• Journal of Advanced Navigation Technology
• /
• v.15 no.4
• /
• pp.655-663
• /
• 2011

Recently, with improvement of internet service technology, web service has been affecting the environment for computing user. Not only current events, economics, game, entertainment, but also personal financial system is processed by web pages through internet. When data transmission is implemented on the internet, webpage acquire text form code and transform them to DOM information, and then shows processed display to user by web browser. However, those information are not only easily accessed by diversified route, but also easily deformed by intentional purpose. Furthermore, it is also possible to acquire logon information of users and certification information by detouring security mechanism. Therefore, this dissertation propose the method to verify integrity of web contents by using BHO which is one of the Add-On program based on MS Internet Explorer platform which is one of major web browser program designed by MicroSoft to detect any action of webpage deformation.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.6
• /
• pp.1285-1303
• /
• 2019

In the current credit scoring system, the credit bureau gathers credit information from financial institutions and calculates a credit score based on it. However, because all sensitive credit information is stored in one central authority, there are possibilities of privacy violations and successful external attacks can breach large amounts of personal information. To handle this problem, we propose privacy-preserving credit scoring in which a user gathers credit information from financial institutions, calculates a credit score and proves that the score is calculated correctly using a zero-knowledge proof and a blockchain. In addition, we propose a zero-knowledge proof scheme that can efficiently prove committed inputs to check whether the inputs of a zero-knowledge proof are actually provided by financial institutions with a blockchain. This scheme provides perfect zero-knowledge unlike Agrawal et al.'s scheme, short CRSs and proofs, and fast proof and verification. We confirmed that the proposed credit scoring can be used in the real world by implementing it and experimenting with a credit score algorithm which is similar to that of the real world.

• International Journal of Computer Science & Network Security
• /
• v.24 no.5
• /
• pp.40-52
• /
• 2024

Cyber-Physical Systems (CPS) are introduced as complex, interconnected systems that combine physical components with computational elements and networking capabilities. They bridge the gap between the physical world and the digital world, enabling the monitoring and control of physical processes through embedded computing systems and networked communication. These systems introduce several security challenges. These challenges, if not addressed, can lead to vulnerabilities that may result in substantial losses. Therefore, it is crucial to thoroughly examine and address the security concerns associated with CPS to guarantee the safe and reliable operation of these systems. To handle these security concerns, different existing security requirements methods are considered but they were unable to produce required results because they were originally developed for software systems not for CPS and they are obsolete methods for CPS. In this paper, a Security Requirements Engineering Methodology for CPS (CPS-SREM) is proposed. A comparison of state-of-the-art methods (UMLSec, CLASP, SQUARE, SREP) and the proposed method is done and it has demonstrated that the proposed method performs better than existing SRE methods and enabling experts to uncover a broader spectrum of security requirements specific to CPS. Conclusion: The proposed method is also validated using a case study of the healthcare system and the results are promising. The proposed model will provide substantial advantages to both practitioners and researcher, assisting them in identifying the security requirements for CPS in Industry 4.0.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.15 no.4
• /
• pp.43-53
• /
• 2015

Password-based authentication schemes for server-client system are convenient to use, but vulnerable to dictionary attack or brute-force attack. To solve this vulnerability, Cryptographic secret key is used for security, but difficult to memorize. So, for the first time, Das proposed a biometric-based authentication scheme to solve various problems but it has various vulnerabilities. Afterwards, Jiping et al. improved Das's scheme, but some vulnerabilities remain. In this paper, we analyze the cryptanalysis of Jiping et al.'s authentication scheme and then propose improved biometric based user authentication scheme to resolve the analyzed problem. Moreover, we conduct a security analysis for the proposed scheme and make a comparison between the proposed scheme and other biometric based user authentications.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.2
• /
• pp.243-250
• /
• 2013

We have entered into an era of smart software system where the many kinds of embedded software, especially SCADA and Automotive software not only require high reliability and safety but also high-security. Removing software weakness during the software development lifecycle is very important because hackers exploit weaknesses which are source of software vulnerabilities when attacking a system. Therefore the coding rule as like core functions of MISRA-C should expand their coding focus on security. In this paper, we used CERT-C secure coding rules for nuclear-related software being developed to demonstrate high-safety software, and proposed how to remove software weakness during development.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.10 no.9
• /
• pp.1558-1564
• /
• 2006

This study addressed security requirements for ad-hoc network environments, which lies at the hour of the ubiquitous computing revolution and proposed a partially-distributed certificate management system that can ensure security in mobile ad-hoc networks. The proposed model is characterized by ie ability to handle dynamic mobility of nodes, minimize routing load and enhance expandability of network by allowing participating nodes to authenticate each other without being interrupted by joining the cluster. The security, efficiency and robustness of the proposed model were evaluated through simulation.

• Journal of Korea Society of Industrial Information Systems
• /
• v.16 no.2
• /
• pp.13-18
• /
• 2011

Security supports are a significant factor in mobile ad hoc networks. Especially in dynamic topologies, considering cluster, key management is essential to provide a secure system. Recently, Li-Liu proposed iD-based multiple key management scheme for cluster-based ad hoc networks. However, we found the security weakness of their scheme. In this paper, we analyze the security of Li-Liu's scheme and show that master secret key and fragment of the master secret key can be revealed to compromised CHs and nodes. Furthermore, we propose a solution to improve the scheme against disclosure of the share key and the master secret key even though system parameters are opened to compromised nodes and modify the Li-Liu's scheme fitted for a scalable networks. The improved IMKM scheme could be usefully applied in dynamic cluster-based MANETs such as the military battlefields, mobile marketplace and VANETs.

• Journal of the military operations research society of Korea
• /
• v.28 no.1
• /
• pp.115-135
• /
• 2002

The limits of current DN(Defense networks), private and closed network, become to reality; for Example, high expense of construction and maintenance of networks, restriction of new subscribers on DN. Therefore, a network using web environment that reflect fast development of If and IS(Information Security) technology is demanded for MND. Meeting the requirement of reliable IS system and extension and improvement of DN using common network, we can reduce the expense to extend, maintain, repair DN, form the environment that makes military business cooperate better with civil company and government agency, advance implementing Defense computing and networking service for field small size units that was a exception of Defense digitalization. But it is essential to construct DN based on common network that there are security requisites; confidentiality, integrity, availability, efficiency, log, backup, restoration, that have to be realized at demanding level for IS. This thesis suggested four measurements; replacement DN with common network to resolve the requirements of building new network and improvement of performance for private DN, linkage with common network for new requirement, distribution of traffic using common network, configuration of DN using Internet and Proposed a refinement of IS management organization to treat security threat of common network flexibly, and LAN IS standard model of DN based on the web environment.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2014.05a
• /
• pp.417-420
• /
• 2014

Importance of security system to prevent recently increased financial security accident is increasing. Biometric system between the security systems is focused. Fingerprint recognition has many useful aspects such as security, reliability and portability. In this treatise, fingerprint recognition technique is realized by using artificial neural network. Artificial Neural Network(ANN) is a mathematics learning model that makes specific patterns that a program can recognize to show a nerve network's characteristic on a computer. Input fingerprint images have a preprocessing process such as equalization, binarization and thinning. We extract minutiae feature in the images and program can recognize a fingerprint through ANN.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.14 no.5
• /
• pp.165-176
• /
• 2004

Al-Riyami and Paterson$^{[1]}$ suggested the new public key paradigm which is called the certificateless public key system. This system takes the advantages of both traditional PKC and ID-based PKC. It does not require the use of certificates of the public key and does not have the key escrow problem caused from the ID-based cryptosystem. In this paper, we propose an efficient certificateless public key encryption scheme which satisfies mutual authentication. The security of our protocol is based on the hardness of two problems; the computational Diffie-Hellman problem(CDHP) and the bilinear Diffie-Hellman problem(BDHP). We also give a formal security model for both confidentiality and unforgeability, and then show that our scheme is probably secure in the random oracle model.