• Journal of Korea Multimedia Society
• /
• v.24 no.1
• /
• pp.58-66
• /
• 2021

The user's password must be encrypted one-way through the hash function and stored in the database. Widely used hash functions such as MD5 and SHA-1 have also been found to have vulnerabilities, and hash functions that are considered safe can also have vulnerabilities over time. Salt enhances password security by adding it before or after the password before putting it to the hash function. In the case of the existing Salt, even if it is randomly assigned to each user, once it is assigned, it is a fixed value in a specific column of the database. If the database is exposed to an attacker, it poses a great threat to password cracking. In this paper, we suggest variable-dynamic Salt that dynamically changes according to the user's password during the login process. The variable-dynamic Salt can further enhance password security during login process by making it difficult to know what the Salt is, even if the database or source code is exposed.

• Journal of KIISE:Computer Systems and Theory
• /
• v.37 no.4
• /
• pp.226-238
• /
• 2010

OpenSSL is an open-source library implementing SSL that is a secure communication protocol. However, the library has a severe vulnerability that its security information can be easily exposed to malicious software when the library is used in a form of shared library on Linux and UNIX operating systems. We propose a scheme to attack the vulnerability of the OpenSSL library. The scheme injects codes into a running client program to execute the following attacks on the vulnerability in a SSL handshake. First, when a client sends a server a list of cryptographic algorithms that the client is willing to support, our scheme replaces all algorithms in the list with a specific algorithm. Such a replacement causes the server to select the specific algorithm. Second, the scheme steals a key for data encryption and decryption when the key is generated. Then the key is sent to an outside attacker. After that, the outside attacker decrypts encrypted data that has been transmitted between the client and the server, using the specified algorithm and the key. To show that our scheme is realizable, we perform an experiment of collecting encrypted login data that an ftp client using the OpenSSL shared library sends its server and then decrypting the login data.

• Proceedings of the IEEK Conference
• /
• 1998.10a
• /
• pp.7-10
• /
• 1998

In implementing real time video on demand(VOD), the increase of user on internet causes a network traffic congestion. In this paper, we programmed a CGI able to login in VOD home for limiting the number of user in solving the problem, and also applied and adaptive multimedia synchronization technique for controlling video and audio data in a network. In addition, a real time multimedia player was designed and implemented in a personal computer operating at Window95/98/NT.

• Proceedings of the Korea Contents Association Conference
• /
• 2019.05a
• /
• pp.277-278
• /
• 2019

한국, 중국, 일본 3개 국가 30개 모바일 게임을 대상으로 초반 로그인 플로우를 조사하고 특징을 분석하였다. 그 결과, 한중일 3국의 차별별적인 UX디자인 전략을 확인할 수 있었다. 중국의 게임들은 한중일 중 최초 로그인에 소요되는 시간이 가장 짧고 약관동의 등 사용자가 불필요하게 느끼는 절차는 로그인이 완료된 다음 후순위로 둔 것으로 확인할 수 있었다. 일본의 경우 아이디/비번 입력으로 대표되는 로그인 개념 자체를 없애고, 유저가 원할 경우에만 데이터 백업을 할 수 있는 장치를 후반에 마련해둔 뒤, 최대한 빠르게 게임 플레이를 경험 할 수 있게 설계한 게임들이 많았다.

• Journal of Advanced Navigation Technology
• /
• v.21 no.3
• /
• pp.294-299
• /
• 2017

Home network service is evolving into a service that can receive contents such as remote education, home automation, remote meter reading and various entertainment anytime and anywhere by connecting all household appliances in home with wired and wireless network. In this paper, an intelligent home gateway installed at home is connected to the mobile communication terminal from the outside to solve the problems of the existing home network and configure and maintain a more efficient and comfortable home network environment for the user, In the window, the login page is activated to confirm the user access authority, and the user proceeds the authentication procedure through own login information. When the normal authentication procedure is performed, the intelligent home gateway maintains only the network connection with the user, and the user presents the intelligent home network system using the RFID which is accessed by the intelligent home network system.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.6
• /
• pp.1419-1429
• /
• 2017

Recently, environment based authentication technique had proposed reinforced authentication, which generating statistical model per user after user login history classifies into account takeover or legitimate login. But reinforced authentication is likely to be attacked if user was not attacked in past. To improve this problem in this paper, we propose unconsciousness authentication technique that generates 2-Class user model, which trains user's environmental information and others' one using machine learning algorithms. To evaluate performance of proposed technique, we performed evasion attacks: non-knowledge attacker that does not know any information about user, and sophisticated attacker that only knows one information about user. Experimental results against non-knowledge attacker show that precision and recall of Class 0 were measured as 1.0 and 0.998 respectively, and experimental results against sophisticated attacker show that precision and recall of Class 0 were measured as 0.948 and 0.998 respectively.

• KIPS Transactions on Computer and Communication Systems
• /
• v.3 no.12
• /
• pp.463-478
• /
• 2014

Portal site is not only providing search engine and e-mail service but also various services including blog, news, shopping, and others. The fact that average number of daily login for Korean portal site Naver is reaching 300 million suggests that many people are using portal sites. With the increase in number of users followed by the diversity in types of services provided by portal sites, the attack is also increasing. Most of studies of password authentication is focused on threat and countermeasures, however, in this study, we analyse the security threats and security requirement of membership, login, password reset first phase, password reset second phase. Also, we measure security score with common criteria of attack potential. As a result, we compare password authentication system of domestic and abroad portal sites.

• Journal of the Korea Society of Computer and Information
• /
• v.14 no.12
• /
• pp.181-190
• /
• 2009

DBMS access that used high speed internet web service through WAS is increasing. Need application of DB security technology for 3-Tier about DBMS by unspecified majority and access about roundabout way connection and competence control. If do roundabout way connection to DBMS through WAS, DBMS server stores WAS's information that is user who do not store roundabout way connection user's IP information, and connects to verge system. To DBMS in this investigation roundabout way connection through WAS do curie information that know chasing station security thanks recording and Forensic data study. Store session about user and query information that do login through web constructing MetaDB in communication route, and to DBMS server log storing done query information time stamp query because do comparison mapping actuality user discriminate. Apply making Rule after Pattern analysis receiving log by elevation method of security authoritativeness, and develop Module and keep in the data storing place through collection and compression of information. Kept information can minimize false positives of station chase through control of analysis and policy base administration module that utilize intelligence style DBMS security client.

• Journal of the Korea Society of Computer and Information
• /
• v.28 no.11
• /
• pp.65-71
• /
• 2023

In this paper, we design and implement the Walking Life Festival application, which is based on the Android platform and provides information about domestic travel destinations and regional festivals in South Korea. This application utilizes various sensors found in smartphones, including the Step Counter sensor, Step Detector sensor, Acceleration sensor, and GPS sensor. Additionally, it makes use of Google Map API and Public Open API to offer information about domestic travel destinations and local festivals. The application also incorporates an automatic login feature using the Shared Preference API. When storing login information in the database, it encrypts the input plaintext data using a hash algorithm. For Google Maps integration, it creates objects using the Google.maps.LatLngBounds() method and extends the location information through the extends method. Furthermore, this application contributes to the activation of the domestic tourism industry by notifying users about the timing of local festivals related to domestic travel destinations, thus increasing their opportunities to participate in these festivals.

• Convergence Security Journal
• /
• v.23 no.4
• /
• pp.17-22
• /
• 2023

Traditional authentication systems typically involve users entering their username and password into a centralized identity management system. To address the inconvenience of such authentication methods, a decentralized identity authentication system based on Distributed Identifiers(DID) is proposed, utilizing decentralized identity technology. The proposed system employs QR code scanning for login, enhancing security through the use of blockchain technology to ensure the uniqueness and safety of user identities during the login process. This system utilizes DIDs and integrates the InterPlanetary File System(IPFS) to securely manage organizational members' identity information while keeping it private. Using the distributed identity authentication system proposed in this study, it is possible to effectively manage the security and personal identity of organization members. To improve the usability of the system proposed in this study, research is needed to expand it into a solution.