• Journal of the Korea Society of Computer and Information
• /
• v.11 no.5 s.43
• /
• pp.241-250
• /
• 2006

Regarding a spam attack and the interception that a spinoff is largest among weakness of VoIP service at these papers study. Write scenario of a spam attack regarding VoIP service, and execute Call spam, Instant Messaging spam, Presence spam attack. A spam attack is succeeded in laboratories, and prove, and confirm damage fact of a user in proposals of a spam interception way of VoIP service, 1) INVITE Request Flood Attack 2) Black/White list, 3) Traceback, 4) Black Hole-Sink Hole, 5) Content Filtering, 6) Consent based Communication, 7) Call act pattern investigation, 8) Reputation System Propose, and prove. Test each interception plan proposed in VoIP networks, and confirm security level of a spam interception. Information protection of VoIP service is enlarged at WiBro, BcN, and to realize Ubiquitous Security through result of research of this paper contribute, and may make.

• Convergence Security Journal
• /
• v.19 no.1
• /
• pp.3-10
• /
• 2019

The 5G network is a next-generation converged network that combines various ICT technologies to realize the need for high speed, hyper connection and ultra low delay, and various efforts have been made to address the security vulnerabilities of the previous generation mobile networks. However, the standards released so far still have potential security vulnerabilities, such as USIM deception and replication attack, message re-transmission attack, and race-condition attack. In order to solve these security problems, this paper proposes a new 5G-AKA protocol with PUF technology, which is a physical unclonable function. The proposed PUF-based 5G-AKA improves the security vulnerabilities identified so far using the device-specific response for a specific challenge and hash function. This approach enables a strong white-list policy through the addition of inexpensive PUF circuits when utilizing 5G networks in areas where security is critical. In addition, since additional cryptographic algorithms are not applied to existing protocols, there is relatively little burden on increasing computational costs or increasing authentication parameter storage.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.5
• /
• pp.987-997
• /
• 2012

A Point-of-Sales (POS) terminal manages the selling process by a salesperson accessible interface in real time. Using a POS system makes a business and customer management much more efficient. For these reasons, many store install POS terminal and used it. But it has many problem that stealing personal information by hacking and insider corruption. Because POS system stored payment information like that sales information, card valid period, and password. In this paper, I proposed software integrity verification technique in POS system based on White list. This method can prevent accidents that personal information leak by hacking and POS system forge and falsification. This proposed method provides software integrity, so it can prevent inside and outside threats in advance.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.6
• /
• pp.1205-1214
• /
• 2021

Edge Computing is used as a solution to the cost problem and transmission delay problem caused by network bandwidth consumption that occurs when IoT/CPS devices are integrated into the cloud by performing artificial intelligence (AI) in an environment close to the data source. Since edge computing runs on devices that provide high-performance computation and network connectivity located in the real world, it is necessary to consider application integrity so that it is not exploited by cyber terrorism that can cause human and material damage. In this paper, we propose a technique to protect the integrity of edge computing applications implemented in a script language that is vulnerable to tampering, such as Python, which is used for implementing artificial intelligence, as container images and then digitally signed. The proposed method is based on the integrity protection technology (Docker Contents Trust) provided by the open source container technology. The Docker Client was modified and used to utilize the whitelist for container signature information so that only containers allowed on edge computing devices can be operated.

• Journal of Internet of Things and Convergence
• /
• v.10 no.1
• /
• pp.7-12
• /
• 2024

To trade cryptocurrency, traders require a personal cryptocurrency wallet. Cryptocurrency itself using blockchain technology is guaranteed excellent security and reliability, so the threat of blockchain hacking is almost impossible, but the exchange environment used by traders for transactions is most subject to hacking threats. Even if transactions are made safely through blockchain during the transaction process, if the trader's wallet information itself is hacked, security cannot be secured in these processes. Exchange hacking is mainly done by stealing a trader's wallet information, giving the hacker access to the victim's wallet assets. In this paper, to prevent this, we would like to reconstruct the existing Hyperledger Fabric structure and propose a system that verifies the identity integrity of traders during the transaction process using whitelisting. The advantage is that through this process, damage to cryptocurrency assets caused by hackers can be prevented and recognized. In addition, we aim to point out and correct problems in the transaction process that may occur if the victim's wallet information is stolen from the existing Hyperledger Fabric.

• Journal of the Society of Disaster Information
• /
• v.17 no.4
• /
• pp.897-903
• /
• 2021

Purpose: Recently, ransomware damage that encrypts victim's data through hacking and demands money in exchange for releasing it is increasing domestically and internationally. Accordingly, research and development on various response technologies and solutions are in progress. Method: A secure storage area and a general storage area were created in the same virtual environment, and the sample data was saved by registering the access process. In order to check whether the stored sample data is infringed, the ransomware sample was executed and the hash function of the sample data was checked to see if it was infringed. The access control performance checked whether the sample data was accessed through the same name and storage location as the registered access process. Result: As a result of the experiment, the sample data in the secure storage area maintained data integrity from ransomware and unauthorized processes. Conclusion: Through this study, the creation of a secure storage area and the whitelist-based access control method are evaluated as suitable as a method to protect important data, and it is possible to provide a more secure computing environment through future technology scalability and convergence with existing solutions.