• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.5
• /
• pp.941-950
• /
• 2021

Single Sign-On (SSO) service manages user's account passwords from multiple websites so that security in a high level is required. Users who use the SSO service are authenticated through the Identity Provider (IdP) when logging into the website. We present the security requirements that IdP can take in order to minimize the user's risk whose IdP account is compromised. We describe the security threats that arise when the security requirements are not satisfied. Through evaluation, we prove that the attacker's session cannot be canceled even if the user recognizes the attack if the IdP does not satisfy the security requirements.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.1
• /
• pp.173-179
• /
• 2015

Financial fraud such as phishing have passed several years from the occurrence, in spite of the widely known through the media, regardless of the social status or age, financial fraud has occurred on an ongoing basis, the damage is not reduced. The fraud account, the person who made the account, the user is different, it is possible to avoid tracking financial channel, and is used as a receiving means for fraud money of various crimes. Efforts of financial institutions and financial supervisory institutions, it has been promoted by preparing various measures for the eradication of fraud account so far been used as a means of financial crime, the proliferation of financial fraud, opening and distribution of fraud account is a receiving means for fraud money are also increasing continuously, it is necessary to take countermeasures. In spite of the continuous crackdown of financial institutions and financial supervisory institutions, it is causing serious damage to society, analyzes the current situation of fraud account, to present an effective and aggressive countermeasure of financial institutions in this paper.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.6
• /
• pp.1607-1620
• /
• 2015

The server privilege account must be operated through law and regulation. However, due to regulation non-compliance and inadequate operation on financial company server privilege, an incident that every server data being deleted by hacker occur which is later being named as 'NH Bank Cyber Attack'. In this paper, the current operation status on financial company privilege accounts is being analysed to elicit problems and improvement. From the analysis, important evaluation factors will be also selected and applied generating the decision making model for financial company server privilege account operation. The evaluation factor deducted from privilege account status analysis will be used to present and verify the decision making model and formula through AHP(Analytic Hierarchy process).

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.18 no.10
• /
• pp.2482-2488
• /
• 2014

This paper proposes that a user account of the MS-SQL is checked whether expirated or not in C++ program environment. Vulnerability checking module decides security weakness for password change time or user configuration time. The proposed module prevents and protects a user account from a malicious user account. Recently, Information Assets becomes more important. If the loss of database information it would make large damage in our life. This paper develops user account checking module, which checks whether user password have not been changed for a long time or whether the user account expirated in the MS-SQL Database. By checking security vulnerability using this feature, a malicious user cannot access the Database.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.20 no.1
• /
• pp.35-44
• /
• 2020

The growing use of public blockchain-based virtual cryptocurrency calls for secure management of blockchain account information managed through cryptocurrency wallet programs. The previously proposed wallet program has high security in terms of managing an account's private key, but low security in managing an account's recovery phrase. Therefore, in this paper, we propose a safe management system of blockchain account recovery string based on the new user authentication method using the user's mobile device information and OTP technique to overcome the problem of the existing account recovery string management method. It also conducts an analysis of the proposed blockchain account recovery string management system based on the expected behavior scenario.

• International Journal of Computer Science & Network Security
• /
• v.22 no.9
• /
• pp.137-142
• /
• 2022

This paper argues for modern technologies in the educational process. It specifically outlines issues germane to virtual and augmented reality. It begins with an account on virtual reality and augmented reality, and touches on their characteristics, the advantages, obstacles and applications. It also discusses some relevant studies that emphasized the role of virtual and augmented reality in education, the difference between two terms. The paper ends with a note of vision on how to activate them in educational institutions.

• Korean Security Journal
• /
• no.6
• /
• pp.167-193
• /
• 2003

Korean social structure is changing by leaps and bounds caused by industrialization, urbanization and information. Because of this, the sense of value, and moral consciousness of Korean people have been edteriorating and all kinds of social evils have been increasing also. However, the police who ought to be in charge of public well-being, security, social order are not playing their role on account of bad working conditions, and lack of budget. For this reason, individuals are desirous of preserving their security and lives at their cost. Private security has emerged at this background.

• Convergence Security Journal
• /
• v.7 no.2
• /
• pp.73-80
• /
• 2007

The fact that since Internet has been spreaded widely to people, Many security problems also have been grown too much. Due to sudden growth, administrator's responsibility for secure network and services has been growing more and more. This paper represents how to prevent account which didn't use for long period on multi domains environment using service log analysis. hence administrator can find security hole on systems and can dealing with it. The Service Log Analyzer is that loading log file which are written by each service and analyzing them. as a result it makes a list named Used User List contains a number of account names which uses specific services. When the time has come - means cron job schedule time, User Usage Shifter is the next runner. it's mission is finding the person who didn't used service for a specific period of time. Then modifying the expire day of the account information.

• Convergence Security Journal
• /
• v.17 no.5
• /
• pp.71-76
• /
• 2017

Today, it is an information society where a large number of users access and view important data in a large number of information assets as needed. In this complexity, techniques related Identify Management are being applied, in order to verify authorized user access to important information assets and manage of history. But, the ability access to sensitive information using account has the disadvantage of being able to open the way for information to the attacker when it is hijacked. Thus, in this paper, we propose a secure Identify Management System that can control the use of accounts based on the attitude of the account holder, but also enhances the security and does not hinder the convenience.

• Proceedings of the Korean Information Science Society Conference
• /
• 2003.04a
• /
• pp.518-520
• /
• 2003

This paper proposes a new session key agreement scheme which is based on Station-to-station protocol, or STS shortly. We extend key agreement model of STS, to take into account smart cards. Besides, we modify STS to withstand message replaying attack. Security analysis shows our scheme is still secure.