• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.15 no.2
• /
• pp.31-37
• /
• 2015

The security of the image information is very important in many areas of the IoT(Internet of Things), and study a number of ways to display the security (copyright, etc.). In this paper, information of image that is used by the IoT is converted to a DCT(Discrete Cosine Transform) and QC(Quantization Coefficient). And watermark (message) is to create a new encoded message(WMQR) through a QR Code. QC and WMQR applies LSB steganography techniques, can get the security (copyright, etc.) of image information. LSB steganographic techniques may be inserted according to a message (Watermark) to determine the location (Secret Key). The encoded image is sent to the recipient via the Internet. The reverse process can be obtained image and a QR code, a watermark (Message). A method for extracting a watermark from the security of the image information is coded using only the image and Secret Key, through the DCT and quantization process, so obtained by separating the watermark (Message) for the image. In this paper, we were able to improve the security of the method of image information, the image quality of the image by the simulations (PSNR), in turn, benefits were also normalized correlation (NC) and security.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.32 no.7A
• /
• pp.717-723
• /
• 2007

There are many weaknesses in sensor networks due to hardware limitation of sensor nodes besides the vulnerabilities of a wireless channel. In order to provide sensor networks with security, we should find out the approaches different from ones in existing wireless networks; the security mechanism in sensor network should be light-weighted and not degrade network performance. Sowe proposed a novel data origin authentication satisfying both of being light-weighted and maintaining network performance by using Unique Random Sequence Code. This scheme uses a challenge-response authentication consisting of a query code and a response code. In this paper, we show how to make a Unique Random Sequence Code and how to use it for data origin authentication.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.32 no.5A
• /
• pp.402-408
• /
• 2007

There are many weaknesses in sensor networks due to hardware limitation of sensor nodes besides the vulnerabilities of a wireless channel. In order to provide sensor networks with security, we should find out the approaches different from ones in existing wireless networks; the security mechanism in sensor network should be light-weighted and not degrade network performance. Sowe proposed a novel data origin authentication satisfying both of being light-weighted and maintaining network performance by using Unique Random Sequence Code. This scheme uses a challenge-response authentication consisting of a query code and a response code. In this paper, we show how to make a Unique Random Sequence Code and how to use it for data origin authentication.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2007.05a
• /
• pp.989-992
• /
• 2007

In this paper we introduce a new paradigm of physical layer security for wireless network. Existing security protocols like internet's transport layer security protocol has some security flaws that skilled hackers could exploit. Motivated from this point we introduce a new security protocol that works in physical layer which is much less vulnerable to hackers than any other higher layers. In our proposal, we incorporate the proposed security protocol within channel coding as channel coding is an essential part of wireless communication. We utilize the flexibility to choose a generator matrix (or generator polynomial) of a particular code that selects the code words as a core of our protocol. Each pair of wireless node will select a unique generator using their security key before they started to communicate with each other.

• Journal of Korea Multimedia Society
• /
• v.19 no.10
• /
• pp.1792-1807
• /
• 2016

Android application is vulnerable to reverse engineering attack. And by this, it is easy to extract significant module from source code and repackage it. To prevent this problem, dynamic class loading technique, which is able to exclude running code from distributed source code and is able to load running code dynamically during runtime can be used. Recently, this technique was adapted on variety of fields and applications like updating pre-loaded android application, preventing from repacking malicious application, etc. Despite the fact that this technique is used on variety of fields and applications, there is fundamental lack on the study of potential weakness or related secure coding. This paper would deal with potential weaknesses during the implementation of dynamic class loading technique with analysing related international/domestic standard of weaknesses and suggest a secure way for the implementation of dynamic class loading technique. Finally, we believe that this technique described here could increase the level of trust by decreasing the weakness related to dynamic class loading technique.

• Convergence Security Journal
• /
• v.11 no.6
• /
• pp.37-44
• /
• 2011

VANET(Vehicular Ad-hoc Network) is a kind of ad hoc networks consist of intelligence vehicular ad nodes, and has become a hot emerging research project in many field. It provide traffic safety, cooperative driving and etc. but has also some security problems that can be occurred in general ad hoc networks. Also, in VANET, vehicles shoul d be able to authenticate each other to securely communicate with network-based infrastructure, and their locations and identifiers should not be exposed from the communication messages. This paper proposes V2I(Vehicular to Infra structure) authentication protocol that anonymity and untraceability of vehicular using Error Correcting Code that ge nerate encoding certification using generation matrix. The proposed scheme based on ECC resolves overhead problems of vehicular secure key management of KDC.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.2
• /
• pp.439-446
• /
• 2022

Document-type malicious codes are being actively distributed using attachments on websites or e-mails. Document-type malicious code is relatively easy to bypass security programs because the executable file is not executed directly. Therefore, document-type malicious code should be detected and prevented in advance. To detect document-type malicious code, we identified the document structure and selected keywords suspected of being malicious. We then created a dataset by converting the stream data in the document to ASCII code values. We specified the location of malicious keywords in the document stream data, and classified the stream as malicious by recognizing the adjacent information of the malicious keywords. As a result of detecting malicious codes by applying the CNN model, we derived accuracies of 0.97 and 0.92 in stream units and file units, respectively.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.14 no.6
• /
• pp.1077-1082
• /
• 2019

The development of computing technology and networking has developed into a fundamental technology of the Fourth Industrial Revolution, which provides a ubiquitous environment. In the ubiquitous environment, the IoT environment has become an issue so that various devices and the things can be actively accessed and connected. Also, the RFID system using the wireless identification code attaches an RFID tag to the object, such as the production and distribution of products. It is applied to the management very efficiently. EPCglobal is conducting a research on RFID system standardization and various security studies. Since RFID systems use wireless environment technology, there are more security threats than wire problems. In particular, failure to provide confidentiality, indistinguishability, and forward safety could expose them to various threats in the Fourth Industrial Revolution. Therefore, this study analyzes the standard method of EPCgolbal and proposes RFID security method using hash code that can consider the amount of computation.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.17 no.4
• /
• pp.37-46
• /
• 2007

The authentication in WSN(Wireless Sensor Network) usually means the entity authentication, but owing to the data centric nature of sensor network, much more importance must be put on the authentication(or attestation) for code of sensor nodes. The naive approach to the attestation is for the verifier to compare the previously known memory contents of the target node with the actual memory contents in the target node, but it has a significant drawback. In this paper, we show what the drawback is and propose a countermeasure. This scheme can verify the whole memory space of the target node and provides extremely low probability of malicious code's concealment without depending on accurate timing information unlike SWATT. We provide two modes of this verification method: BS-to-node and node-to-node. The performance estimation in various environments is shown.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.6
• /
• pp.1079-1085
• /
• 2020

Fuzzing is used to find vulnerabilities for a library. Because library fuzzing only tests the implemented functions, in order to achieve higher code coverage, additional functions that are not implemented should be implemented. However, if a function is added without regard to the calling relationship of the functions in the library, a problem may arise that the function that has already been tested is added. We propose a novel method to improve the code coverage of library fuzzing. First, we analyze the function call graph of the library to efficiently add the functions for library fuzzing, and additionally implement a library function that has not been implemented. Then, we apply a hybrid fuzzing to explore for branches with complex constraints. As a result of our experiment, we observe that the proposed method is effective in terms of increasing code coverage on OpenSSL, mbedTLS, and Crypto++.