• Journal of Platform Technology
• /
• v.12 no.1
• /
• pp.67-76
• /
• 2024

Small and medium-sized enterprises play a fundamental role in the foundation of our country's industry and economy, and most technological innovations occur in small and medium-sized enterprises rather than large corporations. Technology development and innovation are the only way for small and medium-sized enterprises to survive in a fiercely competitive environment, so they focus on it, but interest and investment in technology protection tend to be stingy. As a result, industrial technology leakage accidents occur frequently, and it is difficult to meet improvement measures. When a leak occurs, digital evidence is required to prove criminal activity, but problems such as digital evidence being damaged or deleted due to management loopholes often occur. Therefore, through this study, we aim to design a digital evidence-based countermeasure depending on the type of technology leak accident. We will classify the types of technology leak incidents that actually occurred and study ways to secure digital evidence in the security environment of small and medium-sized businesses that operate internal information leak prevention solutions.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.6
• /
• pp.1319-1326
• /
• 2015

The symmetric key encryption algorithms, such as the AES or the ARIA, generate round keys by the key expansion mechanism. While the algorithm is executed, key expansion mechanism emits information about the secret key by the power consumption. The vulnerability exists that can reduce significantly the candidate of the secret key by the simple power analysis attack using a small number of the power traces. Therefore, we'll have to study about the attack and the countermeasure to prevent information leakage. While a simple power analysis attack on the AES key expansion has been studied since 2002, ARIA is insufficient. This paper presents a simple power analysis attack on 8-bit implementations of the ARIA-128 key expansion. The presented attack efficiently utilizes this information leakage to substantially reduce the key space that needs to be considered in a brute-force search for the secret key. We show that ARIA is vulnerable to a SPA attack based on hamming weight leakage.

• Convergence Security Journal
• /
• v.16 no.2
• /
• pp.25-34
• /
• 2016

This study aims to prevent the serious threat from dangerous person or group by responding or blocking or separating illegal activities by use of SNA: Social Network Analysis. SNA enables to identify the complex social relation of suspect and individuals in order to enhance the effectiveness and efficiency of investigation. SNS has rapidly developed and expanded without restriction of physical distance and geo-location for making new relation among people and sharing large amount of information. As rise of SNS(facebook and twitter) related crimes, terrorist group 'ISIS' has used their website for promotion of their activity and recruitment. The use of SNS costs relatively lower than other methods to achieve their goals so it has been widely used by terrorist groups. Since it has a significant ripple effect, it is imperative to stop their activity. Therefore, this study precisely describes criminal and terrorist activities on SNS and demonstrates how effectively detect, block and respond against their activities. Further study is also suggested.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.2
• /
• pp.335-344
• /
• 2016

It is known that power analysis is one of the most powerful attack in side channel analysis. Among power analysis single trace attack is widely studied recently since it uses one power consumption trace to recover secret key of public cryptosystem. Recently Sim et al. proposed new exponentiation algorithm for RSA cryptosystem with higher attack complexity to prevent single trace attack. In this paper we analyze the vulnerability of exponentiation algorithm described by Sim et al. Sim et al. applied message blinding and random exponentiation splitting method on $2^t-ary$ for higher attack complexity. However we can reveal private key using information exposed during pre-computation generation. Also we describe modified algorithm that provides higher attack complexity on collision attack. Proposed algorithm minimized the reuse of value that are used during exponentiation to provide security under single collision attack.

• The KIPS Transactions:PartC
• /
• v.8C no.5
• /
• pp.535-542
• /
• 2001

Mobile codes such as Java, Java-Script, ActiveX, and Script code are loaded into a client system first and then run without any notice to the client user. Executing code by this mechanism may cause various security problems such as flowing out system information, deleting or modifying files, and exhausting system resources. In this paper we propose an integrated authentication system to establish the uniform security countermeasure on various mobile codes. The system helps to solve to problems mentioned above. An integrated authentication system allows to load into an interpreter using ACL (Access Control List) which sets up an access authority to the executable contents and communicates with an interpreter using client/server model.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.15 no.2
• /
• pp.1-7
• /
• 2015

As recent smartphone is used around the world, all of the subscribers of the mobile communication is up to 47.7% about 24 million people. Smartphone has a vulnerability to security, and security-related incidents are increased in damage with the smartphone. However, precautions have been made, rather than analysis of the infection of most of the damage occurs after the damaged except for the case of the expert by way of conventional post-countermeasure. In this paper, we implement a mobile-based malware analysis systems apply a virtualization technology. It is designed to analyze the behavior through it. Virtualization is a technique that provides a logical resources to the guest by abstracting the physical characteristics of computing resources. The virtualization technology can improve the efficiency of resources by integrating with cloud computing services to servers, networks, storage, and computing resources to provide a flexible. In addition, we propose a system that can be prepared in advance to buy a security from a user perspective.

• Journal of the Institute of Electronics Engineers of Korea SP
• /
• v.47 no.1
• /
• pp.159-168
• /
• 2010

In the recent years, power analysis attacks were widely investigated, and so various countermeasures have been proposed. In the case of block ciphers, masking methods that blind the intermediate results in the algorithm computations(encryption, decryption, and key-schedule) are well-known. The type conversion of masking is unavoidable since Boolean operation and Arithmetic operation are performed together in block cipher. Messerges proposed a masking type conversion algorithm resistant general power analysis attack and then it's vulnerability was reported. We present that some of exiting attacks have some practical problems and propose a new power analysis attack on Messerges's algorithm. After we propose the strengthen DPA and CPA attack on the masking type conversion algorithm, we show that our proposed attack is a practical threat as the simulation results.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.6 no.5
• /
• pp.1445-1462
• /
• 2012

While botnets are used for various malicious activities, it is well known that they are widely used for email spam. Though the spam filtering systems currently in use block IPs that send email spam, simply blocking the IPs of zombie PCs participating in a botnet is not enough to prevent the spamming activities of the botnet because these IPs can easily be changed or manipulated. This IP blocking is also insufficient to prevent crimes other than spamming, as the botnet can be simultaneously used for multiple purposes. For this reason, we propose a system that detects botnets and zombie PCs based on email spam analysis. This study introduces the concept of "group pollution level" - the degree to which a certain spam group is suspected of being a botnet - and "IP pollution level" - the degree to which a certain IP in the spam group is suspected of being a zombie PC. Such concepts are applied in our system that detects botnets and zombie PCs by grouping spam mails based on the URL links or attachments contained, and by assessing the pollution level of each group and each IP address. For empirical testing, we used email spam data collected in an "email spam trap system" - Korea's national spam collection system. Our proposed system detected 203 botnets and 18,283 zombie PCs in a day and these zombie PCs sent about 70% of all the spam messages in our analysis. This shows the effectiveness of detecting zombie PCs by email spam analysis, and the possibility of a dramatic reduction in email spam by taking countermeasure against these botnets and zombie PCs.

• Journal of Digital Convergence
• /
• v.14 no.12
• /
• pp.183-191
• /
• 2016

Most recent trend reveals broader state of provision of NFC service as NFC technology was applied on smartphones which has become core communication tools by providing integrated services such as payment, medical, and personal authentication. Moreover, with integration of original service and NFC technology, new service providers now can handle personal information of original service or can handle other personal information with transition of previous service provider to NFC service provider. Considering current state of security industry along with NFC technology and service, we would like to analyze current stage of security threats and plan the counter strategies to create NFC service structure.

• The Journal of Society for e-Business Studies
• /
• v.16 no.4
• /
• pp.97-108
• /
• 2011

Small IT service organizations operate their business with limited resources and workforce in comparison with large enterprises, and they could be categorized in various types based on the method of value creation. But the recent studies on information security have been conducted and they were focused on the construction of general information security countermeasure, without considering size of the business and characteristic. Hence we have undergone the process of classifying information assets. Then we extracted and categorized the information assets considering characteristics of small organization's size and business process. Specifically we have classified the information assets according to business scenario design through qualitative observation method. Then we have validated the classified information assets by utilizing statistical method. We may anticipate that this study results could be basic data for developing the differentiated information security countermeasures for small IT service organization.