• Journal of Korea Society of Digital Industry and Information Management
• /
• v.15 no.2
• /
• pp.43-52
• /
• 2019

The recent technological developments of smart devices, multiple services are provided to enhance the users' quality of life including smart city, smart energy, smart car, smart healthcare, smart home, and so on. Academia and industries try to provide the users with convenient services upon seamless technological research and developments. Also, whenever and wherever a variety of services can be used without any limitation on the place and time upon connecting with different types of devices. However, security weaknesses due to integrations of multiple technological elements have been detected resulting in the leakage of user information, account hacking, and privacy leakage, threats to people's lives by device operation have been raised. In this paper, safer communication framework is suggested by device control and user authentication in the mobile network environment. After implementations of registration and authentication processes by users and devices, safe communication protocol is designed based on this. Also, renewal process is designed according to the safe control of the device. In the performance evaluation, safety was analyzed on the attack of protocol change weakness occurred in the existing system, service halt, data leakage, illegal operation control of message, and so on, which confirmed the enhanced speed approximately by 8% and 23% in the communication and verification parts, respectively, compared to the existing system.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2014.10a
• /
• pp.947-950
• /
• 2014

The recent APT attacks including cyber terror are caused by a high level of malicious codes and hacking techniques. This implies that essentially, advanced security management is required, from the perspective of 5A. The changes of IT environment are represented by Mobile, Cloud and BYOD. In this situation, the security model needs to be changed, too into the Airport model which emphasizes prevention, and connection, security and integration of functions from the existing Castle model. This study suggested an application method of the risk-based Airport model to the cyber security environment.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2014.05a
• /
• pp.273-276
• /
• 2014

In 2014, the leakage of personal information from 3 credit card companies resulted in divulging approximately 10,000 customers' personal information. Although the credit card companies concluded that there was no secondary loss due to the leakage of personal information, secondary financial losses resulting from the leakage of personal information currently occur. In particular, hackers who employ smishing masquerade acquaintances by using the divulged personal information to ask payment for Ms. Kim's Sochi Olympics legal processing or exposed traffic violations. The hackers cause secondary financial losses through smartphones. This study aims to conduct a forensic analysis of smishing incidents in smartphones through the leakage of personal information, and to make a forensic analysis of financial losses due to the smishing incidents.

• International Journal of Internet, Broadcasting and Communication
• /
• v.15 no.4
• /
• pp.1-8
• /
• 2023

This paper analyzes the trends of identification proofing services(PIPSs) to identify and authenticate users online and proposes a method to improve PIPS based on alternative means of resident registration numbers in Korea. Digital identity proofing services play an important role in modern society, but there are some problems. Since they handle sensitive personal information, there is a risk of information leakage, hacking, or inappropriate access. Additionally, online service providers may incur additional costs by applying different PIPSs, which results in online service users bearing the costs. In particular, in these days of globalization, different PIPSs are being used in various countries, which can cause difficulties in international activities due to lack of global consistency. Overseas online PIPSs include expansion of biometric authentication, increase in mobile identity proofing, and distributed identity proofing using blockchain. This paper analyzes the trend of PIPSs that prove themselves when identifying users of online services in non-face-to-face overseas situations, and proposes improvements by comparing them with alternative means of Korean resident registration numbers. Through the proposed method, it will be possible to strengthen the safety of Korea's PIPS and expand the provision of more reliable identification services.

• Asia pacific journal of information systems
• /
• v.29 no.4
• /
• pp.817-837
• /
• 2019

The medical industry is rapidly evolving into a combination of artificial intelligence (AI) and ICT technology, such as mobile health, wireless medical, telemedicine and precision medical care. Medical artificial intelligence can be diagnosed and treated, and autonomous surgical robots can be operated. For smart medical services, data such as medical information and personal medical information are needed. AI is being developed to integrate with companies such as Google, Facebook, IBM and others in the health care field. Telemedicine services are also becoming available. However, security issues of medical information for smart medical industry are becoming important. It can have a devastating impact on life through hacking of medical devices through vulnerable areas. Research on medical information is proceeding on the necessity of privacy and privacy protection. However, there is a lack of research on the practical measures for protecting medical information and the seriousness of security threats. Therefore, in this study, we want to confirm the research trend by collecting data related to medical information in recent 5 years. In this study, smart medical related papers from 2014 to 2018 were collected using smart medical topics, and the medical information papers were rearranged based on this. Research trend analysis uses topic modeling technique for topic information. The result constructs topic network based on relation of topics and grasps main trend through topic.

• Journal of the Korean BIBLIA Society for library and Information Science
• /
• v.32 no.4
• /
• pp.189-212
• /
• 2021

The purpose of this study is to analyze an usage behavior for the public library website through web traffic. For this purpose, using Google Analytics and growth hacking technique, the data of A public library website log was analyzed for three months from August 1, 2021 to October 31, 2021. As a result of the study, the young age group of 18-24 years old and 25-34 years old recorded a high rate of new member registration, & it was found that the inflow rate through SNS was high for external inflows. As a result of analysis for the access rate by time, it was found that the time with the highest inflow rate was between 10 am and 11 am both on Wednesday and Friday. As a access channel, the access rate using mobile (64.90%) was quite high, but at the same time, the bounce rate (27.20%) was higher than the average (24.93%), & the rate of duration time (4 minutes 33 seconds) was lower than thee average (5 minutes 22 seconds). Finally, it was found that the utilization rate of reading program events and online book curation service, which the library focuses on producing and promoting, is very low. These research results can be used as basic data for future improvement of public library websites.

• Information Systems Review
• /
• v.15 no.2
• /
• pp.1-19
• /
• 2013

Smart working sparked by iPhone3 opens a revolution in smart ways of working at any time, regardless of location and environment. Also, It provide real-time information processing and analysis, rapid decision-making and the productivity of businesses, including through the timely response and the opportunity to increase the efficiency. As a result, every company are developing mobile information systems. But company data is accessed from the outside, it has problems to solve like security, hacking and information leakage. Also, Mobile devices such as smart phones belonging to the privately-owned asset can't be always controlled to archive company security policy. In the meantime, public smart phones owned by company was always applied security policy. But it can't not apply to privately-owned smart phones. Thus, this paper is focused to archive company security policy, but also enable the individual's free to use of smart phones when we use mobile information systems. So, when we use smart phone as individual purpose, the normal operation of all smart phone functions. But, when we use smart phone as company purpose like mobile information systems, the smart phone functions are blocked like screen capture, Wi-Fi, camera to protect company data. In this study, we suggest the design and implementation of real time control and management of mobile device using MDM(Mobile Device Management) solution. As a result, we can archive company security policy and individual using of smart phone and it is the optimal solution in the BYOD(Bring Your Own Device) era.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.20 no.7
• /
• pp.1290-1295
• /
• 2016

Recently, as mobile internet usage has been increasing rapidly, malware attacks through user's web browsers has been spreading in a way of social engineering or drive-by downloading. Existing defense mechanism against drive-by download attack mainly focused on final download sites and distribution paths. However, detection and prevention of injection sites to inject malicious code into the comprised websites have not been fully investigated. In this paper, for the purpose of improving defense mechanisms against these malware downloads attacks, we focus on detecting the injection site which is the key source of malware downloads spreading. As a result, in addition to the current URL blacklist techniques, we proposed the enhanced method which adds features of detecting the injection site to prevent the malware spreading. We empirically show that the proposed method can effectively minimize malware infections by blocking the source of the infection spreading, compared to other approaches of the URL blacklisting that directly uses the drive-by browser exploits.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.14 no.6
• /
• pp.1416-1422
• /
• 2010

Various other platforms have appeared due to the abolishment of WIPI requirement and increased problems related with hacking and security. Since levels consisting of these platforms are composed of various APIs (Application Programming Interfaces) which are not standardized, other ways must be considered to protect data which are transferred using XML formats. Therefore, XML encryption API and XML digital signature API for data protection and certification, which are both responsible to define mark-up languages for XML encryption and digital signature respectively, were designed in this paper. The simulation system which played the role of the server and client between two terminal units was realized to validate the APIs.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.5
• /
• pp.831-847
• /
• 2013

The various types of data are being created in large quantities resulting from the spread of social media and the mobile popularization. Many companies want to obtain valuable business information through the analysis of these large data. As a result, it is a trend to integrate the big data technologies into the company work. Especially, Hadoop is regarded as the most representative big data technology due to its terabytes of storage capacity, inexpensive construction cost, and fast data processing speed. However, the authentication token system of Hadoop Distributed File System(HDFS) for the user authentication is currently vulnerable to the replay attack and the datanode hacking attack. This can cause that the company secrets or the personal information of customers on HDFS are exposed. In this paper, we analyze the possible security threats to HDFS when tokens or datanodes are exposed to the attackers. Finally, we propose the secure authentication protocol in HDFS based on hash chain.