• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.13 no.3
• /
• pp.1659-1673
• /
• 2019

Android platform provides In-app Billing service for purchasing valuable items inside mobile applications. However, it has become a major target for attackers to achieve valuable items without actual payment. Especially, application developers suffer from automated attacks targeting all the applications in the device, not a specific application. In this paper, we propose a novel scheme detecting automated attacks with probabilistic tests. The scheme tests the signature verification method in a non-deterministic way, and if the method was replaced by the automated attack, the scheme detects it with very high probability. Both the analysis and the experiment result show that the developers can prevent their applications from automated attacks securely and efficiently by using of the proposed scheme.

• ETRI Journal
• /
• v.44 no.3
• /
• pp.512-523
• /
• 2022

Random delay countermeasures introduce random delays into the execution flow to break the synchronization and increase the complexity of the side channel attack. A novel method for attacking devices with random delay countermeasures has been proposed by using a maximal overlap discrete wavelet transform (MODWT)-based power trace alignment algorithm. Firstly, the random delay in the power traces is sensitized using MODWT to the captured power traces. Secondly, it is detected using the proposed random delay detection algorithm. Thirdly, random delays are removed by circular shifting in the wavelet domain, and finally, the power analysis attack is successfully mounted in the wavelet domain. Experimental validation of the proposed method with the National Institute of Standards and Technology certified Advanced Encryption Standard-128 cryptographic algorithm and the SAKURA-G platform showed a 7.5× reduction in measurements to disclosure and a 3.14× improvement in maximum correlation value when compared with similar works in the literature.

• Journal of the Korea Society of Computer and Information
• /
• v.27 no.4
• /
• pp.9-17
• /
• 2022

The state-of-the-art AI systems pose many ethical issues ranging from massive data collection to bias in algorithms. In response, this paper proposes a more ethic-friendly AI architecture by combining Federated Learning(FL) and Blockchain. We discuss the importance of each issues and provide requirements for an ethical AI system to show how our solutions can achieve more ethical paradigms. By committing to our design, adopters can perform AI services more ethically.

• Journal of Smart Tourism
• /
• v.2 no.4
• /
• pp.35-43
• /
• 2022

Tourism businesses use chat services to provide immediate customer support and to help users navigate within a website, but there are more outcomes of this interaction that should be examined. The current study aimed to discover if the online travel chat service quality and information value of the online travel chat service lead to user satisfaction with the service and visit intention to a recommended destination by Korea Tourism Organization's 1330 Live Chat. The results indicate that information value (functional and innovation) and online travel chat service quality (reliability, assurance, and security) lead to satisfaction with the live chat service and visit intention to a recommended destination. The results can benefit practitioners who want to expand and improve their customer service interaction and recommendations, and to scholars who study the relationship between customer services in tourism recommendation and sales context.

• Electronics and Telecommunications Trends
• /
• v.37 no.4
• /
• pp.46-59
• /
• 2022

The 5G MEC (Multi-access Edge Computing) technology offers network and computing functionalities that allow application services to improve in terms of network delay, bandwidth, and security, by locating the application servers closer to the users at the edge nodes within the 5G network. To offer its interoperability within various networks and user equipment, standardization of the 5G MEC technology has been advanced in ETSI, 3GPP, and ITU-T, primarily for the MEC platform, transport support, and MEC federation. This article offers a brief review of the standardization activities for 5G MEC technology and the details about the system architecture and functionalities developed accordingly.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2010.11a
• /
• pp.1108-1111
• /
• 2010

구글 안드로이드 플랫폼은 오픈소스 형태로 응용프로그램을 손쉽게 개발할 수 있는 환경을 제공하며 이러한 특징으로 인해 빠른 속도로 시장 점유율을 높이고 있다. 하지만 오픈 소스의 특징으로 인해 보안 취약점에 대한 우려가 증가하고 있다. 안드로이드 고유의 보안모델은 응용프로그램의 시스템자원에 대한 부적절한 접근을 제어하기 위한 권한을 중심으로 이루어진다. 본 연구에서는 안드로이드의 권한 기반 보안모델에 대한 취약성을 테스트 코드수행과 플랫폼 소스분석을 통해 알아보고 이에 대해 간단한 해결방안을 제시한다.

• International conference on construction engineering and project management
• /
• 2009.05a
• /
• pp.292-301
• /
• 2009

The employment of risk management theory in Urban Disaster Management System (UDMS) has become an important trend in recent years. The viewpoint of risk management is mainly a comprehensive risk assessment of various internal and external factors, and a subsequent handling of risks. Through continuous and systematic accumulation and analysis of risk information, disaster prevention and rescue system is established. Taking risk management theory as the foundation, Organization for Economic Cooperation and Development (OECD) has developed a series of UDMS in the mega-cities all over the world. With this system as a common platform, OECD cooperates with different cities to develop disaster prevention and rescue system consisting of vulnerability assessment methods, risk assessment and countermeasures. The paper refers to the urban disaster vulnerability assessment and risk management of OECD and the mega-cities of different advanced and developed countries in the world, and then constructs a preliminarily drafted structure for the vulnerability assessment methods and risk management mechanism in the metropolitan districts of Taiwan.

• Journal of Information Processing Systems
• /
• v.18 no.6
• /
• pp.741-754
• /
• 2022

Openstack is widely used as a representative open-source infrastructure of the service (IaaS) platform. The Openstack Identity Service is a centralized approach component based on the token including the Memcached for cache, which is the in-memory key-value store. Token validation requests are concentrated on the centralized server as the number of differently encrypted tokens increases. This paper proposes the practical Byzantine fault tolerance (PBFT) blockchain-based Openstack Identity Service, which can improve the performance efficiency and reduce security vulnerabilities through a PBFT blockchain framework-based decentralized approach. The experiment conducted by using the Apache JMeter demonstrated that latency was improved by more than 33.99% and 72.57% in the PBFT blockchain-based Openstack Identity Service, compared to the Openstack Identity Service, for 500 and 1,000 differently encrypted tokens, respectively.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2022.11a
• /
• pp.797-799
• /
• 2022

메타버스 시장은 향후 지속 성장할 것으로 예상되지만 현재 메타버스 관련 이해관계자 중계 플랫폼은 부족한 실정하다. 따라서 메타버스 서비스 이해관계자간 연결 플랫폼을 개발한다면 개인, 소상공인, 그리고 중소기업 등 서비스 요청자들의 접근성을 높일 수 있으며, 이를 통한 부가가치 창출이 가능할 것으로 기대된다. 이에 따라 '메타드림(Meta Dream) 플랫폼'을 기획하고 개발하였다.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2023.11a
• /
• pp.1187-1188
• /
• 2023

인공지능·데이터·클라우드 등 혁신적인 기술로 새로운 사회 구조를 만드는 시대가 도래하면서 현 정부 핵심 국정과제 중 하나로 디지털플랫폼정부(DPG) 구현이 언급되었다. DPG는 수많은 공공 데이터를 관리하고 있으며, 중요·민감 데이터의 안전성을 유지하기 위한 신보안체계로서 '제로트러스트'를 고려하고 있다. 하지만 DPG에 제로트러스트 보안 개념을 적용하고자 할 경우 기업이나 정부 기관 대상의 제로트러스트와 달리 DPG는 참여 주체(정부, 민간 기업, 일반 국민 등)가 다양하고 민간 클라우드 활용을 지향하는 만큼, 이러한 특징을 고려하여 아키텍처를 설계해야 한다. 따라서, 본 논문에서는 DPG에 제로트러스트 보안 아키텍처를 도입할 경우, 고려해야 할 점을 제시한다.