• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제11권12호
• /
• pp.6092-6115
• /
• 2017

This paper demonstrates a case for an end-to-end pure Application Security Layer for reliable and confidential communications within an Internet of Things (IoT) constrained environment. To provide a secure key exchange and to setup a secure data connection, Transport Layer Security (TLS) is used, which provides native protection against replay attacks. TLS along with digital signature can be used to achieve non-repudiation within app-to-app communications. This paper studies the use of TLS over the JavaScript Object Notation (JSON) via a The Constrained Application Protocol (CoAP) RESTful service to verify the hypothesis that in this way one can provide end-to-end communication flexibility and potentially retain identity information for repudiation. As a proof of concept, a prototype has been developed to simulate an IoT software client with the capability of hosting a CoAP RESTful service. The prototype studies data requests via a network client establishing a TLS over JSON session using a hosted CoAP RESTful service. To prove reputability and integrity of TLS JSON messages, JSON messages was intercepted and verified against simulated MITM attacks. The experimental results confirm that TLS over JSON works as hypothesised.

• Proceedings of the Korean Information Science Society Conference
• /
• 한국정보과학회 2011년도 한국컴퓨터종합학술대회논문집 Vol.38 No.1(D)
• /
• pp.131-134
• /
• 2011

Several Web Service security standards are widely utilized aiming at securing exchanges of SOAP messages among partners in a collaborative environment. Although such standards are suitable for ensuring end-to-end message level security, certain attacks such as XML rewriting may still occur and lead to significant security vulnerabilities. This paper explores the security vulnerabilities of SOAP messages and proposes an ontology-based approach that can successfully combat the security threats. We develop ontology-based schema to include SOAP structure information in outgoing SOAP message and validate this information in the receiving end. Thus, allow to detect XML rewriting attacks early in the validating process.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• 제14권3호
• /
• pp.1428-1438
• /
• 2013

Services take place in Internet environment, a formation of the trust relationship between user and service provider for services. Different authentication schemes such as using Certificate of Public Key Infrastructure authentication and using ID/PW for a simple user authentication have been proposed for trust relationship. In addition, in the case of electronic financial transactions, transaction integrity and non-repudiation features are provided. These services are provided in Internet environment, use various measures to ensure service safety. However, it was difficult to prevent attacks using existing security technology because of emergence of MITB attack that manipulate the memory area of the Web browser and social engineering attacks such as phishing/pharming, requires application of new security technologies became. In this paper, we propose a concept of smart secure-pad, and utilize it safely formed a trust relationship between user and service provider, a model has been proposed to ensure safety of data transmission. Proposed model's security evaluation results show security against to MITB attack and phishing/pharming that can't be prevent attack using existing security technology. In addition, service provider can easily apply the model in safe environment can provide Internet service using provided representative services applying the proposed model.

• Journal of the Korea Convergence Society
• /
• 제5권4호
• /
• pp.93-99
• /
• 2014

Cloud computing refers to borrow IT resources as needed by leveraging Internet technology and pay as much as you used by supporting real-time scalability depending on the service load. Virtualization which is the main technology of cloud computing is a technology that server, storage and hardware are regarded as not separate system but one system area and are allocated as needed. However, the security mechanisms provided by virtualized environments are difficult to cope with the traditional security mechanisms, having basic levels of visibility, control and audit function, on which the server is designed to monitor the traffic between the servers. In this paper, the security vulnerabilities of virtualization are analysed in the cloud computing environment and cloud virtualization security recommendations are proposed.

• Journal of Distribution Science
• /
• 제21권12호
• /
• pp.59-69
• /
• 2023

Purpose: Consumers can experience better service for distribution of products with payment technology such as QRIS (Quick Response Code Indonesian Standard) compared to conventional purchase methods. This research aims to determine the experience of QRIS service users in Indonesia. Perceived Usefulness, Ease of Use, and Perceived Security were independent factors. Behavioral Intention to Use is the dependent variable. Furthermore, Word of Mouth Attitude is an intervening variable. Research Design, Data, and Methodology: Involving active QRIS users in a survey-based quantitative study in Indonesia. A survey sample of 400 people was taken from data records of 30.87 million QRIS users in Indonesia. Data were analyzed using SEM-PLS. Results: Show that Perceived Usefulness and Perceived Ease of Use significantly impact Attitudes Word of Mouth, and Behavioral Intention to Use. This research also found that Behavioral Intention to Use does not significantly impact Perceived Security. Conclusion: QRIS, as a revolutionary innovation, offers faster payments than previous methods, with a payment time of no more than one minute. QRIS is seen as valuable, simple, and safe, disseminating information to the public and continuing to use QRIS. The implications of this research are very significant in accelerating the flow of distribution of goods and services and facilitating transactions.

• 제어로봇시스템학회:학술대회논문집
• /
• 제어로봇시스템학회 2003년도 ICCAS
• /
• pp.2151-2154
• /
• 2003

Internet is deeply rooted in everyday life and many things are performed using internet in real-world, therefore internet users increased because of convenience. Also internet accident is on the increase rapidly. The security vendor developed security system to protect network and system from intruder. Many hackings can be prevented and detected by using these security solutions. However, the new hacking methods and tools that can detour or defeat these solutions have been emerging and even script kids using these methods and tools can easily hack the systems. In consequence, system has gone through various difficulties. So, Necessity of intruder trace-back technology is increased gradually. Trace-back technology is tracing back a malicious hacker to his real location. trace-back technology is largely divided into TCP connection trace-back and IP packet trace-back to trace spoofed IP of form denial-of-service attacks. TCP connection trace-back technology that autonomously traces back the real location of hacker who attacks system using stepping stone at real time. In this paper, We will describe watermark trace-back system using TCP hijacking technique to supplement difficult problem of connection maintenance happened at watermark insertion. Through proposed result, we may search attacker's real location which attempt attack through multiple connection by real time.

• Journal of information and communication convergence engineering
• /
• 제9권4호
• /
• pp.353-357
• /
• 2011

U.S. Obama government is submit a motion to consider cyber attacks on State as a war. 7.7DDoS attack in Korea in 2009 and 3.4 DDoS attacks 2011, the country can be considered about cyber attacks. China hackers access a third country, bypassing South Korea IP by hacking the e-commerce sites with fake account, that incident was damaging finance. In this paper, for WiBro service, DDoS attacks, hackers, security incidents and vulnerabilities to the analysis. From hacker's attack, WiBro service's prognostic relevance by analyzing symptoms and attacks, in real time, Divide Red, Orange, Yellow, Green belonging to the risk rating. For hackers to create a blacklist, to defend against attacks in real-time air-conditioning system is the study of security. WiBro networks for incident tracking and detection after the packets through the national incident response should contribute to the development of technology.

• Journal of Internet Computing and Services
• /
• 제19권6호
• /
• pp.9-20
• /
• 2018

Financial service industry has introduced and operated management systems such as information security management system (ISMS), personal information security management system, business continuity management system to protect and maintain suitably customer's financial information and financial service. This study started that it's desirable financial industry takes consideration of ISMS and it can be different types among various organizations taking consideration of culture, practical work, and guideline of information security. The study derives primary control areas of ISMS through analyzing non-conformity trends and control factors according to certification audit for finance-related organizations introduced international ISMS of ISO27001 which is well known and commonly applicable irrespective of areas in financial service industry. Through case analyses for five finance-related organizations operating ISMS, this study analyzed improvement effects of ISMS. It has a meaning as an initial research though it was difficulty in acquiring data for empirical study because of rare organizations maintaining certification in financial sector. As a result, number of non-confirmity from the first audit to three years' elapse was decreased every year. Physical and environmental security, communication and operations management, and access control having the highest frequency of non-conformity each presented 23%, 19%, and 17%, which reached 59% in total and they are derived into primary control areas. ISMS can fulfill technical, managerial, physical security issues, which have not been treated importantly in financial industry. In addition, this study presented that ISMS can be an effective management system applicable for financial service industry.

• Korean Security Journal
• /
• 제1호
• /
• pp.123-134
• /
• 1997

Our conuntry have come out to the phenomenon to the atrocity crimes, make into a intellecture crims and specialization with them due to various change to the expension of economy growth, drift of population to cities and sense of value is plunged in confution, Now that things have come to this day, since foundation of the security guard law it first begin, ten years, civilian securities guard law was include to the civil service securities law due to amendment fo the civility secuties law newly on Dec. 30, 1995. According to the amendment, the part of the public peace of peoples livelihood were slough of the visual angle in knowledge which function of the civilies security were only be in under the government dimension were put in order to be tointly according to the such state of affairs, should found the consider a counterplan fundamentally regarding to the what to doing efforts foster the civilities securitylaw and qualitalive elevation of presidential guards. To make a long story short by few words, the question resolves itself into the following five points. The first, peoples arrengements for the attitude fo public duty service with devotedly Sustaining publicity work activities for the thire divert of the understanding of civilian security guard. The secondly, Existing security traders and security association should to support to the civilian security works. The third, The government office concerned should strengthen the licensing system in order to improve the quality of existings in order to may establishment newly systems of license and technical institute of regarding to them. The fourth, Should be newly organixed the exclusive organization of personal protective works in the police buroau for the sustaining development of civirity guard works and soundness of the upbringing. The fifth, It is necessary to found the reserch institute for the study on oretical, scholarly, study for the technical reserch and enlargement of effeciveness And try to find a solution to the Universitys function and duty, activity plan, support plan to the Department of security specialist for the come forward in succession it under the national assistance. The finally, I am sure that the Korean security association could be transiormed into the organization which reliable and receive a love from the peoples when doing best utmost to do pursuit of the structure to be a securitys legalism, specialization and total security systems.

• Asia pacific journal of information systems
• /
• 제27권3호
• /
• pp.156-175
• /
• 2017

The proposed conceptual framework is based in the relationships among knowledge of personal information security, trust on the personal information security policies of parcel delivery service companies, privacy concern, trust in and risk of parcel delivery services, and user satisfaction with parcel delivery services. Drawing upon both cognitive theory of emotion and cognitive emotion theory that complement each other, we propose a research model and examine the relationships between cognitive and emotional factors and the usage of parcel delivery services. The proposed model is validated using data from customers who have previously used parcel delivery services. The results show a significant relationship between the cognitive and affective factors and the usage of parcel delivery services. This study enhances our understanding of parcel delivery services based on the consumers' psychological processes and presents useful implications on the importance of privacy and security in these services.