• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.3
• /
• pp.667-677
• /
• 2012

Vulnerable web applications have been the primary method used by the attackers to spread their malware to a large number of victims. Such attacks commonly make use of malicious links to remotely execute a rather advanced malicious code. The attackers often deploy malwares that utilizes unknown vulnerabilities so-called "zero-day vulnerabilities." The existing computer vaccines are mostly signature-based and thus are effective only against known attack patterns, but not capable of detecting zero-days attacks. To mitigate such limitations of the current solutions, there have been a numerous works that takes a behavior-based approach to improve detection against unknown malwares. However, behavior-based solutions arbitrarily introduced a several limitations that made them unsuitable for real-life situations. This paper proposes an advanced web browser based malicious behavior detection system that solves the problems and limitations of the previous approaches.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.3
• /
• pp.601-613
• /
• 2012

It is required to design and implement secure web applications to provide safe web services. For this reason, there are several scoring frameworks to measure vulnerabilities in web applications. However, these frameworks do not classify according to seriousness of vulnerability because these frameworks simply accumulate score of individual factors in a vulnerability. We rate and score vulnerabilities according to probability of privilege acquisition so that we can prioritize vulnerabilities found in web applications. Also, our proposed framework provides a method to score all web applications provided by an organization so that which web applications is the worst secure and should be treated first. Our scoring framework is applied to the data which lists vulnerabilities in web applications found by a web scanner based on crawling, and we show the importance of categorizing vulnerabilities according to privilege acquisition.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.3
• /
• pp.291-307
• /
• 2021

There has been global efforts to prevent the further spread of the COVID-19 and get society back to normal. 'Contact tracing' is a crucial way to detect the infected person. However the contact tracing makes another concern about the privacy violation of the personal data of infected people, released by governments. Therefore Google and Apple are announcing a joint effort to enable the use of Bluetooth technology to help governments and health agencies reduce the spread of the virus, with user privacy and security central to the design. However, in order to provide the improved tracing application, it is necessary to identify potential security threats and investigate vulnerabilities for systematically. In this paper, we provide security analysis of Privacy-Preserving COVID-19 Contact Tracing App with STRIDE and LINDDUN threat models. Based on the analysis, we propose to adopt a verifiable computation scheme, Zero-knowledge Succinctness Non-interactive Arguments of Knowledges (zkSNARKs) and Public Key Infrastructure (PKI) to ensure both data integrity and privacy protection in a more practical way.

• International Journal of Computer Science & Network Security
• /
• v.22 no.2
• /
• pp.341-347
• /
• 2022

This research is designed to help and offer hold up to complete the requirements of aged and disable in a home. The control approach and the tone approach are used to manage the house appliances. The major organize system implementation in technology of wireless to offer distant contact from a phone Internet Protocol connectivity for access and calculating strategy and appliance remotely. The planned system no need a committed server PC with value of parallel systems and offers a new communication-protocol to observe and control a house environment with more than just the switch functionality. To express the possibility and efficiency of this system, devices like as lights switches, power plugs, and motion-sensors have been included with the planned home control system and supply more security manage on the control with low electrical energy activate method. The rank of switches is corresponding in all this control system whereby all user interfaces indicate the real time existing status. This system planned to manage electrical-appliances and devices in house with reasonably low cost of design, user friendly interface, easily install and provide high security. Research community generally specified that the network "Reconnaissance Attacks" in IPv6 are usually impossible due to they will take huge challenge to carry out address scanning of 264 hosts in an IPv6 subnet."It being deployed of IPv6 shows that it definitely enhances security and undermines the probability". This research of the IPv6 addressing-strategies at present utilizes and planned a new strategy and move toward to "mitigate reconnaissance attacks".

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.2
• /
• pp.227-242
• /
• 2022

This paper presents a Cache-Coherency Interconnect(CCI)-based Android pattern screen lock(PSL) attack on modern ARM processors. CCI has been introduced to maintain the cache coherency between the big core cluster and the little core cluster. That is, CCI is the central interconnect inside SoC that maintains cache coherency and shares data. In this paper, we reveal that CCI can be a side channel in security, that an adversary can observe security-sensitive operations. We design and implement a technique to compromise Android PSL within only a few attempts using the information of CCI in user-level applications on Android Nougat. Further, we analyzed the relationship between the pattern complexity and security. Our evaluation results show that complex and simple patterns would have similar security strengths against the proposed technique.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.17 no.11
• /
• pp.3182-3203
• /
• 2023

With the growing adoption of cloud-based technologies, maintaining the privacy and security of cloud data has become a pressing issue. Privacy-preserving encryption schemes are a promising approach for achieving cloud data security, but they require careful design and implementation to be effective. The integrated approach to cloud data security that we suggest in this work uses CogniGate: the orchestrated permissions protocol, index trees, blockchain key management, and unique Opacus encryption. Opacus encryption is a novel homomorphic encryption scheme that enables computation on encrypted data, making it a powerful tool for cloud data security. CogniGate Protocol enables more flexibility and control over access to cloud data by allowing for fine-grained limitations on access depending on user parameters. Index trees provide an efficient data structure for storing and retrieving encrypted data, while blockchain key management ensures the secure and decentralized storage of encryption keys. Performance evaluation focuses on key aspects, including computation cost for the data owner, computation cost for data sharers, the average time cost of index construction, query consumption for data providers, and time cost in key generation. The results highlight that the integrated approach safeguards cloud data while preserving privacy, maintaining usability, and demonstrating high performance. In addition, we explore the role of differential privacy in our integrated approach, showing how it can be used to further enhance privacy protection without compromising performance. We also discuss the key management challenges associated with our approach and propose a novel blockchain-based key management system that leverages smart contracts and consensus mechanisms to ensure the secure and decentralized storage of encryption keys.

• Journal of Advanced Navigation Technology
• /
• v.28 no.1
• /
• pp.27-36
• /
• 2024

In this paper, we analyze the unified requirements of international association of classification societies - cyber resilience of ships, ahead of implementation of the agreement on July 1, 2024, and respond to ship cyber security and resilience programs based on 5 requirements, 17 details, and documents that must be submitted or maintained according to the ship's cyber resilience,. Measures include document management such as classification certification documents and design documents, configuration of a network with enhanced security, establishment of processes for accident response, configuration management using software tools, integrated network management, malware protection, and detection of ship network security threats with security management solutions. proposed a technology capable of real-time response.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.34 no.4
• /
• pp.629-639
• /
• 2024

CHAM is designed with an emphasis on encryption speed, considering that in the ISO/IEC standard block cipher operation mode, encryption functions are used more often than decryption functions. In the superscalar architecture of modern general-purpose processors, different ordering of operations can lead to different processing speeds, even if the computation configuration is the same. In this paper, we analyze the implementation efficiency and security of CHAM-like structures, which rearrange the order of operations in the ARX-based block cipher CHAM, for single-block and parallel implementations in a general-purpose processor environment. The proposed structures are at least 9.3% and at most 56.4%efficient in terms of encryption speed. The security analysis evaluates the resistance of the CHAM-like structures to differential and linear attacks. In terms of security margin, the difference is 3.4% for differential attacks and 6.8%for linear attacks, indicating that the security strength is similar compared to the efficiency difference. These results can be utilized in the design of ARX-based block ciphers.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.5 no.4
• /
• pp.213-229
• /
• 2009

The purpose of this paper is to identify the relationship among five factors of web design, e-satisfaction, e-loyalty, and customer defection and provide the implications of marketing strategies in online shopping. The research findings are as follows: first, ease of use of web design affects positively e-satisfaction more than the other factors except financial security. Second, e-satisfaction affects positively e-loyalty. Third, e-satisfaction does not affect customer defection. Fourth, informativeness, styling, ease of use, and trust of web design affect indirectly e-loyalty by mediating e-satisfaction. Therefore, because there is a good circular relationship among web design, e-satisfaction, and e-loyalty, it is very important to enhance web design for customers. When customers satisfy highly with the factors of web design, e-loyalty is higher and customer defection is lower. Further, in a curriculum of web design it is needed to reflect the findings of this paper.

• International Journal of Advanced Culture Technology
• /
• v.9 no.3
• /
• pp.55-61
• /
• 2021

In this study, a learning environment based on STEAM theory was proposed to support and improve learners' activities and achievements for convergent design education. The learning environment design influence STEAM education with intentional design and schedule coordination, schools can create informal environments that are crucial to STEAM education. The physical surroundings of the learning space should be applied to teaching methods and learning activity, especially for STEAM-based education, physical space conditions should support the learner's design thinking and process. Furthermore, STEAM-based education environment should support a vast array of experiences that allow students to learn the context around ideas and skills. For spaces for learning environment based on STEAM, common design principles should be considered such as technology integration, safety and security, transparency, multipurpose space, and outdoor learning. Therefore, the learning environment based on STEAM needs flexible and mobile, connected, integrated, organized, flipped, and team-focused surroundings to support the learners understand, participate, cooperate, and accomplish the design process.