• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.5
• /
• pp.839-850
• /
• 2014

As the social and financial damages caused by APT attack such as 3.20 cyber terror are increased, the technical solution against APT attack is required. It is, however, difficult to protect APT attack with existing security equipments because the attack use a zero-day malware persistingly. In this paper, we propose a host based anomaly detection method to overcome the limitation of the conventional signature-based intrusion detection system. First, we defined 39 features to identify between normal and abnormal behavior, and then collected 8.7 million feature data set that are occurred during running both malware and normal executable file. Further, each process is represented as 83-dimensional vector that profiles the frequency of appearance of features. the vector also includes the frequency of features generated in the child processes of each process. Therefore, it is possible to represent the whole behavior information of the process while the process is running. In the experimental results which is applying C4.5 decision tree algorithm, we have confirmed 2.0% and 5.8% for the false positive and the false negative, respectively.

• Journal of the Korea Society of Computer and Information
• /
• v.15 no.1
• /
• pp.167-175
• /
• 2010

Like most large organizations, there are business rules such as 'separation of duty' and 'delegation' which should be considered in access control. From a SOD point of view, previous SOD models built on the (Administrative) Role-Based Access Control model cannot present the best solution to security problems such as information integrity by the limited constituent units such as role hierarchy and role inheritance. Thus, we propose a new integrated management model of administration role-based access control model and SOD policy, which is called the OS-SoDAM. The OS-SoDAM defines the authority range in an organizational structure that is separated from role hierarchy and supports a decentralized security officer-level SOD policy in which a local security officer can freely perform SOD policies within a security officer's authority range without the security officer's intervention.

• Nuclear Engineering and Technology
• /
• v.53 no.10
• /
• pp.3327-3334
• /
• 2021

Present electric grids are advanced to integrate smart grids, distributed resources, high-speed sensing and control, and other advanced metering technologies. Cybersecurity is one of the challenges of the smart grid and nuclear plant digital system. It affects the advanced metering infrastructure (AMI), for grid data communication and controls the information in real-time. The research article is emphasized solving the nuclear and smart grid hardware security issues with the integration of field programmable gate array (FPGA), and implementing the latest Time Authenticated Cryptographic Identity Transmission (TACIT) cryptographic algorithm in the chip. The cryptographic-based encryption and decryption approach can be used for a smart grid distribution system embedding with FPGA hardware. The chip design is carried in Xilinx ISE 14.7 and synthesized on Virtex-5 FPGA hardware. The state of the art of work is that the algorithm is implemented on FPGA hardware that provides the scalable design with different key sizes, and its integration enhances the grid hardware security and switching. It has been reported by similar state-of-the-art approaches, that the algorithm was limited in software, not implemented in a hardware chip. The main finding of the research work is that the design predicts the utilization of hardware parameters such as slices, LUTs, flip-flops, memory, input/output blocks, and timing information for Virtex-5 FPGA synthesis before the chip fabrication. The information is extracted for 8-bit to 128-bit key and grid data with initial parameters. TACIT security chip supports 400 MHz frequency for 128-bit key. The research work is an effort to provide the solution for the industries working towards embedded hardware security for the smart grid, power plants, and nuclear applications.

• The Journal of Society for e-Business Studies
• /
• v.23 no.4
• /
• pp.137-152
• /
• 2018

It is a measure to overcome limitations that occur in the activity of detecting and blocking abnormal information leakage activity by collecting the activity log generated by the security solution to detect the leakage of existing financial information and analyzing it by pattern analysis. First, it monitors real-time execution programs in PC that are used as information leakage path (read from the outside, save to the outside, transfer to the outside, etc.) in the PC. Second, it determines whether it is a normal controlled exception control circumvention by interacting with the related security control process at the time the program is executed. Finally, we propose a risk management model that can control the risk of financial information leakage through the process procedure created on the basis of scenario.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.14 no.6
• /
• pp.91-103
• /
• 2004

The survey of network firewall system has been focused on the deny policy that protects information from the unlicensed and the intrusion detection system. Government has solved several firewall problems as building the intranet separated from the intranet. However, the new firewall system would been satisfied both the denialpolicy and information share with the public, according as government recently emphasizes electronic service. Namely, it has to provide the functions such as the information exchange among divisions, partial share of information with the public, network connection and the interception of illegal access. Also, it considers the solution that protects system from hacking by inner user and damage of virus such as Worm. This Paper suggests the protects information system using the intrusion prevention system and role-based security policy to support the partial opennessand the security that satisfied information share among governments and public service.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.18 no.6A
• /
• pp.27-37
• /
• 2008

In the traditional signature techniques, anyone can verify the signed message. It may cause a problem since a receiver of the signature can transfer the conviction of signature to a third party. In 1996, Jakobsson introduced a designate verifier signature(DVS) which is allowed to verify only specific verifier. DVS is the solution of conflict between authenticity and privacy because it provides message authentication without non-repudiation property. In this paper based on the notion of certificateless, we suggest a certificateless strong designated verifier signature scheme including the notion of strong which provides privacy of the signer. We suggest a scheme which is first trial to propose a certificateless strong designated verifier signature scheme including the notion of strong and non-delegatability, although it is not more efficient than previous one.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.19 no.5
• /
• pp.105-118
• /
• 2009

In modern society, as the rapid development of IT technology combined with the computer-based high-speed communication networks makes it possible to provide a wide spectrum of services and devices, we have been confronting a new cultural transformation era, referred to as the information society. However, the requirements to be considered in security aspect have became more complicated and diversified, and there remains the same security weaknesses as in the existing media or protocol. Particularly, the office network device with roaming is susceptible to the different kinds of attacks such as terminal hacking, virus attacks, and information leakage because the computing capacity is relatively low and the loading of already developed security functions is difficult. Although developed as one solution to this problems, PKI security authentication technology isn't suitable for multi-domain environments providing uonments proffice network service, and so the development of a novel authentication system is needed. Therefore, in this paper researched the roaming and device authentication/auth for multitechnology using an ID-based public key, authorization ticket, and Sub-device ticket with a purpose to contribute to the development of the secured and efficient technology.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.21 no.1
• /
• pp.177-186
• /
• 2011

Mobile services which are applied PC performance and mobile characteristics are increased with spread of the smartphone. Recently, mobile cloud service is getting the spotlight as a solution of mobile service problems that mobile device is lack of memory, computing power and storage and mobile services are subordinate to a particular mobile device platform. However, mobile cloud service has more potential security threats by the threat inheritance of mobile service, wireless network and cloud computing service. Therefore, security threats of mobile cloud service has to be removed in order to deploy secure mobile cloud services and user and manager should be able to respond appropriately in the event of threat. In this paper, We define mobile cloud service threats by threat analysis of mobile device, wireless network and cloud computing and we propose mobile cloud service countermeasures in order to respond mobile cloud service threats and threat scenarios in order to respond and predict to potential mobile cloud service threats.

• Convergence Security Journal
• /
• v.9 no.2
• /
• pp.79-84
• /
• 2009

Recently, Move Picture Files have the same file format and a compression technique as Window Media Video form. but Moving Pictures using file format and a compression technique have question about Motion blur and compressibility. In this paper, we design and Implement for new Move Picture Solution EZ-MOV using FLV different from developed FLV(Flash Video) in the Macromedia company. EZ-MOV have advantages as follow. first, FLV player is able to compact disk access time and DRM (Digital Rights Management) with a built-in self and unable to an illegal video recording, second, whenever WMV formal file encoded FLV are able to lossless compression to fifty percent, third, FLV is able to Moving Picture streaming no buffering. fourth, FLV file is able streaming service no streaming server. fifth, FLV file is able to streaming service keep pace with download and streaming. sixth, FLV file is able to full duplex service.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.8 no.12
• /
• pp.4568-4587
• /
• 2014

Authentication of videos and images based on the content is becoming an important problem in information security. Unfortunately, previous studies lack the consideration of Kerckhoffs's principle in order to achieve this (i.e., a cryptosystem should be secure even if everything about the system, except the key, is public knowledge). In this paper, a solution to the problem of finding a relationship between a frame's index and its content is proposed based on the creative utilization of a robust manifold feature. The proposed solution is based on a novel semi-fragile watermarking scheme for H.264/AVC video content authentication. At first, the input I-frame is partitioned for feature extraction and watermark embedding. This is followed by the temporal feature extraction using the Isometric Mapping algorithm. The frame index is included in the feature to produce the temporal watermark. In order to improve security, the spatial watermark will be encrypted together with the temporal watermark. Finally, the resultant watermark is embedded into the Discrete Cosine Transform coefficients in the diagonal positions. At the receiver side, after watermark extraction and decryption, temporal tampering is detected through a mismatch between the frame index extracted from the temporal watermark and the observed frame index. Next, the feature is regenerate through temporal feature regeneration, and compared with the extracted feature. It is judged through the comparison whether the extracted temporal watermark is similar to that of the original watermarked video. Additionally, for spatial authentication, the tampered areas are located via the comparison between extracted and regenerated spatial features. Experimental results show that the proposed method is sensitive to intentional malicious attacks and modifications, whereas it is robust to legitimate manipulations, such as certain level of lossy compression, channel noise, Gaussian filtering and brightness adjustment. Through a comparison between the extracted frame index and the current frame index, the temporal tempering is identified. With the proposed scheme, a solution to the Kerckhoffs's principle problem is specified.