Earticle

Bitcoin’s core security requires honest participants to control at least 51% of the total hash power. However, it has been shown that several techniques can exploit the fair mining in the Bitcoin network. This study focuses on selfish mining, which is based on the idea, ”keeping blocks secret.” Herein, we analyze selfish mining regarding competition between mining pools. We emphasize that mining-related information is shared between mining pools and participants. Based on shared information about selfish mining, we have developed an effective and practical counter strategy.

Recently, a malware is growing rapidly and the number of malware applies various techniques to protect itself from the anti-virus solution detection. The reason of this phenomenon is that a longer resident on an infected host guarantees the more profit. As a result, these many protection techniques are applied to a malware, a representative of those is a Packing. It is not an exaggeration that most of the malware currently is distributed. In other words, a packer is widely used for a malware protection. Therefore analysts must determine whether the malware was packed or not and if the malware is packed, what packer is used, before an analysis of the malware. For these procedures, some packer detection tools were released and used. But, the detection performance is not good and there is some false positive and false negative. Therefore we propose a signature generation method that is based on an unpacking process and algorithm in this paper. And we offer the packer detection experiment result using the proposed packer detection signature generation method.

Recently, a malware is growing rapidly and the number of malware applies various techniques to protect itself from the anti-virus solution detection. The reason of this phenomenon is that a longer resident on an infected host guarantees the more profit. As a result, these many protection techniques are applied to a malware, a representative of those is a Packing. It is not an exaggeration that most of the malware currently is distributed. In other words, a packer is widely used for a malware protection. Therefore analysts must determine whether the malware was packed or not and if the malware is packed, what packer is used, before an analysis of the malware. For these procedures, some packer detection tools were released and used. But, the detection performance is not good and there is some false positive and false negative. Therefore we propose a signature generation method that is based on an unpacking process and algorithm in this paper. And we offer the packer detection experiment result using the proposed packer detection signature generation method.

Authentication of communicating entities and confidentiality of transmitted data are fundamental procedures to establish secure communications over public insecure networks. Recently, many researchers proposed a variety of authentication schemes to confirm legitimate users. Among the authentication schemes, a one-time password authentication scheme requires less computation and considers the limitations of mobile devices. The purpose of a one-time password authentication is to make it more difficult to gain unauthorized access to restricted resources. This paper discusses the security of Kuo-Lee's one-time password authentication scheme. Kuo-Lee proposed to solve the security problem based on Tsuji-Shimizu's one-time password authentication scheme. It was claimed that their proposed scheme could withstand a replay attack, a theft attack and a modification attack. Therefore, the attacker cannot successfully impersonate the user to log into the system. However, contrary to the claim, Kuo-Lee's scheme does not achieve its main security goal to authenticate communicating entities. We show that Kuo-Lee's scheme is still insecure under a modification attack, a replay attack and an impersonation attack, in which any attacker can violate the authentication goal of the scheme without intercepting any transmitted message. We also propose a scheme that resolves the security flaws found in Kuo-Lee's scheme.

본 연구는 국내용 공통평가기준(Common Criteria, CC) 및 한국형 암호모듈 검증 프로그램(Korean Cryptographic Module Validation Program, KCMVP) 등 다양한 사이버보안 분야의 평가 표준 및 프로그램의 평가 증거물을 K-RMF 내에서 재사용할 수 있는 방안을 제안한다. K-RMF는 미 국방성 및 NIST의 RMF를 바탕으로 개발되어 현재 군 조직 전반에 걸쳐 적용되는 지시이다. 미국 RMF의 경우 호혜성의 원칙을 강조하며 CC, CMVP 등 타 평가 체계의 평가 증거물을 재사용할 수 있도록 권고하고 있다. 하지만, 국내의 경우 이러한 호혜성 원칙이 존재하지 않아 평가 증거물을 준비하는 개발자의 부담이 가중된다. 본 연구는 이러한 부담을 완화하기 위해 미국의 RMF에서 강조하는 호혜성의 원칙을 국내에서도 적용하고자 한다. K-RMF를 비롯한 국내 평가 표준 및 프로그램 간의 상관관계를 분석하여 국내용 CC의 보안 목표서 및 KCMVP의 보안 정책 문서와 같은 평가 증거물의 K-RMF 내 재사용 방안을 제시한다.

This study proposes a method for reusing evaluation evidence from various cybersecurity assessment standards and programs, such as the domestic Common Criteria (CC) and the Korean Cryptographic Module Validation Program(KCMVP), within the K-RMF. The K-RMF was developed by benchmarking the U.S. RMF and is currently a directive applied across all military organizations. The U.S. RMF emphasizes the principle of reciprocity and recommends allowing the reuse of evaluation evidence from other evaluation frameworks, such as CC and CMVP. However, in Korea, this principle of reciprocity does not exist, increasing the burden on developers preparing evaluation evidence. This study aims to mitigate this burden by applying the principle of reciprocity within the domestic context. Specifically, by analyzing the correlation between domestic evaluation standards and programs, it proposes a method to reuse key evaluation evidence, such as Security Target from CC and security policy from KCMVP, within the K-RMF.

공급망 위험 관리는 생산자로부터 최종 소비자에게까지 제품이 전달되는 과정에 존재하는 위험을 관리하여 최종 소비자가 요구하는 제품을 안전하게 사용할 수 있게 하는 활동이다. 소프트웨어 산업의 공급망에 대한 공격은 다른 산업분야에 비해 손쉽게 수행될 수 있으며 그 영향이 빠르게 확산될 수 있다. 소프트웨어 공급망에 존재하는 위험을 관리하기 위해 미국의 NIST를 비롯한 다양한 기관에서 소프트웨어 공급망 위험 관리 프레임워크를 운영하고 있다. 본 연구에서는 소프트웨어 공급망 위험 관리에 관한 프레임워크와 기존 연구를 분석하고, 이를 바탕으로 한국 군 환경에 적합한 소프트웨어 공급망 위험 관리 프레임워크를 제안한다. 또한, 사례 연구를 수행하고 그 결과에 대해 군 내 사이버 위험 관리 관련 직위에 근무하는 인원과 방산업체 종사자를 대상으로 의견을 수렴하여 제안된 프레임워크의 적절성과 실제 적용 가능성을 검증한다.

Supply Chain Risk Management(SCRM) involves managing the risks that exist throughout the process of delivering products from producers to end consumers, ensuring that the products meet the consumers' requirements safely. In the software domain, attacks on the supply chain can be carried out more easily compared to other industries, and their impact can spread rapidly. To manage the risks present in the supply chain, various organizations, including the U.S. National Institute of Standards and Technology(NIST), and other nations operate SCRM frameworks. This study analyzes existing frameworks and research on SCRM and proposes a framework suitable for the Korean military environment. Additionally, a case study is conducted and feedback is gathered from employees working in cyber risk management positions within the military and defense industry professionals to assess the appropriateness and practical applicability of the proposed framework.

그룹 키 동의 프로토콜은 일련의 그룹을 형성하는 다수의 통신 참여자들이 공개된 통신망을 통해 안전하고 효율적인 방법으로 그룹의 세션키를 설정하기 위한 목적으로 설계된다. 하지만, 기존에 제안된 그룹 키 동의 프로토콜들은 모두 상당한 양의 통신 부하를 유발하기 때문에 전송 지연이 긴 WAN 환경에는 적합하지 않다. 이러한 네트워크 환경에서는 특히 라운드 복잡도와 메시지 복잡도가 프로토콜의 수행 시간을 결정하는 핵심 요소들로서, 무엇보다 이들을 줄이는 것이 효율적인 그룹 키 동의 프로토콜의 설계를 위해 중요하다고 할 수 있다. 따라서 본 논문에서는 라운드 수와 메시지 수 측면에서 효율적인 그룹 키 동의 프로토콜을 제안하고, 이의 안전성을 소인수 분해 문제에 기반 하여 랜덤 오라클 모델에서 증명한다. 제안된 프로토콜은 완전한 전방향 안전성과 최적의 메시지 복잡도를 제공하면서도 상수 라운드만에 그룹멤버의 변경에 따른 세션키 갱신을 수행한다.

Group key agreement protocols are designed to solve the fundamental problem of securely establishing a session key among a group of parties communicating over a public channel. Although a number of protocols have been proposed to solve this problem over the years, they are not well suited for a high-delay wide area network; their communication overhead is significant in terms of the number of communication rounds or the number of exchanged messages, both of which are recognized as the dominant factors that slow down group key agreement over a networking environment with high communication latency. In this paper we present a communication-efficient group key agreement protocol and prove its security in the random oracle model under the factoring assumption. The proposed protocol provides perfect forward secrecy and requires only a constant number of communication rounds for my of group rekeying operations, while achieving optimal message complexity.