• Journal of the Korea Society of Computer and Information
• /
• v.20 no.12
• /
• pp.61-66
• /
• 2015

In this paper, we draw a security assessment by analyzing possible vulnerabilities of the designated PC service which is supposed for strengthening security of current online identification methods that provide various areas such as the online banking and a game and so on. There is a difference between the designated PC service and online identification methods. Online identification methods authenticate an user by the user's private information or the user's knowledge-based information, though the designated PC service authenticates a hardware-based unique information of the user's PC. For this reason, high task significance services employ with online identification methods and the designated PC service for improving security multiply. Nevertheless, the security assessment of the designated PC service has been absent and possible vulnerabilities of the designated PC service are counterfeiter and falsification when the hardware-based unique-information is extracted on the user's PC and sent an authentication server. Therefore, in this paper, we analyze possible vulnerabilities of the designated PC service and draw the security assessment.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.15 no.6
• /
• pp.3-12
• /
• 2005

To provide visitors with the various services, Many web sites distribute many ActiveX controls to them because ActiveX controls can overcome limits of HTML documents and script languages. However, PC can become dangerous if it has unsecure ActiveX controls, because they can be executed in HTML documents. Nevertheless, many web sites provide visitors with ActiveX controls whose security are not verified. Therefore, the verification is needed by third party to remove vulnerabilities in ActiveX controls. In this paper, we introduce the process and the technique to fad vulnerabilities. The existing proof codes are not valid because ActiveX controls are different from normal application and domestic environments are different from foreign environments. In this paper, we introduce the technique to prove vulnerabilities in ActiveX control.

• The KIPS Transactions:PartC
• /
• v.17C no.4
• /
• pp.361-370
• /
• 2010

OTP(One Time Password) is a user authentication using secure mechanism to authenticate each other in a way to generate a password, an attacker could intercept the password to masquerade as legitimate users is a way to prevent attacks. The OTP can be implemented as H/W or S/W. Token and card type OTP, implemented as H/W, is difficult to popularize because of having problem with deployment and usability. As a way to replace it implemented as S/W on Mobile or PC is introduced. However, S/W products can be target of malicious attacks if S/W products have vulnerability of implementation. In fact, FSA said the OTP implemented on a mobile have vulnerability of implementation. However, the OTP implemented on a PC have no case about analysis of vulnerability. So, in this paper derive security review and vulnerabilities analysis of implemented on a PC.

• Journal of Convergence for Information Technology
• /
• v.9 no.3
• /
• pp.1-7
• /
• 2019

There are various cyber attacks on business PCs. In order to reduce the threat of PC security, we are preventing the vulnerability from being diagnosed beforehand. However, this guideline is difficult to cope with because the domestic vulnerability guide does not update the diagnostic items. In this paper, we examine the cyber infringement cases of PCs and the diagnostic items of foreign technical vulnerabilities in order to cope with security threats. In addition, an improved guide is provided by comparing the differences in the diagnostic items of technical vulnerability from abroad and domestic. Through 41 proposed technical vulnerability improvement items, it was found that various security threats can be coped with. Currently, it is mainly able to respond to only known vulnerabilities, but we hope that applying this guideline will reduce unknown security threats.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2018.10a
• /
• pp.238-239
• /
• 2018

스마트폰의 높은 보급률과 다양한 앱의 개발로, 최근에는 PC의 많은 작업을 스마트폰의 앱을 통하여 손쉽게 수행할 수 있게 되었다. 그러나 스마트폰은 PC에 비하여 화면의 크기 등 여러 가지 물리적 제약점을 가지기 때문에 PC와 다른 취약점을 가진다. 본 논문에서는 패스워드 입력에 사용되는 스마트폰의 동적 가상키보드의 취약점에 대하여 분석하였다.

• KIPS Transactions on Computer and Communication Systems
• /
• v.8 no.1
• /
• pp.9-16
• /
• 2019

Smartphones are becoming a portable computer. As a result, even the most sensitive financial application services are now available anywhere on the smartphone. Compared to general PCs, smartphones communicate with external devices through various channels such as wireless internet, mobile communication network, Bluetooth, and NFC, and a wide variety of applications are provided. Therefore, if vulnerabilities exist, the possibility of attack damage increases. In this paper, we analyze the vulnerabilities of dynamic virtual keyboards used in login of banking apps of smartphones with various physical constraints and propose countermeasures.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2012.05a
• /
• pp.456-460
• /
• 2012

Privacy Protection Act of 30 March 2012 was performed. In general, personal information management to enhance security in the DB server has a security system but, PC for the protection of the privacy and security vulnerability analysis is needed to research on self-diagnosis. In this paper, from a PC to search information relating to privacy and enhance security by encrypting and for delete file delete recovery impossible. In pc found vulnerability analysis is Check user accounts, Checking shared folders ,Services firewall check, Screen savers, Automatic patch update Is checked. After the analysis and quantification of the vulnerability checks through the expression, enhanced security by creating a checklist for the show, PC security management, server management by semi-hwahayeo activates. In this paper the PC privacy and PC security enhancements a economic damage and of the and Will contribute to reduce complaints.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.15 no.6
• /
• pp.283-290
• /
• 2015

As society has evolved to the knowledge and information society, the importance of internal information of the company has increased gradually. Especially in financial institutions which must maintain the trust of customers, the disclosure of inside information is a big problem beyond the a company's business information disclosure level to break down sales-based businesses because it contains personal or financial transaction information. Recently, since massive outflow of internal information are occurring in several enterprises, many companies including financial companies have been working a lot in order to prevent the leakage of customer information. This paper describes the internal information leakage incidents occurred in the finance companies, the PC security vulnerabilities exists despite the main security system and internal information leakage prevention and suggests countermeasures against increasing cyber infringement threats.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.1
• /
• pp.31-37
• /
• 2015

As the forms of cyberattacks become diverse, there has been reported another case of exploiting vulnerabilities revealed while processing either a document or multimedia file that was distributed for attacking purpose, which would replace the traditional method of distributing malwares directly. The attack is based upon the observation that the softwares such as document editer or multimedia player may reveal inherent vulnerabilities on some specific inputs. The fuzzing methods that provide invalid random inputs for test purpose could discover such exploits. This paper suggests a new fuzzing method on document applications that could work in mobile environments, in order to resolve the drawback that the existing methods run only in PC environments. Our methods could effectively discover the exploits of mobile applications, and thus could be utilized as a means of dealing with APT attacks in mobile environments.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2010.10a
• /
• pp.240-243
• /
• 2010

Smart Phone supplies are diffused and substitute the Internet PC with Mobile communications which they are applied. Smart Phone in Smart Grid where electric power watch and the IT of existing amalgamate are used with business. Consequently from Smart Grid network connections which lead Smart Phone in about connection and control in about security vulnerabilities and Smart Grid networks the research is necessary in about vulnerability. It uses Smart Phone from the present paper and when approaching electric power watch systems which lead Smart Grid networks, it researches in about connection vulnerability. Also it uses Smart Phone and after connecting in Smart Grid networks a vulnerability in seizure possibility and, electric power information and control information, about private data etc. access authority it analyzes with the problem point which occurs it confronts it researches. And the research direction for a security reinforcement under presenting boil in about Smart Grid network security vulnerabilities which lead Smart Phone.