• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.37B no.9
• /
• pp.831-836
• /
• 2012

To provide convenient life, we consider the situation of using the smart phone to control smart TV and PC in home and office. In this paper, we design the interworking platform between smart TV, smart phone and PC, and implement their applications. Our smart phone application controls the smart TV and PC, where our smart TV application communicates with the smart phone and PC can be booted by the login and password information given form our smart phone application. We hope that our platform design and application implementation will be contributed to be a foundation of interworking between various smart devices in the near-future real smart life.

• Journal of Korea Multimedia Society
• /
• v.13 no.1
• /
• pp.93-101
• /
• 2010

A USB flash drive is a portable storage device. For its promising moderate price, portability and high capacity USB flash drive users are increasing rapidly. Despite these advantages USB flash drives have critical problems as well. Such as personal information data leakage due to easy loss of the portable device. As these personal information leakage incidents increases various security measure solutions are produced and distributed. Despite these security measures and solutions it is not enough to perfectly protect personal data leakage. Hence the necessity of a more concrete, secure, user-friendly security measure solution is required. In this paper we provide you with portable USB flash drive security solution analysis and provide you with the latest secure, user-friendly security measure solutions.

• Journal of information and communication convergence engineering
• /
• v.8 no.4
• /
• pp.427-432
• /
• 2010

The fast-emerging of cloud computing technology today has sufficiently benefited its wide range of users from individuals to large organizations. It carries an attractive characteristic by renting myriad virtual storages, computing resources and platform for users to manipulate their data or utilize the processing resources conveniently over Internet without the need to know the exact underlying infrastructure which is resided remotely at cloud servers. However due to the loss of direct control over the systems/applications, users are concerned about the risks of cloud services if it is truly secured. In the literature, there are cases where attackers masquerade as cloud users, illegally access to their accounts, by stealing the static login password or breaking the poor authentication gate. In this paper, we propose a two-factor authentication framework to enforce cloud services' authentication process, which are Public Key Infrastructure (PKI) authentication and mobile out-of-band (OOB) authentication. We discuss the framework's security analysis in later session and conclude that it is robust to phishing and replay attacks, prohibiting fraud users from accessing to the cloud services.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.9 no.1
• /
• pp.137-142
• /
• 2014

Industrial control system (ICS) is a computer based system which are typically used in nation-wide critical infra-structure facilities such as electrical, gas, water, wastewater, oil and transportation. In addition, ICS is essentially used in industrial application domain to effectively monitor and control the remotely scattered systems. The highly developed information technology (IT) and related network techniques are continually adapted into domains of industrial control system. However, industrial control system is confronted significant side-effects, which ICS is exposed to prevalent cyber threats typically found in IT environments. Therefore, cyber security vulnerabilities and possibilities of cyber incidents are dramatically increased in industrial control system. The vulnerabilities that may be found in typical ICS are grouped into Policy and Procedure, Platform, and Network categories to assist in determining optimal mitigation strategies. The order of these vulnerabilities does not necessarily reflect any priority in terms of likelihood of occurrence or severity of impact. Firstly, corporate security policy can reduce vulnerabilities by mandating conduct such as password usage and maintenance or requirements for connecting modems to ICS. Secondly, platfom vulnerabilities can be mitigated through various security controls, such as OS and application patching, physical access control, and security software. Thirdly, network vulnerabilities can be eliminated or mitigated through various security controls, such as defense-in-depth network design, encrypting network communication, restricting network traffic flows, and providing physical access control for network components.

• The Transactions of The Korean Institute of Electrical Engineers
• /
• v.65 no.1
• /
• pp.128-134
• /
• 2016

IoT devices including smart devices are connected with internet, thus they have security threats everytime. Particularly, IoT devices are composed of low performance MCU and small-capacity memory because they are miniaturized, so they are likely to be exposed to various security threats like DoS attacks. In addition, in case of IoT devices installed for a remote place, it's not easy for users to control continuously them and to install immediately security patch for them. For most of IoT devices connected directly with internet under user's intention, devices exposed to outside by setting IoT gateway, and devices exposed to outside by the DMZ function or Port Forwarding function of router, specific protocol for IoT services was used and the devices show a response when services about related protocol are required from outside. From internet search engine for IoT devices, IP addresses are inspected on the basis of protocol mainly used for IoT devices and then IP addresses showing a response are maintained as database, so that users can utilize related information. Specially, IoT devices using HTTP and HTTPS protocol, which are used at usual web server, are easily searched at usual search engines like Google as well as search engine for the sole IoT devices. Ill-intentioned attackers get the IP addresses of vulnerable devices from search engine and try to attack the devices. The purpose of this study is to find the problems arisen when HTTP, HTTPS, CoAP, SOAP, and RestFUL protocols used for IoT devices are detected by search engine and are maintained as database, and to seek the solution for the problems. In particular, when the user ID and password of IoT devices set by manufacturing factory are still same or the already known vulnerabilities of IoT devices are not patched, the dangerousness of the IoT devices and its related solution were found in this study.

• The Transactions of The Korean Institute of Electrical Engineers
• /
• v.63 no.11
• /
• pp.1571-1574
• /
• 2014

In this paper, we propose a unidirectional transmission of critical information obtained by keyboard hacking or kernel and keyboard driver hacking even though the computer is not connected to the external network. We show the hacking can be attempted in the proposed method to show the way preventing such attempts in advance. Firewalls and other various methods are used to prevent the hacking from the external network but the hacking is also attempted in various ways to detour the firewall. One of the most effective way preventing from the hacking attack is physically disconnect the internal intranet systems from the external internet and most of the government systems, military systems and big corporate systems are using this way as on one of the protection method. In this paper, we show the feasibility of transmission of security codes, etc via the short message to the external network on the assumption that a hacking program such as Trojan Horse is installed on the computer systems separated from the external network. Previous studies showed that the letters on the monitor can be hijacked by electromagnetic analysis on the computer to obtain the information even though the system is not connected ti the network. Other studies showed that the security code hint can obtained by analyzing the power consumption distribution of CPU. In this paper, the power consumption distribution of externally accessible power line is analyzed to obtain the information and the information can be transmitted to the external network. Software controlling the CPU and GPU usage is designed to control the power supply of computer. The sensors such as the Rogowski coils can be used on the external power line to collect the data of power consumption change rates. To transmit the user password by short message, due to the capacitive components and the obstacle from other power supply, A very slow protocol are used.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.9 no.11
• /
• pp.4662-4679
• /
• 2015

Currently, the leakage of internal information has emerged as one of the most significant security concerns in enterprise computing environments. Especially, damage due to internal information leakage by insiders is more serious than that by outsiders because insiders have considerable knowledge of the system's identification and password (ID&P/W), the security system, and the main location of sensitive data. Therefore, many security companies are developing internal data leakage prevention techniques such as data leakage protection (DLP), digital right management (DRM), and system access control, etc. However, these techniques cannot effectively block the leakage of internal information by insiders who have a legitimate access authorization. The security system does not easily detect cases which a legitimate insider changes, deletes, and leaks data stored on the server. Therefore, we focused on the insider as the detection target to address this security weakness. In other words, we switched the detection target from objects (internal information) to subjects (insiders). We concentrated on biometrics signals change when an insider conducts abnormal behavior. When insiders attempt to leak internal information, they appear to display abnormal emotional conditions due to tension, agitation, and anxiety, etc. These conditions can be detected by the changes of biometrics signals such as pulse, temperature, and skin conductivity, etc. We carried out experiments in two ways in order to verify the effectiveness of the emotional recognition technology based on biometrics signals. We analyzed the possibility of internal information leakage detection using an emotional recognition technology based on biometrics signals through experiments.

• The KIPS Transactions:PartC
• /
• v.13C no.1 s.104
• /
• pp.55-62
• /
• 2006

It is growing to use the E-Commerce, recently However, if a cracking tool that detects e keyboard input is set up, users' input values and personal information could be taken away. This paper shows the design and implementation of security system that prevent the keyboard input information leaking. The ideas of thus paper are encrypting the keyboard input values with using the keyboard interrupt hooking, the browser embedding program's decrypting the values in case of need and decrypting all values in the web server. The own input control was developed for direct attacks to the browser, and that the values of password fields which are showed as *(asterisk character) won't be decrypted in the client PC is different from other commercial keyboard input security systems. Consequently, this paper shows the chance of realizing a lot safer customer information protective system than before.

• Journal of Digital Convergence
• /
• v.12 no.10
• /
• pp.299-308
• /
• 2014

Today, a number of users using smartphone is very rapidly increasing by development of smartphone performance and providing various services. Also, they are using it for enjoying various services(cloud service, game, banking service, mobile office, etc.). today's mobile security solution is simply to detect malicious code or stay on the level of mobile device management. In particular, the services which use sensitive information, such as certificate, corporation document, personal credit card number, need the technology which are prevented from hacking and leaking it. Recently, interest of these mobile security problems are increasing, as the damage cases been occurred. To solve the problem, there is various security research such as mobile virtualization, ARM trustzone, GlobalPlatform for mobile device. Therefore, in this paper, I suggested efficient method that uses the mobile virtualization techniques of certification, security policy and access control, password/key management, safe storage, etc. and Trustzone of ARM for preventing information leakage and hacking.

• Journal of Digital Convergence
• /
• v.11 no.7
• /
• pp.215-223
• /
• 2013

As cloud computing is activated, a variety of cloud services are being distributed. However, to use each different cloud service, you must perform a individual user authentication process to service. Therefore, not only the procedure is cumbersome but also due to repeated authentication process performance, it can cause password exposure or database overload that needs to have user's authentication information each cloud server. Moreover, there is high probability of security problem that being occurred by phishing attacks that result from different authentication schemes and input scheme for each service. Thus, when you want to use a variety of cloud service, we proposed OpenID based user authentication scheme that can be applied to a multi-cloud environment by the trusted user's verify ID provider.