• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.20 no.3
• /
• pp.135-140
• /
• 2010

The computation using Chinese Remainder Theorem in RSA cryptosystem is well suited in the digital signature or decryption processing due to its low computational load compared to the case of general RSA without CRT. Since the RSA-CRT algorithm is vulnerable to many fault insertion attacks, some countermeasures against them were proposed. Among several countermeasures, Yen et al. proposed two schemes based on fault propagation method. Unfortunately, a new vulnerability was founded in FDTC 2006 conference. To improve the original schemes, Kim et al. recently proposed a new countermeasure in which they adopt the AND operation for fault propagation. In this paper, we show that the proposed scheme using AND operation without checking procedure is also vulnerable to fault insertion attack with chosen messages.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.14 no.10
• /
• pp.4157-4175
• /
• 2020

Moving target defense, as a 'game-changing' security technique for network warfare, realizes proactive defense by increasing network dynamics, uncertainty and redundancy. How to select the best countermeasure from the candidate countermeasures to maximize defense payoff becomes one of the core issues. In order to improve the dynamic analysis for existing decision-making, a novel approach of selecting the optimal countermeasure using game theory is proposed. Based on the signal game theory, a multi-stage adversary model for dynamic defense is established. Afterwards, the payoffs of candidate attack-defense strategies are quantified from the viewpoint of attack surface transfer. Then the perfect Bayesian equilibrium is calculated. The inference of attacker type is presented through signal reception and recognition. Finally the countermeasure for selecting optimal defense strategy is designed on the tradeoff between defense cost and benefit for dynamic network. A case study of attack-defense confrontation in small-scale LAN shows that the proposed approach is correct and efficient.

• Journal of Information Technology Services
• /
• v.18 no.5
• /
• pp.155-164
• /
• 2019

With the emergence of new ICT technologies, information security threats are becoming more advanced, intelligent, and diverse. Even though the awareness of the importance of information security increases, the information security budget is not enough because of the lack of effectiveness measurement of the information security investment. Therefore, it is necessary to optimize the information security investment in each business environment to minimize the cost of operating the information security countermeasures and mitigate the damages occurred from the information security breaches. In this paper, using genetic algorithms we propose an investment optimization model for information security countermeasures with the limited budget. The optimal information security countermeasures were derived based on the actual information security investment status of SMEs. The optimal solution supports the decision on the appropriate investment level for each information security countermeasures.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.9 no.3
• /
• pp.1210-1230
• /
• 2015

Android is the world's most utilized smartphone OS which consequently, also makes it an attractive target for attackers. The most representative method of hacking used against Android apps is known as repackaging. This attack method requires extensive knowledge about reverse engineering in order to modify and insert malicious codes into the original app. However, there exists an easier way which circumvents the limiting obstacle of the reverse engineering. We have discovered a method of exploiting the Android code-signing process in order to mount a malware as an example. We also propose a countermeasure to prevent this attack. In addition, as a proof-of-concept, we tested a malicious code based on our attack technique on a sample app and improved the java libraries related to code-signing/verification reflecting our countermeasure.

• Korean Security Journal
• /
• no.7
• /
• pp.287-307
• /
• 2004

Mass killing and injuring by purpose, the countries that is hurrying countermeasure preparation of investigators who enforce that necessity to compare to intimidation of doing creature weapon is common concerns of the several countries including advanced nation such as the United States of America. Development and use of biological weapon have increased too recently to private citizens unlike development of military purpose in country dimension. The latest WHO is preparing proposal of standard stroke model who each department solidifies preparedness for chemical biological and electronic weapon revising report about biological weapon. But in case of korea, confrontation plan that bamboo broom about possibility of attack to the common people and attack comparing actual state in case of attained nothing but is readying remedy about biological warfare partially in military dimension was not readied. The purpose of this article is a study on threat of bio-weapons and the countermeasure.

• Proceedings of the Korea Water Resources Association Conference
• /
• 2005.09b
• /
• pp.1419-1419
• /
• 2005

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.11 no.8
• /
• pp.3045-3052
• /
• 2010

The international standard signature algorithm DSA has been guaranteed its security based on discrete logarithm problem. Recently, the DSA was known to be vulnerable to some fault analysis attacks in which the secret key stored inside of the device can be extracted by occurring some faults when the device performs signature algorithm. After analyzing an existing fault attack presented by Bao et al., this paper proposed a new fault analysis attack by disturbing the random number. Furthermore, we presented a countermeasure to compute DSA signature that has its immunity in the two types of fault attacks. The security and efficiency of the proposed countermeasure were verified by computer simulations.

• Korean Security Journal
• /
• no.20
• /
• pp.199-228
• /
• 2009

National security of post cold-war since 1990's shift that conception of the national security transfer traditional military strength to economic strength. Accordingly, the national interest about how to protect the of the high-technology industry enterprises has become contentious social issue. The U.S. and advanced countries promote the policy to protect The United State's Economic Espionage Act(EEA). The Korea reaching to high level a field at IT, Shipbuilding, Steel, Automobile Industry and huge capital investment to high-technology & development. But, systematic industry security activity not an unfold. So private investigator collect the evidence and information of business case for prevent danger is efficient. The private investigator system, deal with the matter efficiently, will good system to prevent economic loss of business, state and nation through make a good use in business crime that machinery of law difficult to intervene. This article countermeasure about industry spy through make a good use of private investigator.

• International Journal of Computer Science & Network Security
• /
• v.22 no.3
• /
• pp.303-311
• /
• 2022

The tremendous growth of the Internet of things is unbelievable. Many IoT devices have emerged on the market over the last decade. This has made our everyday life easier inside our homes. The technology used at home has changed significantly over the past several decades, leading to what is known today as the smart home. However, this growth has also brought new challenges to our home security and privacy. With the smart home becoming more mainstream, cybersecurity issues have become a fundamental concern. The smart home is an environment where heterogeneous devices and appliances are interconnected through the Internet of Things (IoT) to provide smart services to residents. These services include home climate control, energy management, video on demand, music on-demand, remote healthcare, remote control, and other similar services in a ubiquitous manner. Smart home devices can be controlled via the Internet using smartphones. However, connecting smart home appliances to wireless networks and the Internet makes individuals vulnerable to malicious attacks. Remote access within the same environment or over the Internet requires an effective access control mechanism. This paper intends to shed light on how smart home devices are working as well as the type of security and privacy threats of the smart home. It also illustrated the types of authentication methods that can be used with smart home devices. In addition, a comparison of Smart home IoT-based security protocols was presented along with a security countermeasure that can be used in a smart home environment. Finally, a few open problems were mentioned as future research directions for researchers.

• Journal of the Korean Society of Marine Environment & Safety
• /
• v.13 no.3
• /
• pp.199-206
• /
• 2007

In analyzing the security threats and their management system and making questions on security awareness to the concerned parties in the field of coastal passenger ship, we draw its security vulnerability and the features of security threats. The countermeasures and security system are proposed in order to response the diverse security threats and to set up the security culture of coastal passenger ship.