• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.26 no.5
• /
• pp.656-661
• /
• 2022

Password with a combination of 4-digit numbers has been widely adopted for various authentication systems (such as credit card authentication, digital door lock systems and so on). However, this system could not be safe because the 4-digit password can easily be stolen by predicting it from the fingermarks on the keypad or display screen. Furthermore, due to the prolonged COVID-19 pandemic, contactless method has been preferred over contact method in authentication. This paper suggests a new password input method based on eyeblink pattern analysis in video sequence. In the proposed method, when someone stands in front of a camera, the sequence of eyeblink motions is captured (according to counting signal from 0 to 9 or 9 to 0), analyzed and encoded, producing the desired 4-digit decimal numbers. One does not need to touch something like keypad or perform an exaggerated action, which can become a very important clue for intruders to predict the password.

• International Journal of Computer Science & Network Security
• /
• v.22 no.8
• /
• pp.385-391
• /
• 2022

The relevance of the published study lies in the fact that since the introduction of the first Global Distribution System, new information and communication technologies have constantly been changing the tourism industry. In the context of a current digital environment, travel agencies can't avoid participating in digital transformation processes aimed at rethinking operational models, skills, and organisational structures in the regions. This publication aims to present and provide a critical overview of digitalisation processes in tourism development in the regions of the Russian Federation, as well as to reflect on the challenges to the widespread digitalisation processes in the regional tourism sector. The subject of research is digitalisation processes, as they radically transform the modern tourism industry, in the regions as well. The pragmatic research paradigm was considered the most appropriate for the study of tourism digitalisation processes in the regions, as it does not require the selection of a specific theoretical basis for data collection. The pragmatic approach forms an alternative to classical theoretical approaches and serves as a particular type of grounded theory, combining both inductive and deductive methods. No software was used for the inductive part of the analysis. The deductive part was conducted using the qualitative data analysis software Nvivo 11. Given the wide diversity of interested parties in the regional tourism digital area, a stratified purposive sampling method was preferred due to its ability to adequately represent the full picture of the phenomenon under study. The selection and stratum criteria were chosen to maximise the representation of different perspectives in the regional tourism digital area. The novelty of the study is due to the digitalisation processes, with an implication of new needs, while opening up promising opportunities for more productive tourism business in the regions of the Russian Federation. Currently, e-tourism in the Russian Federation has become a subject of lively debate among scholars and practitioners. However, the involvement of advanced digitalisation technologies in the field of information processes in the regions of the Russian Federation is of a very sporadic character.

• The Journal of The Korea Institute of Intelligent Transport Systems
• /
• v.21 no.6
• /
• pp.266-283
• /
• 2022

With the rapid development of autonomous vehicle technology, unexpected accidents are occurring. Therefore, it is necessary to minimize user accident damage through the development of autonomous traffic safety education. Since edge cases, accident type, and risk factor analysis are important for realistic education, overseas case studies and demonstrations were carried out, and based on this, two curriculum for service providers and general users were developed. The service provider curriculum consisted of OEDR, sudden stop, cut-in, take-over, defensive driving, system malfunction, policy and information security education, and the general user curriculum consisted of attention duty, take-over, operating design domain, accidents type, laws, functions, information security education.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.2
• /
• pp.151-164
• /
• 2023

Recently, the development of quantum computers means a great threat to existing public key system based on discrete algebra problems or factorization problems. Accordingly, NIST is currently in the process of contesting and screening PQC(Post Quantum Cryptography) that can be implemented in both the computing environment and the upcoming quantum computing environment. Among them, SIKE is the only Isogeny-based cipher and has the advantage of a shorter public key compared to other PQC with the same safety. However, like conventional cryptographic algorithms, all quantum-resistant ciphers must be safe for existing cryptanlysis. In this paper, we studied power analysis-based cryptographic analysis techniques for SIKE, and notably we analyzed SIKE through wavelet transformation and deep learning-based clustering power analysis. As a result, the analysis success rate was close to 100% even in SIKE with applied masking response techniques that defend the accuracy of existing clustering power analysis techniques to around 50%, and it was confirmed that was the strongest attack on SIKE.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.1
• /
• pp.1-12
• /
• 2023

It is very time-intensive to obtain data with labels on anomaly detection tasks for multivariate time series. Therefore, several studies have been conducted on unsupervised learning that does not require any labels. However, a well-done integrative survey has not been conducted on in-depth discussion of learning architecture and property for multivariate time series anomaly detection. This study aims to explore the characteristic of well-known architectures in anomaly detection of multivariate time series. Additionally, architecture was categorized by using top-down and bottom-up approaches. In order toconsider real-world anomaly detection situation, we trained models with dataset such as power grids or Cyber Physical Systems that contains realistic anomalies. From experimental results, we compared and analyzed the comprehensive performance of each architecture. Quantitative performance were measured using precision, recall, and F1 scores.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2022.05a
• /
• pp.374-376
• /
• 2022

The Malware App Analysis Tool is a system that analyzes Android-based apps by the AI-based algorithm defined in the tool and detects whether malware code is included. Currently, as the spred of smartphones is activated, crimes using malware apps have increased, and accordingly, security for malware apps is required. Android operating systems used in smartphones have a share of more than 70% and are open-source-based, so not only will there be many vulnerabilities and malware, but also more damage to malware apps, increasing demand for tools to detect and analyze malware apps. However, this paper is proposed because there are many difficulties in designing and developing a malware app analysis tool because the security functional requirements for the malware app analysis tool are not clearly specified. Through the developed protection profile, technology can be improved based on the design and development of malware app analysis tools, safety can be secured by minimizing damage to malware apps, and furthermore, trust in malware app analysis tools can be guaranted through common criteria.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.34 no.2
• /
• pp.301-321
• /
• 2024

Generative artificial intelligence is currently developing rapidly and expanding industrially. The development of generative AI is expected to improve productivity in most industries. However, there is a probability for exploitation of generative AI, and cases that actually lead to crime are emerging. Compared to the fast-growing AI, there is no legislation to regulate the generative AI. In the case of Korea, the crimes and risks related to generative AI has not been clearly classified for legislation. In addition, research on the responsibility for illegal data learned by generative AI or the illegality of the generated data is insufficient in existing research. Therefore, this study attempted to classify crimes related to generative AI for domestic legislation into generative AI for target crimes, generative AI for tool crimes, and other crimes based on ECRM. Furthermore, it suggests technical countermeasures against crime and risk and measures to improve the legal system. This study is significant in that it provides realistic methods by presenting technical countermeasures based on the development stage of AI.

• International Journal of Computer Science & Network Security
• /
• v.24 no.4
• /
• pp.60-66
• /
• 2024

Host's data during transmission. Data tempering results in loss of host's sensitive information, which includes number of VM, storage availability, and other information. In the distributed cloud environment, each server (computing server (CS)) configured with Local Resource Monitors (LRMs) which runs independently and performs Virtual Machine (VM) migrations to nearby servers. Approaches like predictive VM migration [21] [22] by each server considering nearby server's CPU usage, roatative decision making capacity [21] among the servers in distributed cloud environment has been proposed. This approaches usage underlying server's computing power for predicting own server's future resource utilization and nearby server's resource usage computation. It results in running VM and its running application to remain in waiting state for computing power. In order to reduce this, a decentralized decision making hybrid model for VM migration need to be proposed where servers in decentralized cloud receives, future resource usage by analytical computing system and takes decision for migrating VM to its neighbor servers. Host's in the decentralized cloud shares, their detail with peer servers after fixed interval, this results in chance to tempering messages that would be exchanged in between HC and CH. At the same time, it reduces chance of over utilization of peer servers, caused due to compromised host. This paper discusses, an roatative decisive (RD) approach for VM migration among peer computing servers (CS) in decentralized cloud environment, preserving confidentiality and integrity of the host's data. Experimental result shows that, the proposed predictive VM migration approach reduces extra VM migration caused due over utilization of identified servers and reduces number of active servers in greater extent, and ensures confidentiality and integrity of peer host's data.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.34 no.5
• /
• pp.1149-1159
• /
• 2024

With the rapid increase in the construction of smart ships and the growing proportion of IT equipment on vessels, the frequency and severity of maritime cyber incidents have significantly escalated. Recognizing this situation, the International Association of Classification Societies recently enacted the UR E26 regulation. This study investigates the definition of cyber resilience and reviews existing research, using the Analytic Hierarchy Process to determine the priority of factors across the ship lifecycle as presented in the E26 regulation. Additionally, the E26 regulation is compared and analyzed against Cybersecurity Framework and Cyber Resiliency System of the NIST. Through this analysis, the study aims to assist companies that are unfamiliar with maritime cybersecurity in effectively responding to the IACS UR E26 regulation and proposes recommendations for the improvement of the UR E26 regulation.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.34 no.5
• /
• pp.1021-1035
• /
• 2024

This paper proposes the TEE-BOP (Trusted Execution Environment-Based Blockchain Offline Payment) protocol for blockchain-based offline payments. TEE-BOP securely manages offline balances within a Trusted Execution Environment (TEE) and efficiently verifies initial deposit proofs recorded on the blockchain using Merkle trees. Additionally, it ensures secure and tamper-proof transactions in offline environments by guaranteeing the reliability of keys and the system through TEE Attestation. Unlike previous studies, TEE-BOP enhances real-world applicability by eliminating dependence on central authorities and avoiding assumptions of ideal models. The protocol solves the double-spending problem through multi-layered defense mechanisms and addresses forgery prevention by allowing recipients to directly verify data consistency between the TEE and the blockchain. This enables reliable blockchain-based offline payments in areas with unstable network infrastructure. It demonstrates that this research can expand the application of blockchain technology and contribute to improving access to financial services in developing countries or disaster situations.