• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.37C no.9
• /
• pp.851-858
• /
• 2012

Java crypto library such as SUN JCA/JCE or BC JCE is generally used to implement secure applications for smart devices using Android platform. Programming functions written by Java language are launched and executed inside Java Virtual Machine (JVM), thereby difficult to use system hardware specific functionalities and degrading performance as well. In case of crypto primitive, few secure applications can use crypto primitive executing in JVM because both amount of computing and complexity of such primitives are very high. From the aspect of performance, in particular, time sensitive real time applications such as streaming services or secure application frequently applying public key based crypto algorithm cannot use Java crypto library. To solve the problem, we design and implement crypto library which employ JNI and NDK methods to directly access functions that implemented by native language such as C or C++. The proposed Java Crypto provider supports faster execution. Also developer can use our provider in the same way by writing traditional Java crypto library.

• Review of KIISC
• /
• v.27 no.4
• /
• pp.43-50
• /
• 2017

온라인 게임 내 가상재화를 현실 세계의 재화로 교환할 수 있다는 점 때문에, PC기반 온라인 게임 내 가상세계는 많은 작업장(Gold-farmer)들로 인한 부정행위가 빈번히 일어나고 있다. 사이버 재화를 현금거래하는 RMT (Real Money Trading)은 과거에는 PC기반 온라인게임, 특히 고포류 게임이나 MMORPG와 같은 장르들에 주로 존재했으나, 모바일 게임에서도 최근 몇 년 간 거래시장이 활발해 지고, 가치가 높은 아이템들이 출현하기 시작하면서 거래 규모가 비약적으로 성장하고 있다. 이로 인해, PC게임에서만 존재하던 작업장이 모바일 게임에도 출현하고, 게임계정 도용을 위한 모바일 악성앱이 등장하는 등 모바일 게임 내의 부정 행위 및 공격 시도 역시 증가하고 있다. 모바일 게임은 하드웨어의 성능 제약 문제, 네트워크 통신의 항상성이 보장되지 않는 문제, 안드로이드 등 플랫폼 OS 자체의 보안 문제, 앱 자체의 디컴파일 문제와 같이 근본적으로 해결하기 어려운 취약점이 존재하는 환경에서 구동되기 때문에 PC기반 게임에서의 게임 봇 및 작업장 탐지와 같은 기법을 적용하기에는 적합하지 않다. 본 연구에서는 모바일 게임 보안과 PC 게임 보안 기법들을 비교하고, 향후 모바일 게임 보안 향상을 위해 할 수 있는 방안을 제시해 보도록 한다.

• Electronics and Telecommunications Trends
• /
• v.23 no.3
• /
• pp.152-162
• /
• 2008

휴대단말의 운영체제가 개발 기간 및 비용 절감이라는 장점을 지닌 리눅스 기반으로 옮겨가고 있다. 이미 지난 2007년 3분기에 전세계적으로 1천만 대 이상의 리눅스 기반 휴대용 단말이 판매되었다. 이처럼 휴대단말에 있어서 리눅스 기반 제품에 모토롤라, 노키아, 구글, 삼성전자, LG전자 등과 같은 많은 국내외 업체들이 관심을 가지고 안드로이드, 리모, LiPS 등과 같은 여러 단체를 만들어 활동중이다. 본 고에서는 리눅스 기반의 휴대단말 운영체제를 주도하고 있는 플랫폼을 중심으로 그 특징을 분석하고 보안 측면에서의 고려사항은 무엇이 있는지 살펴본다.

• Proceedings of the Korean Society of Broadcast Engineers Conference
• /
• 2016.11a
• /
• pp.76-77
• /
• 2016

본 논문에서는 영상 인식 기술을 적용하여 보안성능을 향상시킨 잠금장치 구현에 대해 설명한다. 사전에 등록된 이미지를 사용자가 기억하고 있다가 등록된 이미지를 포함하고 있는 전체 그림에서 등록된 이미지 부분만을 사용자가 카메라로 캡처하였을 때 비밀번호 입력을 위한 키패드를 스마트기기에 활성화시키는 방법을 적용한다. 이러한 장치는 영상인식 기술, 안드로이드 앱, 아두이노 플랫폼 등을 이용하여 구현하게 된다.

• Journal of Internet Computing and Services
• /
• v.14 no.3
• /
• pp.35-46
• /
• 2013

As mobile terminal environment gets matured, the use of Android platform based mobile terminals has been growing high. Recently, the number of attacks by malicious application is also increasing as Android platform is vulnerable to private information leakage in nature. Most of these malicious applications are easily distributed to general users through open market or internet and an attacker inserts malicious code into malicious app which could be harmful tool to steal private data and banking data such as SMS, contacts list, and public key certificate to a remote server. To cope with these security threats more actively, it is necessary to develop countermeasure system that enables to detect security vulnerability existing in mobile device and take an appropriate action to protect the system against malicious attacks. In this sense, this paper aggregates diverse system events from multiple mobile devices and also implements a system to detect attacks by malicious application.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.15 no.9
• /
• pp.1955-1964
• /
• 2011

With fast deployment of high-speed networks and various online services, the demand for massive content distribution is also growing fast. An approach that is increasingly visible in communication research community and in industry domain is peer-to-peer (P2P) networks. The P2P swarming technique enables a content distribution system to achieve higher throughput, avoid server or network overload, and be more resilient to failure and traffic fluctuation. Moreover, as a P2P-based architecture pushed the computing and bandwidth cost toward the network edge, it allows scalability to support a large number of subscribers on a global scale, while imposing little demand for equipment on the content providers. However, the P2P swarming burdens message exchange overheads on the system. In this paper, we propose a new protocol which provides confidentiality, authentication, integrity, and access control to P2P swarming. We implemented a prototype of our protocol on Android smart phone platform. We believe our approach can be straightforwardly adapted to existing commercial P2P content distribution systems with modest modifications to current implementations.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.19 no.5
• /
• pp.1110-1116
• /
• 2015

This paper analyzes global research trend on information security. All technical fields based on information requires security so that discovering technologies (technical terms) which are developing newly or dramatically is able to guide the future direction of the field of information security. In this paper, the ultimate of this research is to figure out the technologies related to information security and to forecast the future through understanding their trends. The paper, as a beginning for the analysis on macroscopic viewpoint, contains measurement of yearly relatedness between technical terms from 2001 to 2014 by using temporal co-occurrence and interpretation of its meaning through comparing the relatedness with trends of top-related technical terms. And to conclude, we could find that Android platform, Big data, Internet of things, Mobile technologies, and Cloud computing are emerging technologies on information security.

• KIPS Transactions on Computer and Communication Systems
• /
• v.7 no.2
• /
• pp.59-66
• /
• 2018

Android Things is an Android-based platform running in Google's IoT environment. Android smartphones require permissions from application users to use certain features, but in the case of Android Things, there is no display to send request notifications to users. Therefore Does not make a request to use the permissions and automatically accepts the permissions from the system. If the privilege is used indiscriminately, malicious behavior such as system failure or leakage of personal information can be performed by a function which is not related to the function originally. Therefore, By monitoring the privileges that a device uses in an Android-based IoT system, users can proactively respond to security threats that can arise through unauthorized use of the IoT system. This paper proposes a system that manages the rights currently being used by IoT devices in the Android Things based IoT environment, so that Android-based IoT devices can cope with irrelevant use of rights.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.1
• /
• pp.169-176
• /
• 2016

Android platform is designed to be user-friendly, yet sometimes its convenience introduces vulnerabilities that normal users cannot justify. In this paper, after making an overview of popular open source analysis tools for android applications, we point out the dangerous use of Permission Group in current Google Policy, and suggest a technique to mitigate the risks of privilege escalation that attackers are taking advantage of. By conducting the investigation of 21,064 malware samples, we conclude that the proposed technique is considered effective in detecting insecure application update, as well as giving users the heads-up in security awareness.

• Journal of Internet Computing and Services
• /
• v.13 no.2
• /
• pp.51-57
• /
• 2012

The warming up of the recent competition in the smart phone industry followed by rapid increase of open platforms and app stores have led the mobile terminals to adopt the general purpose operating system. The mobile device utilizing this OS is vulnerable to mobile malignant code which is highly transferable. As a result, the scale of mobile attack and harm increase. However, compared to the malicious code and virus which keep increasing, the elements for security to prevent are insufficient. Therefore, this paper describe about the Context Aware Service that eliminates the potentially risky elements on the smart phone service, which could threaten the usability of the service including invasion of personal information. The proposed system prevents from disclosure of personal information by giving the procedure of information, and realizes the service that is able to change the sequence of identifying the users' information to prepare for emergency.