Go to the main menu
Skip to content
Go to bottom
REFERENCE LINKING PLATFORM OF KOREA S&T JOURNALS
> Journal Vol & Issue
Journal of the Korea Institute of Information Security and Cryptology
Journal Basic Information
Journal DOI :
Korea Institutes of Information Security and Cryptology
Editor in Chief :
Volume & Issues
Volume 24, Issue 6 - Dec 2014
Volume 24, Issue 5 - Oct 2014
Volume 24, Issue 4 - Aug 2014
Volume 24, Issue 3 - Jun 2014
Volume 24, Issue 2 - Apr 2014
Volume 24, Issue 1 - Feb 2014
Selecting the target year
A Study on Secure and Improved Single Sign-On Authentication System against Replay Attack
Kim, Hyun-Jin ; Lee, Im-Yeong ;
Journal of the Korea Institute of Information Security and Cryptology, volume 24, issue 5, 2014, Pages 769~780
DOI : 10.13089/JKIISC.2014.24.5.769
In general, internet users need to remember several IDs and passwords when they use diverse web sites. From an effective management perspective, SSO system was suggested to reduce user inconvenience. Kerberos authentication, which uses centralized system management, is a typical example of a broker-based SSO authentication model. However, further research is required, because the existing Kerberos authentication system has security vulnerability problems of password and replay attacks. In SSO authentication systems, a major security vulnerability is the replay attack. When user credentials are seized by attackers, an authorized session can be obtained through a replay attack. In this paper, an improved SSO authentication model based on the broker-based model and a secure lightweight SSO mechanism against credential replay attack is proposed.
A Method for Detection of Private Key Compromise
Park, Moon-Chan ; Lee, Dong-Hoon ;
Journal of the Korea Institute of Information Security and Cryptology, volume 24, issue 5, 2014, Pages 781~793
DOI : 10.13089/JKIISC.2014.24.5.781
A Public Key Infrastructure (PKI) is security standards to manage and use public key cryptosystem. A PKI is used to provide digital signature, authentication, public key encryption functionality on insecure channel, such as E-banking and E-commerce on Internet. A soft-token private key in PKI is leaked easily because it is stored in a file at standardized location. Also it is vulnerable to a brute-force password attack as is protected by password-based encryption. In this paper, we proposed a new method that detects private key compromise and is probabilistically secure against a brute-force password attack though soft-token private key is leaked. The main idea of the proposed method is to use a genuine signature key pair and (n-1) fake signature key pairs to make an attacker difficult to generate a valid signature with probability 1/n even if the attacker found the correct password. The proposed method provides detection and notification functionality when an attacker make an attempt at authentication, and enhances the security of soft-token private key without the additional cost of construction of infrastructure thereby extending the function of the existing PKI and SSL/TLS.
A Secure and Privacy-Aware Route Tracing and Revocation Mechanism in VANET-based Clouds
Hussain, Rasheed ; Oh, Heekuck ;
Journal of the Korea Institute of Information Security and Cryptology, volume 24, issue 5, 2014, Pages 795~807
DOI : 10.13089/JKIISC.2014.24.5.795
Vehicular Ad hoc Network (VANET) has gone through a rich amount of research and currently is making its way towards the deployment. However, surprisingly it evolved to rather more applications and services-rich breed referred to as VANET-based clouds due to the advancements in the automobile and communication technologies. Security and privacy have always been the challenges for the think tanks to deploy this technology on mass scale. It is even worse that some security issues are orthogonally related to each other such as privacy, revocation and route tracing. In this paper, we aim at a specific VANET-based clouds framework proposed by Hussain et al. namely VANET using Clouds (VuC) where VANET and cloud infrastructure cooperate with each other in order to provide VANET users (more precisely subscribers) with services. We specifically target the aforementioned conflicted privacy, route tracing, and revocation problem in VANET-based clouds environment. We propose a multiple pseudonymous approach for privacy reasons and leverage the beacons stored in the cloud infrastructure for both route tracing and revocation. In the proposed scheme, revocation authorities after colluding, can trace the path taken by the target node for a specified timespan and can also revoke the identity if needed. Our proposed scheme is secure, conditional privacy preserved, and is computationally less expensive than the previously proposed schemes.
An Analysis on the Error Probability of A Bloom Filter
Kim, SungYong ; Kim, JiHong ;
Journal of the Korea Institute of Information Security and Cryptology, volume 24, issue 5, 2014, Pages 809~815
DOI : 10.13089/JKIISC.2014.24.5.809
As the size of the data is getting larger and larger due to improvement of the telecommunication techniques, it would be main issues to develop and process the database. The bloom filter used to lookup a particular element under the given set is very useful structure because of the space efficiency. In this paper, we introduce the error probabilities in Bloom filter. Especially, we derive the revised false positive rates of the Bloom filter using experimental method. Finally we analyze and compare the original false positive probability of the bloom filter used until now and the false decision probability proposed in this paper.
A Study on SQL Performance-Based IT Application Change Management Process to Prevent Failures of Online Transactions
Kim, Jeong-Hwan ; Ko, Moo-Seong ; Lee, Kyung-Ho ;
Journal of the Korea Institute of Information Security and Cryptology, volume 24, issue 5, 2014, Pages 817~838
DOI : 10.13089/JKIISC.2014.24.5.817
Test environment on the company that handles a large amount of data such as telecommunications companies and financial institutions, may not always be the same as the production environment, which is caused by conversion of important columns about information and limitation of storage capacity due to the construction cost. Therefore, SQL performance degradation that occurs when the test and production environments are not the same, which is an important cause of connecting to the unexpected failures of online transactions, and it generates financial loss of business, customer complaints, a decrease in reliability. In studies related SQL performance, it has so far been conducted mainly studies of tuning associated with DBMS Optimizer, and it has not been addressed issues of this sector. Therefore, in this paper, I verify the validity about presentation of the advanced SQL Performance-based IT application change management process, in order to prevent failures of the online transactions associated with poor performance of SQL generated by differences in test and production environments.
Host based Feature Description Method for Detecting APT Attack
Moon, Daesung ; Lee, Hansung ; Kim, Ikkyun ;
Journal of the Korea Institute of Information Security and Cryptology, volume 24, issue 5, 2014, Pages 839~850
DOI : 10.13089/JKIISC.2014.24.5.839
As the social and financial damages caused by APT attack such as 3.20 cyber terror are increased, the technical solution against APT attack is required. It is, however, difficult to protect APT attack with existing security equipments because the attack use a zero-day malware persistingly. In this paper, we propose a host based anomaly detection method to overcome the limitation of the conventional signature-based intrusion detection system. First, we defined 39 features to identify between normal and abnormal behavior, and then collected 8.7 million feature data set that are occurred during running both malware and normal executable file. Further, each process is represented as 83-dimensional vector that profiles the frequency of appearance of features. the vector also includes the frequency of features generated in the child processes of each process. Therefore, it is possible to represent the whole behavior information of the process while the process is running. In the experimental results which is applying C4.5 decision tree algorithm, we have confirmed 2.0% and 5.8% for the false positive and the false negative, respectively.
Study on Smart TV Forensics
Kang, Hee-Soo ; Park, Min-Su ; Kim, Seung-Joo ;
Journal of the Korea Institute of Information Security and Cryptology, volume 24, issue 5, 2014, Pages 851~860
DOI : 10.13089/JKIISC.2014.24.5.851
With an increasing demand of powerful electronic goods, smart TV containing network module with digital TV gets more popular. These change are meaningful from a digital forensics perspective because smart TV store more user`s data than digital TV. In this paper, we suggest smart TV forensics as a branch of digital forensics. With smart TV forensics, investigator can trace more wide age group`s activities than existing digital forensics analysis.
An improved extraction technique of executable file from physical memory by analyzing file object
Kang, Youngbok ; Hwang, Hyunuk ; Kim, Kibom ; Noh, Bongnam ;
Journal of the Korea Institute of Information Security and Cryptology, volume 24, issue 5, 2014, Pages 861~870
DOI : 10.13089/JKIISC.2014.24.5.861
According to the intelligence of the malicious code to extract the executable file in physical memory is emerging as an import researh issue. In previous physical memory studies on executable file extraction which is targeting running files, they are not extracted as same as original file saved in disc. Therefore, we need a method that can extract files as same as original one saved in disc and also can analyze file-information loaded in physical memory. In this paper, we provide a method that executable file extraction by analyzing information of Windows kernel file object. Also we analyze the characteristic of physical memory loaded file data from the experiment and we demonstrate superiority because the suggested method can effectively extract more of original file data than the existing method.
Website Falsification Detection System Based on Image and Code Analysis for Enhanced Security Monitoring and Response
Kim, Kyu-Il ; Choi, Sang-Soo ; Park, Hark-Soo ; Ko, Sang-Jun ; Song, Jung-Suk ;
Journal of the Korea Institute of Information Security and Cryptology, volume 24, issue 5, 2014, Pages 871~883
DOI : 10.13089/JKIISC.2014.24.5.871
New types of attacks that mainly compromise the public, portal and financial websites for the purpose of economic profit or national confusion are being emerged and evolved. In addition, in case of `drive by download` attack, if a host just visits the compromised websites, then the host is infected by a malware. Website falsification detection system is one of the most powerful solutions to cope with such cyber threats that try to attack the websites. Many domestic CERTs including NCSC (National Cyber Security Center) that carry out security monitoring and response service deploy it into the target organizations. However, the existing techniques for the website falsification detection system have practical problems in that their time complexity is high and the detection accuracy is not high. In this paper, we propose website falsification detection system based on image and code analysis for improving the performance of the security monitoring and response service in CERTs. The proposed system focuses on improvement of the accuracy as well as the rapidity in detecting falsification of the target websites.
The Research on the Recovery Techniques of Deleted Files in the XFS Filesystem
Ahn, Jae-Hyoung ; Park, Jung-Heum ; Lee, Sang-Jin ;
Journal of the Korea Institute of Information Security and Cryptology, volume 24, issue 5, 2014, Pages 885~896
DOI : 10.13089/JKIISC.2014.24.5.885
The files in computer storages can be deleted due to unexpected failures or accidents. Some malicious users often delete data by himself for anti-forensics. If deleted files are associated with crimes or important documents in business, they should be recovered and the recovery tool is necessary. The recovery methods and tools for some filesystems such as NTFS, FAT, and EXT have been developed actively. However, there has not been any researches for recovering deleted files in XFS filesystem applied to NAS or CCTV. In addition, since the current related tools are based on the traditional signature detection methods, they have low recovery rates. Therefore, this paper suggests the recovery methods for deleted files based on metadata and signature detection in XFS filesystem, and verifies the results by conducting experiment in real environment.
A study on extraction of optimized API sequence length and combination for efficient malware classification
Choi, Ji-Yeon ; Kim, HeeSeok ; Kim, Kyu-Il ; Park, Hark-Soo ; Song, Jung-Suk ;
Journal of the Korea Institute of Information Security and Cryptology, volume 24, issue 5, 2014, Pages 897~909
DOI : 10.13089/JKIISC.2014.24.5.897
With the development of the Internet, the number of cyber threats is continuously increasing and their techniques are also evolving for the purpose of attacking our crucial systems. Since attackers are able to easily make exploit codes, i.e., malware, using dedicated generation tools, the number of malware is rapidly increasing. However, it is not easy to analyze all of malware due to an extremely large number of malware. Because of this, many researchers have proposed the malware classification methods that aim to identify unforeseen malware from the well-known malware. The existing malware classification methods used malicious information obtained from the static and the dynamic malware analysis as the criterion of calculating the similarity between malwares. Also, most of them used API functions and their sequences that are divided into a certain length. Thus, the accuracy of the malware classification heavily depends on the length of divided API sequences. In this paper, we propose an extraction method of optimized API sequence length and combination that can be used for improving the performance of the malware classification.
A Study on The Preference Analysis of Personal Information Security Certification Systems: Focused on SMEs and SBs
Park, Kyeong-Tae ; Kim, Sehun ;
Journal of the Korea Institute of Information Security and Cryptology, volume 24, issue 5, 2014, Pages 911~918
DOI : 10.13089/JKIISC.2014.24.5.911
Over the past few years, security breaches have been consistently reported around the world. Especially, people`s personal information are at risk of being breached as the firms gather and utilize the information for their marketing purposes. As an effort to revamp their data infrastructures, companies have rebuilt their system that almost every data, including the personal information, are stored within the digital database. However, this migration provides easier access to the database but it has also increased the system vulnerability. As the data can be easily exposed to the unauthorized personnel both intentionally and unintentionally, it is necessary for companies to establish a set of security protocol and operate the personal information protection system. There are two major certified security system in South Korea; PIMS from KISA and PIPL from NIA. This paper analyzes the preferences of SMEs and small business using conjoint attributes of PIMS and PIPL. The study shows that the business owners take post certification rewards as the most important factor. It also shows that the attributes that have the highest utility rates are the following; 1) KISA certification, 2) 79 points of protection counter measurements, 3) 28 items of life cycle, 3) 50 percent discount on certification fee, and 4) Reduced amount of fine for personal information leakage incident.
A comparative study on the priorities between perceived importance and investment of the areas for Information Security Management System
Lee, Choong-Cheang ; Kim, Jin ; Lee, Chung-Hun ;
Journal of the Korea Institute of Information Security and Cryptology, volume 24, issue 5, 2014, Pages 919~929
DOI : 10.13089/JKIISC.2014.24.5.919
Recently, organizational efforts to adopt ISMS(Information Security Management System) have been increasingly mandated and demanded due to the rising threat and the heavier cost of security failure. However there is a serious gap between awareness and investment of information security in a company, hence it is very important for the company to control effectively a variety of information security threats within a tight budget. To phase the ISMS, this study suggests the priorities based on evaluating the Importance of 13 areas for the ISMS by the information security experts and then we attempt to see the difference between importance and investment through the assessment of the actual investment in each area. The research findings show that intrusion incident handling is most important and IT disaster recovery is the area that is invested the most. Then, information security areas with the considerable difference between priorities of importance and investment are cryptography control, information security policies, education and training on information security and personnel security. The study results are expected to be used in making a decision for the effective investment of information security when companies with a limited budget are considering to introduce ISMS or operating it.
Mobile Payment System Design with Transaction Certificate Mode
Sung, Soon-Hwa ; Ryou, Jae-Cheol ;
Journal of the Korea Institute of Information Security and Cryptology, volume 24, issue 5, 2014, Pages 931~939
DOI : 10.13089/JKIISC.2014.24.5.931
The Web or Mobile channel of previous Web access authentication system for a payment only provides the authentication of remote users, and does not provide the authentication between a user and a bank/financial institution. Therefore, this paper proposes the Transaction Certificate Mode(TCM) for a payment which can preserve the mutual authentication between a user and a bank/financial institution for Web-based payment systems. The proposed system has designed for wireless network instead of Secure Electronic Transaction (SET) designed for wired electronic transaction. In addition, this system with TCM is able to support an account-based transaction for wireless networks instead of a disadvantage of SET such as a card-based transaction for wired networks. Therefore, customers can check their balances without logging on their bank`s web site again due to mutual authentication between a customer and his bank/financial institution.
A Survey of applying Fully Homomorphic Encryption in the Cloud system
Kim, Sehwan ; Yoon, Hyunsoo ;
Journal of the Korea Institute of Information Security and Cryptology, volume 24, issue 5, 2014, Pages 941~949
DOI : 10.13089/JKIISC.2014.24.5.941
Demands for cloud computing service rapidly increased along with the expansion of supplying smart devices. Interest in cloud system has led to the question whether it is really safe. Due to the nature of cloud system, cloud service provider can get a user`s private information and disclose it. There is a large range of opinion on this issue and recently many researchers are looking into fully homomorphic encryption as a solution for this problem. Fully homomorphic encryption can permit arbitrary computation on encrypted data. Many security threats will disappear by using fully homomorphic encryption, because fully homomorphic encryption keeps the confidentiality. In this paper, we research possible security threats in cloud computing service and study on the application method of fully homomorphic encryption for cloud computing system.
An Empirical Study on the Obstacle Factors of ISMS Certification Using Exploratory Factor Analysis
Park, Kyeong-Tae ; Kim, Sehun ;
Journal of the Korea Institute of Information Security and Cryptology, volume 24, issue 5, 2014, Pages 951~959
DOI : 10.13089/JKIISC.2014.24.5.951
In the past few years, data leakage of information assets has become a prominent issue. According to the National Intelligence Service in South Korea, they found 375 cases of data leakage from 2003 to 2013, especially 49 of cases have been uncovered in 2013 alone. These criminals are increasing as time passes. Thus, it constitutes a reason for establishment and operation of ISMS (Information Security Management System) even for private enterprises. But to be ISMS certified, there are many exposed or unexposed barriers, moreover, sufficient amount of studies has not been conducted on the barriers of ISMS Certification. In this study, we analyse empirically through exploratory factor analysis (EFA) to find the obstacle factors of ISMS Certification. The result shows that there are six obstacle factors in ISMS Certification; Auditing difficulty and period, Consulting firm related, Certification precedence case and consulting qualification, Internal factor, CA reliability and auditing cost, Certification benefit.
Security Policy Proposals through PC Security Solution Log Analysis (Prevention Leakage of Personal Information)
Chae, Hyun Tak ; Lee, Sang-Jin ;
Journal of the Korea Institute of Information Security and Cryptology, volume 24, issue 5, 2014, Pages 961~968
DOI : 10.13089/JKIISC.2014.24.5.961
In order to prevent leakage of personal information by insiders a large number of companies install pc security solutions like DRM(Digital Right Management), DLP(Data Loss Prevention), Personal information filtering software steadily. However, despite these investments anomalies personal information occurred. To establish proper security policy before implementing pc security solutions, companies can prevent personal information leakage. Furthermore by analyzing the log from the solutions, companies verify the policies implemented effectively and modify security policies. In this paper, we define the required security solutions installed on PC to prevent disclosure of personal information in a variety of PC security solution, plan to integrate operations of the solutions in the blocking personal information leakage point of view and propose security policies through PC security solution log analysis.
Refining software vulnerbility Analysis under ISO/IEC 15408 and 18045
Im, Jae-Woo ;
Journal of the Korea Institute of Information Security and Cryptology, volume 24, issue 5, 2014, Pages 969~974
DOI : 10.13089/JKIISC.2014.24.5.969
CC (Common Criteria) requires collecting vulnerability information and analyzing them by using penetration testing for evaluating IT security products. Under the time limited circumstance, developers cannot help but apply vulnerability analysis at random to the products. Without the systematic vulnerability analysis, it is inevitable to get the diverse vulnerability analysis results depending on competence in vulnerability analysis of developers. It causes that the security quality of the products are different despite of the same level of security assurance. It is even worse for the other IT products that are not obliged to get the CC evaluation to be applied the vulnerability analysis. This study describes not only how to apply vulnerability taxonomy to IT security vulnerability but also how to manage security quality of IT security products practically.
A Study on Smishing Block of Android Platform Environment
Lee, Si-Young ; Kang, Hee-Soo ; Moon, Jong-Sub ;
Journal of the Korea Institute of Information Security and Cryptology, volume 24, issue 5, 2014, Pages 975~985
DOI : 10.13089/JKIISC.2014.24.5.975
As financial transactions with a smartphone has become increasing, a myriad of security threats have emerged against smartphones. Among the many types of security threats, Smishing has evolved to be more sophisticated and diverse in design. Therefore, financial institutions have recommended that users doesn`t install applications with setting of "Unknown sources" in the system settings menu and install application which detects Smishing. Unfortunately, these kind of methods come with their own limitations and they have not been very effective in handling Smishing. In this paper, we propose a systematic method to detect Smishing, in which the RIL(Radio Interface Layer) collects a text message received and then, checks if message databases stores text message in order to determine whether Smishing malware has been installed on the system. If found, a system call (also known as a hook) is used to block the outgoing text message generated by the malware. This scheme was found to be effective in preventing Smishing as found in our implementation.
A Study on Efficient Design of PUF-Based RFID Authentication Protocol
Byun, Jin Wook ;
Journal of the Korea Institute of Information Security and Cryptology, volume 24, issue 5, 2014, Pages 987~999
DOI : 10.13089/JKIISC.2014.24.5.987
A PUF is embedded and implemented into a tag or a device, and outputs a noise y with an input of x, based on its own unique physical characteristics. Although x is used multiple times as inputs of PUF, the PUF outputs slightly different noises, (
), and also the PUF has tamper-resistance property, hence it has been widely used in cryptographic protocol. In this paper, we study how to design a PUF-based RFID authentication protocol in a secure and an efficient way. Compared with recent schemes, the proposed scheme guarantees both authentication and privacy of backword/forward under the compromise of long-term secrets stored in tag. And also, the most cost and time-consumming procedure, key recovery algorithm used with PUF, has been desgined in the side of RFID reader, not in the tag, and, consequently, gives possibility to minimize costs for implementation and running time.
Analysis of Security Requirements on DCU and Development Protection Profile based on Common Criteria Version 3.1
Cho, Youngjun ; Kim, Sinkyu ;
Journal of the Korea Institute of Information Security and Cryptology, volume 24, issue 5, 2014, Pages 1001~1011
DOI : 10.13089/JKIISC.2014.24.5.1001
Smart Grid Devices could have security vulnerabilities that have legacy communication networks because of the fact that Smart Grid employs bi-directional communications and adopted a variety of communication interface. Consequently, it is required to build concrete response processes and to minimize the damage of the cyber attacks including security evaluation and certification methods. DCU is designed to collect meter data from numerous smart meter and send to utility`s server so DCU installed between smart meter and utility`s server. For this reason, If DCU compromised by attacker then attacker could use DCU to launching point for and attack on other devices. However, DCU`s security evaluation and certification techniques do not suffice to be deployed in smart grid infrastructure. This work development DCU protection profile based on CC, it is expected that provide some assistance to DCU manufacturer for development of DCU security target and to DCU operator for help safety management of DCU.
A Study on CPA Performance Enhancement using the PCA
Baek, Sang-Su ; Jang, Seung-Kyu ; Park, Aesun ; Han, Dong-Guk ; Ryou, Jae-Cheol ;
Journal of the Korea Institute of Information Security and Cryptology, volume 24, issue 5, 2014, Pages 1013~1022
DOI : 10.13089/JKIISC.2014.24.5.1013
Correlation Power Analysis (CPA) is a type of Side-Channel Analysis (SCA) that extracts the secret key using the correlation coefficient both side-channel information leakage by cryptography device and intermediate value of algorithms. Attack performance of the CPA is affected by noise and temporal synchronization of power consumption leaked. In the recent years, various researches about the signal processing have been presented to improve the performance of power analysis. Among these signal processing techniques, compression techniques of the signal based on Principal Component Analysis (PCA) has been presented. Selection of the principal components is an important issue in signal compression based on PCA. Because selection of the principal component will affect the performance of the analysis. In this paper, we present a method of selecting the principal component by using the correlation of the principal components and the power consumption is high and a CPA technique based on the principal component that utilizes the feature that the principal component has different. Also, we prove the performance of our method by carrying out the experiment.