• Journal of Internet Computing and Services
• /
• v.23 no.3
• /
• pp.21-33
• /
• 2022

This paper is to suggest the secure secret sharing system in order to outstandingly reduce the damage caused by the leakage of the corporate secret. This research system is suggested as efficient P2P distributed system kept from the centrally controlled server scheme. Even the bitcoin circulation system is also based on P2P distribution scheme recenly. This research has designed the secure circulation of the secret shares produced by Threshold Shamir Secret Sharing scheme instead of the shares specified in the torrent file using the simple, highly scalable and fast transferring torrent P2P distribution structure and its protocol. In addition, this research has studied to apply both Shamir Threshold Secret Sharing scheme and the securely strong multiple user authentication based on Collaborative Threshold Autentication scheme. The secure transmission of secret data is protected as using the efficient symmetric encryption with the session secret key which is safely exchanged by the public key encryption. Also it is safer against the leakage because the secret key is effectively alive only for short lifetime like a session. Especially the characteristics of this proposed system is effectively to apply the threshold secret sharing scheme into efficient torrent P2P distributed system without modifying its architecture of the torrent system. In addition, this system guaranttes the confidentiality in distributing the secret file using the efficient symmetric encryption scheme, which the session key is securely exchanged using the public key encryption scheme. In this system, the devices to be taken out can be dynamically registered as an user. This scalability allows to apply the confidentiality and the authentication even to dynamically registerred users.

• Journal of the Institute of Electronics Engineers of Korea TC
• /
• v.46 no.1
• /
• pp.121-132
• /
• 2009

Default password protection used in operating systems have had many advances, but when the attacker has physical access to the server or gets root(administrator) privileges, the attacker can steal the password information(e.g. shadow file in Unix-like systems or SAM file in Windows), and using brute force and dictionary attacks can manage to obtain users' passwords. It is really difficult to obligate users to use complex passwords, so it is really common to find weak accounts to exploit. In this paper, we present a secure authentication scheme based on digital signatures and secure key storage that solves this problem, and explain the possible implementations using Trusted Platform Module(TPM). We also make a performance analysis of hardware and software TPMs inside implementations.

• Proceedings of the Korea Water Resources Association Conference
• /
• 2006.05a
• /
• pp.1112-1115
• /
• 2006

모바일 GIS를 홍수재해관리 시스템에 도입하기 위한 목적은 홍수에 대비한 신속한 상황대처 통해 인명 및 재산피해를 최소화하는데 있다. 모바일 GIS 시스템 구축의 기본 방향은 하천유역에 대한 행정업무 및 정보화 업무의 효율성을 높여 현장업무에서 실시간으로 제공되는 수문정보 및 지형정보에 대한 다양한 컨텐츠를 주민들이 쉽게 접근하여 서비스를 제공받을 수 있도록 하고 현장 실무자가 하천 수위 및 유량을 관리하는 데 있어 즉각적인 조치를 가능하도록 하기 위한 것이다. 본 연구에서 이동 클라이언트와 홍수재해관리시스템 서버간의 무선통신채널은 AP(Access Point)를 통한 WLAN이나 CDMA망의 모바일 네트워크 또는 차세대 휴대인터넷 망을 대상으로 하였다. 홍수재해관리시스템은 ArcIMS, HTML, Java Script를 이용하여 구축하고 웹 서비스를 위해 마이크로소프트사의 IIS(Internet Information System) 사용하며, ArcIMS의 정상적인 구동을 위해 JRE(Java Runtime Environment)를 설치하도록 하였다. 주요 GIS 기능은 줌인, 줌아웃, 팬, 속성정보 검색, 거리측정, 버퍼링 기능 등이고 Layer는 침수위험건물, 대피건물, 침수지역 건물용도, 건물, 도로, 수계, 침수예상지역(100, 200년 빈도), 위성영상, DEM, 행정경계 등이 포함되도록 하였다. 시스템 구축에 사용될 데이터는 수리수문학적 데이터(유출량, 강우강도, 대상지역의 면적, Manning 계수 등)와 대상지역의 수치지도, DEM, 고해상 위성영상, 문헌조사와 현장조사를 통해 얻은 자료를 바탕으로 구성하도록 하였으며, 수리수문학적 데이터와 DEM 데이터를 바탕으로 침수지역 데이터를 생성하고 문헌조사와 현장조사를 통해 얻은 속성정보와 디지털 지도인 공간정보를 연결하기 위해 디지털 지도에서 건물 Layer, 도로 Layer, 등고선 Layer, 수계 Layer를 추출하여 ArcGIS에서 Coverage로 변환하여 위상관계를 설정한 후 다시 Shape 파일로 변환하여 속성정보와 연결시키도록 데이터베이스 구축방안을 제시하였다. 이와 같이 본 연구에서는 홍수재해 관리시스템에서 모바일 GIS를 적용하기 위하여 Pocket PC를 탑재한 이동 클라이언트인 PDA에 GPS 모듈을 확장하여 GPS 위성으로부터 위치정보를 획득하고 지리정보를 제공하는 모바일 GIS 서버간에 XML 기술을 이용하여 수문정보 및 지형정보 서비스를 제공하는 방안을 제시하였다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.5
• /
• pp.1279-1292
• /
• 2018

An apartment house and an officetel are already our most important residential space generally. Among food, clothing and shelter, an apartment and an officetel are in charge of a shelter as the most fundamental in our life. To live in an apartment and an officetel, it is necessory for residents to write a lot of informations about themselves. Therefore massive privacy files about apartment's residents is inevitable and it is managing in its own way. A privacy accident in an apartment houses would be a big society problem. This study examined 'tenant list' to find out what it collects and what it's problems are and proposed some vairous measures about the privacy improvements like items reduction & consent process improvement in an apartment house and an officetel from privacy laws perspective.

• The Journal of the Korea Contents Association
• /
• v.18 no.4
• /
• pp.305-313
• /
• 2018

With the explosive growth of smart phones and efficiency, the Android of an open mobile operating system is gradually increasing in the use and the availability. Android systems has proven its availability and stability in the mobile devices, the home appliances's operating systems, the IoT products, and the mechatronics. However, as the usability increases, the malicious code based on Android also increases exponentially. Unlike ordinary PCs, if malicious codes are infiltrated into mobile products, mobile devices can not be used as a lock and can be leaked a large number of personal contacts, and can be lead to unnecessary billing, and can be cause a huge loss of financial services. Therefore, we proposed a method to detect and delete malicious files in real time in order to solve this problem. In this paper, we also designed a method to detect and delete malicious codes in a more effective manner through the process of installing Android-based applications and signature-based malicious code detection method. The method we proposed and designed can effectively detect malicious code in a limited resource environment, such as mobile environments.

• Journal of KIISE:Computing Practices and Letters
• /
• v.14 no.6
• /
• pp.589-593
• /
• 2008

These days, as a side effect of the growth of the mobile devices, malwares for the mobile devices also tend to increase and become more dangerous. Because embedded Linux is one of the advanced OSes on mobile devices, a solution to preventing malwares from infecting and destroying embedded Linux will be needed. We present a scheme using signature verification for embedded Linux that prevents executallle-Infecting malwares. The proposed scheme works under collaboration between mobile devices and a server. Malware detection is delegated to the server. In a mobile device, only integrity of all executables and dynamic libraries is checked at kernel level every time by kernel modules using LSM hooks just prior to loading of executables and dynamic libraries. All procedures in the mobile devices are performed only at kernel level. In experiments with a mobile embedded device, we confirmed that the scheme is able to prevent all executable-Infecting malwares while minimizing damage caused by execution of malwares or infected files, power consumption and performance overheads caused by malware check routines.

• Journal of Digital Convergence
• /
• v.15 no.8
• /
• pp.183-193
• /
• 2017

Digital accredited certificates issued under the Digital Signature Act provide essential functionalities for online service, so certificates are used for various services such as online banking, e-government. However, certificates can be stolen by hackers and users need to install separate software to use certificates. Recently FIDO, which aims to solve the problems of password-based authentication and the lack of interoperability between authentication methods, is used for biometric authentication and TrustZone, hardware-based secure environment, is used for safe smartphone usage. In this paper, the new service method is suggested which uses FIDO-based biometric authentication and stores certificates in TrustZone. This method can not only improve security and convenience but also be easily applied to the service because it uses built-in functionalities of new smartphones such as biometric sensors and TrustZone. It is expected that people can use certificates in a safe and convenient way with this method.

• KIPS Transactions on Computer and Communication Systems
• /
• v.4 no.4
• /
• pp.141-146
• /
• 2015

Data have been increased enormously due to the development of IT technology such as recent smart equipments, social network services and streaming services. To meet these environments the technologies that can treat mass data have received attention, and the typical one is Hadoop. Hadoop is on the basis of open source, and it has been designed to be used at general purpose computers on the basis of Linux. To initial Hadoop nearly no security was introduced, but as the number of users increased data that need security increased and there appeared new version that introduced Kerberos and Token system in 2009. But in this method there was a problem that only one secret key can be used and access permission to blocks cannot be authenticated to each user, and there were weak points that replay attack and spoofing attack were possible. Hence, to supplement these weak points and to maintain efficiency a protocol on the basis of group key, in which users are authenticated in logical group and then this is reflected to token, is proposed in this paper. The result shows that it has solved the weak points and there is no big overhead in terms of efficiency.

• KIPS Transactions on Computer and Communication Systems
• /
• v.6 no.5
• /
• pp.247-254
• /
• 2017

In a Linux system, a user with malicious intent can acquire administrator privileges through attack types that execute shells, and can leak important user information and install backdoor program. In order to solve this problem, the existing method is to analyze the causes of the elevation of privilege, fix the problems, and then patch the system. Recently, a method of detecting an illegal elevated tasks in which information inconsistency occurs through user credentials in real time has been studied. However, since this credential method uses uid and gid, illegal elevated tasks having the root credentials may not be detected. In this paper, we propose a security module that stores shell commands and paths executed with regular privileges in a table and compares them with every file accesses (open, close, read, write) that are executed to solve the case which cannot detect illegal elevated tasks have same credential.

• The Journal of the Korea Contents Association
• /
• v.19 no.12
• /
• pp.313-320
• /
• 2019

One of the causes of many damage cases that occur today by hacking attack is social engineering attack. The attacker is usually a malicious traitor or an ignorant insider. As a solution, we are strengthening security training for all employees in the organization. Nevertheless, there are frequent situations in which computers are shared. In this case, the person in charge of the computer has difficulty in tracking and responding when a specific representative accessed and what a specific representative did. In this paper, we propose the method that the person in charge of the computer tracks in real time through the smartphone when a representative access the computer, when a representative access offline using hacked or shared authentication. Also, we propose a method to prevent the leakage of important information by encrypting and backing up important files of the PC through the smartphone in case of abnormal access.