• Journal of Software Assessment and Valuation
• /
• v.16 no.1
• /
• pp.65-79
• /
• 2020

As Programmable Logic Controllers (PLCs), popular components in industrial control systems (ICS), are incorporated with the technologies such as micro-controllers, real-time operating systems, and communication capabilities. As the latest PLCs have been connected to the Internet, they are becoming a main target of cyber threats. This paper proposes two sanitizers that improve the security of uC/OS-II based firmware for a PLC. That is, we devise BU sanitizer for detecting out-of-bounds accesses to buffers and UaF sanitizer for fixing use-after-free bugs in the firmware. They can sanitize the binary firmware image generated in a desktop PC before downloading it to the PLC. The BU sanitizer can also detect the violation of control flow integrity using both call graph and symbols of functions in the firmware image. We have implemented the proposed two sanitizers as a prototype system on a PLC running uC/OS-II and demonstrated the effectiveness of them by performing experiments as well as comparing them with the existing sanitizers. These findings can be used to detect and mitigate unintended vulnerabilities during the firmware development phase.

• Journal of the Korean Institute of Intelligent Systems
• /
• v.15 no.6
• /
• pp.714-719
• /
• 2005

The paper attempts to design and implement the system which can remotely check visitors' speech or Image by a mobile phone. This system is designed to recognize who a visitor is through the automatic calling service, not through a short message, via the mobile phone, even when the home owner is outside. In general, door locks are controlled through the home Server, but it is more effective to control door locks by using DTMF signal from a real-time point of view. The technology suggested in this paper makes it possible to communicate between the visiter and the home owner by making a phone call to tile home owner's mobile phone automatically when the visiter visits the house even if the home owner is outside, and if necessary, it allows for the home owner to control the door lock remotely. Thanks to the system, the home owner is not restricted by time or space for checking the visitor's identification and controlling the door lock. In addition, the security system is improved by changing from the existing password form to the combination of password and speaker verification lot the verification procedure required for controlling the door lock and setting the environment under consideration of any disadvantages which may occur when the mobile Phone is lost. Also, any existing problems such as reconnection to tile network for controlling tile door lock are solved by controlling the door lock in real time by use of DTMF signal while on the phone.

• Journal of Digital Convergence
• /
• v.10 no.11
• /
• pp.47-58
• /
• 2012

This study selects political and military decision factors of Participatory Government's Wartime Operational Control(OPCON) Transition and analyzes, both quantitatively and qualitatively, the effects and relations between those factors. Previous research utilizing the Analytic Hierarchy Process(AHP) selected their decision factors based on academic data and field experience, requiring more objective analysis of the factors. For this study, we conducted a survey among security subject matter experts(SME) both online and offline. The results show that OPCON transition's decision factors were to 'recover military sovereignty', 'set the conditions for peaceful reunification' and 'improve ROK image through enhancing national power' which differs little from the previous AHP method studies. It also showed that 'recover military sovereignty' and 'set the conditions for peaceful reunification' had no relationship to each other and that the key factor that decided the OPCON Transition was actually 'recover military sovereignty' which represents the interest of the liberal party in ROK. This study finds its meaning by analyzing the decision factors of Participartory Government's OPCON Transition thorugh Delphi and DEMATEL method.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.5
• /
• pp.895-907
• /
• 2020

With the recent increasing influence of multimedia content other than the text-based content, services that help to process information in content brings us great convenience. These services' representative features are searching and masking the sensitive data. It is not difficult to find the solutions that provide searching and masking function for text information and image. However, even though we recognize the necessity of the technology for searching and masking a part of the audio data, it is not easy to find the solution because of the difficulty of the technology. In this study, we propose web application that provides searching and masking functions for audio data using audio partitioning method. While we are achieving the research goal, we evaluated several speech to text conversion APIs to choose a proper API for our purpose and developed regular expressions for searching sensitive information. Lastly we evaluated the accuracy of the developed searching and masking feature. The contribution of this work is in design and implementation of searching and masking a sensitive information from the audio data by the various functionality proving experiments.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.13 no.1
• /
• pp.19-26
• /
• 2003

Recently, the number of internet service companies is increasing and so is the number of malicious attackers. Damage such as distrust about credit and instability of the service by these attacks may influence us fatally as it makes companies image failing down. One of the frequent and fatal attacks is DoS(Denial-of-Service). Because the attacker performs IP spoofing for hiding his location in DoS attack it is hard to get an exact location of the attacker from source IP address only. and even if the system recovers from the attack successfully, if attack origin has not been identified, we have to consider the possibility that there may be another attack again in near future by the same attacker. This study suggests to find the attack origin through MAC address marking of the attack origin. It is based on an IP trace algorithm, called Marking Algorithm. It modifies the Martins Algorithm so that we can convey the MAC address of the intervening routers, and as a result it can trace the exact IP address of the original attacker. To improve the detection time, our algorithm also contains a technique to improve the packet arrival rate. By adjusting marking probability according to the distance from the packet origin we were able to decrease the number of needed packets to traceback the IP address.

• Journal of KIISE:Software and Applications
• /
• v.30 no.10
• /
• pp.938-943
• /
• 2003

In this paper, we Propose a method using the Tikhonov-Miller process to improve the robustness of watermarking under various attacks. A visually recognizable pattern watermark is embedded in the LH2, HL2 and HH2 subband of wavelet transformed domain using threshold and besides watermark is embeded by utilizing HVS(Human Visual System) feature. The pattern watermark was interlaced after random Permutation for a security and an extraction rate. To demonstrate the improvement of robustness and similarity of the proposed method, we applied some basic algorithm of image processing such as scaling, filtering, cropping, histogram equalizing and lossy compression(JPEG, gif). As a result of experiment, the proposed method was able to embed robust watermark invisibility and extract with an excellent normalized correlation of watermark under various attacks.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.34 no.6C
• /
• pp.604-610
• /
• 2009

This paper propose a digital watermarking method for digital contents which satisfies both the invisibility and the robustness to attacks to prohibit counterfeiting, modification, illegal usage and illegal re-production of video contents. This watermarking algorithm insert a watermark(digital hologram) by generated using Fresnel transform which improve the robustness. The inserting positions of the watermark choose by considering the frequency property of an image and a watermark. Also the amount of watermarking for watermark bit decide by considering the level of 2DDWT. This algorithm was implemented by C++ and experimented for invisibility and robustness with optical system. The experiment results showed that the method satisfied enough the invisibility of the inserted watermark and robustness against attacks. For the general attacks, the error rate of the extracted watermark was less than 15%, which is enough in robustness against the attacks.

• Journal of the Institute of Electronics Engineers of Korea CI
• /
• v.45 no.3
• /
• pp.22-30
• /
• 2008

Recently, protection of personal information is getting more important. Many countries have legislated about the protection of personal information. Now, the protection of relevant personal information is required not for a simple image of enterprises but law obligation. Most databases in enterprises used to store customers' names, addresses and credit card numbers with no exceptions. The personal information about a person is sensitive, and this asset is strategic. Therefore, most enterprises make an effort to preserve personal information safely. If someone, however, hacks password information of DBMS manager, no one can trust this system. Therefore, encryption is required based in order to protect data in the database. Because of database encryption, however, it is the problem of database performance in terms of computation time and the limited SQL query. Thus, we proposed an efficient query method to solve the problem of encrypted data in this paper.

• Journal of Korea Multimedia Society
• /
• v.13 no.4
• /
• pp.575-581
• /
• 2010

With widespread use of the Internet and improvements in streaming media and compression technology, digital music, video, and image can be distributed instantaneously across the Internet to end-users. However, most conventional Digital Right Management are often not secure and not fast enough to process the vast amount of data generated by the multimedia applications to meet the real-time constraints. The SVC offers temporal, spatial, and SNR scalability to varying network bandwidth and different application needs. Meanwhile, for many multimedia services, security is an important component to restrict unauthorized content access and distribution. This suggests the need for new cryptography system implementations that can operate at SVC. In this paper, we propose a new scrambling encryption for reserving the characteristic of scalability in MPEG4-SVC. In the base layer, the proposed algorithm is applied and performed the selective scambling. And it encrypts various MVS and intra-mode scrambling in the enhancement layer. In the decryption, it decrypts each encrypted layers by using another encrypted keys. Throughout the experimental results, the proposed algorithms have low complexity in encryption and the robustness of communication errors.

• The Journal of the Korea Contents Association
• /
• v.9 no.7
• /
• pp.37-44
• /
• 2009

Digital watermarking is a technology for preventing illegal copying, for protecting intellectual property rights and copyrights, and for suggesting grounds of the ownership by inserting watermarks into digital contents. Generally speaking, watermarking techniques cannot escape from data distortion and quality degradation due to the watermark insertion. In order to overcome the shortcoming, zero-watermarking techniques which do not change the original data have been proposed recently. This paper proposes CSMVQ(Chaotic SMVQ), a zero-watermarking system for SMVQ(Side Match Vector Quantization) which shows better compression ratio and quality and less blocking effect than VQ(Vector Quantization). In SMVQ, compression progresses from left top to right bottom in order to use the information of the two neighbor blocks, so it is impossible to insert watermarks chaotically. In the process of encoding, CSMVQ dynamically considers the information of the (1 to 4) neighbor blocks already encoded. Therefore, watermark can be inserted into digital contents in chaotic way. Experimental results show that the image quality compressed by CSMVQ is better than that of SMVQ and the inserted watermark is robust against some common attacks.