• The Journal of the Korea Contents Association
• /
• v.17 no.7
• /
• pp.571-578
• /
• 2017

In order to approach information system through smart device and pc, user has to authenticate him or herself via user authentication. At that time when user tries reaching the system, well-used user authentication technologies are ID/PW base, OTP, certificate, security card, fingerprint, etc. The ID/PWbased method is familiar to users, however, it is vulnerable to brute force cracking, keylogging, dictionary attack. so as to protect these attacks, user has to change the passwords periodically as per password combination instructions. In this paper, we designed and implemented a user authentication system using smartphone's USIM without using password while enhancing security than existing ID / PW based authentication technology.

• Journal of Korea Multimedia Society
• /
• v.25 no.9
• /
• pp.1284-1290
• /
• 2022

An attacker with a malicious purpose can intentionally type other users' accounts and passwords, causing them to be locked or revoked. Although NIST introduced methods to prevent this attack, all suggested methods are inappropriate to prevent an attacker from manually failing authentication, and reduce user availability. In this paper, in order to prevent user account lockout due to an attacker's intentional authentication failure, we propose a new authentication method using IP address and number of failed authentication. The proposed method not only blocks attackers who intentionally try to fail authentication, but also provides convenience to users because accounts are not locked or revoked. It can also safely protect passwords against password cracking attacks.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2022.05a
• /
• pp.187-190
• /
• 2022

PDF (Portable Document Format)는 1992년 Adobe 에서 개발한 파일 형식으로 ISO 32000 으로 표준화 되어 전세계적으로 사용되고 있다. PDF와 같이 주로 사용되는 파일은 암호 해독(Password Cracking)의 대상이 될 수 있다. 본 논문에서는 PDF 1.4-1.6 암호 해독을 위해 CUDA GPU 상의 최적 구현하였다. 암호 해독에 사용되는 MD5와 RC4 알고리즘의 최적화와 CUDA GPU의 요소를 사용하였으며 RTX 3060 환경에서 크래킹 도구 해시캣과 비교하여 22.5%의 성능 향상을 달성하였다.

• Proceedings of the Korean Society of Broadcast Engineers Conference
• /
• 2007.02a
• /
• pp.150-153
• /
• 2007

본 논문에서는 라이브 시스템으로부터 패스워드를 획득하는 방법에 대해서 논하며, 이를 바탕으로 컴퓨터 관련범죄 발생 시 초기대응 과정 중에 사용할 수 있는 페이지파일 수집기를 구현하였다. 페이지파일 수집기를 이용하여 실 사용자들의 페이지파일을 수집하고 분석방법을 제시하였다. 또한 페이지파일로부터 어느 정도의 패스워드가 검출되는 가를 확인하였다. 이는 포렌식 수사에는 큰 도움을 줄 수 있지만, 포렌식 수사도구가 해킹을 위한 도구로 사용되었을 때에는 심각한 개인정보 유출을 야기할 수도 있다.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.7 no.2
• /
• pp.39-46
• /
• 2011

Privacy IP hacking problems such as invasion of privacy, password cracking, voice wiretapping and internet over charged occurred, because VoIP internet voice phone service gradually spread. This thesis attempted to attack the VoIP service network by application. First use application to spoof IP address then attempted wiretap the VoIP service and sends a lot of messages to disturb service movement. At this point, we connected VoIP soft terminal, so we can operate real-time filtering operator to block the SIP Flooding offence by monitor the traffic and detect the location where it got attacked. This thesis used experiment to prove it is possible to detect the offence and defend from SIP Flooding offence.

• Proceedings of the Korean Society of Computer Information Conference
• /
• 2018.01a
• /
• pp.165-166
• /
• 2018

IP카메라는 CCTV와 달리 값도 저렴하고 네트워크와 연결돼 PC와 스마트 폰을 통해서 실시간 조회 및 제어가 가능한 카메라이다. 이러한 장점에 힘입어 일반 가정이나 매장 등에서 도난 방지 및 감시를 위해 IP 카메라를 사용하는 사람들이 급격히 증가하고 있으며, 이에 따라 해킹을 통한 사생활 침해 문제도 같이 증가하고 있다. 이는 사용자들의 보안 인식이 턱없이 부족해 전문가가 아니더라도 손쉽게 프로그램과 사이트를 이용하여 해킹이 가능하기 때문인 것으로 사료된다. 따라서 본 논문에서는 해킹이 얼마나 쉽게 이뤄지는지, 어떠한 피해가 있는지, 그리고 이에 대한 해결방안을 제안한다.

• Journal of the Korea Society of Computer and Information
• /
• v.24 no.1
• /
• pp.107-113
• /
• 2019

Along with the development of IOT, the number of people using IOT devices has enormously increased and the IOT era has come. Especially, people using the IP cameras among Internet devices have been drastically increasing. It is because the IP cameras are well networked and comparatively cheap compared with CCTVs, and they can also be monitored and controlled in real time through PCs and smart phones for the purposes of general theft prevention and shop surveillance. However, due to the user's serious lack of security awareness and the fact that anyone can easily hack only with simple hacking tools and hacking sites information, security crimes that exploit those have been increasing as well. Therefore, this paper describes how easily the IP cameras can be hacked in the era of IOT, what kind of security incidents occurred, and also suggests possible government measures and new technical solutions to those problems.

• The KIPS Transactions:PartC
• /
• v.13C no.1 s.104
• /
• pp.55-62
• /
• 2006

It is growing to use the E-Commerce, recently However, if a cracking tool that detects e keyboard input is set up, users' input values and personal information could be taken away. This paper shows the design and implementation of security system that prevent the keyboard input information leaking. The ideas of thus paper are encrypting the keyboard input values with using the keyboard interrupt hooking, the browser embedding program's decrypting the values in case of need and decrypting all values in the web server. The own input control was developed for direct attacks to the browser, and that the values of password fields which are showed as *(asterisk character) won't be decrypted in the client PC is different from other commercial keyboard input security systems. Consequently, this paper shows the chance of realizing a lot safer customer information protective system than before.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.16 no.7
• /
• pp.4884-4890
• /
• 2015

These days most of people possesses an average of one to two mobile devices in the world and a wireless network market is gradually expanding. Wi-Fi preference are increasing in accordance with the use growth of mobile devices. A number of areas such as public agencies, health care, education, learning, and content, manufacturing, retail create new values based on Wi-Fi, and the global network is built and provides complex services. However, There exist some attacks and vulnerabilities like wireless radio device identifier vulnerability, illegal use of network resources through the MAC forgery, wireless authentication key cracking, unauthorized AP / devices attack in the next generation radio network environment. In addition, advanced security technology research, such as authentication Advancement and high-speed secure connection is not nearly progress. Therefore, this paper designed a secure communication system for message protection in next-generation wireless network environments by device identification and, designing content classification and storage protocols. The proposed protocol analyzed safeties with respect to the occurring vulnerability and the securities by comparing and analyzing the existing password techniques in the existing wireless network environment. It is slower 0.72 times than existing cypher system, WPA2-PSK, but enforces the stability in security side.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.6
• /
• pp.1159-1174
• /
• 2014

As the use of smartphones and tablet PCs has exploded in recent years, there are many occasions where such devices are used for treating sensitive data such as financial transactions. Naturally, many types of attacks have evolved that target these devices. An attacker can capture a password by direct observation without using any skills in cracking. This is referred to as shoulder surfing and is one of the most effective methods. There has been only a crude definition of shoulder surfing. For example, the Common Evaluation Methodology(CEM) attack potential of Common Criteria (CC), an international standard, does not quantitatively express the strength of an authentication method against shoulder surfing. In this paper, we introduce a shoulder surfing risk calculation method supplements CC. Risk is calculated first by checking vulnerability conditions one by one and the method of the CC attack potential is applied for quantitative expression. We present a case study for security-enhanced QWERTY keyboard and numeric keypad input methods, and the commercially used mobile banking applications are analyzed for shoulder surfing risks.