• Journal of Digital Convergence
• /
• v.14 no.12
• /
• pp.201-208
• /
• 2016

The purpose of Email system is used to transmit important information between companies in today. But Email system has vulnerabilities such that changing email address of sender by attacker. So it is important to authenticate mail server and user using mail server. This paper proposed mail proxy located between mail servers that evaluate authority and authenticate sender and receiver. The proposed email platform has some functions to compose trusted domain and to authenticate mail servers in the domain. Also, if sender and recipient are valid users in mail system, each exchanges a key for confidentiality and the sender sends an e-mail encrypted with exchanged key to recipient. In this paper, we propose a key exchange scheme in proposed platform and verify this protocol using Casper which is the formal analysis tool. In the future research, we will study the overall platform of the domain configuration for the security of mail.

• Journal of Korea Multimedia Society
• /
• v.23 no.8
• /
• pp.1030-1039
• /
• 2020

The biggest feature of the online environment is anonymity. So it is difficult to identify the sender accurately in Email. So we use PGP to enhance the security of email. PGP is an e-mail encryption program that has become the standard for email security worldwide. But PGP has a weak point in security. PGP can identify users, but it is difficult to verify reliability. In PGP, the more reliable other users guarantee that user are, the more reliable they are. In the previous study, the PGP structure was implemented by utilizing the block chain to lay the foundation, and in this paper, the structure of the previous article is applied to the e-mail environment to measure up the sender's reliability, and a system is proposed that allows users to distinguish the reliability of the message.

• Convergence Security Journal
• /
• v.20 no.3
• /
• pp.21-28
• /
• 2020

In recent years, hacking and malware techniques have evolved and become sophisticated and complex, and numerous cyber-attacks are constantly occurring in various fields. Among them, the most widely used route for compromise incidents such as information leakage and system destruction was found to be E-Mails. In particular, it is still difficult to detect and identify E-Mail APT attacks that employ zero-day vulnerabilities and social engineering hacking techniques by detecting signatures and conducting dynamic analysis only. Thus, there has been an increased demand for indicators of compromise (IOC) to identify the causes of malicious activities and quickly respond to similar compromise incidents by sharing the information. In this study, we propose a method of extracting various forensic artifacts required for detecting and investigating Hacking E-Mails, which account for large portion of damages in security incidents. To achieve this, we employed a digital forensic indicator method that was previously utilized to collect information of client-side incidents.

• The KIPS Transactions:PartC
• /
• v.10C no.6
• /
• pp.825-834
• /
• 2003

In this paper, we propose a new certified e-mail system which reduces user's computational overhead and distributes confidentiality of TTP(Trusted Third Partty). Based on the traditional cryptographic schemes and server-supported signiture for fairness and confidentiality of message, we intend to minimize to computation overhead of mobile device on public key algorithm. Therefore, our proposal becomes to be suitable for mail user sho uses mobile devices such as cellular phone and PDA. Moreover, the proposed system is fault-tolerant, secure against mobile adversary and conspiracy attack, since it is based on the threshold cryptography on server-side.

• Proceedings of the IEEK Conference
• /
• 2002.07b
• /
• pp.830-833
• /
• 2002

To solve the internal security problem such as human error and bad faith, the automation of computer system management is significant. For this purpose, we focus attention in the automation of Mail Delivery Service. Today, requirement for reliable mail delivery system becomes larger and larger. However, existing systems are too strict about their configuration. Hence, we propose the method based on Reinforcement Learning (RL) to achieve proper MX record ordering. A measure on validity of the design of system, such as network topology number of servers and so on, is also obtained as side benefit. In order to verify the usability of the presented method, we did on a small model of mail delivery system. As a result, we show that RL is available for determination of the proper MX record ordering. Additionally, we suggest that it is also available for comparing validity of setting of MTA and the network design.

• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 1994.11a
• /
• pp.35-44
• /
• 1994

We propose an undeniable digital signature scheme which is practical since it has less computation and communication overhead than Chaum's one. We expect that this protocol be useful to develop secure systems such as electronic contract system, electronic mail system and electronic cash system.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.10 no.4
• /
• pp.1751-1767
• /
• 2016

Home security has become the prime concern for everyone in present scenario. In this work an attempt has been made to develop a home security system which is accessible, affordable and yet effective.The proposed system is based on 'Remote Embedded Control System' (RECS) which works both on the web and gsm platform for authentication and monitoring. This system is therefore cost effective as it relies on existing network infrastructure. As PCA is most popular and efficient algorithm for face recognition, it has been usedin this work. Next to it an interface has been developed for communication purpose in the embedded security system through the ZigBee module. Based on this embedded system, automated control of door movement has been implemented through electromagnetic door lock technology. This helps the users to monitor the real-time activities through web services/SMS. The web service consists of either web browser command or e-mail provision. The system establishes the communication between the system and authenticated user. The e-mail received by the system from the authorized person will monitor and control the real-time operation and door lock. The entire control system is reinforced using ARM1176JZF-S microcontroller and tested for actual use in the home environment. The result shows the experimental verification of the proposed system.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.5
• /
• pp.1129-1140
• /
• 2018

In accordance with the spread of the Internet and the development of various digital devices, the amount of electronic information is rapidly increasing. Selection of electronic information seizure searches continues to increase for third parties, such as portal sites e-mails that persons do not possess directly from the electronic information, and it is also used as evidence in court. However, the current method of searching for houses has many problems such as the absence of notice of seizure search result, seizure searches are proceeded indiscriminately against whole e-mail after calculating only during the seizure period, and seizure search procedure And presented the improvement points.

• The Journal of the Korea Contents Association
• /
• v.7 no.4
• /
• pp.20-29
• /
• 2007

Although E-mail system is considered as a most important communication media, 'Spam' is flooding the Internet with many copies of the same message, in an attempt to force the message on people who would not otherwise choose to receive it. Most spam is commercial advertising, often for dubious products, get-rich-quick schemes, or quasi-legal services. Therefore advanced anti-spam techniques are required to basically reduce its transmission volume on sender mail server or MTA, etc. In this study, we propose a new sender authentication model with encryption function based on modified DomainKey with SMS for Spam mail protection. From the SMS message, we can get secret information used for verification of its real sender on e-mail message. And by distributing this secret information with SMS like out-of-band channel, we can also combine proposed modules with existing PGP scheme for secure e-mail generation and authentication steps. Proposed scheme provide enhanced authentication function and security on Spam mail protection function because it is a 'dual mode' authentication mechanism.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.42 no.4
• /
• pp.838-847
• /
• 2017

CNG which was released as a substitute of the previous CAPI (Cryptography API) library from Microsoft is constructed with individual modules based on the plug-in architecture, this means CNG is exceedingly helpful in the cost of development as well as the facility of extension. On the opposite side of these advantages, considerations on security issues are quite insufficient. Therefore, a research on security assurance is strongly required in the environment of distributing and utilizing the CNG library, hence, we analyze possible security vulnerabilities on the CNG library. Based on analyzed vulnerabilities, proof-of-concept tools are implemented and vulnerabilities are verified using them. Verified results are that contents of mail, account information of mail server, and authentication information of web-sites such as Amazon, E-bay, Google, and Facebook are exposed in Outlook program and Internet Explorer program using CNG library. We consider that the analyzed result in this paper can improve the security for various applications using CNG library.