• Journal of Korea Society of Digital Industry and Information Management
• /
• v.6 no.4
• /
• pp.117-130
• /
• 2010

Paper is on defense for so-called internet crisis, the attack of DDoS (Distributed Denial of Service) which was targeted to the central government ministries, financial sector, and portal sites of chief counties including Korea on June 7th, 2009 as its start. By conducting attack with various DDoS attacking methods in the lab environment and dividing networks targeted by the attack by layers, this paper records and analyzes the chief information for attack, destination information of packets, defense policy setting, and the flow of packet attack with the subjects of the networks separated. This study suggests CFC system using multiple firewalls applying defense policy corresponding to the target layer for ultimate attack and tests it according to the result of analyzing the attack packet information and its amount, log analysis, access recording port, and MAC and IT information, etc. by layers. This article is meaningful in that it analyzes the attack by layers, establishes firewall policy for protecting each layer, and secures accurate mechanism for detect and defense.

• Journal of Information Processing Systems
• /
• v.13 no.4
• /
• pp.1014-1028
• /
• 2017

Social networking services (SNSs) such as Twitter, MySpace, and Facebook have become progressively significant with its billions of users. Still, alongside this increase is an increase in security threats such as cross-site scripting (XSS) threat. Recently, a few approaches have been proposed to detect an XSS attack on SNSs. Due to the certain recent features of SNSs webpages such as JavaScript and AJAX, however, the existing approaches are not efficient in combating XSS attack on SNSs. In this paper, we propose a machine learning-based approach to detecting XSS attack on SNSs. In our approach, the detection of XSS attack is performed based on three features: URLs, webpage, and SNSs. A dataset is prepared by collecting 1,000 SNSs webpages and extracting the features from these webpages. Ten different machine learning classifiers are used on a prepared dataset to classify webpages into two categories: XSS or non-XSS. To validate the efficiency of the proposed approach, we evaluated and compared it with other existing approaches. The evaluation results show that our approach attains better performance in the SNS environment, recording the highest accuracy of 0.972 and lowest false positive rate of 0.87.

• Journal of Internet Computing and Services
• /
• v.4 no.3
• /
• pp.1-8
• /
• 2003

The power analysis attack is a physical attack which can be applied to the cryptosystems such as smartcard. We try to experimental attack to a smart card which implemented Elliptic Curve Cryptosystem adopting NAF algorithm as a secret key recording method. Our differential power analysis attack is a potential threat to that implementation. The attacker measures the power traces during the multiplication with secret key bits in a target smart card and the multiplication with the guessed bits in other experimental one. The comparison of these two traces gives a secret bit, which means that attacker can find all secret key bits successively.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.4
• /
• pp.617-627
• /
• 2013

Wireless communication technology such as NFC and RFID makes the data transfer between devices much easier. Instead of the irksome typing of passwords, users are able to simply authenticate themselves with their smart cards or smartphones. Relay attack, however, threatens the security of token-based, something-you-have authentication recently. It efficiently attacks the authentication system even if the system has secure channels, and moreover it is easy to deploy. Distance bounding or localization of two devices has been proposed to detect relay attacks. We describe the disadvantages and weakness of existing methods and propose a new way to detect relay attacks by recording a background noise.

• Journal of Practical Engineering Education
• /
• v.15 no.3
• /
• pp.641-647
• /
• 2023

In the fintech environment, ensuring secure financial transactions with smartphones requires authenticating the device owner. Smartphone authentication techniques encompass a variety of approaches, such as passwords, biometrics, SMS authentication, and more. Among these, password-based authentication is commonly used and highly convenient for user authentication. Although it is a simple authentication mechanism, it is susceptible to eavesdropping and keylogging attacks, alongside other threats. Security keypads have been proposed to address vulnerabilities in password input on smartphones. One such innovation is a group keypad, resistant to attacks that guess characters based on touch location. However, improvements are needed for user convenience. In this study, we aim to propose a method that enhances convenience while being resistant to eavesdropping and recording attacks on the existing group keypad. The proposed method uses new signs to allow users to verify instead of the last character confirmation easily and employs dragging-to-touch for blocking recording attacks. We suggest diverse positioning methods tailored for domestic users, improving efficiency and security in password input compared to existing methods.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.19 no.4
• /
• pp.1-6
• /
• 2019

CCTV video recording system is recognized as evidence value of video data, and is widely used in real life for the purpose of security of facilities or security control, and it is developing in order to process high-resolution and high-capacity data in real time through network. However, there is no description of redundancy to prevent the loss of image data due to defects of unexpected equipment or external attack, and even if the redundancy is implemented, a high-capacity video stream is transmitted through the network, network overload can not avoided. In this paper, we propose and verify a failover method based on rules that can operate the redundancy scheme without inducing network overload in CCTV network video recording environment.

• Journal of Industrial Convergence
• /
• v.21 no.2
• /
• pp.117-123
• /
• 2023

In the fintech environment, Smart phones are mainly used for various service. User authentication technology is required to use safe services. Authentication is performed by transmitting authentication information to the server when the PIN or password is entered and touch the button completing authentication. But A post-attack is possible because the smudge which is the trace of using screen remains instead of recording attack with a camera or SSA(Shoulder Surfing Attack). To prevent smudge attacks, users must erase their fingerprints after authentication. In this study, we proposed a technique to determine whether to erase fingerprints. The proposed method performed erasing fingerprint which is the trace of touching after entering PIN and designed the security keypads that processes instead of entering completion button automatically when determined whether the fingerprint has been erased or not. This method suggests action that must erase the fingerprint when entering password. By this method, A user must erase the fingerprint to complete service request and can block smudge attack.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2011.05a
• /
• pp.650-653
• /
• 2011

In this paper, we describe Bluetooth system and Bluetooth security. And we analyze the structure of information security and vulnerability, introduced one of Bluetooth hacking techniques. We show a demo of the attack process to inject arbitrary hands-free voice messages and save the file information, recording a conversation through hands-free device.

• Journal of the Korean Society for Precision Engineering
• /
• v.16 no.9
• /
• pp.149-158
• /
• 1999

The modern trends of optical storage devices can be characterized by high density in information recording, and high bandwidth in data input/output processing rate. These make servo engineers to face with a new barrier on control system design in much more difficult way. The first step to attack this barrier will be through a systematic modeling for the dynamic characteristics of optical storage drive. in this paper, an analytical dynamic model for an optical storage drive based on FEM is drived, and compared with experimental results. Through this comparison, a practical dynamic model on the focusing and tracking motion of optical storage drive is proposed for the initiation of real control system design problem.

• Journal of Convergence for Information Technology
• /
• v.10 no.8
• /
• pp.144-151
• /
• 2020

User-authentication process is necessary in Fintech Service. Especially, authentication on smartphones are carried out through PIN which is inputted through virtual keypads on touch screen. Attacker can analogize password by watching touched letter and position over the shoulder or using high definition cameras. To prevent password spill, various research of virtual keypad techniques are ongoing. It is hard to design secure keypad which assures safety by fluctuative keypad and enhance convenience at once. Also, to reconfirm user whether password is wrongly pressed, the inputted information is shown on screen. This makes the password easily exposed through high definition cameras or Google Class during recording. This research analyzed QWERTY based secure keypad's merits and demerits. And through these features, creating Tetris shaped keypad and piece them together on Android environment, and showing inputted words as Tetris shape to users through smart-screen is suggested for the ways to prevent password spill by recording.