• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.18 no.5
• /
• pp.125-134
• /
• 2008

A great number of RFID authentication protocols have been proposed for the secure RFID system. These are typically divided into three types according to primitive that they use : Hash-based, Re-encryption based, and XORing-based protocol. The well-known attacks in RFID system are eavesdropping. impersonating, location tracking, and so on. However, existing protocols could not provide security against above attacks, or it was not efficient to search for tags on database. Therefore, in this paper we present a protocol which is secure against above attacks by using hash function and makes Database search tags easily by attaining the state information of previous session through the shared values with all tags and database.

• Current Optics and Photonics
• /
• v.5 no.6
• /
• pp.686-698
• /
• 2021

A camouflaged encryption scheme based on Hadamard matrix and ghost imaging is proposed. In the process of the encryption, an orthogonal matrix is used as the projection pattern of ghost imaging to improve the definition of the reconstructed images. The ciphertext of the secret image is constrained to the camouflaged image. The key of the camouflaged image is obtained by the method of sparse decomposition by principal component orthogonal basis and the constrained ciphertext. The information of the secret image is hidden into the information of the camouflaged image which can improve the security of the system. In the decryption process, the authorized user needs to extract the key of the secret image according to the obtained random sequences. The real encrypted information can be obtained. Otherwise, the obtained image is the camouflaged image. In order to verify the feasibility, security and robustness of the encryption system, binary images and gray-scale images are selected for simulation and experiment. The results show that the proposed encryption system simplifies the calculation process, and also improves the definition of the reconstructed images and the security of the encryption system.

• Journal of Digital Convergence
• /
• v.11 no.2
• /
• pp.43-50
• /
• 2013

Recently, Cyber threats that is doing intelligence and sophistication from the organization's information assets to secure order technical disciplines, as well as managerial and environmental sectors, such as mind-response system is must established. In this paper, possible to analyze the case for the theory in network security, such as the logical network and physical network separation suitable for the corporate environment and constantly respond and manage the Information Security Management Model A secure network design is proposed. In particular, the proposed model improvements derived from the existing network, network improvements have been made in order to design improved ability to respond to real-time security and central manageability, security threats, pre-emptive detection and proactive coping, critical equipment in the event of a dual hwalreu through applied features such as high-availability, high-performance, high-reliability, ensuring separation of individual network security policy integrated management of individual network, network security directional.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.6
• /
• pp.1441-1455
• /
• 2017

In order to build a secure electric vehicle charging infrastructure, security research is required because various data including charging and payment data are transmitted in the electric vehicle charging infrastructure. However, previous researches have focused on smart grid related security research such as power system infrastructure rather than charging infrastructure for electric vehicle charging. In addition, research on charging infrastructure is still lacking, and research using a systematic methodology such as threat modeling is not yet under way. Therefore, it is necessary to apply threat modeling to identify security threats and systematically analyze security requirements to build a secure electric vehicle charging infrastructure. In this paper, we analyze the electric vehicle charging infrastructure by accurately identifying possible threats and deriving objective security requirements using threat modeling including Data Flow Diagram, STRIDE, and Attack Tree.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.1
• /
• pp.123-134
• /
• 2014

As the data gets bigger recently, the demand for relational database management system (RDBMS) and NoSQL DBMS to process big data has been increased consistently. The digital forensic investigation method for RDBMS has been studied actively, but that for NoSQL DBMS, which is popularly used nowadays, has almost no research. This paper proposes the digital forensic investigation process and method for MongoDB, the most popularly used among NoSQL DBMS.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.3
• /
• pp.655-663
• /
• 2018

As digitalization accelerates, the use of digital information is increasing in public institutions such as schools and libraries, and the demand for print services is also increasing. Among many services, printing service on public PCs should charge fee to printer users, but it is a very difficult task for administrators. Print management solutions have been developed and are now widely used to automate these demanding tasks. In this paper, we analyze the vulnerability of printer management solutions used in public institutions. However, the security awareness of public PC administrators and printer management solution developers seem to be lacking.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.6
• /
• pp.1377-1383
• /
• 2015

As the cloud services users' increase, there are important files created by individual in cloud storage. Thus, investigation of cloud artifact should be conducted. There are two methods of analyzing cloud service, one is that investigates cloud server provider (CSP), and another is that investigates client. In this paper, we presents an automated framework to detect the altered artifact and developes a tool that detects the cloud artifact. We also developed Cloud Artifact Tool that can investigate client computer. Cloud Artifact Tool provides feature of collection and analysis for the services such as Google Drive, Dropbox, Evernote, NDrive, DaumCloud, Ucloud, LG Cloud, T Cloud and iCloud.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.14 no.5
• /
• pp.2221-2235
• /
• 2020

Compared to the past infrastructure networks, the current smart grid network can improve productivity and management efficiency. However, as the Industrial Internet of Things (IIoT) and Internet-based standard communication protocol is used, external network contacts are created, which is accompanied by security vulnerabilities from various perspectives. Accordingly, it is necessary to develop an appropriate cybersecurity guideline that enables effective reactions to cybersecurity threats caused by the abuse of such defects. Unfortunately, it is not easy for each organization to develop an adequate cybersecurity guideline. Thus, the cybersecurity checklist proposed by a government organization is used. The checklist does not fully reflect the characteristics of each infrastructure network. In this study, we proposed a cybersecurity framework that reflects the characteristics of a microgrid network in the IIoT environment, and performed an analysis to validate the proposed framework.

• The Journal of Korean Association of Computer Education
• /
• v.8 no.6
• /
• pp.13-21
• /
• 2005

In this study, we study and analysis on e-Learning based Information Security curriculum. e-Learning based university education courses will be much more established in Korea based on advanced IT technology. Computer related majors such as 'Computer Science' and 'Software' can be easily combined with e-Learning system. And Advanced Information Security Expert (AISE) educational course must be broadly opened for satisfying national requirements. In this study, we analyze e-Learning course on Information Security major based on off-line curriculum and suggest new model for further research.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.6
• /
• pp.1263-1269
• /
• 2014

Since the cyber defense has been dependent on commercial products and protection systems, in aspect of the recent trends, our cyber defence ecosystem can be more vulnerable. In case of general defense weapon companies, they have to be observed by the government such as certain proprietary technologies and products for the protection from the enemy. On the contrary, most cyber weapon companies have not been managed like that. For this reason, cyber attack can reach to the inside of our military through the security hole of commercial products. In this paper, we enhanced a military cyber protection ecosystems out of enemy attacks and analyze the hypothetical scenarios to evaluate and verify the vulnerability, and finally more securable ecosystem of military protection system is presented politically and technically.