• KIPS Transactions on Computer and Communication Systems
• /
• v.7 no.3
• /
• pp.73-80
• /
• 2018

Due to the popularity of smartphones and the simplification of financial services, the number of mobile financial services is increasing. However, the security keypads developed for existing financial services are susceptible to probability analysis attacks and have security vulnerabilities. In this paper, we propose and implement a security keypad based on dual touch. Prior to the proposal, we examined the existing types of security keypads used in the mobile banking and mobile payment systems of Korean mobile financial businesses and analyzed the vulnerabilities. In addition, we compared the security of the proposed dual touch keypad as well as existing keypads using the authentication framework and the existing keypad attack types (Brute Force Attack, Smudge Attack, Key Logging Attack, and Shoulder Surfing Attack, Joseph Bonneau). Based on the results, we can confirm that the proposed security keypad with dual touch presented in this paper shows a high level of security. The security keypad with dual touch can provide more secure financial services, and it can be applied to other mobile services to enhance their security.

• Journal of Internet Computing and Services
• /
• v.17 no.3
• /
• pp.55-66
• /
• 2016

A local storage of HTML5 is a Web Storage, which is stored permanently on a local computer in the form of files. The contents of the storage can be easily accessed and modified because it is stored as plaintext. Moreover, because the internet browser classifies the local storages of each domain using file names, the malicious attacker can abuse victim's local storage files by changing file names. In the paper, we propose a scheme to maintain the integrity and the confidentiality of the local storage's source domain and source device. The key idea is that the client encrypts the data stored in the local storage with cipher key, which is managed by the web server. On the step of requesting the cipher key, the web server authenticates whether the client is legal source of local storage or not. Finally, we showed that our method can detect an abnormal access to the local storage through experiments according to the proposed method.

• Journal of Internet Computing and Services
• /
• v.7 no.1
• /
• pp.17-30
• /
• 2006

With the wide acceptance of the Internet and the Web, volumes of information and related users have increased and companies have become to need security mechanisms to effectively protect important information for business activities and security problems have become increasingly difficult. This paper proposes a improved access control model for access control enforcement in enterprise environments through the integration of the temporal constraint character of the GT-RBAC model. sub-role hierarchies concept and PBDM(Permission Based Delegation Model). The proposed model. called Extended GT-RBAC(Extended Generalized Temporal Role Based Access Control) delegation Model. supports characteristics of GTRBAC model such as of temporal constraint, various time-constrained cardinality, control flow dependency and separation of duty constraints (SoDs). Also it supports conditional inheritance based on the degree of inheritance and business characteristics by using sub-roles hierarchies and supports permission based delegation, user to user delegation, role to role delegation, multi-step delegation and temporal delegation by using PBDM.

• Journal of Digital Convergence
• /
• v.15 no.1
• /
• pp.381-391
• /
• 2017

Biometric technology is a technology for authenticating a user using the physical or behavioral features of the inherent characteristics of the individual. With the necessity and efficiency of the technology in the fields of finance, security, access control, medical welfare, inspection, and entertainment, the service range has been expanding. Biometrics using biometric information such as fingerprints and faces have been exposed to counterfeit and disguised threats and become a social problem. Recent studies using a bio-signal from the inside of the body other than the bio-information of the external body are being developed. This paper analyzes the recent research and technology of biometric systems using bio-signals, ECG, heart sounds, EEG, and EMG to present the skills needed for the development direction. In the future, utilizing the deep learning to build and analyze database to manage bio-signal based big data for the complex condition of individuals, biometrics technologies suitable for real time environment are expected to be researched.

• Journal of The Korean Association of Information Education
• /
• v.16 no.3
• /
• pp.283-289
• /
• 2012

A distance learning is diffusing rapidly in society. It is more difficult to confirm a learner's identity and learning processing in a distance learning. Distance learning has a checking attendance system because a teacher and student do not meet face to face. There are some checking attendance systems such as login check, SMS authenticating system, unexpected quiz, and so on. However, existing checking attendance system has some problems to check learner's attendance in a whole lesson. Therefore, this study designed and developed learner's attendance system based on PC camera's shot of certification in a whole lesson. This attendance checking system can judge real attendance of learners in a distance learning and distance evaluation. The system is expected to make trust of a distance learning higher.

• Journal of Digital Convergence
• /
• v.12 no.10
• /
• pp.299-308
• /
• 2014

Today, a number of users using smartphone is very rapidly increasing by development of smartphone performance and providing various services. Also, they are using it for enjoying various services(cloud service, game, banking service, mobile office, etc.). today's mobile security solution is simply to detect malicious code or stay on the level of mobile device management. In particular, the services which use sensitive information, such as certificate, corporation document, personal credit card number, need the technology which are prevented from hacking and leaking it. Recently, interest of these mobile security problems are increasing, as the damage cases been occurred. To solve the problem, there is various security research such as mobile virtualization, ARM trustzone, GlobalPlatform for mobile device. Therefore, in this paper, I suggested efficient method that uses the mobile virtualization techniques of certification, security policy and access control, password/key management, safe storage, etc. and Trustzone of ARM for preventing information leakage and hacking.

• Journal of Digital Convergence
• /
• v.11 no.11
• /
• pp.747-751
• /
• 2013

Researches on U-Healthcare service integrating medical information and IT technologies are actively conducted. U-Healthcare service is the next generation's medical paradigm that ensures conveniences to many users so that the society recognizes the importance and attempts for commercialization through various business model are performed. To form such U-Healthcare service market safely, various policies on the social structure should be established through the standard and the medical law to systemize of the medical information led by the governmen. Especially, the government's security policy to ensure the safety for the government leading visualization of U-Healthcare should be firmly established. Firstly, this paper presents U-healthcare Service and policy guideline. Secondly, it analyzes security threatening factors for the safe U-Healthcare service. By classifying the analyzed security threatening factors based on three major elements of the security, Confidentiality, Integrity and Availability of security policy for each element is proposed.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.4
• /
• pp.827-838
• /
• 2018

Since 2014, ease of regulations on financial institutions expanded the mobile payment market based on simple authentication, and this resulted in the emergence of various simple payment services. Although several security solutions have been used to mitigate possible security threats to payment applications, there are vulnerabilities which can still be found due to the structure in which the security solution is applied to the payment service. In this paper, we analyze the payment application and security solution from the process perspective, and prove through experimentation that verification functions of security solutions can be bypassed without detailed analysis of each security function, but by simply manipulating the verification result value. Finally, we propose methods to mitigate the bypass method presented in this paper from three different perspectives, and thereby contribute to the improvement of security level of the payment service.

• The KIPS Transactions:PartC
• /
• v.9C no.1
• /
• pp.9-16
• /
• 2002

As existing analog video surveillance systems could save and retrieve data only in a limited space within short distance, it had many constraints in developing into various application systems. However, on the back of development of the Internet and computer technologies, digital video surveillance systems can be controlled from a remote location by web browser without space limits. Moreover, data compression and management technologies with Index Search algorithm make it possible to efficiently handling, storing, and retrieving a large amount of data and further motion detection algorithm enhances a recording speed and efficiency for a practical application, that is, a practical remote recordable video surveillance system using our efficient algorithms as mentioned, called WebCam. The WebCam server system can intelligently record and save video images digitized through efficient database management, monitor and control cameras in a remote place through user authentication, and search logs.

• The KIPS Transactions:PartC
• /
• v.13C no.7 s.110
• /
• pp.913-922
• /
• 2006

It used exclusively the radio communication where is the TRS(Trunked Radio Service) at frequency where the person whom it does is specific with hitherto radio communication method differently frequency of the decimal which is allocated to the relay station it talks the at the room which the multiple user uses with commonness. The TRS system the most big feature is the region multiple group and order communication method. The TRS the composition of system is composed of the multi mind group, the each group is composed of the terminal of the users who have the objective which is similar relates in business contents. With above it follows in same multi objective and the connection of the form which is various or group communication accomplishes and quality case, a possibility a or of having many problem point in key distribution for a large scale communication there is it could be exposed to attack of the form which is various. There is a place where it accomplishes the communication which is safe at the TRS from research which it sees it investigates group key distribution method which is an essential element. The method which it sees when it reduces a communication frequency, it stands but is the user, it proposes the efficient group key distribution method it will be able to accomplish.