(A) method of detecting abnormal malicious remote control codes using network domain information

오형근 Graduate School of Information Managemetn & Securi 2013 국내박사

DDoS in 2009, Hyundai Capital hacking in 2011, 34 DDos, Nonghyub hacking, SK Communications personal information leak, etc. Especially these attacks have a form of APT(Advanced Persistant Threats) attacks have evolved which is making previous information security programs hard to detect. The Nonghyub hacking incident has proved that APT attacks can be used on information systems which are not linked to the network. To correspond to these attacks, various APT attack solutions are being developed. Also, malicious code detection and analysis are being enhanced and are becoming real time. However, these methods are still not able to detect new forms of attacks. Therefore, this thesis proposes a method to detect abnormal malicious code attacks not using the previous behavior analysis method but by using a new method of based on network address information(This system will be called ANIO-Address based Network I/O analysis in this thesis). Previous behavior analysis methods made to analyze a huge amount of event logs which leaded to problems such as false positives. However, the method proposed in this thesis uses the addresses of the two systems to extract more information which is used to judge if this is a normal connection or not. For example, if a computer of the Korean government connects to a small size internet shopping mall in China, this will be judged as an abnormal connection and the connection will be terminated. When using the proposed method, if a system receives a malicious behavior command or starts to download a malicious code from a C&C server or a hacking area, the system will judge if there is a problem with the connection if so it will terminate the connection to prevent attacks. In the simulation chapter of this thesis we will use the ANIO to show how two connections will be terminated or be admitted.

Effects of attitude direction indicator and reference frame on unusual attitude recoveries for UAV

이봉근 Graduate School of Information Managemetn & Securi 2013 국내박사

The objectives of this study were to examine the combination effects of the attitude direction indicator (ADI) formats and the two reference frames, moving-horizon (MH) and moving-aircraft (MA) on unusual attitude recovery performance. Three ADI display formats were examined: (a) conventional (CON); (b) perspective-view aircraft symbol (PAS), which replaced the conventional miniature aircraft symbol with a pictorial moving aircraft symbol; and (c) command (CMD), which presented the appropriate direction for recovery using the pitch and/or roll arrow. Twenty-two participants, consisted of 10 unmanned aircraft operators, 12 non-operators, performed a series of trials in a low-fidelity ADI simulator in which they attempted to recover from a series of unusual attitudes. The results revealed that the combination effect differed according to ADI display format. The command display expedited the initiation of the roll input regardless of the reference frame. The conventional display showed better performance in the MA reference frame. The PAS display demonstrated the improvement of total recovery time and pitch input time of non-operator participants in the MA reference frame.

(A) generic multimedia content partial encryption scheme for mobile devices

정은수 Graduate School of Information Managemetn & Securi 2013 국내박사

Nowadays, mobile devices are being used commonly in our daily lives to watch movies, listen to music titles, and appreciate image contents. However, service providers and their users suffer from severe battery consumption and delayed responsiveness when content is encrypted with traditional full encryption methods on mobile devices. In this paper, we introduced a generic mobile-optimized partial encryption scheme. Its primary goal is to design a generic partial encryption algorithm for downloadable and real-time streaming contents, and also to facilitate a trade-off between minimizing the encryption/decryption overhead and providing sufficient DRM securability for service providers. Efficient partial encryption algorithm enables low power consumption and quick response for content playback. We evaluated the effectiveness of the proposed scheme through performance experiments. The scheme also guarantees for both perception security and cryptographic security. We also evaluated the efficacy of our proposed scheme by applying it to real-world multimedia content (video/audio/image). The results of our experiments indicated that encrypting only a small portion (about 2.5%) of video content can effectively impose DRM restriction on the content. In case of audio content, the encryption effect appeared as expected according to the parameters q (encryption frequency) and l (encryption ratio in a frame). In case of MP3 content, partial encryption effect was viewed consistently according to the encryption level. The image content quality was determined by the parameter l. With image encryption, about 10% encryption of the content could implement obfuscativity. This scheme significantly reduced the decryption overhead on low-power mobile devices. In the smart phone environment, the time overhead during decryption was less than 5% of on-the-fly decoding time and the power overhead was reduced by up to 94.5%, compared to the traditional full encryption schemes.

Generalized differential fault analysis on block ciphers and its applications

이유섭 Graduate School of Information Managemetn & Securi 2013 국내박사

Block cipher is the most prominent and important element in many cryptographic systems and it provides confidentiality for data transmitted in insecure communication environments. It can also be used to constrict other secret-key cryptographic primitives, such as hash functions, pseudorandom number generators, message authentication codes (MACs), stream ciphers. The security of block ciphers is the well-researched subject. The traditional cryptanalysis on block ciphers such as differential cryptanalysis and linear cryptanalysis focus on the weakness of the target block ciphers. However, the results of the traditional cryptanalysis on block ciphers are often impractical. Contrastively a side-channel analysis is based on the information gained from physical implementation of them; power consumptions, timing information and input-output behavior under malfunctions. A differential fault analysis is one of the powerful side-channel analysis on block ciphers. It is possible to reveal the secret key of the various block cipher within a practical complexity if the implementation of it does not protected fault injections. This thesis, we study differential fault analysis on block ciphers and introduce a generalized differential fault analysis on block ciphers. The main contributions of this thesis are as follows. • Differential fault analysis on HIGHT – We propose differential fault attack on HIGHT. The proposed attack can recover the 128-bit secret key with more than 4 faulty ciphertexts. Our attack has O(2^{32}) computational complexity and O(2^{32}) memory complexity. This result is the first known differential fault analysis on HIGHT. • Improved differential fault analysis on block cipher SEED – We propose improved differential fault attacks on SEED. In our attack, an attacker can induce 1-byte random fault to input registers of the second G function in the target round. By using 4, 6 fault injections, the proposed attacks can recover the secret key of SEED-128/192 within a few minutes, respectively. In case of SEED-256, we can recover the 4 consecutive round key with 8 fault injections. These are superior to known differential fault analysis on them. • Improved differential fault analysis on block cipher PRESENT – We propose improved differential fault attacks on PRESENT. To recover the 80/128-bit secret keys of PRESENT-80/128, our attacks require only two(three) fault injections and an exhaustive search of 1.7(2^{22.3}), respectively. These are superior to known differential fault analysis on them. • Generalized differential fault analysis on block ciphers – We propose generalized differential fault analysis on SPN block ciphers. First, we adopt a differential equations which consist of some conditions of differences and a set of round key bits. Then we introduce how to construct the differential equations and to determine computational complexity and the number of fault injections by using differential equations. Finally, we show that our method can be applied to Feistel block ciphers where the round function is invertible. • Efficient differential fault analysis on block cipher ARIA with small number of fault injections. – We propose efficient differential fault attacks on ARIA using the proposed method. Based on random byte fault model, our attacks can recover the secret key of ARIA-128/192/256 by using 6 fault injections within a few minutes. Moreover, in cases of ARIA-128 and ARIA-256, it is possible to recover the secret key using only 4 fault injections under a fault assumption where an attacker can induce some faults during both encryption and decryption process, respectively. Our results on ARIA-192/256 are the first known differential fault analysis on them.

Vacant technology forecasting using patent analysis

전성해 Graduate School of Information Managemetn & Securi 2013 국내박사

We study patent analysis for vacant technology forecasting in this dissertation. Technology forecasting (TF) is to predict future trend and state of a technology. Also, vacant technology forecasting is to find vacant area of target technology that will be needed in the future. So, vacant technology forecasting is important issue in management of technology (MOT). In this study, we analyze patent data to construct predictive model for vacant technology forecasting because patent has valuable information of developed technology. We propose three patent analysis models, which are patent clustering, international patent classification (IPC) code analysis, and technology networking for vacant technology forecasting. Traditional methods of technology forecasting such as Delphi have been based on expert’s knowledge, and the results by these methods were subjective and fluctuating. So, we need more objective approach to TF. We study quantitative patent analysis as objective method for technology forecasting and apply our model to vacant technology forecasting. TF is an important R&D policy issue for both company and government. Vacant technology forecasting is one of the key technological planning methods for improving the competitive power of firms and governments. In general, a forecasting process is facilitated subjectively based on the researcher’s knowledge, resulting in unstable TF performance. In this dissertation, we forecast the vacant technology areas in target technology field by analyzing patent documents and employed the proposed methods to forecast vacant technology areas in MOT. We will perform three case studies to show how our proposed approaches could be applied in real problem.

Transmission-efficient broadcast encryption scheme with personalized messages

한진호 Graduate School of Information Managemetn & Securi 2013 국내박사

Broadcast encryption scheme with personalized messages (BEPM) is a new primitive that allows a broadcaster to encrypt both a common message and individual messages. BEPM is necessary in applications where individual messages include information related to user’s privacy. Recently, Fujii et al. suggested a BEPM that is extended from a public key broadcast encryption(PKBE) scheme by Boneh, Gentry, and Waters. In this thesis, the first result is a new BEPM that has O(|R|) transmissionefficiency, while preserving O(1) user storage cost. This construction is based on a PKBE scheme suggested by Park, Kim, Sung, and Lee, which is also considered as being one of the best PKBE schemes. It is pointed out that Conditional Access System using Fujii et al.’s BEPM should be modified in a way that decryption algorithm takes as input public key as well. It is showed that performance analysis should be done depending on whether the public key is transmitted along with ciphertext or stored into user’s device. It is considered that all user’s public key cannot be stored in each user’s device like a smartphone which has small storage capacity. Secondly a grouping enabled BEPM is proposed. With this scheme a sender is able to send a certain message to subgroup of receivers. Given a constant u which is the number of subgroup, this grouping enabled BEPM is constructed with addition u elements to public key PK, private key di and header Hdr and this scheme still preserves O(|S|) transmission cost and O(1) user storage cost. Thirdly, a fully secure BEPM is proposed for the first time using dual system encryption. This scheme is full-ID secure under the simple assumption. When the broadcasters want to send the individual information, they need more secure encryption system for protecting user’s privacy which becomes more important than before.

One-class classification-based control charts for multivariate process monitoring and diagnosis

Tuerhong, Gulanbaier Graduate School of Information Managemetn & Securi 2013 국내박사

The objective of this dissertation is to develop novel nonparametric control charts that can efficiently and effectively monitor multivariate processes through their integration with one-class classification algorithms. Statistical process control (SPC) provides a set of statistical tools to reduce process variations. A control chart is the most widely used SPC tool because it is not only based on fundamental statistical theory, but also because of its user-friendly graphical display of the behavior of a quality output. Traditional SPC techniques are challenged by the large volume of complex data encountered in many modern industries. To relax the limitations, data mining algorithms can be integrated with SPC approaches, because of their proven capabilities to resolve challenging problems in SPC. In particular, one-class classification algorithms, which are one type of these proven data mining algorithms, can be directly integrated with control charts because both assume only in-control target data are available to measure the degree of abnormality of an in-coming unclassified observation. This dissertation has three main parts. First, we propose a novel nonparametric multivariate control chart, called the hybrid novelty score (HNS)-based chart that integrates novelty score algorithms with control charts. The monitoring statistics of the HNS charts are calculated based on novelty score algorithms. The control limits of the HNS charts are determined by a bootstrap percentile technique. Second, we present a comparative study of various novelty score-based multivariate control charts through vigorous simulation study under various scenarios. The monitoring statistics are obtained from various novelty score algorithms. The control limits are estimated via a percentile bootstrap technique. Third, we propose a novel multivariate control chart based on Gower distance that can efficiently handle the processes characterized by high-dimensional and mixture of continuous and categorical data.

mPrescription : secure and pactical mobile prescription in mobile telemedicine

최원석 Graduate School of Information Managemetn & Securi 2013 국내석사

Since mobile devices are developed quickly, many applications are appearing with mobile devices such as Smart phone and Table PC. One of emerging applications is Mobile Telemedicine supported by mobile devices. We expect that Mobile Telemedicine provides a patient, under dicult environments to get medical care, with convenient medical service beyond limits of time and space. Furthermore, after medical examination or treatment using Mobile Telemedicine, How to prescribe the patient is important. With managing medical records electronically, the prescription is also changed to be electronic-based. The electronic prescription has many benefits, but it has other problem related on patients security and privacy. In this paper, we describe a system model to issue mPrescription (mobile prescription) after Mobile Telemedicine and propose a scheme to protect patients security and privacy.

Modelling foot movement in car following situation : linear vs. Angular foot fitts' law

박재은 Graduate School of Information Managemetn & Securi 2013 국내석사

The foot module in the ACT-R cognitive architecture was enhanced in order to present the differences of brake reaction time with surprise and normal situation. Angular and linear foot Fitts’ laws were used to develop the foot module. ACT-R driver model adapting the foot module was well matched and highly correlated with the results from Mehmood & Easa (2009). It is strongly proposed that the ACT-R driver model in this study can be applied to evaluate the rear-end collision warning system in vehicles and the roadway design with less cost in the early stage of system development.

Global supply chain management using business risk re-alignment via the change of the transfer pricing methodology

안상민 Graduate School of Information Managemetn & Securi 2013 국내석사

Traditionally, Supply Chain Management (SCM) indicates a strategy enabling an enterprise to achieve optimization of stock level and reduction of lead time through application of information technology. However, such traditional SCM strategy is in contemporary business world required to reflect business economics aspects such as accounting and taxation in order for the enterprise to enjoy maximum benefits. This paper proposes a framework and methodology for optimal profit allocation to participants of multinational enterprises' global supply chain through re-alignment of certain risks assumed by each participant using financial engineering methods.