• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.21 no.5
• /
• pp.35-45
• /
• 2011

The Salsa20/12 stream cipher selected for the final eSTREAM portfolio has a better performance than software implementation of AES using an 8-bit microprocessor with restricted memory space, In the theoretical approach, the evaluation of exploitable timing vulnerability was 'none' and the complexity of side-channel analysis was 'low', but there is no literature of the practical result of power analysis attack. Thus we propose the correlation power analysis attack method and prove the feasibility of our proposed method by practical experiments, We used an 8-bit RISC AVR microprocessor (ATmegal128L chip) to implement Salsa20/12 stream cipher without any countermeasures, and performed the experiments of power analysis based on Hamming weight model.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.6
• /
• pp.1031-1041
• /
• 2020

Cloud computing technology plays an important role in the deep learning industry as deep learning services are deployed frequently on top of cloud infrastructures. In such cloud environment, virtualization technology provides logically independent and isolated computing space for each tenant. However, recent studies demonstrate that by leveraging vulnerabilities of virtualization techniques and shared processor architectures in the cloud system, various side-channels can be established between cloud tenants. In this paper, we propose a novel attack scenario that can steal internal information of deep learning models by exploiting the Meltdown vulnerability in a multi-tenant system environment. On the basis of our experiment, the proposed attack method could extract internal information of a TensorFlow deep-learning service with 92.875% accuracy and 1.325kB/s extraction speed.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.6
• /
• pp.1103-1112
• /
• 2022

Blockchain technology is widespread in everyday life and various industry fields. It guarantees integrity and transparency between blockchain network participants through a distributed ledger. The smart contract is modifying and managing the distributed ledger, which is the most important component of guaranteeing integrity and transparency of blockchain network. Still, smart contracts are also a component of blockchain networks, it is disclosed to network participants transparently. For this reason, the vulnerability of smart contracts could be revealed easily. To mitigate this, various studies are leveraging TEE to guarantee the confidentiality of smart contracts. In existing studies, TEE provides confidentiality of smart contracts but guaranteeing the integrity of smart contracts is out of their scope. In this study, we provide not only the confidentiality of smart contracts but also their integrity, by guaranteeing the CFI of smart contracts within TEE.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2022.05a
• /
• pp.82-84
• /
• 2022

In recent years, research has been actively conducted to solve overhead problems caused by the increase in the number of IoT devices. MQTT, one of the IoT lightweight protocols for resolving performance degradation in IoT environments, is standardized to enable efficient operation in many-to-many communication environments, but there is a security vulnerability as it does not provide encryption by default. Although TLS communication technology can be applied to solve these problems, it is difficult to meet IoT's lightweight power-saving requirements. This paper introduces the latest MQTT communication encryption trends and analyzes IoT applicability by comparing TLS encryption and payload encryption methods.

• Convergence Security Journal
• /
• v.24 no.2
• /
• pp.201-207
• /
• 2024

Voice is a critical element of human communication, and the development of speech recognition models is one of the significant achievements in artificial intelligence, which has recently been applied in various aspects of human life. The application of speech recognition models in the military field is also inevitable. However, before artificial intelligence models can be applied in the military, it is necessary to research their vulnerabilities. In this study, we evaluates the military applicability of the multilingual speech recognition model "Whisper" by examining its vulnerabilities to battlefield noise, white noise, and adversarial attacks. In experiments involving battlefield noise, Whisper showed significant performance degradation with an average Character Error Rate (CER) of 72.4%, indicating difficulties in military applications. In experiments with white noise, Whisper was robust to low-intensity noise but showed performance degradation under high-intensity noise. Adversarial attack experiments revealed vulnerabilities at specific epsilon values. Therefore, the Whisper model requires improvements through fine-tuning, adversarial training, and other methods.

• Asia-Pacific Journal of Business
• /
• v.14 no.4
• /
• pp.49-65
• /
• 2023

Purpose - In the Korean and Chinese social landscape, it is vital to appreciate the significance of the Japanese history problem. The current study investigated whether the perception of the Japanese history problem affects decisions regarding technology adoption in organizations by comparing South Korea and China. Design/methodology/approach - The study involved 305 Korean and 379 Chinese participants who responded to scenarios and surveys regarding the adoption of workplace surveillance cameras supplied by a Japanese company. Findings - Using a moderated mediation model based on protection motivation theory (PMT), we found that past experiences of privacy invasion significantly reduced trust in the adoption of surveillance cameras at work. This relationship was mediated by respondents' perceptions of security vulnerability. The current study, however, did not confirm any significant moderating effect of the Japanese history problem priming on trust in the adoption of workplace surveillance cameras. Research implications - This suggests that the Japanese history problem may have a limited impact on organizational technology adoption decisions, different from the political consumerism behavior driven by public anti-Japanese affectivity. The current study reaffirms the validity and applicability of PMT and provides both theoretical insights and practical recommendations.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.4
• /
• pp.821-830
• /
• 2017

The internet is an important infra resource that it controls the economy and society of our country. Also, it is providing convenience and efficiency of the everyday life. But, a case of various are occurred through an using vulnerability of an internet infra resource. Recently various attacks of unknown to the user are an increasing trend. Also, currently system of security control is focussing on patterns for detecting attacks. However, internet threats are consistently increasing by intelligent and advanced various attacks. In recent, the darknet is received attention to research for detecting unknown attacks. Since the darknet means a set of unused IP addresses, no real systems connected to the darknet. In this paper, we proposed an algorithm for finding black IPs through collected the darknet traffic based on a statistics data of port information. The proposed method prepared 8,192 darknet space and collected the darknet traffic during 3 months. It collected total 827,254,121 during 3 months of 2016. Applied results of the proposed algorithm, black IPs are June 19, July 21, and August 17. In this paper, results by analysis identify to detect frequency of black IPs and find new black IPs of caused potential cyber threats.

• Korean Security Journal
• /
• no.36
• /
• pp.293-316
• /
• 2013

Today's high-rise buildings are increasing concern about the safety and evacuation of people related to the fire and threat from outside. Terrorism breaking out in high-rise buildings, a symbol of the national economy results in a number of casualties, economic loss, social fear and damage to national status. That's why high-rise building has also emerged as a target of major terrorist attacks, compared to other types of buildings. We have 54 high-rise buildings in 15 regions over the country. The Ministry of Land, Infrastructure and Transport and Seoul Metropolitan Government have offered the guidelines to prevent terrorist attacks toward high-rise buildings. Since the 9/11 terrorist attacks, the U.S. Federal Emergency Management Agency (FEMA) has developed and taken advantage of the Risk Management Manual Series. According to this manual, pre-assessment is conducted for the prevention of terrorism and particularly in FEMA 455, risk of the surrounding areas, vulnerability, possibility from terrorist attacks are checked. After the check, experts classify the risk of terrorist attacks toward the high-rise buildings and according to the risk classification, architects, security experts and structure engineers can carry out terrorism prevention program for high-rise buildings. The U.K. NaCTSO has also offered the terrorism prevention guidelines. Therefore, the Ministry of Land, Infrastructure and Transport and Seoul Metropolitan Government should make more concrete guidelines for high-rise buildings such as what U.S. FEMA and U.K. NaCTSO implement, including prior evaluation technique for terrorism risk.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.15 no.5
• /
• pp.981-986
• /
• 2020

The Internet of Things refers to a space-of-things connection network configured to allow things with built-in sensors and communication functions to interact with people and other things, regardless of the restriction of place or time.IoT is a network developed for the purpose of services for human convenience, but the scope of its use is expanding across industries such as power transmission, energy management, and factory automation. However, the communication protocol of IoT, MQTT, is a lightweight message transmission protocol based on the push technology and has a security vulnerability, and this suggests that there are risks such as personal information infringement or industrial information leakage. To solve this problem, we designed a synchronous MQTT security channel that creates a secure channel by using the characteristic that different chaotic dynamical systems are synchronized with arbitrary values in the lightweight message transmission MQTT protocol. The communication channel we designed is a method of transmitting information to the noise channel by using characteristics such as random number similarity of chaotic signals, sensitivity to initial value, and reproducibility of signals. The encryption method synchronized with the proposed key value is a method optimized for the lightweight message transmission protocol, and if applied to the MQTT of IoT, it is believed to be effective in creating a secure channel.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2012.10a
• /
• pp.132-138
• /
• 2012

Existing network layer firewall security support is one that does not support the higher layer, the application layer of a vulnerable web application security. Under these circumstances, the vulnerability of web applications to be able to defend a Web Application Firewall is positioned as a solver to solve the important security issues of businesses spotlighted in the next generation of security systems, and a very active market in the market other than domestic is expected to be formed. However, Firewall Web has not yet proposed a standard which can be used to test the performance of the Web Application Firewall Web Application Firewall and select the products of trust hardly Companies in BMT conduct their own individual problems and the cost of performance testing technologies, there is a limit. In this study, practically usable BMT model was developed to evaluate the firewall vendor. Product ratings ISO / IEC 9126, eight product characteristics meet the performance and characteristics of a web application firewall entries are derived. This can relieve the burden on the need to be evaluated in its performance testing of Web firewall, and can enhance the competitiveness of domestic-related sectors, by restoring confidence in the product can reduce the dependence on foreign products.