Go to the main menu
Skip to content
Go to bottom
REFERENCE LINKING PLATFORM OF KOREA S&T JOURNALS
> Journal Vol & Issue
Journal of the Korea Institute of Information Security and Cryptology
Journal Basic Information
Journal DOI :
Korea Institutes of Information Security and Cryptology
Editor in Chief :
Volume & Issues
Volume 23, Issue 6 - Dec 2013
Volume 23, Issue 5 - Oct 2013
Volume 23, Issue 4 - Aug 2013
Volume 23, Issue 3 - Jun 2013
Volume 23, Issue 2 - Apr 2013
Volume 23, Issue 1 - Feb 2013
Selecting the target year
Efficient Implementation of Crypto Processing Based on Pre_Buffered Key Stream Method
Kang, Cheol-Oh ; Kim, Eun-Chan ; Park, Jea-Min ; Ryou, Jea-Cheol ;
Journal of the Korea Institute of Information Security and Cryptology, volume 23, issue 6, 2013, Pages 989~1000
DOI : 10.13089/JKIISC.2013.23.6.989
Mobile devices use VPN solution to transfer information securely through open network in mobile office environment. In this paper, we propose Pre_Buffered mechanism that improves the throughput of IPSec VPN using low performance H/W crypto Token. Pre_Buffered method precompute key stream, store them in Buffer and use them in IPSec engine for IP packet processing. Moreover, Design, analysis, and experimental results prove the efficiency and feasibility of our proposed method.
Study for Injurious Multimedia Contents Analysis Mechanism in Smart Devices
Min, Sun-Ho ; Kim, Seok-Woo ; Ha, Kyeoung-Ju ; Seo, Chang-Ho ;
Journal of the Korea Institute of Information Security and Cryptology, volume 23, issue 6, 2013, Pages 1001~1006
DOI : 10.13089/JKIISC.2013.23.6.1001
In this paper, Recently, we describe the distinction mechanism analysis and injurious distinction mechanism performance analysis in order to determine harmfulness of the injurious multimedia which is being rapidly spread in the smart phone and Intelligent Robots. Based on the injurious mechanism distinction technologies, We defined individual injurious characteristics elements of multimedia(images and videos). Also, We analyze harmfulness of the injurious multimedia content by the visual characteristics modeling.
A Study on Structural Vulnerability of MobilePhone Micropayment System And Improvement of Standard Payment Module for User Protection
Park, Kwang Sun ; Lee, Sang-Jin ;
Journal of the Korea Institute of Information Security and Cryptology, volume 23, issue 6, 2013, Pages 1007~1015
DOI : 10.13089/JKIISC.2013.23.6.1007
The automatic payment process of mobile phone micropayment system has not checked user's authentication. That is the structural vulnerability of mobile phone micropayment system. The malicious contents provider can cheat users and payment gateway through abusing the structural vulnerability. The payment gateway applies standard payment module after August, 2012 in order to solve the problem. But the standard payment module also has the vulnerability that makes damage of users. So the purpose of this paper is to suggest efficient improvement of standard payment module for user protection.
Weakness of Andriod Smartphone Applications against Electromagnetic Analsysis
Park, JeaHoon ; Kim, Soo Hyeon ; Han, Daewan ;
Journal of the Korea Institute of Information Security and Cryptology, volume 23, issue 6, 2013, Pages 1017~1023
DOI : 10.13089/JKIISC.2013.23.6.1017
With the growing use of smartphones, many secure applications are performed on smartphones such as banking, payment, authentication. To provide security services, cryptographic algorithms are performed on smartphones' CPU. However, smartphone's CPU has no considerations against side-channel attacks including Electromagnetic Analysis (EMA). In DesignCon 2012, G. Kenworthy introduced the risk of cryptographic algorithms operated on smartphone against EMA. In this paper, using improved experimental setups, we performed EMA experiments on androin smartphones' commercial secure applications. As a result, we show that the weakness of real application. According to the experimental setups, we picked up the operation of w-NAF scalar multiplication from the operation of Google's Play Store application using radiated EM signal. Also, we distinguished scalar values (0 or not) of w-NAF scalar multiplication.
Study on Dynamic Trust-based Access Control in Online Social Network Environment
Baek, Seungsoo ; Kim, Seungjoo ;
Journal of the Korea Institute of Information Security and Cryptology, volume 23, issue 6, 2013, Pages 1025~1035
DOI : 10.13089/JKIISC.2013.23.6.1025
There has been an explosive increase in the population of OSN(online social network) for 10 years. OSN provides users with many opportunities to have communication among friends, families and goes so far as to make relationships among unknown people having similar belief or interest. However, OSN also produced adverse effects such as privacy breaches, leaking uncontrolled information or disseminating false information. Access control models such as MAC, DAC, RBAC are applied to the OSN to control those problems but those models in OSN are not fit in dynamic OSN environment because user's acts in OSN are unpredictable and static access control imposes burden on users to change access control rules one by one. This paper proposes the dynamic trust-based access control to solve the problems of traditional static access control in OSN.
Study on Anti-Phishing Solutions, Related Researches and Future Directions
Shin, Ji Sun ;
Journal of the Korea Institute of Information Security and Cryptology, volume 23, issue 6, 2013, Pages 1037~1047
DOI : 10.13089/JKIISC.2013.23.6.1037
As damages from phishing have been increased, many anti-phishing solutions and related researches have been studied. Anti-phishing solutions are often built in web-browsers or provided as security toolbars. Other types of solutions are also developed such as email-filtering and solutions strengthening server authentication via secret image sharing. At the same time, researchers have tried to see the reasons why phishing works and how effective anti-phishing solutions are. In this paper, we review relevant anti-phishing solutions, their techniques and other phishing-related researches. Based on these, we summarize recommended ways to improve anti-phishing solutions and suggest the future directions to study to protect users from phishing attacks.
On Security of Android Smartphone Apps Employing Cryptography
Park, Sang-Ho ; Kim, Hyeonjin ; Kwon, Taekyoung ;
Journal of the Korea Institute of Information Security and Cryptology, volume 23, issue 6, 2013, Pages 1049~1055
DOI : 10.13089/JKIISC.2013.23.6.1049
Smartphones are rapidly growing because of easy installation of the apps (application software) that users actually want. There are increasingly many apps that require cryptographic suites to be installed, for instance, for protecting account and financial data. Android platform provides protection mechanisms for memory and storage based on Linux kernel, but they are vulnerable to rooting attacks. In this paper, we analyze security mechanisms of Android platform and point out security problems. We show the security vulnerabilities of several commercial apps and suggest appropriate countermeasures.
A Method of Internal Information Acquisition of Smartphones
Lee, Yunho ; Lee, Sangjin ;
Journal of the Korea Institute of Information Security and Cryptology, volume 23, issue 6, 2013, Pages 1057~1067
DOI : 10.13089/JKIISC.2013.23.6.1057
The market share of smartphones has been increasing more and more at the recent mobile market and smart devices and applications that are based on a variety of operating systems has been released. Given this reality, the importance of smart devices analysis is coming to the fore and the most important thing is to minimize data corruption when extracting data from the device in order to analyze user behavior. In this paper, we compare and analyze the area-specific changes that are the file system of collected image after obtaining root privileges on the Android OS and iOS based devices, and then propose the most efficient method to obtain root privileges.
Applying CBR algorithm for cyber infringement profiling system
Han, Mee Lan ; Kim, Deok Jin ; Kim, Huy Kang ;
Journal of the Korea Institute of Information Security and Cryptology, volume 23, issue 6, 2013, Pages 1069~1086
DOI : 10.13089/JKIISC.2013.23.6.1069
Nowadays, web defacement becomes the utmost threat which can harm the target organization's image and reputation. These defacement activities reflect the hacker's political motivation or his tendency. Therefore, the analysis of the hacker's activities can give the decisive clue to pursue criminals. A specific message or photo or music on the defaced web site and the outcome of analysis will be supplying some decisive clues to track down criminals. The encoding method or used fonts of the remained hacker's messages, and hacker's SNS ID such as Twitter or Facebook ID also can help for tracking hackers information. In this paper, we implemented the web defacement analysis system by applying CBR algorithm. The implemented system extracts the features from the web defacement cases on zone-h.org. This paper will be useful to understand the hacker's purpose and to plan countermeasures as a IDSS(Investigation Detection Support System).
The Reliability Evaluation of User Account on Facebook
Park, Jeongeun ; Park, Minsu ; Kim, Seungjoo ;
Journal of the Korea Institute of Information Security and Cryptology, volume 23, issue 6, 2013, Pages 1087~1101
DOI : 10.13089/JKIISC.2013.23.6.1087
Most people are connected to Social Network Services (SNS) through smart devices. Social Network Services are tools that transport information fast and easily. It does not care where he or she comes from. A lot of information circulates and is shared on Social Network Services. but Social Network Services faults are magnified and becoming a serious issue. For instance, malicious users generate multiple IDs easily on Facebook and he can use personal information of others on purpose, because most people tend to undoubtedly accept friend requests. In this paper, we have specified research scope to Facebook, which is one of most popular Social Network Services in the world. We propose a way of minimizing the number of malicious actions on Facebook from malignant users and malicious bots by setting criteria and applying reputation system.
A Method of Identifying Ownership of Personal Information exposed in Social Network Service
Kim, Seok-Hyun ; Cho, Jin-Man ; Jin, Seung-Hun ; Choi, Dae-Seon ;
Journal of the Korea Institute of Information Security and Cryptology, volume 23, issue 6, 2013, Pages 1103~1110
DOI : 10.13089/JKIISC.2013.23.6.1103
This paper proposes a method of identifying ownership of personal information in Social Network Service. In detail, the proposed method automatically decides whether any location information mentioned in twitter indicates the publisher's residence area. Identifying ownership of personal information is necessary part of evaluating risk of opened personal information online. The proposed method uses a set of decision rules that considers 13 features that are lexicographic and syntactic characteristics of the tweet sentences. In an experiment using real twitter data, the proposed method shows better performance (f1-score: 0.876) than the conventional document classification models such as naive bayesian that uses n-gram as a feature set.
SVC and CAS Combining Scheme for Support Multi-Device Watching Environment
Son, Junggab ; Oh, Heekuck ; Kim, SangJin ;
Journal of the Korea Institute of Information Security and Cryptology, volume 23, issue 6, 2013, Pages 1111~1120
DOI : 10.13089/JKIISC.2013.23.6.1111
CAS used in IPTV or DTV has an environment of sending single type of contents through single streaming. But it can be improved to support users' various video applications through single streaming by combining with SVC. For such an environment, efficiency should be firstly considered, and hierarchical key management methods for billing policy by service levels should be applied. This study aims to look into considerations to apply SVC to CAS and propose SVC encryption in CAS environment. The security of the proposed scheme is based on the safety of CAS and oneway hash function. If the proposed scheme is applied, scalability can be efficiently provided even in the encrypted contents and it is possible to bill users according to picture quality. In addition, the test results show that SVC contents given by streaming service with the average less than 10%overhead can be safely protected against illegal uses.
Multi-Level Emulation for Malware Distribution Networks Analysis
Choi, Sang-Yong ; Kang, Ik-Seon ; Kim, Dae-Hyeok ; Noh, Bong-Nam ; Kim, Yong-Min ;
Journal of the Korea Institute of Information Security and Cryptology, volume 23, issue 6, 2013, Pages 1121~1129
DOI : 10.13089/JKIISC.2013.23.6.1121
An Authentication Scheme for Providing to User Service Transparency in Multicloud Environment
Lee, Jaekyung ; Son, Junggab ; Kim, Hunmin ; Oh, Heekuck ;
Journal of the Korea Institute of Information Security and Cryptology, volume 23, issue 6, 2013, Pages 1131~1141
DOI : 10.13089/JKIISC.2013.23.6.1131
Most of the single server model of cloud computing services have problems that are hard to solve, such as a service availability, insider attack, and vendor lock-in, etc. To solve these problems, the research about multicloud has emerged. Multicloud model can supplement previous cloud model's weakness and provides new services to user. In this paper, we focus on a user authentication problem in multicloud model and propose a scheme to resolve it. We define a cloud broker-based multicloud model. And we propose an authentication protocol that is applicable at presented model. The proposed scheme can provide service transparency to user and prevent an impersonation attack by service provider.
A study on vulnerabilities of serial based DNP in power control fields
Jang, Ji Woong ; Kim, Huy Kang ;
Journal of the Korea Institute of Information Security and Cryptology, volume 23, issue 6, 2013, Pages 1143~1156
DOI : 10.13089/JKIISC.2013.23.6.1143
Power control system like SCADA(Supervisory Control And Data Acquisition) is gathering information using RS232C and low-speed analog communication network. In general, these methods are known as secure because of the secure characteristics from the analog based communication network and serial communication. In this study, first we build DNP communication environment using commercial power control simulator and find some vulnerabilities by testing from the viewpoint of confidentiality, integrity and availability. Consequently, we see the necessity of a valid method for authentication and data encryption when gathering information, even though that is known as secure so far. Discussion of needs of DNP authentication and data encryption is started about several years ago, but there is still nowhere applied that on real environment because the current methods can not fully meet the security requirements of the real environment. This paper suggests a solution to the vulnerabilities, and propose some considerations for enhancing power control system's security level by applying DNP authentication and data encryption.
The danger and vulnerability of eavesdropping by using loud-speakers
Lee, Seung Joon ; Ha, Young Mok ; Jo, Hyun Ju ; Yoon, Ji Won ;
Journal of the Korea Institute of Information Security and Cryptology, volume 23, issue 6, 2013, Pages 1157~1167
DOI : 10.13089/JKIISC.2013.23.6.1157
The development of electronic devices has recently led to many problems such as personal information rape and leakage of business information. Conventional loud-speakers have been generally used to output devices. It can be, however, operated as a micro-phone which was abused as a means for eavesdropping since the speaker and microphone have basically the equivalent structure. Most importantly, the general peoples are not aware of the approaching danger about using speaker as microphone. And, traditional eavesdropping detection equipment does not check the attack. In this paper, we demonstrate that there is a serious danger and vulnerability in using loud-speakers since they can be used as eavesdropping devices.
Research on the Trend of Utilizing Emulab as Cyber Security Research Framework
Lee, Man-Hee ; Seok, Woo-Jin ;
Journal of the Korea Institute of Information Security and Cryptology, volume 23, issue 6, 2013, Pages 1169~1180
DOI : 10.13089/JKIISC.2013.23.6.1169
Emulab is a research framework developed by Utah university, proving on-demend research environment service so that researchers can set up and use the environment at anytime. The main advantage of Emulab over other research methodologies like simulation or virtualization is to use real systems and networks using real operating systems, making the research environment much similar to the real world. Even though Emulab has been actively used in many areas such as security and network, there has been little use in Korea research community. As KISTI recently constructed a small Emulab, it is expected that many researchers and educators would make use of the Emulab. In this study, we introduce Emulab to Korea research community and give an overview of utilization trend of Emulab as a cyber security research framework.
Development of Intrusion Detection System for GOOSE Protocol Based on the Snort
Kim, Hyeong-Dong ; Kim, Ki-Hyun ; Ha, Jae-Cheol ;
Journal of the Korea Institute of Information Security and Cryptology, volume 23, issue 6, 2013, Pages 1181~1190
DOI : 10.13089/JKIISC.2013.23.6.1181
The GOOSE(Generic Object Oriented Substation Event) is used as a network protocol to communicate between IEDs(Intelligent Electronic Devices) in international standard IEC 61850 of substation automation system. Nevertheless, the GOOSE protocol is facing many similar threats used in TCP/IP protocol due to ethernet-based operation. In this paper, we develop a IDS(Intrusion Detection System) for secure GOOSE Protocol using open software-based IDS Snort. In this IDS, two security functions for keyword search and DoS attack detection are implemented through improvement of decoding and preprocessing component modules. And we also implement the GOOSE IDS and verify its accuracy using GOOSE packet generation and communication experiment.
Secure Mobile Query in Wireless Sensor Networks
Lim, Chae Hoon ;
Journal of the Korea Institute of Information Security and Cryptology, volume 23, issue 6, 2013, Pages 1191~1197
DOI : 10.13089/JKIISC.2013.23.6.1191
In large-scale distributed sensor networks, it is often recommended to employ mobile sinks, instead of fixed base stations, for data collection to prolong network lifetime and enhance security. Mobile sinks may also be used, e.g., for network repair, identification and isolation of compromised sensor nodes and localized reprogramming, etc. In such circumstances, mobile sinks should be able to securely interact with neighbor sensor nodes while traversing the network. This paper presents a secure and efficient mobile query protocol that can be used for such purposes.
Measuring method of personal information leaking risk factor to prevent leak of personal information in SNS
Cheon, Myung-Ho ; Choi, Jong-Seok ; Shin, Yong-Tae ;
Journal of the Korea Institute of Information Security and Cryptology, volume 23, issue 6, 2013, Pages 1199~1206
DOI : 10.13089/JKIISC.2013.23.6.1199
SNS is relationship based service and its users are increasing rapidly because it can be used in variety forms as penetration rate of Smartphone increased. Accordingly personal information can be exposed easily and spread rapidly in SNS so self-control on information management, right to control open and distribution of own personal information is necessary. This research suggest way of measuring personal information leaking risk factor through personal information leaking possible territory's, based on property value and relationship of personal information in SNS, personal information exposure frequency and access rate. Suggested method expects to used in strengthening self-control on information management right by arousing attention of personal information exposure to SNS users.
Information Security Investment and Security Breach: Empirical Study on the Reverse Causality
Shin, Ilsoon ; Jang, Wonchang ; Park, Heeyoung ;
Journal of the Korea Institute of Information Security and Cryptology, volume 23, issue 6, 2013, Pages 1207~1217
DOI : 10.13089/JKIISC.2013.23.6.1207
This study utilizes raw data from "Research on the actual condition of firms' information security" of KISA (2010) and constructs panel dataset to analyze a causal relationship between information security investment and security breach. Using Difference in Difference estimation method we find the following results. First, while the usual causality that information security investment reduces security breach is not supported, the reverse causality that security breach increases information security investment is well explained. Second, contrary to the conventional wisdom, firms in the finance/insurance business sector show the most significant reverse causality pattern.
A Rolling Image based Virtual Keyboard Resilient to Spyware on Smartphones
Na, Sarang ; Kwon, Taekyoung ;
Journal of the Korea Institute of Information Security and Cryptology, volume 23, issue 6, 2013, Pages 1219~1223
DOI : 10.13089/JKIISC.2013.23.6.1219
Due to the fundamental features of smartphones, such as openness and mobility, a great deal of malicious software including spyware can be installed more easily. Since spyware can steal user's sensitive information and invade privacy, it is necessary to provide proper security mechanisms like secure virtual keyboards. In this paper, we propose a novel password input system to resist spyware and show how effectively it can reduce the threats.
A Study of Multiple Password Leakage Factors Caused by Phishing and Pharming Attacks
Ryu, Hong Ryeol ; Hong, Moses ; Kwon, Taekyoung ;
Journal of the Korea Institute of Information Security and Cryptology, volume 23, issue 6, 2013, Pages 1225~1229
DOI : 10.13089/JKIISC.2013.23.6.1225
In this paper, we studied threats and risks that users might enter their passwords without awareness onto phishing and pharming sites, and particularly showed that it was highly likely to leak the secret information of multiple passwords by user experiments. The novel methodology of verifying those threats and risks is the major contribution of this paper. We will extend this work for further verification of our findings.
Strengthening Security on the Internal Cloud Service Certification
Lee, Gangshin ;
Journal of the Korea Institute of Information Security and Cryptology, volume 23, issue 6, 2013, Pages 1231~1238
DOI : 10.13089/JKIISC.2013.23.6.1231
In the background of rapidly increasing domestic cloud service demand, worries about security and privacy incidents can hinder the promotion of cloud service industry. Thus, it is crucial that the independent 3rd party assures the reliability for using the cloud service. This paper compares several external and internal cloud service certification cases, for example CSA certification, FedRAMP certification, KCSA certification, and concludes that insufficient security and privacy controls are prevailing. As a consequence, several enhanced countermeasures by using ISO/IEC 27017, KISA's ISMS considering manageability and expertise are proposed in the cloud service certification system.
A study on the vulnerability of the Cloud computing security
Jeon, Jeong-Hoon ;
Journal of the Korea Institute of Information Security and Cryptology, volume 23, issue 6, 2013, Pages 1239~1246
DOI : 10.13089/JKIISC.2013.23.6.1239
Recently, The cloud computing technology is emerging as an important issue in the world, and In technology and services, has attracted much attention. However, the positive aspects of cloud computing unlike the includes several vulnerabilities. For this reason, the Hacking techniques according to the evolution of a variety of attacks and damages is expected. Therefore, this paper will be analyzed management models through case studies and experiments to the threats and vulnerabilities of the cloud computing. and In the future, this is expected to be utilized as a basis for the security design and performance improvement.
Proposal of Security Requirements for the Cloud Storage Virtualization System
Yeo, Youngmin ; Lee, Chanwoo ; Moon, Jongsub ;
Journal of the Korea Institute of Information Security and Cryptology, volume 23, issue 6, 2013, Pages 1247~1257
DOI : 10.13089/JKIISC.2013.23.6.1247
The security vulnerabilities of cloud storage virtualization environments are different from those of the existing computer system and are difficult to be protected in the existing computer system environment. Therefore we need some technical measures to address this issue. First of all, the technology used in cloud storage virtualization environment needs to be thoroughly analyzed, and also, we should understand those security requirements of various stakeholders in the view of cloud storage service and perform the research on security guidelines of the research security requirements. In this paper, we propose security requirements based on layers and roles of cloud storage virtualization. The proposed security requirements can be a basement for development of solution of cloud storage virtualization security.
A Study on the Secure Database Controlled Under Cloud Environment
Kim, SungYong ; Kim, Ji-Hong ;
Journal of the Korea Institute of Information Security and Cryptology, volume 23, issue 6, 2013, Pages 1259~1266
DOI : 10.13089/JKIISC.2013.23.6.1259
Nowadays, the databases are getting larger and larger. As the company has difficulty in managing the database, they want to outsource the database to the cloud system. In this case the database security is more important because their database is managed by the cloud service provider. Among database security techniques, the encryption method is a well-certified and established technology for protecting sensitive data. However, once encrypted, the data can no longer be easily queried. The performance of the database depends on how to encrypt the sensitive data, and on the approach for searching, and the retrieval efficiency that is implemented. In this paper we propose the new suitable mechanism to encrypt the database and lookup process on the encrypted database under control of the cloud service provider. This database encryption algorithm uses the bloom filter with the variable keyword based index. Finally, we demonstrate that the proposed algorithm should be useful for database encryption related research and application activities.
A Study on PIMS Controls for PII Outsourcing Management under the Cloud Service Environment
Park, Dae-Ha ; Han, Keun-Hee ;
Journal of the Korea Institute of Information Security and Cryptology, volume 23, issue 6, 2013, Pages 1267~1276
DOI : 10.13089/JKIISC.2013.23.6.1267
Cloud consumers who use cloud computing services are obliged to review and monitor the legal compliance of cloud providers who are consigned the processes of the PII (personally identifiable information) from them. This paper presented possible scenarios for cloud PII outsourcing and suggested PIMS (personal information management system) controls for outsourcing management between cloud consumers and cloud providers by analyzing both international standards and domestic certification schemes related to cloud computing and/or privacy management based on the legal obligations for PII outsourcing from Korean "Personal Information Protection Act (PIPA)". The controls suggested can be applicable for developing the guidance of complying with privacy laws in organizations or the checklist of PII outsourcing management in PIMS certification.
A Research on the Cloud Computing Security Framework
kim, Jung-Duk ; Lee, Seong-Il ;
Journal of the Korea Institute of Information Security and Cryptology, volume 23, issue 6, 2013, Pages 1277~1286
DOI : 10.13089/JKIISC.2013.23.6.1277
Cloud computing's unique attributes such as elasticity, rapid provisioning and releasing, resource pooling, multi-tenancy, broad-network accessibility, and ubiquity bring many benefits to cloud adopters(company and organization), but also entails specific security risks associated with the type of adopted cloud and deployment mode. To minimize those types of risk, this paper proposed cloud computing security framework refered to strategic alliance model. The cloud computing security framework has main triangles that are cloud threat, security controls, cloud stakeholders and compose of three sides that are purposefulness, accountability, transparent responsibility. Main triangles define purpose of risk minimization, appointment of stakeholders, security activity for them and three sides of framework are principles of security control in the cloud computing, provide direction of deduction for seven service packages.