• Title/Summary/Keyword: Account Security

Search Result 407, Processing Time 0.028 seconds

Measurement of Remediation for Compromised User Account of Web Single Sign-On (SSO) (침해된 웹 SSO 계정 보호를 위한 보안 조치 실험 연구)

  • Nam, Ji-Hyun;Choi, Hyoung-Kee
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.31 no.5
    • /
    • pp.941-950
    • /
    • 2021
  • Single Sign-On (SSO) service manages user's account passwords from multiple websites so that security in a high level is required. Users who use the SSO service are authenticated through the Identity Provider (IdP) when logging into the website. We present the security requirements that IdP can take in order to minimize the user's risk whose IdP account is compromised. We describe the security threats that arise when the security requirements are not satisfied. Through evaluation, we prove that the attacker's session cannot be canceled even if the user recognizes the attack if the IdP does not satisfy the security requirements.

A Study on the Countermeasures for Prevention of Opening a Fraud Account (사기이용계좌 개설 방지를 위한 대응방안 연구)

  • Kim, Chang Woo;Yoon, Ji Won
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.25 no.1
    • /
    • pp.173-179
    • /
    • 2015
  • Financial fraud such as phishing have passed several years from the occurrence, in spite of the widely known through the media, regardless of the social status or age, financial fraud has occurred on an ongoing basis, the damage is not reduced. The fraud account, the person who made the account, the user is different, it is possible to avoid tracking financial channel, and is used as a receiving means for fraud money of various crimes. Efforts of financial institutions and financial supervisory institutions, it has been promoted by preparing various measures for the eradication of fraud account so far been used as a means of financial crime, the proliferation of financial fraud, opening and distribution of fraud account is a receiving means for fraud money are also increasing continuously, it is necessary to take countermeasures. In spite of the continuous crackdown of financial institutions and financial supervisory institutions, it is causing serious damage to society, analyzes the current situation of fraud account, to present an effective and aggressive countermeasure of financial institutions in this paper.

Decision Making Model for Selecting Financial Company Server Privilege Account Operations (금융회사 서버 Privilege 계정 운영방식 결정 모델)

  • Lee, Suk-Won;Lee, Kyung-Ho
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.25 no.6
    • /
    • pp.1607-1620
    • /
    • 2015
  • The server privilege account must be operated through law and regulation. However, due to regulation non-compliance and inadequate operation on financial company server privilege, an incident that every server data being deleted by hacker occur which is later being named as 'NH Bank Cyber Attack'. In this paper, the current operation status on financial company privilege accounts is being analysed to elicit problems and improvement. From the analysis, important evaluation factors will be also selected and applied generating the decision making model for financial company server privilege account operation. The evaluation factor deducted from privilege account status analysis will be used to present and verify the decision making model and formula through AHP(Analytic Hierarchy process).

Implementation of User Account Vulnerability Checking Function System using MS-SQL Database (MS-SQL 데이터베이스에서 특정 계정 취약점 판별 시스템 구현)

  • Jang, Seung-Ju
    • Journal of the Korea Institute of Information and Communication Engineering
    • /
    • v.18 no.10
    • /
    • pp.2482-2488
    • /
    • 2014
  • This paper proposes that a user account of the MS-SQL is checked whether expirated or not in C++ program environment. Vulnerability checking module decides security weakness for password change time or user configuration time. The proposed module prevents and protects a user account from a malicious user account. Recently, Information Assets becomes more important. If the loss of database information it would make large damage in our life. This paper develops user account checking module, which checks whether user password have not been changed for a long time or whether the user account expirated in the MS-SQL Database. By checking security vulnerability using this feature, a malicious user cannot access the Database.

Recovery Phrase Management Scheme for Public Blockchain Wallets based on OTP (공용 블록체인 지갑을 위한 OTP 기반 계정 복구 문자열 관리 체계)

  • Song, Seounghan;Kim, Suntae;Shin, Jung-Hoon;Lee, Jeong-Hyu
    • The Journal of the Institute of Internet, Broadcasting and Communication
    • /
    • v.20 no.1
    • /
    • pp.35-44
    • /
    • 2020
  • The growing use of public blockchain-based virtual cryptocurrency calls for secure management of blockchain account information managed through cryptocurrency wallet programs. The previously proposed wallet program has high security in terms of managing an account's private key, but low security in managing an account's recovery phrase. Therefore, in this paper, we propose a safe management system of blockchain account recovery string based on the new user authentication method using the user's mobile device information and OTP technique to overcome the problem of the existing account recovery string management method. It also conducts an analysis of the proposed blockchain account recovery string management system based on the expected behavior scenario.

An Account of Virtual and Augmented Reality in Educational Institutions

  • Al-Salami, Sami Ben Shamlan Bakhit
    • International Journal of Computer Science & Network Security
    • /
    • v.22 no.9
    • /
    • pp.137-142
    • /
    • 2022
  • This paper argues for modern technologies in the educational process. It specifically outlines issues germane to virtual and augmented reality. It begins with an account on virtual reality and augmented reality, and touches on their characteristics, the advantages, obstacles and applications. It also discusses some relevant studies that emphasized the role of virtual and augmented reality in education, the difference between two terms. The paper ends with a note of vision on how to activate them in educational institutions.

A Study on the Private Security Training in Korea (한국민간경비원의 교육훈련 개선방안에 관한 연구)

  • Lim, Moung-Soon
    • Korean Security Journal
    • /
    • no.6
    • /
    • pp.167-193
    • /
    • 2003
  • Korean social structure is changing by leaps and bounds caused by industrialization, urbanization and information. Because of this, the sense of value, and moral consciousness of Korean people have been edteriorating and all kinds of social evils have been increasing also. However, the police who ought to be in charge of public well-being, security, social order are not playing their role on account of bad working conditions, and lack of budget. For this reason, individuals are desirous of preserving their security and lives at their cost. Private security has emerged at this background.

  • PDF

The Service Log Analyser for Blocking Unused Account on Internet Services (인터넷 서비스 미 사용 계정 차단을 위한 서비스 로그 분석기)

  • Jung, Kyu-Cheol;Lee, Jin-Kwan;Lee, Dae-Hyung;Jang, Hae-Suk;Lee, Jong-Chan;Park, Ki-Hong
    • Convergence Security Journal
    • /
    • v.7 no.2
    • /
    • pp.73-80
    • /
    • 2007
  • The fact that since Internet has been spreaded widely to people, Many security problems also have been grown too much. Due to sudden growth, administrator's responsibility for secure network and services has been growing more and more. This paper represents how to prevent account which didn't use for long period on multi domains environment using service log analysis. hence administrator can find security hole on systems and can dealing with it. The Service Log Analyzer is that loading log file which are written by each service and analyzing them. as a result it makes a list named Used User List contains a number of account names which uses specific services. When the time has come - means cron job schedule time, User Usage Shifter is the next runner. it's mission is finding the person who didn't used service for a specific period of time. Then modifying the expire day of the account information.

  • PDF

Identify Management System with improved security based working time supervising (근태관리 중심으로 보안성을 향상시킨 2-Factor 인증 계정관리시스템)

  • Choi, Kyong-Ho;Kim, Jongmin;Lee, DongHwi
    • Convergence Security Journal
    • /
    • v.17 no.5
    • /
    • pp.71-76
    • /
    • 2017
  • Today, it is an information society where a large number of users access and view important data in a large number of information assets as needed. In this complexity, techniques related Identify Management are being applied, in order to verify authorized user access to important information assets and manage of history. But, the ability access to sensitive information using account has the disadvantage of being able to open the way for information to the attacker when it is hijacked. Thus, in this paper, we propose a secure Identify Management System that can control the use of accounts based on the attitude of the account holder, but also enhances the security and does not hinder the convenience.

A New Session Key Agreement Scheme Using Smart Cards (스마트 카드를 이용한 새로운 세션 키 생성 방법)

  • Lee, Jongkook;Jongsoo Jang
    • Proceedings of the Korean Information Science Society Conference
    • /
    • 2003.04a
    • /
    • pp.518-520
    • /
    • 2003
  • This paper proposes a new session key agreement scheme which is based on Station-to-station protocol, or STS shortly. We extend key agreement model of STS, to take into account smart cards. Besides, we modify STS to withstand message replaying attack. Security analysis shows our scheme is still secure.

  • PDF