• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.3
• /
• pp.479-490
• /
• 2013

Recently, the number of attacks by malicious application has significantly increased, targeting Android-platform mobile terminal such as Samsung Galaxy Note and Galaxy Tab 10.1. The malicious application can be distributed to currently used mobile devices through open market masquerading as an normal application. An attacker inserts malicious code into an application, which might threaten privacy by rooting attack. Once the rooting attack is successful, malicious code can collect and steal private data stored in mobile terminal, for example, SMS messages, contacts list, and public key certificate for banking. To protect the private information from the malicious attack, malicious code detection, rooting attack detection and countermeasure method are required. To meet this end, this paper investigates rooting attack mechanism for Android-platform mobile terminal. Based on that, this paper proposes countermeasure system that enables to extract and collect events related to attacks occurring from mobile terminal, which contributes to active protection from malicious attacks.

• Journal of Internet Computing and Services
• /
• v.14 no.3
• /
• pp.35-46
• /
• 2013

As mobile terminal environment gets matured, the use of Android platform based mobile terminals has been growing high. Recently, the number of attacks by malicious application is also increasing as Android platform is vulnerable to private information leakage in nature. Most of these malicious applications are easily distributed to general users through open market or internet and an attacker inserts malicious code into malicious app which could be harmful tool to steal private data and banking data such as SMS, contacts list, and public key certificate to a remote server. To cope with these security threats more actively, it is necessary to develop countermeasure system that enables to detect security vulnerability existing in mobile device and take an appropriate action to protect the system against malicious attacks. In this sense, this paper aggregates diverse system events from multiple mobile devices and also implements a system to detect attacks by malicious application.

• Proceedings of the Korean Information Science Society Conference
• /
• 2010.11a
• /
• pp.139-140
• /
• 2010

• The Journal of the Korea institute of electronic communication sciences
• /
• v.9 no.7
• /
• pp.779-789
• /
• 2014

Utilizing smart phones based on android applications in the field of FA(Factory Automation) or PA(Production Automation) is being deployed actively. In general, MDM(Mobile Device Management) is a crucial infra-structure to build such a FA or PA environment. In this paper, we suggest an open mobile device management platform and implement its prototype. The developed prototype consists of three modules such as DMS(Device Management Server), FUMO(Firmware Update Management Object) and SCOMO(Software Component Management Object). In addition, we suggest a security module based on the concept of the EAP (Extensible Authentication Protocol) and the AES (Advanced Encryption Standard). The suggested security module's prototype is applied to guarantee the data integrity in the process of communicating among DMS, FUMO and SCOMO for the purpose of utilizing smart phones based on android applications in a FA field. We also evaluate the performance of the implemented security prototype. According to our simulation results, the implemented prototype has a good performance in a FA environment and can be utilized in the other FA, PA or OA(Office Automation) environment with guaranteeing the security.

• KIPS Transactions on Computer and Communication Systems
• /
• v.7 no.2
• /
• pp.59-66
• /
• 2018

Android Things is an Android-based platform running in Google's IoT environment. Android smartphones require permissions from application users to use certain features, but in the case of Android Things, there is no display to send request notifications to users. Therefore Does not make a request to use the permissions and automatically accepts the permissions from the system. If the privilege is used indiscriminately, malicious behavior such as system failure or leakage of personal information can be performed by a function which is not related to the function originally. Therefore, By monitoring the privileges that a device uses in an Android-based IoT system, users can proactively respond to security threats that can arise through unauthorized use of the IoT system. This paper proposes a system that manages the rights currently being used by IoT devices in the Android Things based IoT environment, so that Android-based IoT devices can cope with irrelevant use of rights.

• Journal of Korea Multimedia Society
• /
• v.19 no.5
• /
• pp.797-807
• /
• 2016

The discussion in this paper aims to introduce an approach to detect drowsiness with Android based smartphones using the OpenCV platform tools. OpenCV for Android actually provides powerful tools for real-time body's parts tracking. We discuss here about the maximization of the accuracy in real-time eye tracking. Then we try to develop an approach for detecting eye blink by analyzing the structure and color variations of human eyes. Finally, we introduce a time variable to capture drowsiness.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.13 no.3
• /
• pp.1659-1673
• /
• 2019

Android platform provides In-app Billing service for purchasing valuable items inside mobile applications. However, it has become a major target for attackers to achieve valuable items without actual payment. Especially, application developers suffer from automated attacks targeting all the applications in the device, not a specific application. In this paper, we propose a novel scheme detecting automated attacks with probabilistic tests. The scheme tests the signature verification method in a non-deterministic way, and if the method was replaced by the automated attack, the scheme detects it with very high probability. Both the analysis and the experiment result show that the developers can prevent their applications from automated attacks securely and efficiently by using of the proposed scheme.

• Journal of Internet Computing and Services
• /
• v.18 no.5
• /
• pp.87-94
• /
• 2017

Due to the recent advances of IT industry, many companies and institutions have been used electronic documents rather than original paper copies. However, the characteristic of electronic document allows it to be readily damaged from proscribed copying, counterfeit, and falsification. These can cause the serious security problems for electronic documents. Conventional security methods for digital documents involve adding a separated image or marker, but these methods can reduce the readability of document. Therefore, we proposed a digital Jikin (Korean traditional stamp) which is normally used to identify the source or author of a document in asia. The proposed digital Jikin can preserve the readability of electronic document while protecting the document from proscribed copying, counterfeit, or falsification using image processing approach. In this paper, a digital Jikin application is designed and implemented under android platform and it converts the critical information of document onto the digital Jikin. The proposed digital Jikin contains important information in the boundary of Jikin not only about the author of documents or source, but also keywords, number of images, and many more. Therefore, the authenticity of document or whether the document has been altered or not by other person can be evaluated by the server. The proposed digital Jikin can be sent to a server through the wireless networks and can be stored using PHP and MySQL. We believe that the proposed method can offer the better and simple solution for strengthening the security of electronic document.

• Journal of KIISE
• /
• v.43 no.10
• /
• pp.1154-1164
• /
• 2016

To prevent the use of one's smartphone by another user, the authentication checks the owner in several ways. However, whenever the owner does use his/her smartphone, this authentication requires an unnecessary action, and sometimes he/she finally decides not to use an authentication method. This can cause a fatal problem in the smartphone's security. We propose a sustainable android platform-based authentication mode to solve this security issue and to facilitate secure authentication. In the proposed model, a smartphone identifies the current situation and then performs the authentication. In order to define the risk of the situation, we conducted a survey and analyzed the survey results by age, location, behavior, etc. Finally, a demonstration program was implemented to show the relationship between risk and security authentication methods.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2019.05a
• /
• pp.290-292
• /
• 2019

Since the advent of blockchain and bitcoin, decentralization has been accelerating around the world as a public blockchain ethereum with smartcontract has begun. Developers can use Ethereum's blockchain development platform to develop "distributed applications" (DApp) running on a decentralized P2P network, and various types of devices from IoT to mobile can participate in a block-chain distributed environment have. Using Ethereum's blockchain development platform, developers can develop "Decentralized Application (DApp)" that run on a decentralized P2P network and various types of devices from IOT to mobile can participate in distributed blockchain environments. There are many ways to interact with the blockchain and the smart contract, but users tend to prefer the mobile methods due to their convenience and accessibility advantages. Therefore, the author developed an Android based voting DApp and researched related issues. Since the current development methods of DApp are not adequately researched and standardized, efficient methods for developing user-friendly DApp were studied. Because DApp has to spend a certain amount of fees to interact with blockchain, it has intensively investigated the gas problem of Smart Contract code and the security problem of code, and author would like to introduce it in this paper.