• Journal of the Korea Convergence Society
• /
• v.8 no.11
• /
• pp.21-27
• /
• 2017

Internet of Things(IoT), which is developing for the hyper connection society, is based on OSHW (Open Source Hardware) such as Arduino and various small products are emerging. Because of the limitation of low performance and low memory, the IoT is causing serious information security problem that it is difficult to apply strong security technology. In this paper, we analyze the vulnerability that can occur as a result of compiling and loading the application program of Arduino on the host computer. And we propose a new attack method that allows an attacker to arbitrarily change the value input from the sensor of the arduino board. Such as a proposed attack method may cause the arduino board to misinterpret environmental information and render it inoperable. By understanding these attack techniques, it is possible to consider how to build a secure development environment and cope with these attacks.

• Journal of the Korea Convergence Society
• /
• v.8 no.11
• /
• pp.63-69
• /
• 2017

The middleware in the IoT system is software that acts as a messenger to connect and exchange data between humans and objects, objects and objects. IoT middleware exists in various forms in all areas, including hardware, protocol, and communication of different kinds, which are different in form and purpose. However, IoT middleware exists in various forms across different areas, including hardware, protocol, and communication of different types and purposes. Therefore, even if the system is designed differently for each role, it is necessary to strengthen the security in common. In this paper, we analyze the structure of IoT middleware using Service Oriented Architecture(SOA) approach and design system security requirements based on it. It was defined: Target Of Evaluation(TOE) existing system development method and the object is evaluated by Common Criteria(CC) for verification based otherwise. The proposed middleware system will be correlated with the security problem definition and the security purpose, which will be the basis for implementing the security enhanced IoT system.

• Journal of IKEEE
• /
• v.16 no.4
• /
• pp.389-394
• /
• 2012

Most current systems have ignored security vulnerability concerned with boot firmware. It is highly likely that boot firmware may cause serious system errors, such as hardware manipulations by malicious programs or code, the operating system corruption caused by malicious code and software piracy under a condition of no consideration of security mechanism because boot firmware has an authority over external devices as well as hardware controls. This paper proposed a structural security mechanism based on software equipped with encrypted bootstrap patterns different from pre-existing bootstrap methods in terms of securely loading an operating system, searching for malicious codes and preventing software piracy so as to provide reliability of boot firmware. Moreover, through experiments, it proved its superiority in detection capability and overhead ranging between 1.5 % ~ 3 % lower than other software security mechanisms.

• Journal of Positioning, Navigation, and Timing
• /
• v.2 no.1
• /
• pp.75-80
• /
• 2013

This article presents the design of long range navigation (LORAN)-disciplined oscillator (LDO), employing the timing information of the LORAN system, which was developed as a backup system that corrects the vulnerability of the global positioning system (GPS)-based timing information utilization. The LDO designed on the basis of hardware generates a timing source synchronized with reference to the timing information of the LORAN-C receiver. As for the LDO-based timing information measurement, the Kalman filter was applied to estimate the measurement of which variance was minimized so that the stability performance could be improved. The oven-controlled crystal oscillator (OCXO) was employed as the local oscillator of the LDO. The controller was operated by digital proportional-integral-derivative (PID) controlling method. The LDO performance evaluation environment that takes into account the additional secondary factor (ASF) of the LORAN signals allows for the relative ASF observation and data collection using the coordinated universal time (UTC). The collected observation data are used to analyze the effect of ASF on propagation delay. The LDO stability performance was presented by the results of the LDO frequency measurements from which the ASF was excluded.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.13 no.10
• /
• pp.4794-4800
• /
• 2012

Many researches have been performed to resist buffer overflow attacks. However, the attack still poses one of the most important issue in system security field. It is because programmers are using library functions containing security hole and once buffer overflow vulnerability has been found, the security patches are distributed after the attacks are widely spreaded. In this paper, we propose a new cache level return address stack architecture for resisting buffer overflow attack. We implemented our hardware onto SimpleScalar simulator and verified its functionality. Our circuit can overcome the various disadvantages of previous works with small overhead.

• Journal of the Korea Convergence Society
• /
• v.5 no.4
• /
• pp.93-99
• /
• 2014

Cloud computing refers to borrow IT resources as needed by leveraging Internet technology and pay as much as you used by supporting real-time scalability depending on the service load. Virtualization which is the main technology of cloud computing is a technology that server, storage and hardware are regarded as not separate system but one system area and are allocated as needed. However, the security mechanisms provided by virtualized environments are difficult to cope with the traditional security mechanisms, having basic levels of visibility, control and audit function, on which the server is designed to monitor the traffic between the servers. In this paper, the security vulnerabilities of virtualization are analysed in the cloud computing environment and cloud virtualization security recommendations are proposed.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.19 no.12
• /
• pp.2865-2870
• /
• 2015

Recently, due to the hardware computing enhancement such as quantum computers, the amount of information that can be processed in a short period of time is growing exponentially. The cryptography system proposed by Koblitz and Fellows has a problem that it can not be guaranteed that the problem finding perfect dominating set is NP-complete in specific 3-regular graphs because the number of invariant polynomial can not be generated enough. In this paper, we propose an enhanced method to improve the vulnerability in 3-regular graph by generating plenty of invariant polynomials.

• The Journal of the Korea Contents Association
• /
• v.9 no.11
• /
• pp.74-79
• /
• 2009

This paper proposes a hardware structure and associated finite state machine designs sharing key scheduling circuitry to enhance the performance of the block cypher algorithm, HIGHT. It also introduces an efficient protocol applicable to RFID systems comprising the HIGHT block cipher algorithm. The new HIGHT structure occupies an area size small enough to accommodate tag applications. The structure yields twice higher performance them conventional HIGHT algorithms. The proposed protocol overcomes the security vulnerability of RFID tags and thereby strengthens the security of personal information.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.14 no.10
• /
• pp.5123-5129
• /
• 2013

In this paper, it is proposed that JTAG fault injection environment and the results of the classification techniques that the reliability of embedded systems can be tested. As applying these, this is possible to quantitative analysis of vulnerable factor for system. The quantitative analysis for the degree of vulnerability of system is evaluated by faults errors, and failures classification schemes. When applying these schemes, it is possible to verify process and classify for fault that might occur in the system.

• Journal of the Korea Society of Computer and Information
• /
• v.13 no.6
• /
• pp.195-201
• /
• 2008

We proposed that is suitable network environment and wire/wireless communication network, easy of implementation, security level preservation, scalable & reconfigurable to TCP/IP protocol architecture to implement suitable smart card MS-Serpent cryptographic algorithm for smart card by hardware base chip level that software base is not implement. Implemented MT-Serpent cryptosystem have 4,032 in gate counter and 406.2Mbps@2.44MHz in throughput. Implemented MS-Serpent cryptographic algorithm strengthens security vulnerability of TCP/IP protocol to do to rescue characteristic of smart card and though several kind of services are available and keep security about many user in wire/wireless environment, there is important purpose.