• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.5
• /
• pp.909-917
• /
• 2013

CAPTCHA is an automated test to tell apart computers from human mainly for web services, and it has been evolved since the most naive form in which users are requested to input simple strings has been introduced. Though many types of CAPTCHAs have been proposed, text-based CAPTCHAs have been widely prevailed for user convenience. In this paper, we introduce new segmentation schemes and show an attack method to break the CAPTCHA of Naver that occupies more than 70% of the market share in search engine. The experimental results show that 938 trials out of 1000 have successfully analyzed, which implies that we cannot use the CAPTCHA anymore.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.27 no.11C
• /
• pp.1090-1096
• /
• 2002

The HTTP does not support continuity for browser-server interaction between successive visits or a user due to a stateless feature. Cookies were invented to maintain continuity and state on the Web. Because cookies are transmitted in plain and contain text-character strings encoding relevant information about the user, the attacker can easily copy and modify them for his undue profit. In this paper, we design a secure cookies scheme based on X.509 public key certificate for solving these security weakness of typical web cookies. Our secure cookies scheme provides not only mutual authentication between client and server but also confidentiality and integrity of user information. Additionally, we implement our secure cookies scheme and compare it to the performance with SSL(Secure Socket Layer) protocol that is widely used for security of HTTP environment.

• The KIPS Transactions:PartD
• /
• v.10D no.7
• /
• pp.1197-1206
• /
• 2003

This paper describes the IPP (Internet Printing Protocol), a standard that makes network setup for printers potentially much easier and, not so incidentally, also user can print over the Internet and specifies an implementation of IPP client/server system. It allows the system administrator and operators to control IPP system users and printer devices. The focus of this effort is optimized capabilities the security features for authentication, authorization, and policies, also improved compatibility with existing WP devices. Finally this paper presents conclusions and further researches.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.3
• /
• pp.693-700
• /
• 2016

Analyzing characteristics of spam text messages had limitations since spam datasets are typically difficult to obtain publicly and previous studies focused on spam email. Although existing studies, such as through the use of spam e-mail characterization and utilization of data mining techniques, there are limitations that influence is limited to high spam detection techniques using a single word character. In this paper, we reveal the characteristics of the spam SMS based on experiment and analysis from different perspectives and propose coward analysis based spam SMS detection scheme with a publicly disclosed spam SMS from the University of Singapore. With the extensive performance evaluations, we show false positive and false negative of the proposed method is less than 2%.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.5
• /
• pp.1023-1032
• /
• 2017

When a cryptographic device such as smart card performs an encryption for a plain text, an attacker can extract the secret key in it using side channel information. Especially, many researches found some weaknesses for side channel attack on the lightweight block cipher LEA designed to apply in IoT environments. In this paper, we survey several masking countermeasures to defeat the side channel attack and propose a novel masking conversion method. Even though the proposed Arithmetic-to-Boolean masking conversion method requires storage memory of 256 bytes, it can improve the LEA encryption speed up to 17 percentage compared to the case adopted the previous masking method.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2017.10a
• /
• pp.578-580
• /
• 2017

IoT technology poses a lot of security threats. Various algorithms are thus employed in ensuring security of transactions between IoT devices. Advanced Encryption Standard (AES) has gained huge popularity among many other symmetric key algorithms due to its robustness till date. This paper presents a hardware based implementation of the AES algorithm. We present a four-stage pipelined architecture of the encryption and key generation. This method allowed a total plain text size of 512 bits to be encrypted in 46 cycles. The proposed hardware design achieved a maximum frequency of 1.18GHz yielding a throughput of 13Gbps and 800MHz yielding a throughput of 8.9Gbps on the 65nm and 180nm processes respectively.

• International Journal of Computer Science & Network Security
• /
• v.21 no.12
• /
• pp.300-308
• /
• 2021

The processes of informatization of the modern educational space are inextricably linked with the active introduction of innovative information technologies, which diversify the forms of education and upbringing. The use of these technologies in education due to their specific properties significantly enhances the clarity of learning, emotional impact on students, helps to deepen interdisciplinary links, intensifies students' work, and improves the organization of educational activities. Innovative information technologies offer new opportunities for the use of text, audio, graphic, and video information in lessons, enriching the methodological possibilities of the lesson. Today, the use of these technologies is becoming an integral part of the study of any subject. Using multimedia presentations, publications, and websites created by students in the learning process, they can develop learning skills. According to researchers, there are many multimedia programs for working with a computer in a music lesson, namely: a music player, a program for singing karaoke, a music constructor, music encyclopedias, and training programs. The introduction of innovative information technologies in the system of music education allows expanding learning opportunities.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.11 no.5
• /
• pp.43-52
• /
• 2001

Y. Zheng introduced a new type of cryptograghic primitive as \"signcryption\", which combines a function of digital signature scheme with a symmetric key encryption algorithm. Signcryption doesn\`t only provide authenticity and confidentiality in a single step, but also give more efficient computation than the traditional \"signature-then-encryption\". And C. Gamage proposed a proxy-signcryption that efficiently combines a proxy signature with the signcryption. But, in the proposed signcryption schemes, one who obtains the sender\`s private key can recover the original message of a signcrypted text. That is, forward secrecy is not offered by the signcryption scheme with respect to the sender\`s private key. In this paper, we will propose a modified signcryption of Zheng\`s signcryption and a variant of proxy-signcryption with forward secrecy.ith forward secrecy.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.3
• /
• pp.485-494
• /
• 2012

The block cipher HIGHT is designed suitable for low-resource hardware implementation. It established as the TTA standard and ISO/IEC 18033-3 standard. In this paper, we propose a differentail fault attack against the block cipher HIGHT. In the proposed attack, we assume that an attacker is possible to inject a random byte fault in the input value of the 28-th round. This attack can recover the secret key by using the differential property between the original ciphertext and fault cipher text pairs. Using 7 and 12 error, our attack recover secret key within a few second with success probability 87% and 51%, respectively.

• International Journal of Computer Science & Network Security
• /
• v.21 no.5
• /
• pp.84-89
• /
• 2021

Medical tests are very important part of the health monitoring process. It is performed for various reasons like diagnosing diseases, determining medications effectiveness, etc. Due to that, patients should be able to read and understand the available online tests and results in order to take proper decisions regarding their health condition. In fact, people are varying in their educational level and health backgrounds that make providing such information in an easily readable format by the majority of people considered as a challenge in the health domain since ever. This paper describes the MTReadable corpus which constructed for evaluating the readability of online medical tests. It covered 32 basic periodic check-up tests with over 36k words. These tests information are annotated and labelled based on three readability levels which are easy, neutral and difficult by three non-specialists native Arabic speakers. This paper contributes to enriching the Arabic health research community with an investigation of the level of readability of online medical tests and to be a baseline for further complex health online reports and information.