• Journal of Korea Multimedia Society
• /
• v.17 no.7
• /
• pp.778-786
• /
• 2014

Buyer-seller watermarking protocol is one of the copyright protection techniques which combine a cryptographic protocol used in electronic commerce with a digital wetermarking scheme aiming at proving the ownership of multimedia contents and preventing the illegal reproduction and redistribution of digital contents. In this paper, it is proposed a new watermarking scheme in an encrypted domain in an image that is based on the block-DCT framework. In order to implement watermarking scheme in a public-key cryptosystem, it is divided that frequency coefficients exist as real number into integer and decimal layer. And the decimal layer is modified integer type through integral-processing. Also, for robustness and invisibility required in watermarking scheme, it is designed a direction-adaptive watermarking scheme based on locally edge-properties of each block in an image through analyzing distribution property of the frequency coefficients in a block using JND threshold.

• Journal of the Korea Convergence Society
• /
• v.3 no.1
• /
• pp.19-25
• /
• 2012

This paper tries to solve the problems which previous methods have such as the WCDRM(Watermark and Cryptography DRM) and the model using smart card for protecting digital contents. This study provides a contents distribution model to protect the rights of author, distributor, and user as well as user's information by using technologies such as cryptography, DRM(Digital Right Management), access control, etc. The proposed system is evaluated as the most safety model compared with previous methods because it not only solves the problems which the previous methods have, but also protects four type of risks such as use of contents which other mobile devices download, the attack on the key to decode the message, the attack on leaking the contents, and the internal attack such as an illegal reproduction.

• Convergence Security Journal
• /
• v.10 no.3
• /
• pp.61-68
• /
• 2010

Recently a malware is increasing for leaking personal data, credit information, financial information, etc. The secondary damage is also rapidly increasing such as the illegal use of stolen name, financial fraud, etc. But when a system is infected by a malware of leaking information, the existing malware evidence collection tools do not provide evidences conveniently or sometimes cannot provide necessary evidences. So security officials have much difficulty in responding to malwares. This paper analyzes the current status and problems of the existing malware evidence collection tools and suggests new ways to improve those problems.

• Proceedings of the Korean Society of Broadcast Engineers Conference
• /
• 2008.02a
• /
• pp.99-102
• /
• 2008

차세대 이동 통신 서비스 4G는 이동 중 100Mbps, 정지 중 1Gbps급 전송 속도를 제공하는 미래 무선 통신 기술이다. 이것은 현재 상용서비스가 이뤄지고 있는 3G HSDPA(High Speed Packet Access)의 전송속도 14Mbps에 비해 10~100배까지 빠른 속도로 무선 인터넷이 가능함으로 유선으로 인터넷을 사용할 필요가 없어진다. 현재 4G 기술로 진화하기 위한 중간 단계로써 ITU-R, 3GPP, 3GPP2, IEEE 등 세계 각국의 표준 및 기술 단체에서 새로운 무선 이동 통신 기술을 제안하고 있다. 이 중에서 2G의 GSM과 3G의 비동기식 기술 WCDMA의 진화 기술인 3GPP LTE(Long Term Evolution) 및 SAE(System Architecture Evolution)가 유력한 4G 이동 통신 기술 후보로 평가 받고 있다. 본 논문에서는 4G 기술로 주목 받고 있는 3GPP LTE 및 SAE 네트워크에서 3G 시스템 보다 진화된 서비스를 제공하기 위한 목적으로 논의되고 있는 일반적인 요구사항과 이를 만족시키기 위한 기술에 대하여 알아본다. 또한 LTE 표준화와 병행하여 네트워크의 구조를 결정하는 SAE의 구성요소와 프로토콜 구조를 소개하고 LTE 및 SAE 네트워크의 보안위협과 안전한 통신을 위한 키 관리 방법에 대하여 논의한다.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.6 no.2
• /
• pp.529-546
• /
• 2012

To address the need for autonomous control of remote and distributed mobile systems, Machine-to-Machine (M2M) communications are rapidly gaining attention from both academia and industry. M2M communications have recently been deployed in smart grid, home networking, health care, and vehicular networking environments. This paper focuses on M2M communications in the vehicular networking context and investigates areas where M2M principles can improve vehicular networking. Since connected vehicles are essentially a network of machines that are communicating, preferably autonomously, vehicular networks can benefit a lot from M2M communications support. The M2M paradigm enhances vehicular networking by supporting large-scale deployment of devices, cross-platform networking, autonomous monitoring and control, visualization of the system and measurements, and security. We also present some of the challenges that still need to be addressed to fully enable M2M support in the vehicular networking environment. Of these, component standardization and data security management are considered to be the most significant challenges.

• Journal of Internet Computing and Services
• /
• v.8 no.1
• /
• pp.99-113
• /
• 2007

In the rapidly changing e-business environment, organizations need to share information, process business transactions, and enhance collaborations with relevant entities by taking advantage of the various technologies. However, there are always the security issues that need to be handled in order for the e-business operations to be run efficiently. In this research, we suggest the new security authorization model for safety flexible supporting the needs of e-business (e-marketplace) in an organization. This proposed model provides the scalable of access control policy among multi-domains, and preservation of flexible authorization management in distributed system environments. For servers to take the access control policy and enforcement decisions, we also describe the feasible authorization architecture is concerned with how they might seek advice and guideline from formal access control model.

• Proceedings of the KAIS Fall Conference
• /
• 2010.05b
• /
• pp.720-723
• /
• 2010

정보기술에 대한 투자규모는 날로 증가하고 있다. 국내 공공 부문의 경우에도 전자정부 구현 등을 위한 다양한 사업으로 인해 투자가 지속적으로 증가하고 있다. 이런 정보화 투자의 증대에도 불구하고 정보화의 효과에 대해서는 아직도 많은 의문이 제기되고 있다. 특히 S/W 취약성으로 인해 보안 침해사고가 발생하고, 정보화 관련 법제도 미흡으로 보안강화 노력이 강구되지 못하였으며 국가정보화의 새로운 틀이 마련되는 시점에서 법제도의 정비가 필요해졌다. 이러한 부분을 보완하고자 정보보호관리(Information Security Management : ISM)라는 제도를 분석한 프레임워크가 개발되었고, 본 논문은 이를 활용하여 국외 정보보호관리 제도 및 정책을 분석하고자 한다. ISM은 주체별로 역할과 책임을 명확하게 하고, 정보화의 목표를 조직목표에의 기여로 정하여 체계적으로 추진하되, 정보보호 보안 프로그램의 적합성과 구현 및 평가/개선을 하려는 핵심추진 노력이 필요하고, 아울러 이런 노력은 현재의 모습에 만족하지 말고 보다 나은 대안과 효과적 수단을 지속적으로 강구하려는 자세 등이 주요한 특징에 속한다. 본 논문을 통하여 분석된 국외 정보보호관리 제도 및 정책은 향후 우리나라의 정보보호관리 제도 및 정책에 상당한 영향을 미칠 것으로 기대된다.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.7 no.8
• /
• pp.1989-2009
• /
• 2013

How to discover router vulnerabilities effectively and automatically is a critical problem to ensure network and information security. Previous research on router security is mostly about the technology of exploiting known flaws of routers. Fuzzing is a famous automated vulnerability finding technology; however, traditional Fuzzing tools are designed for testing network applications or other software. These tools are not or partly not suitable for testing routers. This paper designs a framework of discovering router protocol vulnerabilities, and proposes a mathematical model Two-stage Fuzzing Test Cases Generator(TFTCG) that improves previous methods to generate test cases. We have developed a tool called RPFuzzer based on TFTCG. RPFuzzer monitors routers by sending normal packets, keeping watch on CPU utilization and checking system logs, which can detect DoS, router reboot and so on. RPFuzzer' debugger based on modified Dynamips, which can record register values when an exception occurs. Finally, we experiment on the SNMP protocol, find 8 vulnerabilities, of which there are five unreleased vulnerabilities. The experiment has proved the effectiveness of RPFuzzer.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.12 no.9
• /
• pp.4512-4526
• /
• 2018

The Internet of Things (IoT) has become an emerging industry that is broadly used in many fields from industrial and agricultural manufacturing to home automation and hospitality industry. Because of the sheer number of connected devices transmitting valuable data, the IoT infrastructures have become a main target for cyber-criminals. One of the key challenges in protecting IoT devices is the lack of security measures by design. Although there are many hardware and software based security solutions (firewalls, honeypots, IPDS, anti-virus etc.) for information systems, most of these solutions cannot be applied to IoT devices because of the fact that IoT devices have limited computing resources (CPU, RAM,). In this paper, we propose a honeypot system called HoneyThing for modem/router devices (i.e. a kind of IoT device). HoneyThing emulates TR-069 protocol which is prevalent protocol used to remotely manage customer-premises equipment (CPE) devices, e.g. modems, routers. Honeything also serves an embedded web server simulating a few actual, critical vulnerabilities associated with the implementation of TR-069 protocol. To show effectiveness of the HoneyThing in capturing real world attacks, we have deployed it in the Internet. The obtained results are highly promising and facilitate to reveal network attacks targeting to CPE devices.

• Journal of Information Technology Applications and Management
• /
• v.22 no.4
• /
• pp.159-179
• /
• 2015

In 2005, Korean government created the Internet Personal Identification Number (i-PIN) for a new online personal identification system to protect citizens' personal information against criminal abuse. However, i-PINs have not been widely in use over a decade. Although many people joined the i-PIN service, its actual use rate has been low. This study intends to identify the factors necessary to boost the continuous use of i-PINs. It was shown that government support and perceived security had a positive effect on the perceived ease of use and perceived usefulness of the i-PIN, respectively. Perceived security also directly affected the continuous use intention of the i-PIN. The perceived ease of use significantly affected the perceived usefulness, but it did not affect the intention to continuously use the i-PIN. The factor that had the most significant influence on the continuous use intention of the i-PIN was perceived usefulness. To increase the i-PIN use rate, Korean government must reduce users' anxiety through strict security functions, and must attempt to help people use the i-PIN easily.