• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.13 no.1
• /
• pp.147-155
• /
• 2003

The diffusion of internet infrastructure and a fast increase of Population to use it is becoming a base of the service that can use various information, data and digital contents which were provided through off-line physically and used. Recently, the. techniques for copy deterrence and copyright protection have been important in e-commerce because various contents in digital form can be duplicated easily. The Access Control(AC) technique that only a user having the qualifications can access and use contents normally has been studied. The Conditional Access System(CAS) used in a satellite broadcasting md Digital Right Management System(DRMS) used for contents service are representative models of current commercialized access control. The CAS and DRM can be considered as an access control technique based on the payment based type(PBT). This paper describe the access control method of payment free type(PFT) suggested in ［5］ which are independent on the payment structure. And then we suggest a new access control method of payment free type which is more efficient than the previous one.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.2
• /
• pp.239-248
• /
• 2012

VANET (Vehicular Ad-hoc Network) is a type of MANET (Mobile Ad-hoc Network) which is the next-generation networking technology to provide communication between vehicles or between vehicle and RSU (Road Side Unit) using wireless communication. In VANET system, a vehicle accident is likely to cause awful disaster. Therefore, in VANET environment, authentication techniques for the privacy protection and message are needed. In order to provide them privacy, authentication, and conditional, non-repudiation features of the group signature scheme using a variety of security technologies are being studied. In this paper, and withdrawal of group members to avoid frequent VANET environment is suitable for vehicles produced by the group administrator for a private signing key to solve the key escrow problem of a group signature scheme is proposed. We proposed a message batch verification scheme using Bloom Filter that can verify multiple messages efficiently even for multiple communications with many vehicles.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.3
• /
• pp.373-385
• /
• 2021

To provide convenience and safety of drivers, the recent vehicles are being equipped with a number of electronic control units (ECUs). Multiple ECUs construct a network inside a vehicle to share information related to the vehicle's status; in addition, the CAN protocol is normally applied. As the modern vehicles provide highly convenient and safe services, it provides many types of attack surfaces; as a result, it makes them vulnerable to cyber attacks. The automotive IDS (Intrusion Detection System) is one of the promising techniques for securing vehicles. However, the existing methods for automotive IDS are able to analyze only periodic messages. If someone attacks on non-periodic messages, the existing methods are not able to properly detect the intrusion. In this paper, we present a method to detect intrusions including an attack using non-periodic messages. Moreover, we evaluate our method on the real vehicles, where we show that our method has 0% of FPR and 0% of FNR under our attack model.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.3
• /
• pp.517-526
• /
• 2021

Recently, the acceleration of the development of quantum computers has raised the issue of the safety of factorization and discrete logarithm based digital signature schemes used in existing Internet environments. To solve the issue, several digital signature schemes are presented that are safe in post-quantum computing environments, including standardization work by the National Institute of Standards and Technology(NIST). In this paper, we design and present a multi-signature scheme based on the TACHYON announced by Behnia et al. in 2018 CCS conference, and prove the security. Multi-signature schemes are key techniques that can distribute the dependence of cryptocurrency-wallet on private keys in the cryptocurrency field, which has recently received much attention as an digital signature application, and many researchers and developers have recently been interested. The multi-signature scheme presented in this paper enables public key aggregation in a plain public key model, which does not require additional zero-knowledge proof, and can construct an effective scheme with only an aggregated public key.

• The Journal of Korea Institute of Information, Electronics, and Communication Technology
• /
• v.13 no.6
• /
• pp.503-510
• /
• 2020

In this paper, we proposed an effective technique that greatly improves the security of the watermark by concealing the multiple-encrypted watermark in the LSB of the image pixel. Even if multiple encrypted watermark hidden in the LSBs of an image pixel are extracted, it is impossible to decrypt them, so the security of the watermark is maintained very high. If the watermark is multiple encrypted and hidden in the image using the proposed technique, the visual quality of the watermark-hidden image is very high, making it impossible to distinguish between the original image and the resulting image in which the watermark is hidden. The original watermark data can be completely extracted without loss, according to the procedure of the proposed technique, from the resulting image that the watermark is encrypted and hidden in the original image. The performance of the proposed technique was analyzed mathematically and the superiority of the proposed technique was confirmed through experiments. The proposed technique is an excellent image watermarking technique that greatly improves the security of the watermark hidden in the image compared to the existing technique.

• Journal of Internet of Things and Convergence
• /
• v.6 no.4
• /
• pp.65-72
• /
• 2020

In this paper, we developed a web-based DApp system based on a private blockchain by applying machine learning techniques to automatically identify Android malicious apps that are continuously increasing rapidly. The optimal machine learning model that provides 96.2587% accuracy for Android malicious app identification was selected to the authorized experimental data, and automatic identification results for Android malicious apps were recorded/managed in the Hyperledger Fabric blockchain system. In addition, a web-based DApp system was developed so that users who have been granted the proper authority can use the blockchain system. Therefore, it is possible to further improve the security in the Android mobile app usage environment through the development of the machine learning-based Android malicious app identification block chain DApp system presented. In the future, it is expected to be able to develop enhanced security services that combine machine learning and blockchain for general-purpose data.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.6
• /
• pp.1193-1204
• /
• 2021

In information security, AI technology is used to detect unknown malware. Although AI technology guarantees high accuracy, it inevitably entails false positives, so we are considering introducing XAI to interpret the results predicted by AI. However, XAI evaluation studies that evaluate or verify the interpretation only provide simple interpretation results are lacking. XAI evaluation is essential to ensure safety which technique is more accurate. In this paper, we interpret AI results as features that have significantly contributed to AI prediction in the field of malware, and present an evaluation method for the interpretation of AI results. Interpretation of results is performed using two XAI techniques on a tree-based AI model with an accuracy of about 94%, and interpretation of AI results is evaluated by analyzing descriptive accuracy and sparsity. As a result of the experiment, it was confirmed that the AI result interpretation was properly calculated. In the future, it is expected that the adoption and utilization of XAI will gradually increase due to XAI evaluation, and the reliability and transparency of AI will be greatly improved.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.3
• /
• pp.555-564
• /
• 2022

Recently, cyberattacks are using hacking techniques utilizing intelligent and advanced malicious codes for non-face-to-face environments such as telecommuting, telemedicine, and automatic industrial facilities, and the damage is increasing. Traditional information protection systems, such as anti-virus, are a method of detecting known malicious URLs based on signature patterns, so unknown malicious URLs cannot be detected. In addition, the conventional static analysis-based malicious URL detection method is vulnerable to dynamic loading and cryptographic attacks. This study proposes a technique for efficiently detecting malicious URLs by dynamically learning malicious URL data. In the proposed detection technique, malicious codes are classified using machine learning-based feature selection algorithms, and the accuracy is improved by removing obfuscation elements after preprocessing using Weighted Euclidean Distance(WED). According to the experimental results, the proposed machine learning-based malicious URL detection technique shows an accuracy of 89.17%, which is improved by 2.82% compared to the conventional method.

• The Journal of Korea Institute of Information, Electronics, and Communication Technology
• /
• v.15 no.3
• /
• pp.211-216
• /
• 2022

Steganography technology protects the existence of hidden information by embedding a secret message in a specific location on the cover medium. Security and resistance are strengthened by applying various hybrid methods based on encryption and steganography. In particular, techniques to increase chaos and randomness are needed to improve security. In fact, the case where the shuffling method is applied based on the discrete cosine transform(DCT) and the least significant bit(LSB) is an area that needs to be studied. I propose a new approach to hide the bit information of Hangul messages by integrating the selective shuffling method that can add the complexity of message hiding and applying the spatial domain technique to steganography. Inverse shuffling is applied when extracting messages. In this paper, the Hangul message to be inserted is decomposed into the choseong, jungseong and jongseong. It improves security and chaos by applying a selective shuffling process based on the corresponding information. The correlation coefficient and PSNR were used to confirm the performance of the proposed method. It was confirmed that the PSNR value of the proposed method was appropriate when compared with the reference value.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.6
• /
• pp.1081-1090
• /
• 2022

The face recognition model is used for identity recognition of smartphones, providing convenience to many users. As a result, the security review of the DNN model is becoming important, with adversarial attacks present as a well-known vulnerability of the DNN model. Adversarial attacks have evolved to decision-based attack techniques that use only the recognition results of deep learning models to perform attacks. However, existing decision-based attack technique[14] have a problem that requires a large number of queries when generating adversarial examples. In particular, it takes a large number of queries to approximate the gradient. Therefore, in this paper, we propose a method of generating adversarial examples using orthogonal space sampling and dimensionality reduction sampling to avoid wasting queries that are consumed to approximate the gradient of existing decision-based attack technique[14]. Experiments show that our method can reduce the perturbation size of adversarial examples by about 2.4 compared to existing attack technique[14] and increase the attack success rate by 14% compared to existing attack technique[14]. Experimental results demonstrate that the adversarial example generation method proposed in this paper has superior attack performance.