Go to the main menu
Skip to content
Go to bottom
REFERENCE LINKING PLATFORM OF KOREA S&T JOURNALS
> Journal Vol & Issue
Journal of the Korea Institute of Information Security and Cryptology
Journal Basic Information
Journal DOI :
Korea Institutes of Information Security and Cryptology
Editor in Chief :
Volume & Issues
Volume 25, Issue 6 - Dec 2015
Volume 25, Issue 5 - Oct 2015
Volume 25, Issue 4 - Aug 2015
Volume 25, Issue 3 - Jun 2015
Volume 25, Issue 2 - Apr 2015
Volume 25, Issue 1 - Feb 2015
Selecting the target year
Virtual Credit Card Number Payment System with Stored Hash Value for Efficient Authentication
Park, Chan-Ho ; Kim, Gun-Woo ; Park, Chang-Seop ;
Journal of the Korea Institute of Information Security and Cryptology, volume 25, issue 1, 2015, Pages 5~15
DOI : 10.13089/JKIISC.2015.25.1.5
Electronic transactions have been increasing with the development of the high-speed Internet and wireless communication. However, in recent years financial corporations and mobile carriers were attacked by hackers. And large numbers of privacy information have been leaked. In particular, in the case of credit card information can be misused in the online transaction, and the damage of this given to cardholder. To prevent these problems, it has been proposed to use a virtual card number instead of the actual card number. But it has security vulnerability and requires additional security infrastructure. In this paper, we analyzed the proposed virtual card number schemes. and we propose a new virtual credit card number scheme. In the newly proposed scheme, cardholder generates a key pair (public key/private key) and pre-register public key to the issuer. then, cardholder can pay no additional security infrastructure while still efficiently satisfy the security requirements.
A Code Concealment Method using Java Reflection and Dynamic Loading in Android
Kim, Jiyun ; Go, Namhyeon ; Park, Yongsu ;
Journal of the Korea Institute of Information Security and Cryptology, volume 25, issue 1, 2015, Pages 17~30
DOI : 10.13089/JKIISC.2015.25.1.17
Unlike existing widely used bytecode-centric Android application code obfuscation methodology, our scheme in this paper makes encrypted file i.e. DEX file self-extracted arbitrary Android application. And then suggests a method regarding making the loader app to execute encrypted file's code after saving the file in arbitrary folder. Encrypted DEX file in the loader app includes original code and some of Manifest information to conceal event treatment information. Loader app's Manifest has original app's Manifest information except included information at encrypted DEX. Using our scheme, an attacker can make malicious code including obfuscated code to avoid anti-virus software at first. Secondly, Software developer can make an application with hidden main algorithm to protect copyright using suggestion technology. We implement prototype in Android 4.4.2(Kitkat) and check obfuscation capacity of malicious code at VirusTotal to show effectiveness.
Method of Fuzzing Document Application Based on Android Devices
Jo, Je-Gyeong ; Ryou, Jae-Cheol ;
Journal of the Korea Institute of Information Security and Cryptology, volume 25, issue 1, 2015, Pages 31~37
DOI : 10.13089/JKIISC.2015.25.1.31
As the forms of cyberattacks become diverse, there has been reported another case of exploiting vulnerabilities revealed while processing either a document or multimedia file that was distributed for attacking purpose, which would replace the traditional method of distributing malwares directly. The attack is based upon the observation that the softwares such as document editer or multimedia player may reveal inherent vulnerabilities on some specific inputs. The fuzzing methods that provide invalid random inputs for test purpose could discover such exploits. This paper suggests a new fuzzing method on document applications that could work in mobile environments, in order to resolve the drawback that the existing methods run only in PC environments. Our methods could effectively discover the exploits of mobile applications, and thus could be utilized as a means of dealing with APT attacks in mobile environments.
The Research for Digital Evidence Acquisition Procedure within a Full Disk Encryption Environment
Jang, Sung-Min ; Park, Jung-Heum ; Pak, Chan-Ung ; Lee, Sang-Jin ;
Journal of the Korea Institute of Information Security and Cryptology, volume 25, issue 1, 2015, Pages 39~48
DOI : 10.13089/JKIISC.2015.25.1.39
As a growing number of people are concerned about the protection of personal information, the use of encryption solution has been increased. In addition, with the end of support for Windows XP and the improvement of operating system, the use of the Full Disk Encryption solution like Bitlocker will be increased. Therefore, it is necessary to consider countermeasures against Full Disk Encryption for the future digital forensic investigation. This paper provides the digital evidence acquisition procedure that responds to the Full Disk Encryption environment and introduces the countermeasures and detection tool against Full Disk Encryption solutions that are widely used.
The Design of Remote Digital Evidence Acquisition System for Incident Response of Smart Grid Devices
Kang, SeongKu ; Kim, Sinkyu ;
Journal of the Korea Institute of Information Security and Cryptology, volume 25, issue 1, 2015, Pages 49~60
DOI : 10.13089/JKIISC.2015.25.1.49
Smart Grid devices are the major components of the Smart Grid. They collect and process a variety informations relating power services and support intelligent power services by exchanging informations with other SG devices or systems. However, If a SG device is attacked, the device can provide attack route to attacker and attacker can attack other SG devices or systems using the route. It may cause problem in power services. So, when cyber incident is happened, we need to acquire and examine digital evidence of SG device quickly to secure availability of SG. In this paper, we designed remote evidence acquisition system to acquire digital evidences from SG devices to response quickly to incidents of SG devices. To achieve this, we analyzed operating environment of SG devices and thought remote digital evidence acquisition system of SG devices will be more effective than remote digital evidence acquisition system targeted general IT devices. So, we introduce design method for SG devices remote evidence acquisition system considered operating environment of SG devices.
Study on security log visualization and security threat detection using RGB Palette
Lee, Dong-Gun ; Kim, Huy Kang ; Kim, Eunjin ;
Journal of the Korea Institute of Information Security and Cryptology, volume 25, issue 1, 2015, Pages 61~73
DOI : 10.13089/JKIISC.2015.25.1.61
In order to respond quickly to security threats that are increasing fast and variously, security control personnel needs to understand the threat of a massive amount of logs generated from security devices such as firewalls and IDS. However, due to the limitations of the information processing capability of humans, it takes a lot of time to analyze the vast amount of security logs. As a result, there is problem that the detection and response of security threats are delayed. Visualization technique is an effective way to solve this problem. This paper visualizes the security log using the RGB Palette, offering a quick and effective way to know whether the security threat is occurred. And it was applied empirically in VAST Challenge 2012 dataset.
A Study on Batch Auditing with Identification of Corrupted Cloud Storage in Multi-Cloud Environments
Shin, Sooyeon ; Kwon, Taekyoung ;
Journal of the Korea Institute of Information Security and Cryptology, volume 25, issue 1, 2015, Pages 75~82
DOI : 10.13089/JKIISC.2015.25.1.75
Recently, many public auditing schemes have been proposed to support public auditability that enables a third party auditor to verify the integrity of data stored in the remote cloud server. To improve the performance of the auditor, several public auditing schemes support batch auditing which allows the auditor to handle simultaneously multiple auditing delegations from different users. However, when even one data is corrupted, the batch auditing will fail and individual and repeated auditing processes will be required. It is difficult to identify the corrupted data from the proof in which distinct data blocks and authenticators of distinct users are intricately aggregated. In this paper, we extend a public auditing scheme of Wang et al. to support batch auditing for multi-cloud and multi-user. We propose an identification scheme of the corrupted cloud when the data of a single cloud is corrupted in the batch auditing of multi-cloud and multi-user.
Secure and Efficient Client-side Deduplication for Cloud Storage
Park, Kyungsu ; Eom, Ji Eun ; Park, Jeongsu ; Lee, Dong Hoon ;
Journal of the Korea Institute of Information Security and Cryptology, volume 25, issue 1, 2015, Pages 83~94
DOI : 10.13089/JKIISC.2015.25.1.83
Deduplication, which is a technique of eliminating redundant data by storing only a single copy of each data, provides clients and a cloud server with efficiency for managing stored data. Since the data is saved in untrusted public cloud server, however, both invasion of data privacy and data loss can be occurred. Over recent years, although many studies have been proposed secure deduplication schemes, there still remains both the security problems causing serious damages and inefficiency. In this paper, we propose secure and efficient client-side deduplication with Key-server based on Bellare et. al's scheme and challenge-response method. Furthermore, we point out potential risks of client-side deduplication and show that our scheme is secure against various attacks and provides high efficiency for uploading big size of data.
The security requirements suggestion based on cloud computing security threats for server virtualization system
Ma, Seung-Young ; Ju, Jung-Ho ; Moon, Jong-Sub ;
Journal of the Korea Institute of Information Security and Cryptology, volume 25, issue 1, 2015, Pages 95~105
DOI : 10.13089/JKIISC.2015.25.1.95
In this paper, we propose the security requirements for developing the security functions of server virtualization system. The security requirements are based on the security threats of server virtualization system, and we verified the validity by defending the security threats of server virtualization system. For inducting the security threats damaging server virtualization system from cloud computing security threats, we analyze and suggest the relations between security threats and security issue of server virtualization system.
Hacking Mail Profiling by Applying Case Based Reasoning
Park, Hyong-Su ; Kim, Huy-Kang ; Kim, Eun-Jin ;
Journal of the Korea Institute of Information Security and Cryptology, volume 25, issue 1, 2015, Pages 107~122
DOI : 10.13089/JKIISC.2015.25.1.107
Many defensive mechanisms have been evolved as new attack methods are developed. However, APT attacks using e-mail are still hard to detect and prevent. Recently, many organizations in the government sector or private sector have been hacked by malicious e-mail based APT attacks. In this paper, first, we built hacking e-mail database based on the real e-mail data which were used in attacks on the Korean government organizations in recent years. Then, we extracted features from the hacking e-mails for profiling them. We design a case vector that can describe the specific characteristics of hacking e-mails well. Finally, based on case based reasoning, we made an algorithm for retrieving the most similar case from the hacking e-mail database when a new hacking e-mail is found. As a result, hacking e-mails have common characteristics in several features such as geo-location information, and these features can be used for classifying benign e-mails and malicious e-mails. Furthermore, this proposed case based reasoning algorithm can be useful for making a decision to analyze suspicious e-mails.
Privacy Preserving Source Based Deduplication In Cloud Storage
Park, Cheolhee ; Hong, Dowon ; Seo, Changho ; Chang, Ku-Young ;
Journal of the Korea Institute of Information Security and Cryptology, volume 25, issue 1, 2015, Pages 123~132
DOI : 10.13089/JKIISC.2015.25.1.123
In cloud storage, processing the duplicated data, namely deduplication, is necessary technology to save storage space. Users who store sensitive data in remote storage want data be encrypted. However Cloud storage server do not detect duplication of conventionally encrypted data. To solve this problem, Convergent Encryption has been proposed. But it inherently have weakness due to brute-force attack. On the other hand, to save storage space as well as save bandwidths, client-side deduplication have been applied. Recently, various client-side deduplication technology has been proposed. However, this propositions still cannot solve the security problem. In this paper, we suggest a secure source-based deduplication technology, which encrypt data to ensure the confidentiality of sensitive data and apply proofs of ownership protocol to control access to the data, from curious cloud server and malicious user.
Effective Normalization Method for Fraud Detection Using a Decision Tree
Park, Jae Hoon ; Kim, Huy Kang ; Kim, Eunjin ;
Journal of the Korea Institute of Information Security and Cryptology, volume 25, issue 1, 2015, Pages 133~146
DOI : 10.13089/JKIISC.2015.25.1.133
Ever sophisticated e-finance fraud techniques have led to an increasing number of reported phishing incidents. Financial authorities, in response, have recommended that we enhance existing Fraud Detection Systems (FDS) of banks and other financial institutions. FDSs are systems designed to prevent e-finance accidents through real-time access and validity checks on client transactions. The effectiveness of an FDS depends largely on how fast it can analyze and detect abnormalities in large amounts of customer transaction data. In this study we detect fraudulent transaction patterns and establish detection rules through e-finance accident data analyses. Abnormalities are flagged by comparing individual client transaction patterns with client profiles, using the ruleset. We propose an effective flagging method that uses decision trees to normalize detection rules. In demonstration, we extracted customer usage patterns, customer profile informations and detection rules from the e-finance accident data of an actual domestic(Korean) bank. We then compared the results of our decision tree-normalized detection rules with the results of a sequential detection and confirmed the efficiency of our methods.
A study on the detection of DDoS attack using the IP Spoofing
Seo, Jung-Woo ; Lee, Sang-Jin ;
Journal of the Korea Institute of Information Security and Cryptology, volume 25, issue 1, 2015, Pages 147~153
DOI : 10.13089/JKIISC.2015.25.1.147
Since the DoS(Denial of Service) attack is still an important vulnerable element in many web service sites, sites including public institution should try their best in constructing defensive systems. Recently, DDoS(Distributed Denial of Service) has been raised by prompting mass network traffic that uses NTP's monlist function or DoS attack has been made related to the DNS infrastructure which is impossible for direct defense. For instance, in June 2013, there has been an outbreak of an infringement accident where Computing and Information Agency was the target. There was a DNS application DoS attack which made the public institution's Information System impossible to run its normal services. Like this, since there is a high possibility in having an extensive damage due to the characteristics of DDoS in attacking unspecific information service and not being limited to a particular information system, efforts have to be made in order to minimize cyber threats. This thesis proposes a method for using TTL (Time To Live) value in IP header to detect DDoS attack with IP spoofing, which occurs when data is transmitted under the agreed regulation between the international and domestic information system.
Information Dispersal Algorithm and Proof of Ownership for Data Deduplication in Dispersed Storage Systems
Shin, Youngjoo ;
Journal of the Korea Institute of Information Security and Cryptology, volume 25, issue 1, 2015, Pages 155~164
DOI : 10.13089/JKIISC.2015.25.1.155
Information dispersal algorithm guarantees high availability and confidentiality for data and is one of the useful solutions for faulty and untrusted dispersed storage systems such as cloud storages. As the amount of data stored in storage systems increases, data deduplication which allows to save IT resources is now being considered as the most promising technology. Hence, it is necessary to study on an information dispersal algorithm that supports data deduplication. In this paper, we propose an information dispersal algorithm and proof of ownership for client-side data deduplication in the dispersed storage systems. The proposed solutions allow to save the network bandwidth as well as the storage space while giving robust security guarantee against untrusted storage servers and malicious clients.
An integrated approach for identity and access management for efficient administrative work
Park, Byung-Eon ; Yang, Jaesoo ; Cho, Seong-Je ;
Journal of the Korea Institute of Information Security and Cryptology, volume 25, issue 1, 2015, Pages 165~172
DOI : 10.13089/JKIISC.2015.25.1.165
Recently large amounts of customer information has leaked ranging from public institutions to the large-scale of portals, and similar information leakage incidents owing to the absence of personal information management have subsequently occurred. Therefore, the security infrastructure in which leakage of internal data can be blocked fundamentally is emerging as a key issue. An integrated identity and access management architecture which performs user access and its rights management, authentication and audit of the business systems is more important to improve the efficiency of business. In addition, this approach is emerging as a safe and effective ways for identity and access rights management. In this paper, we analyze how an integrated approach for identity and access management to improve the efficiency of the computational work and to strengthen the security in local government administration should be constructed, and proposed the preferred solution.
A Study on the Countermeasures for Prevention of Opening a Fraud Account
Kim, Chang Woo ; Yoon, Ji Won ;
Journal of the Korea Institute of Information Security and Cryptology, volume 25, issue 1, 2015, Pages 173~179
DOI : 10.13089/JKIISC.2015.25.1.173
Financial fraud such as phishing have passed several years from the occurrence, in spite of the widely known through the media, regardless of the social status or age, financial fraud has occurred on an ongoing basis, the damage is not reduced. The fraud account, the person who made the account, the user is different, it is possible to avoid tracking financial channel, and is used as a receiving means for fraud money of various crimes. Efforts of financial institutions and financial supervisory institutions, it has been promoted by preparing various measures for the eradication of fraud account so far been used as a means of financial crime, the proliferation of financial fraud, opening and distribution of fraud account is a receiving means for fraud money are also increasing continuously, it is necessary to take countermeasures. In spite of the continuous crackdown of financial institutions and financial supervisory institutions, it is causing serious damage to society, analyzes the current situation of fraud account, to present an effective and aggressive countermeasure of financial institutions in this paper.
Study of effectiveness for the network separation policy of financial companies
Cho, Byeong-Joo ; Yun, Jang-Ho ; Lee, Kyeong-Ho ;
Journal of the Korea Institute of Information Security and Cryptology, volume 25, issue 1, 2015, Pages 181~195
DOI : 10.13089/JKIISC.2015.25.1.181
Financial industries have operated internal and external network with an unified system for continual business process of customers and other organizations in the past. The financial supervising authority requires more technical and managerial protecting policy to financial industries related to the exposure as danger of external attacks or information leakage. Financial industries performed network separation into internal business and external internet networks for protecting IT assets from malware infection accessing internet or hacking attacks and prohibiting leakage of customers' personal and financial information following financial supervising authority and redefine security policy to fit on network separated-condition. In this study, effectiveness for network separation policy was examined on malware inflow and verified that malware inflow in all routes can be blocked by the policy with analyzing operration data of a financial company, estimating network separation. Result of this study proves that malware infection route by portable storages was not completely blocked even on adapting network-separated condition. As a solution for this, efficient security policy would be suggested in this paper as controlling portable storages for maximizing effectiveness of network separation.
Study the role of information security personnel have on an organization's information security level
Choi, Dong-Keun ; Song, Mi-Sun ; Im, Jong In ; Lee, Kyung-Ho ;
Journal of the Korea Institute of Information Security and Cryptology, volume 25, issue 1, 2015, Pages 197~209
DOI : 10.13089/JKIISC.2015.25.1.197
The issue of information security within an organization began to be recognized as risk of the organization. Because of this, not only ISO(Information Security Officer) but an executive or CEO were forced to resign. In addition, it brought about heavy financial damage to the company and made the company difficult to restore trust to customers. At a time when inadvertent disclosure of personal information has become accepted as a matter of survival because of having a bad effect within an organization, how the information security specialist causes influence on information protection level of the organization. For these reasons, targeting the information security specialists of various industry sectors, we'll analyse how task performance rate of the information security specialist within an organization cause influence to the information security level. The goal of this study is for the company to raise the task proportion of information security specialist and to improve the information protection level of the organization.
Study on Disaster Recovery Efficiency of Terminal PC in Financial Company
Yi, Seung-Chul ; Yoon, Joon-Seob ; Lee, Kyung-Ho ;
Journal of the Korea Institute of Information Security and Cryptology, volume 25, issue 1, 2015, Pages 211~224
DOI : 10.13089/JKIISC.2015.25.1.211
Financial companies have invested a lot in their disaster recovery system and exercised training more than once a year to comply related laws and regulations. But massive PCs(Personal Computers) became disrupted simultaneously and it took a lot of time to recover massive PCs concurrently when March 20 cyber attack occurred. So, it was impossible to meet the tartgeted business continuity level. It was because the importance of PC recovery was neglected compared to other disaster recovery areas. This study suggests the measure to recover massive branch terminal PCs of financial companies simultaneously in cost-effective way utilizing the existing technology and tests recovery time. It means that in the event of disaster financial companies could recover branch terminal PCs in 3 hours which is recommended recovery time by regulatory body. Other financial companies operating similar type and volume of branches would refer to the recovery structure and method proposed by this study.
A Study on Decision Making Process of System Access Management
Cho, Young-Seok ; Im, Jong-In ; Lee, Kyung-Ho ;
Journal of the Korea Institute of Information Security and Cryptology, volume 25, issue 1, 2015, Pages 225~235
DOI : 10.13089/JKIISC.2015.25.1.225
Recently, the administration and supervision of Information Security Certification and Security Inspection has been enforced but information leakage and security accidents by insiders are increasing consistently. The security accidents by insiders ran to 21% in 2010, by the 2011 Cyber Security Watch Survey. The problem is that immediate recognition is difficult and stopgap measure is mostly adopted without company's external notice apprehensive for cost increase or credit drop in case of internal security accidents. In the paper, we conducted the regression study on security access management then proposed the standard process available for other systems and businesses sites. It can be very useful for many companies to investigate, analyze and improve the problem of security management conveniently.