• Management & Information Systems Review
• /
• v.14
• /
• pp.151-180
• /
• 2004

Owing to the digital revolution, Internet Commerce and Electronic commerce, revolutionize the way of doing business and making payment. The entrance of the Internet has a prominent for spread of Electronic Commerce and those phenomenons will result in paperless trading and cashless trade. By virtue of Internet, an increasing share of business transactions occurs online. Electronic payment is essential for the smooth progress of the electronic commerce as electronic payment plays the important role in the electronic commerce, that is, the value transfer restyling from the electronic commerce. Traditionally international settlement systems such as letters of credits, remittance and documentary collections operated as important and poplar method of payment, Now, information technology has made it possible to pay for the sale of goods and services over the internet. In international trade, there are service providers (bolero, TradeCard, BeXcom) to settle payment electronically through the Internet. The purpose of this study is to Conduct comparative analysis with approach manner functional respect systematic respect, role. It is shown which the Electronic payment system is better. In this study, the author attempts to find the problems is (bolero, TradeCard, BeXcom) and solutions in switching from the documentary payment system to the electronic one. This conclusion of this study can be summarized as followings. In resoect of the law, bolero should seek to prevert the users from being treated unfairly due to multilateral agreement on Rulebook. TradeCard, BeXcom do not have the proper law that users are governed. so far as the practice problems concerned, stability of computer's operation and security of message interchange should be warranted and improved continuously. Through the standardization of the electronic document and the development of software, the examination of the shipping occuments must be done automatically. Bolero should induce more banks to take part in Bolero, and make the carrier the cost and time in managing the traditional document which will be used for the time being. In respect of information technology and security, to deduce the risk in the electronic settlement system and positively uses the global authentication guideline(Identrus).

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.19 no.5
• /
• pp.9-17
• /
• 2019

As the IoT environment becomes more popular, the safety of the M2M environment, which establishes the communication environment between objects and objects without human intervention, becomes important. Due to the nature of the wireless communication environment, there is a possibility of exposure to security threats in various aspects such as data exposure, falsification, tampering, deletion and privacy, and secure communication security technology is considered as an important requirement. In this paper, we propose a new method for group key generation and exchange using trap hash collision hash in existing 'M2M communication environment' using hash collision, And a mechanism for confirming the authentication of the device and the gateway after the group key is generated. The proposed method has attack resistance such as spoofing attack, meson attack, and retransmission attack in the group communication section by using the specificity of the collision message and collision hash, and is a technique for proving safety against vulnerability of hash collision.

• Journal of the Korea Society of Computer and Information
• /
• v.11 no.4 s.42
• /
• pp.155-164
• /
• 2006

VoIP technology is Eight New Services among Ubiquitous-IT839 strategies. This paper tested wiretapping or VoIP service in connected a soft phone and LAN and WAN sections, Internet telephones and a device. IP PBX, a banner operator network to have been connected to VoIP Internet network. As a result of having experimented on wiretapping of VoIP networks, Vulnerability was found. and a wiretapping by attacks of a hacker was succeeded in a terminal and proxy and attachment points of a VoIP network like a hub to follow a CVE list. Currently applied a security plan of an each wiretapping section in viewpoints of 6 security function of Access Control. Confidentiality, Authentication. Availability, Integrity. Non-repudiation in VoIP networks named to 070. Prevented wiretapping of contents by the results, the AES encryption that executed wiretapping experiment about a packet after application of a security plan. Prevented wiretapping, and kept security and audit log. and were able to accomplish VoIP information protection to network monitoring and audit log by an access interception and qualification and message hash functions and use of an incoming refusal.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.13 no.5
• /
• pp.81-90
• /
• 2003

Existing web-based system management software solutions show some limitations in time and space. Moreover, they possess such as shortcomings unreliable error message announcements and difficulties with real-time assistance suppers and emergency measures. In order to solve these deficiencies, Wireless Remote Control System was designed and implemented. Wireless Remote Control System is able to manage and monitor remote systems by using mobile communication devices for instantaneous control. The implementation of Wireless Remote Control System leads to these security Problems as well as solutions to aforementioned issues with existing web-based system management software solutions. Therefore, this paper has focused on the security matters related to Wireless Remote Control System. The designed security functions include mobile device user authentication and target system access control. For security verification of these security functions introduced CPN(Coloured Petri Nets) which is capable of expressing every possible state for each stage. And then in this paper was verified its security through PI(Place Invariant) based on CPN(Coloured Petri Nets). The CPN expression and analysis method of the proposed security function can also be a useful method for analyzing other services in the future.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.18 no.4
• /
• pp.103-109
• /
• 2008

Many Internet application provide the PKI(public key infrastructure)-based service to provide authentication and message integrity. Several researchers proposed PKI-based p2p network framework. However, in the real world, the use of PKI is not suitable for peer to peer network, because the peer-to-peer network is an open and dynamic network. Moreover, currently there is no nation-to-nation interoperable certificate. In this paper, we designed reliable p2p file sharing application without public key infrastructure. To do this we propose reliable public key distribution mechanism to distribute public key safely without PKI infrastructure for two-tier super-peer architecture. In our system, each peer generates and distributes its public/private key pairs, and the public key is securely distributed without PKI. The proposed mechanism is safe against MITM attack. This mechanism can be applied various P2P applications such as file sharing, IPTV, distributed resource sharing and so on

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.15 no.5
• /
• pp.59-71
• /
• 2005

A RFID (Radio Frequency Identification) system receives attention as the technology which can realize the ubiquitous computing environment. However, the feature of the RFID tags may bring about new threats to the security and privacy of individuals. Recently, Juels proposed the minimalist cryptography for very low-cost RFID tags, which is secure. but only under the impractical assumption such that an adversary is allowed to eavesdrop only the pre-defined number of sessions. In this paper, we propose a scheme to protect privacy for very low-cost RFID systems. The proposed protocol uses only bit-wise operations without my costly cryptographic function such as hashing, encryption which is secure which is secure against an adversary who is allowed to eavesdrop transmitted message in every session any impractical assumption. The proposed scheme also is more efficient since our scheme requires less datas as well as few number of computations than Juels's scheme.

• Journal of the Korea society of information convergence
• /
• v.7 no.1
• /
• pp.25-46
• /
• 2014

After examining the current situations of financial frauds and the reasons for their occurrence in the financial institutions through examples of financial frauds in domestic and abroad, this study presents ways to prevent such financial scams. The preventive measures consist of activities before and after the occurrence of financial frauds and during normal financial operations. The activities are as follows: 1. Preventive activity should be strengthened before the occurrence of financial frauds. That is, first, the enforcement of consistent internal control is needed. Second, in order to block the probability of financial frauds involved with employees, ethics education and a reward program for inside tippers need to be run. Third, financial institutions need to apply for comprehensive insurance policy to minimize the lost in case. 2. Preventive activity should be strengthened during normal financial operations. First, self authentication system for customers needs to be introduced. Second, dealings of day, week, and month need to be thoroughly checked and the system of audit needs to be expanded. Third, message service for the information on financial frauds and their preventive measures needs to be expanded. Fourth, public notification system against examples of financial frauds needs to be expanded. 3. Preventive activity after the occurrence of financial frauds should be strengthened. First, awareness for preventive measures such as imposing penalty on the manager needs to be enhanced. Second, strict restrictions on financial frauders such as a criminal charge needs to be strengthened. Third, there should be legal devices and resolutions in order to retrieve all the money deceived by financial frauds.

• Journal of the Institute of Electronics Engineers of Korea TC
• /
• v.43 no.7 s.349
• /
• pp.1-13
• /
• 2006

In this paper, we introduce a novel key management scheme that is based on the key pre-distribution but provides the key re-distribution method, in order to manage keys for message encryption and authentication of lower-layer sensor nodes on hierarchical mobile sensor networks. The characteristics of our key management are as follows: First, the role of key management is distributed to aggregator nodes as well as a sink node, to overcome the weakness of centralized management. Second, a sink node generates keys using regression model, thus it stores only the information for calculating the keys using the key information received from nodes, but does not store the relationship between a node and a key, and the keys themselves. As the disadvantage of existing key pre-distributions, they do not support the key re-distribution after the deployment of nodes, and it is hard to extend the key information in the case that sensor nodes in the network enlarge. Thirdly, our mechanism provides the resilience to node capture(${\lambda}$-security), also provided by the existing key pre-distributions, and fourth offers the key freshness through key re-distribution, key distribution to mobile nodes, and scalability to make up for the weak points in the existing key pre-distributions. Fifth, our mechanism does not fix the relationship between a node and a key, thus supports the anonymity and untraceability of mobile nodes. Lastly, we compare ours with existing mechanisms, and verify our performance through the overhead analysis of communication, computation, and memory.

• Journal of the Korea Society for Simulation
• /
• v.19 no.1
• /
• pp.53-61
• /
• 2010

In wireless sensor networks(WSNs) individual sensor nodes are subject to security compromises. An adversary can physically capture sensor nodes and obtain the security information. And the adversary injects false reports into the network using compromised nodes. If undetected, these false reports are forwarded to the base station. False reports injection attacks can not only result in false alarms but also depletion of the limited amount of energy in battery powered sensor nodes. To combat these false reports injection attacks, several filtering schemes have been proposed. The statistical en-routing filtering(SEF) scheme can detect and drop false reports during the forwarding process. In SEF, The number of the message authentication codes(threshold) is important for detecting false reports and saving energy. In this paper, we propose a dynamic threshold determination method for energy efficient SEF using fuzzy-logic in wireless sensor networks. The proposed method consider false reports rate and the number of compromised partitions. If low rate of false reports in the networks, the threshold should low. If high rate of false reports in networks, the threshold should high. We evaluated the proposed method’s performance via simulation.