these kind of E-Mail malicious codes. This research explains how we can cope with malicious code more efficiently by detection method.

• ETRI Journal
• /
• v.33 no.4
• /
• pp.611-620
• /
• 2011

Since card-type one-time password (OTP) generators became available, power and area consumption has been one of the main issues of hardware OTPs. Because relatively smaller batteries and smaller chip areas are available for this type of OTP compared to existing token-type OTPs, it is necessary to implement power-efficient and compact dedicated OTP hardware modules. In this paper, we design and implement a low-power small-area hardware OTP generator based on the Advanced Encryption Standard (AES). First, we implement a prototype AES hardware module using a 350 nm process to verify the effectiveness of our optimization techniques for the SubBytes transform and data storage. Next, we apply the optimized AES to a real-world OTP hardware module which is implemented using a 180 nm process. Our experimental results show the power consumption of our OTP module using the new AES implementation is only 49.4% and 15.0% of those of an HOTP and software-based OTP, respectively.

• Convergence Security Journal
• /
• v.5 no.1
• /
• pp.85-92
• /
• 2005

For an efficient role based access control in highly distributed computing environment to reduce management cost, we utilize attribute certificates. Especially highly distributed computing environments such as ubiquitous computing environments which cannot have global or broad control, need another attribute certificate management technique. The techniques for transmission of the attribute certificates and management of the group keys should be considered to reduce management cost. For better performance we structure attribute certificates. We group roles and make the role group relation tree. It results secure and efficient role renewing and distribution. For scalable attribute certificate distribution, multicasting packets are used. We take into account the packet loss and quantifying performance enhancements of structuring attribute certificates.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.39B no.3
• /
• pp.162-168
• /
• 2014

Cross-Site Request Forgery is one of the attack techniques occurring in today's Web Applications. It allows an unauthorized attacker to send authorized requests to Web Server through end-users' browsers. These requests are approved by the Web Server as normal requests therefore unexpected results arise. The problem is that the Web Server verifies an end-user using his Cookie information. In this paper, we propose an enhanced CSRF defense scheme which uses Page Identifier and user password's hash value in addition to the Cookie value which is used to verify the normal requests. Our solution is simple to implement and solves the problem of the token disclosure when only a random token is used for normal request verification.