Go to the main menu
Skip to content
Go to bottom
REFERENCE LINKING PLATFORM OF KOREA S&T JOURNALS
> Journal Vol & Issue
Journal of the Korea Institute of Information Security and Cryptology
Journal Basic Information
Journal DOI :
Korea Institutes of Information Security and Cryptology
Editor in Chief :
Volume & Issues
Volume 22, Issue 6 - Dec 2012
Volume 22, Issue 5 - Oct 2012
Volume 22, Issue 4 - Aug 2012
Volume 22, Issue 3 - Jun 2012
Volume 22, Issue 2 - Apr 2012
Volume 22, Issue 1 - Feb 2012
Selecting the target year
A Secure RFID Multi-Tag Search Protocol Without On-line Server
Lee, Jae-Dong ;
Journal of the Korea Institute of Information Security and Cryptology, volume 22, issue 3, 2012, Pages 405~415
In many applications a reader needs to determine whether a particular tag exists within a group of tags without a server. This is referred to as serverless RFID tag searching. A few protocols for the serverless RFID searching are proposed but they are the single tag search protocol which can search a tag at one time. In this paper, we propose a multi-tag search protocol based on a hash function and a random number generator which can search some tags at one time. For this study, we introduce a protocol which can resolve the problem of synchronization of seeds when communication error occurs in the S3PR protocol, and propose a multi-tag search protocol which can reduce the communication overhead. The proposed protocol is secure against tracking attack, impersonation attack, replay attack and denial-of-service attack. This study will be the basis of research for multi-tag serach protocol.
An Efficient Mixnet for Electronic Voting Systems
Jeon, Woong-Ryul ; Lee, Yun-Ho ; Won, Dong-Ho ;
Journal of the Korea Institute of Information Security and Cryptology, volume 22, issue 3, 2012, Pages 417~425
In 2010, Sebe et al. proposed an efficient and lightweight mixnet scheme for remote voting systems. The scheme based on a cryptographic secure hash function, does not require complex and costly zero-knowledge proofs of their correct mixing operations, thus they claimed that their scheme is simple and efficient. In this paper, we propose more efficient and fast mixnet scheme than Sebe et al.'s scheme under the same assumption.
Key Management and Recovery Scheme over SCADA System Using ID-based Cryptosystem
Oh, Doo-Hwan ; Choi, Doo-Sik ; Na, Eun-Sung ; Kim, Sang-Chul ; Ha, Jae-Cheol ;
Journal of the Korea Institute of Information Security and Cryptology, volume 22, issue 3, 2012, Pages 427~438
The SCADA(Supervisory Control and Data Acquisition) systems are used to control some critical national infrastructures such as electricity, gas, and water distribution systems. Recently, there are many researches on key management scheme for secure communication due to change to the open network environment. We propose a new key management method which is established on ID-based cryptosystem using pairing on MTU(Master Terminal Unit), Sub-MTU, and RTU(Remote Terminal Unit). Furthermore, we present a redistribution protocol of private key of each device and a system recovery protocol as a countermeasure of exposure of KMS(Key Management System) master key which is occurred by some unexpected accidents or malicious attacks.
A Late-Round Reduction Attack on the AES Encryption Algorithm Using Fault Injection
Choi, Doo-Sik ; Choi, Yong-Je ; Choi, Doo-Ho ; Ha, Jae-Cheol ;
Journal of the Korea Institute of Information Security and Cryptology, volume 22, issue 3, 2012, Pages 439~445
Since an attacker can extract secret key of cryptographic device by occurring an error during encryption operation, the fault injection attack have become a serious threat in cryptographic system. In this paper, we show that an attacker can retrieve the 128-bits secret key in AES implementation adopted iterative statement for round operations using fault injection attack. To verify the feasibility of our attack, we implement the AES algorithm on ATmega128 microcontroller and try to inject a fault using laser beam. As a result, we can extract 128-bits secret key by obtaining just two pairs of correct and faulty ciphertexts.
An efficient privacy-preserving data sharing scheme in social network
Jeon, Doo-Hyun ; Chun, Ji-Young ; Jeong, Ik-Rae ;
Journal of the Korea Institute of Information Security and Cryptology, volume 22, issue 3, 2012, Pages 447~461
A social network service(SNS) is gaining popularity as a new real-time information sharing mechanism. However, the user's privacy infringement is occurred frequently because the information that is shared through a social network include the private information such as user's identity or lifestyle patterns. To resolve this problem, the research about privacy preserving data sharing in social network are being proceed actively. In this paper, we proposed the efficient scheme for privacy preserving data sharing in social network. The proposed scheme provides an efficient conjunctive keyword search functionality. And, users who granted access right to storage server can store and search data in storage server. Also,, our scheme provide join/revocation functionality suited to the characteristics of a dynamic social network.
Efficient and Secure User Authentication and SDP Encryption Method in SIP
Kim, Jung-Je ; Chung, Man-Hyun ; Cho, Jae-Ik ; Shon, Tae-Shik ; Moon, Jong-Sub ;
Journal of the Korea Institute of Information Security and Cryptology, volume 22, issue 3, 2012, Pages 463~472
This paper propose a security method that performs mutual authentication between the SIP UA and the server, check for integrity of the signaling channel and protection of SDP information for VoIP using a One-Time Password. To solve the vulnerability of existing HTTP Digest authentication scheme in SIP, Various SIP Authentication schemes have been proposed. But, these schemes can't meet security requirements of SIP or require expensive cryptographic operations. Proposed method uses OTP that only uses hash function and is updated each authentication. So Proposed method do not require expensive cryptographic operations but performs user authentication efficiently and safely than existing methods. In addition, Proposed method verifies the integrity of the SIP messages and performs SDP encryption/decryption through OTP that used for user authentication. So Proposed method can reduce communication overhead when applying S/MIME or TLS.
On the Security of a New C2C-PAKA Protocol
Byun, Jin-Wook ;
Journal of the Korea Institute of Information Security and Cryptology, volume 22, issue 3, 2012, Pages 473~483
To achieve an entire end-to-end security, the classical authentication setting such that all participants have a same password is not practical since a password is not a common secret but a personal secret depending on an individual. Thus, an efficient client to client different password-based authenticated key agreement protocol (for short, EC2C-PAKA) has been suggested in the cross-realm setting. Very recently, however, a security weakness of the EC2C-PAKA protocol has been analyzed by Feng and Xu. They have claimed that the EC2C-PAKA protocol is insecure against a password impersonation attack. They also have presented an improved version of the EC2C-PAKA protocol. In this paper, we demonstrate that their claim on the insecurity of EC2C-PAKA protocol against a password impersonation attack is not valid. We show that the EC2C-PAKA protocol is still secure against the password impersonation attack. In addition, ironically, we show that the improved protocol by Feng and Xu is insecure against an impersonation attack such that a server holding password of Alice in realm A can impersonate Bob in realm B. We also discuss a countermeasure to prevent the attack.
A Differential Fault Attack against Block Cipher HIGHT
Lee, Yu-Seop ; Kim, Jong-Sung ; Hong, Seok-Hee ;
Journal of the Korea Institute of Information Security and Cryptology, volume 22, issue 3, 2012, Pages 485~494
The block cipher HIGHT is designed suitable for low-resource hardware implementation. It established as the TTA standard and ISO/IEC 18033-3 standard. In this paper, we propose a differentail fault attack against the block cipher HIGHT. In the proposed attack, we assume that an attacker is possible to inject a random byte fault in the input value of the 28-th round. This attack can recover the secret key by using the differential property between the original ciphertext and fault cipher text pairs. Using 7 and 12 error, our attack recover secret key within a few second with success probability 87% and 51%, respectively.
Speed-optimized Implementation of HIGHT Block Cipher Algorithm
Baek, Eun-Tae ; Lee, Mun-Kyu ;
Journal of the Korea Institute of Information Security and Cryptology, volume 22, issue 3, 2012, Pages 495~504
This paper presents various speed optimization techniques for software implementation of the HIGHT block cipher on CPUs and GPUs. We considered 32-bit and 64-bit operating systems for CPU implementations. After we applied the bit-slicing and byte-slicing techniques to HIGHT, the encryption speed recorded 1.48Gbps over the intel core i7 920 CPU with a 64-bit operating system, which is up to 2.4 times faster than the previous implementation. We also implemented HIGHT on an NVIDIA GPU equipped with CUDA, and applied various optimization techniques, such as storing most frequently used data like subkeys and the F lookup table in the shared memory; and using coalesced access when reading data from the global memory. To our knowledge, this is the first result that implements and optimizes HIGHT on a GPU. We verified that the byte-slicing technique guarantees a speed-up of more than 20%, resulting a speed which is 31 times faster than that on a CPU.
Efficient Hop-based Access Control for Private Social Networks
Jung, Sang-Im ; Kim, Dong-Min ; Jeong, Ik-Rae ;
Journal of the Korea Institute of Information Security and Cryptology, volume 22, issue 3, 2012, Pages 505~514
Because people usually establish their online social network based on their offline relationship, the social networks (i.e., the graph of friendship relationships) are often used to share contents. Mobile devices let it easier in these days, but it also increases the privacy risk such as access control of shared data and relationship exposure to untrusted server. To control the access on encrypted data and protect relationship from the server, M. Atallah et al. proposed a hop-based scheme in 2009. Their scheme assumed a distributed environment such as p2p, and each user in it shares encrypted data on their social network. On the other hand, it is very inefficient to keep their relationship private, so we propose an improved scheme. In this paper, among encrypted contents and relationships, some authenticated users can only access the data in distributed way. For this, we adopt 'circular-secure symmetric encryption' first. Proposed scheme guarantees the improved security and efficiency compared to the previous work.
A new digital signature scheme secure against fault attacks
Kim, Tae-Won ; Kim, Tae-Hyun ; Hong, Seok-Hie ; Park, Young-Ho ;
Journal of the Korea Institute of Information Security and Cryptology, volume 22, issue 3, 2012, Pages 515~524
Fault attacks are a powerful side channel analysis extracting secret information by analyzing the result after injecting faults physically during the implementation of a cryptographic algorithm. First, this paper analyses vulnerable points of existing Digital Signature Algorithm (DSA) schemes secure against fault attacks. Then we propose a new signature algorithm immune to all fault attacks. The proposed DSA scheme is designed to signature by using two nonce and an error diffusion method.
Separate Networks and an Authentication Framework in AMI for Secure Smart Grid
Choi, Jae-Duck ; Seo, Jung-Taek ;
Journal of the Korea Institute of Information Security and Cryptology, volume 22, issue 3, 2012, Pages 525~536
This paper proposes methods of securing Smart Grid system against various types of cyber threats by separating AMI networks from the public network, the Internet, and providing an AMI specific authentication framework. Due to the fact that thousands and millions of AMI devices to be deployed would be directly or indirectly connected to the public network without any authentication procedures for access control, currently being developed AMI architectures could be widely exposed to considerable number of penetrating attacks. Furthermore, there have not been a sufficient number of researches on authentication frameworks with basis on the specific circumstances of AMI networking that should support varied authentication protocols among security associations and AMI linking devices. This work makes a proposal of isolating smart meters from HAN devices and the Internet and integrating network/application level authentication frameworks with an EAP-based authentication architecture. These approaches are beneficial to deploy AMI with security and efficiency.
The Mobile Security Diagnostic System against Smart-phone Threat
Cheon, Woo-Bong ; Lee, Jung-Hee ; Park, Won-Hyung ; Chung, Tai-Myoung ;
Journal of the Korea Institute of Information Security and Cryptology, volume 22, issue 3, 2012, Pages 537~544
With wireless network infrastructure, the number of smart-phone users is remarkably increasing in the world and the amounts of damage due to the smart-phone malwares are also raised. Many security solutions for wireless network have come into the market but these solutions are for companies or large enterprises, therefore, the public users of smart-phone don't feel easy to select as their solutions and it is difficult to detect unknown malwares. In this paper, we propose the mobile security diagnostic system for public smart-phone users, which provides functions like smart-phone system check, comparison with blacklist of applications and collecting malwares.
A New Method to Detect Anomalous State of Network using Information of Clusters
Lee, Ho-Sub ; Park, Eung-Ki ; Seo, Jung-Taek ;
Journal of the Korea Institute of Information Security and Cryptology, volume 22, issue 3, 2012, Pages 545~552
The rapid development of information technology is making large changes in our lives today. Also the infrastructure and services are combinding with information technology which predicts another huge change in our environment. However, the development of information technology brings various types of side effects and these side effects not only cause financial loss but also can develop into a nationwide crisis. Therefore, the detection and quick reaction towards these side effects is critical and much research is being done. Intrusion detection systems can be an example of such research. However, intrusion detection systems mostly tend to focus on judging whether particular traffic or files are malicious or not. Also it is difficult for intrusion detection systems to detect newly developed malicious codes. Therefore, this paper proposes a method which determines whether the present network model is normal or abnormal by comparing it with past network situations.
Utilization of Physical Security Events for the Converged Security using Analytic Hierarchy Process: focus on Information Security
Kang, Koo-Hong ; Kang, Dong-Ho ; Nah, Jung-Chan ; Kim, Ik-Kyun ;
Journal of the Korea Institute of Information Security and Cryptology, volume 22, issue 3, 2012, Pages 553~564
Today's security initiatives tend to integrate the physical and information securities which have been run by completely separate departments. That is, the converged security management becomes the core in the security market trend. However, to the best of our knowledge, we cannot find any solutions how to combine these two security events for the converged security. In this paper, we propose an information security object-driven approach which utilizes the physical security events to enhance and improve the information security. For scalability, we also present a systematic method using the analytic hierarchy process finding the meaningful event combinations among the large number of physical security events. In particular, we show the whole implementation processes in detail where we consider the information security object 'illegal computing system access' combined with two physical security devices - access controller and CCTV+video analyzer system.
Research of organized data extraction method for digital investigation in relational database system
Lee, Dong-Chan ; Lee, Sang-Jin ;
Journal of the Korea Institute of Information Security and Cryptology, volume 22, issue 3, 2012, Pages 565~573
To investigate the business corruption, the obtainments of the business data such as personnel, manufacture, accounting and distribution etc., is absolutely necessary. Futhermore, the investigator should have the systematic extraction solution from the business data of the enterprise database, because most company manage each business data through the distributed database system, In the general business environment, the database exists in the system with upper layer application and big size file server. Besides, original resource data which input by user are distributed and stored in one or more table following the normalized rule. The earlier researches of the database structure analysis mainly handled the table relation for database's optimization and visualization. But, in the point of the digital forensic, the data, itself analysis is more important than the table relation. This paper suggests the extraction technique from the table relation which already defined in the database. Moreover, by the systematic analysis process based on the domain knowledge, analyzes the original business data structure stored in the database and proposes the solution to extract table which is related incident.
A study on method of setting up the defense integrated security system
Jang, Worl-Su ; Choi, Jung-Young ; Lim, Jong-In ;
Journal of the Korea Institute of Information Security and Cryptology, volume 22, issue 3, 2012, Pages 575~584
A established military security tast based on existing manual and off-line needs the change and development to support effective and systematic task performance according to environment change of informational and scientific project in the military. Therefore this study suggests to set up the standard model of the defense integrated security system to automate and informationize major defense security task based on actual and problem in the area of major defense of security task and case analysis of these in America, England and other countries. The standard model consist of unit systems were made up integrated security system, security management system, man entrance system, vehicle entrance system, high-tech guard system, terror prevention system and the security accident analysis system, and this suggested model based on possible technology and system. If this model is apply to each real military unit, we will expect the development of defense security.
Detecting gold-farmers' group in MMORPG by analyzing connection pattern
Seo, Dong-Nam ; Woo, Ji-Young ; Woo, Kyung-Moon ; Kim, Chong-Kwon ; Kim, Huy-Kang ;
Journal of the Korea Institute of Information Security and Cryptology, volume 22, issue 3, 2012, Pages 585~600
Security issues in online games are increasing as the online game industry grows. Real money trading (RMT) by online game users has become a security issue in several countries including Korea because RMT is related to criminal activities such as money laundering or tax evasion. RMT-related activities are done by professional work forces, namely gold-farmers, and many of them employ the automated program, bot, to gain cyber asset in a quick and efficient way. Online game companies try to prevent the activities of gold-farmers using game bots detection algorithm and block their accounts or IP addresses. However, game bot detection algorithm can detect a part of gold-farmer's network and IP address blocking also can be detoured easily by using the virtual private server or IP spoofing. In this paper, we propose a method to detect gold-farmer groups by analyzing their connection patterns to the online game servers, particularly information on their routing and source locations. We verified that the proposed method can reveal gold-farmers' group effectively by analyzing real data from the famous MMORPG.
A Web application vulnerability scoring framework by categorizing vulnerabilities according to privilege acquisition
Cho, Sung-Young ; Yoo, Su-Yeon ; Jeon, Sang-Hun ; Lim, Chae-Ho ; Kim, Se-Hun ;
Journal of the Korea Institute of Information Security and Cryptology, volume 22, issue 3, 2012, Pages 601~613
It is required to design and implement secure web applications to provide safe web services. For this reason, there are several scoring frameworks to measure vulnerabilities in web applications. However, these frameworks do not classify according to seriousness of vulnerability because these frameworks simply accumulate score of individual factors in a vulnerability. We rate and score vulnerabilities according to probability of privilege acquisition so that we can prioritize vulnerabilities found in web applications. Also, our proposed framework provides a method to score all web applications provided by an organization so that which web applications is the worst secure and should be treated first. Our scoring framework is applied to the data which lists vulnerabilities in web applications found by a web scanner based on crawling, and we show the importance of categorizing vulnerabilities according to privilege acquisition.
Reverse engineering of data abstractions on fragmented binary code
Lee, Jong-Hyup ;
Journal of the Korea Institute of Information Security and Cryptology, volume 22, issue 3, 2012, Pages 615~619
Reverse engineering via static analysis is an essential step in software security and it focuses on reconstructing code structures and data abstractions. In particular, reverse engineering of data abstractions is critical to understand software but the previous scheme, VSA, is not suitable for applying to fragmented binaries. This paper proposes an enhanced method through dynamic region assignment.
Comprehensive Study on Security and Privacy Requirements for Retrieval System over Encrypted Database
Park, Hyun-A ; Lee, Dong-Hoon ; Chung, Taik-Yeong ;
Journal of the Korea Institute of Information Security and Cryptology, volume 22, issue 3, 2012, Pages 621~635
Although most proposed security schemes have scrutinized their own security models for protecting different types of threats and attacks, this naturally causes a problem as follows-- if a security analysis tool would fit a certain scheme, it may not be proper to other schemes. In order to address this problem, this paper analyzes how security requirements of each paper could be different by comparing with two schemes: Agrawal et al.'s scheme OPES (Order Preserving Encryption Scheme) and Zdonik et al.'s FCE (Fast Comparison Encryption). Zdonik et al. have formally disproved the security of Agrawal et al.'s scheme OPES. Thereafter, some scholars have wondered whether the OPES can guarantee its applicability in a real world for its insecurity or not. However, the analysis by Zdonik et al. does not have valid objectivity because they used the security model INFO-CPA-DB for their scheme FCE to analyze Agrawal et al.'s scheme OPES, in spite of the differences between two schemes. In order to analyze any scheme correctly and apply it to a real world properly, the analysis tool should be comprehensively standardized. We re-analyze Zdonik et al.'s analysis for OPES and then propose general formalizations of security and privacy for all of the encrypted retrieval systems. Finally, we recommend the minimum level of security requirements under our formal definitions. Additional considerations should be also supplemented in accordance with the conditions of each system.
A study on the development of SRI(Security Risk Indicator)-based monitoring system to prevent the leakage of personally identifiable information
Park, Sung-Ju ; Lim, Jong-In ;
Journal of the Korea Institute of Information Security and Cryptology, volume 22, issue 3, 2012, Pages 637~644
In our current information focused society, information is regarded as a core asset and the leakage of customers' information has emerged as a critical issue, especially in financial companies. It is very likely that the technology that safeguards which is currently in commercial use is not focused at an enterprise level but is fragmented by function or by only guards portions of a customer's personal information. Therefore, It is necessary to study the systems which monitor the indicators of access at an enterprise level in order to preemptively prevent the compromise of such data. This study takes an enterprise perspective on such systems for a financial company. I will focus on examination of the methods of implementation of the monitoring system, the application of pattern analysis and examination of Security Risk Indicators (SRI). A trial of the monitoring system provided security managers and related departments with proper screening capabilities of information. Therefore, it is possible to establish a systemic counter-plans based on detectable patterns.
A Study on adopting cloud computing in the military
Jang, Worl-Su ; Choi, Jung-Young ; Lim, Jong-In ;
Journal of the Korea Institute of Information Security and Cryptology, volume 22, issue 3, 2012, Pages 645~654
The South Korean Defense Ministry is planning and pushing forward to conduct a cloud computing pilot project in 2012. Taking into consideration the high-level security necessary in the military as well as wartime duties, if not designed properly, this project may anticipate severe damage to national security and interest. In particular, despite the fact that vulnerability due to inter-Korean confrontation and regular security-related incidents have been triggered, unconditionally conducting a cloud computing pilot project without reviewing not only violates security regulations but also causes various security-related side effects in and outside South Korea. Therefore, this thesis found conditions for conduct of this project by suggesting duties that can apply cloud computing as well as security technology, administration, post-accident matters and conditions for legally solving cloud computing in the military.
Security analysis on the Gu-Xue improved secret handshakes scheme
Youn, Taek-Young ; Park, Young-Ho ;
Journal of the Korea Institute of Information Security and Cryptology, volume 22, issue 3, 2012, Pages 655~658
Recently, Gu and Xue proposed an improved secret handshakes scheme with unlinkability by modifying the Huang-Cao scheme. Their proposal not only solves security weakness in the Huang-Cao scheme but also is more efficient than previously proposed secret handshakes schemes. In this letter, we examine the correctness of Gu and Xue's security requirements and show that the adversary model is not correctly defined. We also show that the Gu-Xue scheme is not secure against the attacks under correctly defined adversary model.
A study on the effective method of detecting denial of service attack to protect Guest OS in paravirtualization
Shin, Seung-Hun ; Jung, Man-Hyun ; Moon, Jong-Sub ;
Journal of the Korea Institute of Information Security and Cryptology, volume 22, issue 3, 2012, Pages 659~666
Recently, cloud computing service has become a rising issue in terms of utilizing sources more efficiently and saving costs. However, the service still has some limitations to be popularized because it lacks the verification towards security safety. In particular, the possibility to induce Denial of service is increasing as it is used as Zombie PC with exposure to security weakness of Guest OS's. This paper suggests how cloud system, which is implemented by Xen, detects intrusion caused by Denial of service using hypercall. Through the experiment, the method suggested by K-means and EM shows that two data, collected for 2 mins, 5 mins, 10mins and 20mins each, are distinguished 90% when collected for 2mins and 5mins while collected over 10mins are distinguished 100% successfully.
Design and Implementation of Web-browser based Malicious behavior Detection System(WMDS)
Lee, Young-Wook ; Jung, Dong-Jae ; Jeon, Sang-Hun ; Lim, Chae-Ho ;
Journal of the Korea Institute of Information Security and Cryptology, volume 22, issue 3, 2012, Pages 667~677
Vulnerable web applications have been the primary method used by the attackers to spread their malware to a large number of victims. Such attacks commonly make use of malicious links to remotely execute a rather advanced malicious code. The attackers often deploy malwares that utilizes unknown vulnerabilities so-called "zero-day vulnerabilities." The existing computer vaccines are mostly signature-based and thus are effective only against known attack patterns, but not capable of detecting zero-days attacks. To mitigate such limitations of the current solutions, there have been a numerous works that takes a behavior-based approach to improve detection against unknown malwares. However, behavior-based solutions arbitrarily introduced a several limitations that made them unsuitable for real-life situations. This paper proposes an advanced web browser based malicious behavior detection system that solves the problems and limitations of the previous approaches.
The Design of Anti-DDoS System using Defense on Depth
Seo, Jin-Won ; Kwak, Jin ;
Journal of the Korea Institute of Information Security and Cryptology, volume 22, issue 3, 2012, Pages 679~689
There were clear differences between the DDoS attack on 7th July 2009 and the rest of them prior to the attack. Despite It had emitted relatively small sized packets per infected PC, the attack was very successful making use of HTTP Flooding attack by aggregating small sized packets from the well sized zombie network. As the objective of the attack is not causing permanent damage to the target system but temporal service disruption, one should ensure the availability of the target server by deploying effective defense strategy. In this paper, a novel HTTP based DDoS defense mechanism is introduced with capacity based defense-in-depth strategy.
Hiding Shellcode in the 24Bit BMP Image
Kum, Young-Jun ; Choi, Hwa-Jae ; Kim, Huy-Kang ;
Journal of the Korea Institute of Information Security and Cryptology, volume 22, issue 3, 2012, Pages 691~705
Buffer overflow vulnerability is the most representative one that an attack method and its countermeasure is frequently developed and changed. This vulnerability is still one of the most critical threat since it was firstly introduced in middle of 1990s. Shellcode is a machine code which can be used in buffer overflow attack. Attackers make the shellcode for their own purposes and insert it into target host's memory space, then manipulate EIP(Extended Instruction Pointer) to intercept control flow of the target host system. Therefore, a lot of research to defend have been studied, and attackers also have done many research to bypass security measures designed for the shellcode defense. In this paper, we investigate shellcode defense and attack techniques briefly and we propose our new methodology which can hide shellcode in the 24bit BMP image. With this proposed technique, we can easily hide any shellcode executable and we can bypass the current detection and prevention techniques.