• Proceedings of the IEEK Conference
• /
• 2002.06c
• /
• pp.131-134
• /
• 2002

As the increased use of computer, wired/wireless/mobile Internet, security in using Internet becomes a more important problem. Thus, biometric technology using physical and behavior characteristics of a person is hot issue. Many different types of biometric technologies of a person such as fingerprint, face, iris, vein, DNA, brain wave, palm, voice, dynamic signature, etc. had already been studied but remained unsuccessful because they do not meet social demands. However, recently many of these technologies have been actively revived and researchers have developed new products on various commercial fields. Dynamic signature verification technology is to verify the signer by calculating his writing manner, speed, angle, and the number of strokes, order, the down/up/movement of pen when the signer input his signature with an electronic pen for his authentication. Then signature verification system collects mentioned above various feature information and compares it with the original one and simultaneously analyzes to decide whether signature is forgery or true. The prospect of signature verification technology is very promising and its use will be wide spread in terms of economy, security, practicality, stability and convenience.

• The Transactions of The Korean Institute of Electrical Engineers
• /
• v.57 no.7
• /
• pp.1123-1128
• /
• 2008

The necessity of online dynamic security assessment is getting apparent under Electricity Market environments, as operation of power system is exposed to more various operating conditions. For on-line dynamic security assessment, fast transient stability analysis tool is required for contingency selection. The TEF(Transient Energy Function) method is a good candidate for this purpose. The clustering of critical generators is crucial for the precise and fast calculation of energy margin. In this paper, we propose a new method for fast decision of mode of instability by using stability indices and energy margin. The method is a new version of our previous paper.[1] Case studies are showing very promising results.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.9 no.3
• /
• pp.1231-1245
• /
• 2015

People have transferred their business model from traditional commerce to e-commerce in recent decades. Both shopping and payment can be completed through the Internet and bring convenience to consumers and business opportunities to industry. These trade techniques are mostly set up based on the Secure Sockets Layer (SSL). SSL provides the security for transaction information and is easy to set up, which makes it is widely accepted by individuals. Although attackers cannot obtain the real content even when the transferred information is intercepted, still there is risk for online trade. For example, it is impossible to prevent credit card information from being stolen by virtual merchant. Therefore, we propose a new mechanism to solve such security problem. We make use of the disposable dynamic security code (DSC) to replace traditional card security code. So even attackers get DSC for that round of transaction, they cannot use it for the next time. Besides, we apply visual secret sharing techniques to transfer the DSC, so that interceptors cannot retrieve the real DSC even for one round of trade. This way, we can improve security of credit card transaction and reliability of online business. The experiments results validate the applicability and efficiency of the proposed mechanism.

• The Journal of Society for e-Business Studies
• /
• v.17 no.1
• /
• pp.137-150
• /
• 2012

For social demand and technological development, systematic private information management and security guidance have been enhanced; however, the issue of leakage and invasion of private information is shown in many ways. In the management of such private information, the issue of how to protect such information is one of the sensitive key elements. As a criterion to decide the management policy of each property information consisting of private information, this article suggests Dynamic-Security-Level-Measurement for property information. DSLM adopts the variable characteristics of property information as the element of measurement. By applying this method, it is possible to provide information management functions to cope with the changes of each property information security level of an individual actively. It is expected that this will improve the security of previous information management methods even more and also contribute to the improvement of security in integrated systems such as the integrated ID management system and electronic wallet.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.6
• /
• pp.1361-1372
• /
• 2017

If an external attacker takes from a victim's smartphone a copy of a secret application or an application to which fingerprinting technique is applied, secret information can be leaked or the legitimate user can be misunderstood as an illegal redistributor, which results in a serious security problem. To solve this problem, this paper proposes an Android application code protection scheme using fingerprint authentication and dynamic loading. The proposed scheme divides one application into CLR(Class LoadeR) and SED(SEperated Dex). CLR is an APK file with the ability to dynamically load the SED, and the SED is a file containing the classes required to run the application. The SED is stored inside the smartphone after being encrypted, and the SED can be decrypted only if the user is successfully authenticated using his or her fingerprint. The proposed scheme can protect the application code from the attacker who physically acquired user's smartphone.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.4
• /
• pp.919-928
• /
• 2018

Out-Of-Bounds (OOB) is one of the most powerful vulnerabilities in heap memory. The OOB vulnerability allows an attacker to exploit unauthorized access to confidential information by tricking the length of the array and reading or writing memory of that length. In this paper, we propose a method to automatically detect OOB vulnerabilities in heap memory using dynamic symbol execution and shadow memory table. First, a shadow memory table is constructed by hooking heap memory allocation and release function. Then, when a memory access occurs, it is judged whether OOB can occur by referencing the shadow memory, and a test case for causing a crash is automatically generated if there is a possibility of occurrence. Using the proposed method, if a weak block search is successful, it is possible to generate a test case that induces an OOB. In addition, unlike traditional dynamic symbol execution, exploitation of vulnerabilities is possible without setting clear target points.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.3
• /
• pp.579-589
• /
• 2017

The cloud environment is hypervisor-based, and many virtual machines are interconnected, which makes propagation of malicious code easier than other environments. Accordingly, this paper proposes a malicious traffic dynamic analysis system for secure cloud environment. The proposed system continuously monitors and analyzes malicious activity in an isolated virtual network environment by distinguishing malicious traffic that occurs in a cloud environment. In addition, the analyzed results are reflected in the distinguishment and analysis of malicious traffic that occurs in the future. The goal of this research is secure and efficient malicious traffic dynamic analysis by constructing the malicious traffic analysis environment in the cloud environment for detecting and responding to the new and variant malicious traffic generated in the cloud environment.

• Structural Engineering and Mechanics
• /
• v.32 no.2
• /
• pp.193-212
• /
• 2009

The resilience of a city confronted with a terrorist bomb attack is the background of the paper. The resilience strongly depends on vital infrastructure and the physical protection of people. The protection buildings provide in case of an external explosion is one of the important elements in safety assessment. Besides the aspect of protection, buildings facilitate and enable many functions, e.g., offices, data storage, -handling and -transfer, energy supply, banks, shopping malls etc. When a building is damaged, the loss of functions is directly related to the location, amount of damage and the damage level. At TNO Defence, Security and Safety methods are developed to quantify the resilience of city infrastructure systems (Weerheijm et al. 2007b). In this framework, the dynamic response, damage levels and residual bearing capacity of multi-storey RC buildings is studied. The current paper addresses the aspects of dynamic response and progressive collapse, as well as the proposed method to relate the structural damage to a volume-damage parameter, which can be linked to the loss of functionality. After a general introduction to the research programme and progressive collapse, the study of the dynamic response and damage due to blast loading for a single RC element is described. Shock tube experiments on plates are used as a reference to study the possibilities of engineering methods and an explicit finite element code to quantify the response and residual bearing capacity. Next the dynamic response and progressive collapse of a multi storey RC building is studied numerically, using a number of models. Conclusions are drawn on the ability to predict initial blast damage and progressive collapse. Finally the link between the structural damage of a building and its loss of functionality is described, which is essential input for the envisaged method to quantify the resilience of city infrastructure.

• Convergence Security Journal
• /
• v.12 no.4
• /
• pp.49-55
• /
• 2012

In this paper, we consider the limit of the previous works for ad-hoc network, then propose a dynamic routing scheme which employs a 2-tier hierarchical structure. We adopt the advantages of proactive and reactive routing scheme for efficient network management. We define this method as NSDR(New Secure Dynamic Routing) scheme. We also propose a trustworthy authentication and key management for the proposed ad-hoc network. We currently study the possibility that ad-hoc networks can provide a service such as key management and authentication for the next generation mobile network.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.15 no.6
• /
• pp.49-58
• /
• 2005

In this paper, we have proposed a secure dynamic ID allocation protocol using mutual authentication on the RFID tag. Currently, there are many security protocols focused on the low-price RFID tag. The conventional low-price tags have limitation of computing power and rewritability of memory. The proposed secure dynamic ID allocation protocol targets to the high-performance RFID tags which have more powerful performance than conventional low-price tag by allocating dynamic ID to RFID using mutual authentication based on symmetric encryption algorithm. This protocol can be used as a partial solution for ID tracing and forgery.