• Journal of Digital Convergence
• /
• v.12 no.5
• /
• pp.231-238
• /
• 2014

Graphical passwords using images have been developed to solve problems in text based password recognition. The basic recognition process scheme of graphical passwords is clicking certain points on the screen image in correct order. In this pre-developed method of graphical passwords the recognition will fail if the precise positions are not clicked. A new graphical password system called PassPositions is introduced in this paper. PassPositions is a new graphical password scheme which is using relative positions never used earlier graphical password schemes. PassPositions is a graphical password scheme based on universal design that everybody can use conveniently without regarding their physical conditions.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.12 no.5
• /
• pp.915-922
• /
• 2017

The rapid increase in users of mobile smart devices has greatly expanded their range of activities. Compare to conventional mobile devices, smart devices have higher security requirements because they manage and use various kind of confidential information of the owners. However, the cation schemes provided by conventional smart devices are vulnerable to recent attacks such as shoulder surfing, recording, and smudge attacks, which are the social engineering attacks among the types of security attacks targeting the smart devices. In this paper, we propose a novel authentication method that is robust against social engineering attacks but sufficiently considering user's convenience. The proposed method is robust by using combination of a graphical authentication method and a text-based authentication method. Furthermore, our method is easier to memorize the password compare to the conventional graphical authentication methods.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2021.05a
• /
• pp.117-119
• /
• 2021

In this paper, the strengths and weaknesses of each type of personal authentication system are examined and the development direction of the personal authentication system is presented. Currently, the personal authentication system commonly used is a text-based password system. However, most of the current text-based password systems are weak in usability and security. In order to solve this problems a personal authentication system that can replace the text-based password system is required. In this paper, we take the recently developed graphical password system as an example to find the conditions and possibilities to replace the text-based password system, and present the development direction of the personal authentication system.

• Review of KIISC
• /
• v.20 no.6
• /
• pp.43-50
• /
• 2010

병렬처리를 이용한 GPU(그래픽 프로세싱 유닛)의 연산 능력이 날이 갈수록 고속화됨에 따라 GPU에 대한 관심이 높아지고 있다. GPU는 다중 쓰레드 처리가 가능하도록 CPU보다 수십 배 많은 멀티코어로 구성되어 있으며 이 각각의 코어는 맹렬 프로그래밍이 가능하도록 처리 결과를 공유할 수 있다. 최근 해외에서 이러한 GPU의 연산 능력을 이용한 해쉬인증 공격의 효과가 다수 입증되었으며 패스워드 기반의 인증 방식이 보편화 되어있는 국내에서도 GPU를 이용한 인증 공격이 시도되고 있다. 본 논문에서는 국내 금융권에서 사용되고 있는 공인인증서의 개인키 복호화 과정을 GPU내에서 고속 수행이 가능하도록 개선하고, 이를 바탕으로 패스워드 무차별 대입 공격을 시도하여 공인 인증서에 사용되는 패스워드가 보안의 안전지대만이 아님을 보인다. 또한 날로 발전하는 하드웨어의 연산속도에 맞추어 공인인증서 등에 보편적으로 사용되는 패스워드 정책의 개선 방안을 제시한다.

• Journal of the Korea Convergence Society
• /
• v.10 no.12
• /
• pp.63-69
• /
• 2019

Using a smartphone allows quick and easy authentication and payment. However, smartphone security threats are evolving into a variety of new hacking technologies, and are changing to attacks specific to the mobile environment. Therefore, there is a demand for an authentication method suitable for a mobile environment. In order to solve security weaknesses in knowledge-based authentication, many companies provide two-step authentication services such as OTP(One Time Password) to provide authentication services such as finance, games, and login. Although OTP service is easy to use, it is easy to duplicate random number table and has a disadvantage that can be reused because it is used as valid value within time limit. In this paper, we propose a mechanism that enables users to quickly and easily authenticate with high security using the authentication method that recognizes special characters through smartphone's dedicated application.

• Proceedings of the Korea Multimedia Society Conference
• /
• 2001.11a
• /
• pp.441-446
• /
• 2001

본 논문에서는 다중 사용자간의 상호 작용과 공동 작업을 가능하게 하는 3차원 그래픽 기반의 가상 현실 시스템 모듈의 설계에 관하여 제안하였다. 본 논문에서 제안하는 시스템은 3차원 가상 공간을 기반으로 하여 네트워크를 통한 다중 사용자의 참여와 참여자간의 인터렉션을 가능하게 하는 기반 시스템이라고 할 수 있다. 본 시스템은 클라이언트-서버 모델을 기본으로 하여 구성되었으며, 인증/보안, 분산 처리, 데이터베이스, 객체와 지역관리, 전송 데이터 압축, 동적인 Scene Graph 구성 등 여러 가지 세부 모듈이 복합적으로 사용되었다. 개발된 시스템은 3차원 가상 공간상에서 자신의 아바타를 자유롭게 조작, 네비게이션할 수 있으며, 다른 사용자들의 움직임을 실시간으로 관찰할 수 있다. 향후, 시스템에 여러 가지 모듈을 추가하여 확장하게 되면 교육, 다중 사용자들의 공동 작업, 게임, 3차원 기반의 커뮤니티 형성 등 다양한 분야에 응용될 수 있을 것이다.

• The Journal of Society for e-Business Studies
• /
• v.16 no.4
• /
• pp.1-16
• /
• 2011

A digital certificate mandated by the Electronic Signature Act has become familiar in our daily lives as 95% of the economically active population hold certificates. Due to upgrades to 256 bit level security that have become effective recently, the security and reliability of digital certificates are expected to increase. Digital certificates based on Public Key Infrastructure (PKI) have been known as "no big problem," but the possibility of password exposure in cases of leaked digital certificates still exists. To minimize this vulnerability, various existing studies have introduced alternative password methods, expansion of certificate storage media, and multiple certification methods. These methods perform enhanced functions but also have limitations including the fact that the secureness of passwords is not guaranteed. This study suggests an alternative method for enhancing the level of password secureness as a way to improve password security. This new method improves security management and enhances the convenience of using digital technologies. The results may be used for developing digital certificate related security technologies and research in the future.

• Information Systems Review
• /
• v.19 no.4
• /
• pp.27-42
• /
• 2017

With the rapid development in network, graphic technology, and digital technology, content industry is emerging as an important industry for new cultural development and economic development. The development in digital content technology has remarkably expanded the generation and distribution of contents, thereby creating new value and extending into a large distribution market. However, the ease of distribution and duplication, which characterizes digital technology, has increased the circulation of illegal contents due to illegal copying, theft, and alteration. The damage caused by this illegal content is severe. Currently, a copyright protection system targeting online sites is available. By contrast, no system has been established for offline companies that sell offline genuine content, which compete with online companies. The demand for content of overseas tourists is increasing due to the Korean wave craze. Nevertheless, many offline content providers have lost competitiveness due to illegal content distribution with online companies. In this study, we analyzed the case and status of similar copyright certification systems in Korea and overseas through previous research and studied a system to certify the offline genuine contents business. In addition to the case analysis, we focused on interviews obtained through in-depth interviews with the copyright stakeholders. We also developed a certification framework by establishing the certification domain, certification direction, and incentive of the certification system for offline businesses with genuine content. Selected certification direction is ethical, open, inward, store, and rigid (post evaluation). This study aimed to increase awareness among consumers about the use of genuine content and establish a transparent trading order in a healthy content market.

• Journal of the Institute of Electronics Engineers of Korea CI
• /
• v.48 no.3
• /
• pp.76-81
• /
• 2011

Intrusion prevention systems (IPS) are important solution about solved problems for inside system security or outsider attacks. When introduce this system, first consideration item is secured rather than multiple function. Colored Petri Nets (CPNs) used that in order to secured verification for user authentication function of intrusion prevention system security model. CPNs is a graphical modeling language suitable for modeling distributed, concurrent, deterministic or non-deterministic systems with synchronous. Like these CPNs was expressed every possible state and occurrence graph. Secured of IPS security model was verified because expression every state using CPN tool and as a result of analyzing the occurrence graph was without a loop or interruption.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2002.11c
• /
• pp.2399-2402
• /
• 2002

오늘날 웹(Web)을 기반으로 하여 여러 분야에 적용되는 원격 감시, 자동화 제어 시스템 등의 개발에 관한 연구가 활발히 진행되고 있다. 본 논문에서는 오류의 수정과 적용이 쉽고 데이터 획득이 뛰어난 LabView 그래픽 프로그램을 사용하여 멀티미디어 데이터 처리, 보편적인 통신망(TCP/IP)상의 확장성을 고려한 실시간 원격 제어 및 모니터링 방법을 제안하고, 온실 환경 시스템에 적용하였다. 또한 관리자 인증을 이중 암호화로 구현하여 사용자의 신뢰성을 향상시켰다.