• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.13 no.1
• /
• pp.115-129
• /
• 2003

This paper presents a semi-automated formal verification method based on the famous SVO logic, and discusses its experimental results. We discuss several problems on automating the SVO logic and design its derivative, ASVO logic for automation. Also the proposed method is implemented by the Isabelle/Isar system. As a result, we verified the well-known weakness of the NSSK protocol that is vulnerable to the Denning-Sacco attack, using our Isabelle/ASVO system. Finally, we refined the protocol by following the logical consequence of the ASVO verification.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.14 no.3
• /
• pp.63-73
• /
• 2004

This paper proposes an efficient authentication scheme for multicast packet using recovery layer to provide source authentication. The problems of the existing schemes are as follows ： TESLA requires time synchronization between the sender and the receiver, md hash-based schemes have high communication overheads due to additional hash values and require many buffers and delay for verification on receivers. Our main focus is reducing the buffer size, communication and computation burden of the receiver. The proposed scheme in this paper is highly robust to packet loss using the recovery layer based on XOR operation. It also provides low communication overhead, low verification cost, non-repudiation of the origin, immediate verification and robustness against DoS attack on the receiver.

• International Journal of Computer Science & Network Security
• /
• v.24 no.3
• /
• pp.151-159
• /
• 2024

Twin clutch model enables the power-shifts as conventional planetary automatic transmission and eradicates the disadvantages of single clutch trans- mission. The automatic control of the dual clutches is a problem. Particularly to control the clutching component that engages when running in one direction of revolution and disengages when running the other direction, which exchange the torque smoothly during torque phase of the gearshifts on planetary-type automatic transmissions, seemed for quite a while hard to compensate through clutch control. Another problem is to skip gears during multiple gearshifts. However, the twin clutch gear control described in ["M Goetz, M C Levesley and D A Crolla. Dynamics and control of gearshifts on twin clutch transmissions, Proceedings of the Institution of Mechanical Engineers, Part D: Journal of Automobile Engineering 2005"], a significant improvement in twin clutch gear control system is discussed. In this research our objective is to formally specify the twin clutch gear control system and verify it with the help of formal methods. Formal methods have a high potential to give correctness estimating techniques. We use UPPAAL for formal specification and verification. Our results show that the twin clutch gear control model partially fulfills its functional requirements.

• Journal of Digital Convergence
• /
• v.12 no.8
• /
• pp.229-234
• /
• 2014

Vehicular electronic communication system has continued to develop in favor of high performance and user convenience with the evolution of auto industry. Yet, due to the nature of communication system, concerns over intruder attacks in transmission sections have been raised with a need for safe and secure communication being valued. Any successful intruder attacks on vehicular operation and control systems as well as on visual equipment could result in serious safety and privacy problems. Thus, research has focused on hardware-based security and secure communication protocols. This paper proposed a safe and secure vehicular communication protocol, used the formal verification tool, Casper/FDR to test the security of the proposed protocol against different types of intruder attacks, and verified that the proposed protocol was secure and ended without problems.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.4
• /
• pp.811-820
• /
• 2017

Software automatic technology research recently focuses not only on generating a single path test-case, but also on finding an optimized path to reach the vulnerability through various test-cases. Although Dynamic Symbolic Execution (DSE) technology is popular among these automatic technologies, most DSE technology researches apply only to Linux binaries or specific modules themselves. However, most software are vulnerable based on input files. Therefore, this paper proposes an input file based dynamic symbolic execution method for software vulnerability verification. As a result of applying it to three kinds of actual binary software, it was possible to create a test-case effectively reaching the corresponding point through the proposed method. This demonstrates that DSE technology can be used to automate the analysis of actual software.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.3
• /
• pp.519-530
• /
• 2015

With the development of technologies, smartphone provides excellent extensibility and performance. Users can install application programs easily in smartphone, so they can use smartphone in various way. In the past, users used smartphone for enhancing security in personal computer. Nowadays, smartphone has become a major target for attackers. Therefore we needs a reliable portable device for smartphone security. There are various wearable devices such as smartglasses and smartwatches, so they can be used for enhancing security in smartphone. In this paper, we study about that smartwatches can be role for enhancing smartphone security, and we implement transaction information verification scheme, Transaction information verification scheme based on CAPTCHA and CAPTCHA based transaction OTP scheme and experiment with users in prototype application.

• Journal of Digital Convergence
• /
• v.13 no.9
• /
• pp.297-302
• /
• 2015

The increase in applying IT to vehicles has given birth to smart cars or connected cars. As smarts cars become connected with external network systems, threats to communication security are on the rise. With simulation test results supporting such threats to Convergence security in vehicular communication, concerns are raised over relevant vulnerabilities, while an increasing number of studies on secure vehicular communication are published. Hacking attacks against vehicles are more dangerous than other types of hacking attempts because such attacks may threaten drivers' lives and cause social instability. This paper designed a Convergence security protocol for inter-vehicle and intra-vehicle communication using a hash function, nonce, public keys, time stamps and passwords. The proposed protocol was tested with a formal verification tool, Casper/FDR, and found secure and safe against external attacks.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.5
• /
• pp.987-997
• /
• 2012

A Point-of-Sales (POS) terminal manages the selling process by a salesperson accessible interface in real time. Using a POS system makes a business and customer management much more efficient. For these reasons, many store install POS terminal and used it. But it has many problem that stealing personal information by hacking and insider corruption. Because POS system stored payment information like that sales information, card valid period, and password. In this paper, I proposed software integrity verification technique in POS system based on White list. This method can prevent accidents that personal information leak by hacking and POS system forge and falsification. This proposed method provides software integrity, so it can prevent inside and outside threats in advance.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.1
• /
• pp.51-59
• /
• 2021

The deep learning model can produce false prediction results due to inputs that deviate from training data through variation, which leads to fatal accidents in areas such as autonomous driving and security. To ensure reliability of the model, the model's coping ability for exceptional situations should be verified through various mutations. However, previous studies were carried out on limited scope of models and used several mutation types without separating them. Based on the CIFAR10 data set, widely used dataset for deep learning verification, this study carries out reliability verification for total of six models including various commercialized models and their additional versions. To this end, six types of input mutation algorithms that may occur in real life are applied individually with their various parameters to the dataset to compare the accuracy of the models for each of them to rigorously identify vulnerabilities of the models associated with a particular mutation type.

• Proceedings of the Korean Society of Computer Information Conference
• /
• 2009.01a
• /
• pp.45-48
• /
• 2009

USN(Ubiquitous Sensor Network)은 우리가 관심이 있는 모든 사물에 통신기능이 있는 무선센서(전자태그)를 부착하고 이를 통해 사물 인식정보와 주변 환경정보(온도나 습도, 압력, 충격, 오염 등)를 탐지해 이를 실시간 네트워크를 통해 센싱 데이터들을 전송, 취합, 저장, 분석하여 사용자의 현재 상황에 정보(가정, 병원, 사무실, 유통, 군사, 교통 등)를 적절히 제공해 줄 수 있는 기술 및 첨단 지능형 서비스를 통칭한다. 향후 USN 서비스는 광범위한 영역에서 활용될 전망이며, 그에 따른 사용자 인증 보안의 중요성도 크게 부각될 것이다. 이를 위해 본 논문에서는 자필 서명을 이용한 보안기술의 USN 연동 방안을 제안하고자 한다.