• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.13 no.3
• /
• pp.35-43
• /
• 2003

The randomization of scalar multiplication in ECC is one of the fundamental concepts in defense methods against side-channel attacks. This paper proposes a countermeasure against simple and differential power analysis attacks through randomizing the transformed m-ary method based on a random m-ary receding algorithm. The proposed method requires an additional computational load compared to the standard m-ary method, yet the power consumption is independent of the secret key. Accordingly, since computational tracks using random window width can resist against SPA and DPA, the proposed countermeasure can improve the security for smart cards.

• Korean Security Journal
• /
• no.6
• /
• pp.327-340
• /
• 2003

As a countermeasure under accidental occurrence situation, First, as application form of martial arts, A security guard foster ability that can protect a target person of guard and own body under accidental occurrence situation through incessant martial arts practice. To achieve this purpose, incessant training mental power and physical strength reinforcement should be kept on to prevent, therefore make a safety control function for such as weapon, small arms, explosive, vehicles terror etc. happened under accidental occurrence situation. Second, according to the contents of training based on the classification category of martial arts for security guard under accidental situation, a security guard must keep safety distance necessarily lest a target person of gurad should be attacked by attacker, therefore, intercept an attack opportunity if a safety distance between a target person of guard and attacker is not kept. Third, It is to practice confrontation techniques based on the type of attack. A security guard must develp situation disposal ability that can cope properly with the attack using empty hands, murderous weapon, small arms, explosive by case or individual or mass of threat that impose danger and injury in a target person's body of guard.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.1
• /
• pp.19-32
• /
• 2013

As cyber stock trading grows rapidly, stock trading using Home Trading System have been brisk recently. Home Trading System is a heavy-weight in the stock market, and the system has shown 75% and 40% market shares for KOSPI and KOSDAQ, respectively. However, since Home Trading System focuses on the convenience and the availability, it has some security problems. In this paper, we found that the authentication information in memory remains during the stock trading and we proposed its countermeasure through two-channel authentication using a mobile device such as a cell phone.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.18 no.4
• /
• pp.17-25
• /
• 2008

Because Chinese Remainder Theorem based RSA (RSA CRT) offers a faster version of modular exponentiation than ordinary repeated squaring, it is promoting with standard. Unfortunately there are major security issues associated with RSA CRT, since Bellcore announced a fault-based cryptanalysis against RSA CRT in 1996. In 1997, Shamir developed a countermeasure using error free immune checking procedure. And soon it became known that the this checking procedure can not effect as the countermeasures. Recently Yen proposed two hardware fault immune protocols for RSA CRT, and this two protocols do not assume the existence of checking procedure. However, in FDTC 2006, the method of attack against the Yen's two protocols was introduced. In this paper, the main purpose is to present a countermeasure against the method of attack from FDTC 2006 for CRT-RSA. The proposed countermeasure use a characteristic bit operation and dose not consider an additional operation.

• Information Systems Review
• /
• v.18 no.3
• /
• pp.137-153
• /
• 2016

Organizations depend on smart working environments, such as mobile networks. This development motivates companies to focus on information security. Information leakage negatively affects companies. To address this issue, management and information security researchers focus on compliance of employees with information security policies. Countermeasures in information security are known antecedents of intention to comply information security policies. Despite the importance of this topic, research on the antecedents of information security countermeasures is scarce. The present study proposes information security intelligence as an antecedent of information security countermeasures. Information security intelligence adapted the concept of safety intelligence provided by Kirwan (2008). Information security intelligence consists of problem solving skills, social skills, and information security knowledge related to information security. Results show that problem solving skills and information security knowledge have positive effects on the awareness of employees of information security countermeasures.

• Journal of the Korea Convergence Society
• /
• v.3 no.1
• /
• pp.7-11
• /
• 2012

Intellgent Vehles network capabilities can cause a lots of security issues such as data hacking, privacy violation, location tracking and so on. Some possibilities which raise a breakdown or accident by hacking vehicle operation data are on the increase. In this paper, we propose a security module which has user authentication and encryption functionalities and can be used for vehicle network system.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.6
• /
• pp.1483-1492
• /
• 2016

Ducky USB is one of rarely-known keyboard-emulating BadUSBs. The attacking strategy using Ducky USB is taking and executing the scripted keystroke automatically whenever the USB is inserted into PC. Prior works exhibit some problems such as performance loss and additional device requirement. To solve this problem, this paper devised a countermeasure program to efficiently block the Duck USB in Windows. The experiment proves its effectiveness.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.21 no.2
• /
• pp.83-90
• /
• 2011

Recently, pairings over elliptic curve have been applied for various ID-based encryption/signature/authentication/key agreement schemes. For efficiency, the $Eta_T$ pairings over GF($P^n$) (P = 2, 3) were invented, however, they are vulnerable to side channel attacks such as DPA because of their symmetric computation structure compared to other pairings such as Tate, Ate pairings. Several countermeasures have been proposed to prevent side channel attacks. Especially, Masaaki Shirase's method is very efficient with regard to computational efficiency, however, it has security flaws. This paper examines closely the security flaws of RVA-based countermeasure on $Eta_T$ Pairing algorithm from the implementation point of view.

• Korean Security Journal
• /
• no.17
• /
• pp.33-51
• /
• 2008

According to dictionary, the meaning of protection is "guard and protect" that means protecting the Protectee's safety in case of sudden attack or various accident and Security means all protecting activity including Protectee and place where he is in or will be as comprehensively meaning of safe. As you see in the definition, Protection and security is the act to protect or will to protect from a security-threat act. A security-threat act can be discussed in the range of the concept of a criminal act in Criminal Law. A security-threat act is based on criminal act in Criminal Law, we are going to review such a security-threat act in a point of view in a sphere of learning in today's remarkable a brain-neuro science and cognitive science based on cognitive psychology, and to use an analysis on such a security-threat act to make a foundation for a establishment of the scientific preventive social security countermeasure. To do so, First of all we are going to review a security-threat act based on criminal act in Criminal Law in a point of protection police logic view. Next, we are going to introduce how cognitive science understand about act of man before we analyse a threat act as one of an act of man in cognitive science point of view. Finally, we are going to discuss the need of cognitive scientific analyse in order to establish the Scientific Preventive Social-security Countermeasure at the same time we are going to analyse a threat act in a cognitive scientific view.

• Journal of the Institute of Electronics and Information Engineers
• /
• v.50 no.2
• /
• pp.60-69
• /
• 2013

Highlighted by recent security breaches including Google, Western Energy Company, and the Stuxnet infiltration of Iranian nuclear sites, Cyber warfare attacks pose a threat to national and global security. In particular, targeted attacks such as APT exploiting a high degree of stealthiness over a long period, has extended their victims from PCs and enterprise servers to government organizations and critical national infrastructure whereas the existing security measures exhibited limited capabilities in detecting and countermeasuring them. As a solution to fight against such attacks, we designed and implemented a security monitoring system, which shares security information and helps cooperative countermeasure. The proposed security monitoring system collects security event logs from heterogeneous security devices, analyses them, and visualizes the security status using 3D technology. The capability of the proposed system was evaluated and demonstrated throughly by deploying it under real network in a ISP for a week.