• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.2
• /
• pp.429-436
• /
• 2018

Electronic documents are efficient to be created and managed, but they are liable to lose their originality because copies are created during distribution and delivery. For this reason, various security technologies for electronic documents have been applied. However, most security technologies currently used are for document management such as file access privilege control, file version and history management, and therefore can not be used in environments where authenticity is absolutely required, such as confidential documents. In this paper, we propose a method to detect document forgery and tampering through analysis of file system without installing an agent inside the instance operating system in cloud computing environment. BubbleDoc monitors the minimum amount of virtual volume storage in an instance, so it can efficiently detect forgery and tampering of documents. Experimental results show that the proposed technique has 0.16% disk read operation overhead when it is set to 1,000ms cycle for monitoring for document falsification and modulation detection.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.6
• /
• pp.1373-1383
• /
• 2017

Deduplication is a function to effectively manage data and improve the efficiency of storage space. When the deduplication is applied to the system, it makes it possible to efficiently use the storage space by dividing the stored file into chunks and storing only unique chunk. However, the commercial digital forensic tool do not support the file system analysis, and the original file extracted by the tool can not be executed or opened. Therefore, in this paper, we analyze the process of generating chunks of data for a Windows Server 2012 system that can apply deduplication, and the structure of the resulting file(Chunk Storage). We also analyzed the case where chunks that are not covered in the previous study are compressed. Based on these results, we propose the method to collect deduplicated data and reconstruct the original file for digital forensic investigation.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.21 no.2
• /
• pp.13-25
• /
• 2011

Biometric-based authentication can provide strong security guarantee about the identity of users. However, security of biometric data is particularly important as the compromise of the data will be permanent. The fuzzy fingerprint vault system is one of the most popular solutions for protecting the fingerprint template stored in the database. Recently, however, this system is very susceptible to a correlation attack that finds the real minutiae using multiple fingerprint vaults enrolled for different applications. To solve this problem, we propose a robust fuzzy fingerprint vault system against the correlation attack. In this paper, we add chaff minutiae based on the relative information of minutiae such as direction, coordinate instead of adding randomly. Also, our proposed approach allow to add multiple chaff minutiae within tolerance box for enhanced security level. Experimental results show that the proposed approach can protect the correlation attack and achieve enhanced verification accuracy.

• Journal of Korea Society of Industrial Information Systems
• /
• v.29 no.4
• /
• pp.43-54
• /
• 2024

This study presented a cybersecurity risk management system in a smart factory environment. A smart factory refers to a factory that optimizes the production system and increases efficiency. However, this digitized environment is vulnerable to cyber attacks, and manufacturing companies can suffer serious damage from disruptions in production systems or information leaks. Therefore, a systematic approach to effectively managing cyber security risks is essential in smart factories. In this study, a continuous security risk management system for each stage of the smart factory was proposed along with business process-based security risk assessment. These studies will help to further improve cybersecurity risk management in smart factories. It will also play an important role in ensuring that smart factories operate safely and efficiently.

• Convergence Security Journal
• /
• v.18 no.5_1
• /
• pp.93-98
• /
• 2018

Korea Hydro & Nuclear Power Co., Ltd., Korea Electric Power Corporation, and Korea South-East Power Corporation are major infrastructure facilities of power supplying countries. If a malicious hacking attack occurs, the damage is beyond the imagination. In fact, Korea Hydro & Nuclear Power has been subjected to a hacking attack, causing internal information to leak and causing social big problems. In this paper, we propose a strategy and countermeasures for stabilization of various power generation control systems by analyzing the environment and the current status of power generation control system for convergence security research, which is becoming a hot issue. We propose a method to normalize and integrate data types from various physical security systems (facilities), IT security systems, access control systems, to control the whole system through convergence authentication, and to detect risks through fusion control.

• Journal of Information Technology Services
• /
• v.22 no.3
• /
• pp.49-63
• /
• 2023

The inclusion of software and wireless communication devices in vehicles has raised concerns regarding automobile security. In its response, UNECE WP.29 implemented the first-ever international standard for automotive cyber security in June 2020. Yet, the existing disparity between national standards for automotive certification systems and 「UN Regulation No. 155」 has caused confusion among auto makers. This discrepancy not only jeopardizes the security of domestic vehicles but also poses challenges to the seamless import and export of automobiles. Hence, there is a need to enhance the automotive cyber security certification system; however, there is a dearth of scholarly discourse on this topic. Consequently, this study presents a proposal for enhancing the domestic automotive cyber security certification system. In view of this, existing legal frameworks such as the 「Motor Vehicle Management Act」 and the 「Self-Driving Vehicle Act」 were reviewed, along with domestic and international automotive certification systems. The recommendations for improvement, derived from the findings, encompass institutional, legal, and operational aspects. This study is highly significant as it examines both domestic and international automotive certification systems in an area where there is a lack of academic discussion.

• Journal of Navigation and Port Research
• /
• v.37 no.5
• /
• pp.447-452
• /
• 2013

Vessel traffic system uses multiple sea surveillance radars as a primary sensor to obtain maritime traffic information like as ship's position, speed, course. The systematic errors such as the range bias and the azimuth bias of the two-dimensional radar system can significantly degrade the accuracy of the radar image and target tracking information. Therefore, the systematic errors of the radar system should be corrected precisely in order to provide the accurate target information in the vessel traffic system. In this paper, it is proposed that the method compensates the range bias and the azimuth bias using AtoN information installed at VTS coverage. The radar measurement residual error model is derived from the standard error model of two-dimensional radar measurements and the position information of AtoN, and then the linear Kalman filter is designed for estimation of the systematic errors of the radar system. The proposed method is validated via Monte-Carlo runs. Also, the convergence characteristics of the designed filter and the accuracy of the systematic error estimates according to the number of AtoN information are analyzed.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2017.05a
• /
• pp.379-382
• /
• 2017

Shipping and logistics safety, security system is strengthening worldwide, the development of shipping and logistics safety security core technology for national security logistics system construction has been carried out. In addition, it is necessary to localize the Array Detection System, which is a core component of the container search machine, to cope with the 100% pre-inspection of the container scheduled for 2018 in the United States. In this paper, we propose a test software program developed by using TI-RTOS (Texas Instruments - Real Time Operating System) with a test digital signal processing board which is developed self development.

• Convergence Security Journal
• /
• v.11 no.4
• /
• pp.37-42
• /
• 2011

In this paper, the design methodology of information security is analyzed to implement the ubiquitous city (u-City). The definition, concept, and main u-services of u-City are presented. The main components, functio ns and offering services of u-City management center are presented, and the laws and network security requirements related to protect the personal information in collecting, processing, and exchanging are also analyzed. Three step security levels of Router/Switch, Firewall/VPN, and IPS are applied where main functions of in terception of abnormal packets($1^{st}$ level), access control for each service($2^{nd}$ level), and real-time network monitoring($3^{rd}$ level) are performed. Finally, application cases are presented to validate the security of personal information in providing the u-City services.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.4
• /
• pp.951-960
• /
• 2015

The smart screening in the medical field as diffusion of smart devices and development of communication technologies is emerging some medical security concerns. Among of them its necessary to taking risk management measures to identify, evaluate and control of the security risks that can occur in Telemedicine because of the Medical information interchanges as Doctor to Doctor (D2D), Doctor to Patient (D2P). This research paper studies and suggests the risk analysis and evaluation methods of risk security that can occur in Telemedicine based on the verified results of Telemedicine system and equipment from the direct site which operating in primary clinics, public health centers and it's branches, etc.