• Review of KIISC
• /
• v.24 no.6
• /
• pp.25-30
• /
• 2014

최고 수준의 IT인프라를 활용하는 클라우드 컴퓨팅 서비스의 확산에 따라 스마트 폰을 활용하여 언제든지 원하는 서비스 요청이 가능하게 되었다. 그러나 이러한 최신 IT서비스의 이면에는 보안 위협이 존재한다. 클라우드 서비스를 통해 데이터 뿐 아니라 개인정보의 수집 및 활용 또한 용이해지면서, 개인정보 유 노출 및 악용의 위험이 높아지고 있어, 이러한 사항을 고려한 클라우드 보안 방안을 마련할 필요가 생겼다. 클라우드 컴퓨팅 서비스 제공자가 개인정보보호에 대한 충분한 방안을 마련하고 시행할 수 있도록, 정부의 법제 마련 등 범국가적 지원이 필요한 상황이다. 이에 정부는 2013년부터 추진하고 있는 "클라우드 컴퓨팅 발전 및 이용자 보호에 관한 법률안"을 통해 클라우드 산업 활성화를 위하여 정부가 지원 방안을 마련하고자 하나, 개인정보에 대한 세밀한 검토 후 수정 보완 하여 한다는 의견이 있어, 현재 국회에 계류중이다. 본고에서는 클라우드 컴퓨팅 서비스의 발전과 클라우드 환경에서의 개인정보보호 이슈를 정리 해보고, 클라우드 컴퓨팅 서비스를 이용하는 서비스 이용자의 개인정보 안전성을 보장하고 서비스 제공자의 잠재적 개인정보 침해 위험을 줄일 수 있는 방향을 생각 해 보고자 한다.

• Annual Conference of KIPS
• /
• 2015.10a
• /
• pp.803-805
• /
• 2015

최근 스마트 폰이 대중화 되면서 기존 클라우드와 이동성 단말기가 결합된 형태인 모바일 클라우드가 확산되고 있다. 그러나 사용자가 모바일 기기를 이용하여 모바일 클라우드에 접속하는 인증 과정에서 사용되는 사용자 개인 정보는 유출되거나 탈취 되기 쉽기 때문에 프라이버시 침해의 보안 위협이 존재한다. 따라서 본 논문에서는 모바일 클라우드 환경에서 안전한 사용자 인증을 위해 다양한 생체 정보를 이용한 생체 인식 기반 사용자 인증 방법을 제안한다.

• Annual Conference of KIPS
• /
• 2012.11a
• /
• pp.961-964
• /
• 2012

NFC(Near Field Communication)는 10cm 이내의 거리에서 무선기기 간의 통신을 가능케 해주는 기술로 13.56 Mhz RF(Radio Frequency) 주파수 대역을 이용한 비접촉식 근거리 무선통신의 한 종류이다. 올해 출시되는 대부분의 스마트 폰에서 NFC 기능을 탑재하며, NFC기반의 모바일 결제 서비스가 가장 유망한 결제 방식으로 주목 받고 있다. 소비자는 NFC 모바일 단말기를 가지고 판매자의 POS(Point of Sale) 단말기와 근접 통신을 통해 결제를 진행하는 방식으로 다른 무선 통신 방식 (RFID, Bluetooth 등)보다 보안 취약성이 높지 않지만, 기존의 RFID 환경에서 일어날 수 있는 기술적 취약점과 비슷한 유형의 위협이 충분히 발생할 수 있으므로 유효한 보안 기술이 필요하다. 본 논문은 안전한 NFC 모바일 결제 환경을 구축하기 위한 공개키 알고리즘인 타원곡선 암호ECC(Elliptic Curve Cryptosystem)를 적용한 Bilinear Pairing을 활용해서 효율적이고 보안성도 강력한 인증 메커니즘을 제안한다.

• Convergence Security Journal
• /
• v.16 no.4
• /
• pp.17-24
• /
• 2016

Many companies and organizations are building a mobile office environment using the LTE network, the national disaster network and Air Force LTE network are built for public safety and national defense. However the recent threats on information security have been evolving from information leakage to DDoS attacks to neutralize the service. Especially, the type of device such as Smart phones, smart pad, tablet PC, and the numbers are growing exponentially and As performance of mobile device and speed of line develop rapidly, DDoS attacks in the mobile environment is becoming a threat. So far, universal countermeasure to DDoS attacks has been interception the network and server step, Yet problem regarding DDoS attack traffic on mobile network and expenditure of network resources still remains. Therefore, this paper analyzes the traffic type distributed in the private mobile network such as the National Disaster Network, and Air Force LTE network in order to preemptively detect DDoS attacks on terminal step. However, as direct analysis on traffic distributed in the National Disaster Network, and Air Force LTE network is restricted, transmission traffics in Minecraft and uploading video file upload which exhibit similar traffic information are analyzed in time series, thereby verifing its effectiveness through establishment of DDoS attacks standard in mobile network and application that detects and protects DDoS attacks

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.21 no.6
• /
• pp.119-132
• /
• 2011

Mobile devices such as smart phones have brought big changes to be called as 'mobile big bang' against which we can't go. Mobile banking service and MTS(Mobile Trading System) are freely available at any time, anywhere and we are able to activate communications between financial company staffs out of the office and take care of business works even remotely by using mobile devices. Mobile devices are approaching as 'smart mobile innovation' to improve an enterprise productivity and competitiveness, but threats which engaged in unfair trading behaviors or unwholesome business works in finance companies are increasing and the customer's information can be leaked out by using the nonpublic official information and mobile devices. Therefore, we have to analyze the potential problems and take the necessary countermeasures with preemptive steps to protect the customer's information and improve the financial trading soundness and fairness. In this paper, we would like to suggest countermeasures and threats against using the financial company's mobile devices focusing on the financial investment companies by 'Capital Market and Financial Investment Business Act'.

• The Journal of Korea Institute of Information, Electronics, and Communication Technology
• /
• v.14 no.2
• /
• pp.140-148
• /
• 2021

In this paper, we intend to improve the availability by integrating Sonobuoy, the most essential detection system used in anti-submarine operations, with LTE communication of smart devices. Anti-submarine capability to respond to the threat of North Korean submarine forces is becoming increasingly important, and continuous research and development is required. This paper aims to enhance the ability of acoustic tactics by using a military-only LTE communication system installed on a ship, smart devices that can be linked to it, and a multi-static sonobuoy controlled by them. The proposed system can increase the visual effect by not only displaying coordinate values by receiving accurate coordinate information of each sonobuoy to a smart device, but also displaying a marker on a map.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.3
• /
• pp.679-691
• /
• 2016

As vehicle started to contain many different communication devices, collecting external information became possible in IoT environment. In such environment, remotely controling vehicle is possible when vehicle information is obtained by looking in to vehicle network through smart device. However, android based smart device applications are vulnerable to malicious modulation and redistribution. Modulated android application can lead to vehicle information disclosure that could bring about vehicle control accident which becomes threat to drivers. furthermore, since vehicles today does not contain security methods to protect it, they are very vulnerable to security threats which can cause serious damage to users and properties. In this paper, many different vehicle management android applications that are sold in Google Play has been analyzed. With this information, possible threats that could happen in vehicle management applications are being analysed to prove the risks. the experiment is done on actual vehicle to prove the risks. Also, access control method to protect the vehicle against malicious actions that could happen through external network in IoT environment is suggested in the paper.

• Journal of Food Hygiene and Safety
• /
• v.30 no.2
• /
• pp.132-142
• /
• 2015

The purpose of this study was to investigate the perception and information needs about food additives from the parents of elementary school children, and to develop a smartphone application (App) providing information about food additives, and finally to assess its educational effects. A survey was conducted in April 2013 by using a self-administered questionnaire, and total 358 responses were collected from the parents living in Seoul and Gyeonggi province. While purchasing processed foods, parents considered safety (40.5%) as the most important factor, and first checking item except production and expiration dates was origin labelling (35.4%), and chose foods with less food additives (63.1%). Parents recognized food additives as the most dangerous (42.7%), and 75.1% responded the level of danger as 'very dangerous'. However, 82.4% of parents didn't have experiences to get educations about food additives. Based on their information needs including the safety, legal standards and the foods containing food additives. a smartphone App designated as 'Catch up Food Additives' consisting of the definition, safety, food labelling guideline, management, animation about food additives was developed. When the App was exposed to the parents (n = 27), their negative perceptions on food additives were improved significantly. These results showed that providing information and education about food additives using smartphone App was very fast and effective for the promotion of risk communication on food additives with the parents.

• Journal of Digital Convergence
• /
• v.15 no.4
• /
• pp.285-293
• /
• 2017

They are rapidly evolving malicious attacks on smart devices, and to timely protect the smart devices from these attacks has become a very important issue. In particular, smishing attack has emerged as one of the most important threats on the smartphone. In this paper, we propose the cloud service that can fundamentally protect the user from the risk of smishing attack. The proposed scheme provides cloud messaging service that can filter text messages including URLs in the user's smart device, view and manage them through a virtual machine provided by a cloud server. The existing techniques for preventing smshing attacks protect only malicious code of a known pattern and there is the possibility of error such as FP(False Positive) or FN(False Negative). However, since the proposed method automatically filters all text messages including URLs, storing, viewing, and managing them in their own storage space on the cloud server, it can completely block the installation of malwares(malicious codes) on the user's smart device through smishing attacks.

• Journal of Digital Convergence
• /
• v.13 no.8
• /
• pp.331-336
• /
• 2015

Lately, the development and utilization of technology of the Internet of Things(IoT), and Fintech have been on the rise and amid the emerging convergence of system and service, mobile payment system and location based service technology have received much attention. Considering the fact that smartphone users are currently utilizing mobile payment frequently, many corporations are introducing various methods to the market for easy payment process of consumers by grafting various technologies, and by utilizing the technology based on BLE technology and location based technology, it is emerging as new method applied to payment service such as ZEP, for easy payment process. And by checking the existence of security threats and studying the attack techniques in these payment services, we strive to suggest a method of response based on big data platform.