• Journal of Internet Computing and Services
• /
• v.14 no.3
• /
• pp.35-46
• /
• 2013

As mobile terminal environment gets matured, the use of Android platform based mobile terminals has been growing high. Recently, the number of attacks by malicious application is also increasing as Android platform is vulnerable to private information leakage in nature. Most of these malicious applications are easily distributed to general users through open market or internet and an attacker inserts malicious code into malicious app which could be harmful tool to steal private data and banking data such as SMS, contacts list, and public key certificate to a remote server. To cope with these security threats more actively, it is necessary to develop countermeasure system that enables to detect security vulnerability existing in mobile device and take an appropriate action to protect the system against malicious attacks. In this sense, this paper aggregates diverse system events from multiple mobile devices and also implements a system to detect attacks by malicious application.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.29 no.2C
• /
• pp.333-341
• /
• 2004

Along with the innovative enhancement of Internet technology and the emergency of distributed systems extended from client-server computing, it becomes indispensible and necessary to integrate and interconnect old legacy systems. Since building a distributed system requires consistency of integration, the proper reuse of incumbent systems is critical to successful integration of current systems to distributed ones. CORBA(Common Object Request Broker Architecture) and object wrapping technique can provide middleware solutions that extend the applications of a legacy system with little modification to the application level while keeping client consistency of standard interface. By using these techniques for system integration it is easier and faster to extend services on application development to distributed environments. We propose a model on object wrapping system that can manage, integrate, and separate the functions delivered from CORBA. We apply the object wrapping model specifically to integration of security system interfaces and also perform a test to verify the usability and the efficiency of our model.

• Journal of Convergence Society for SMB
• /
• v.1 no.1
• /
• pp.29-37
• /
• 2011

As the area of informatization has been expanding followed by the development of information communication technology, cloud computing which can use infra sources like server, storage, and network in IT area as an efficient service whenever and wherever skyrockets. But users who use cloud computing technology may have some problems like exposure personal data, surveillance on person, and process on commercial purpose on their personal data. This paper proposes a security technique which protect user's privacy by creating imaginary user information not to be used by other people. The proposed technique virtualizes user's information as an anonymity value not to let other people know user's identity by combining PIN code with it and guarantees user's anonymity. Also it can manage and certificate personal information that is important in cloud computing, so that it can solve security problem of cloud computing which centers all informations. Therefore this paper can assist upgrading of the level of information of poor SMBs through safe use of cloud computing.

• Convergence Security Journal
• /
• v.16 no.3_2
• /
• pp.3-12
• /
• 2016

The purpose of this study is to analyse Modus Operandi of smishing. For the study, 87 cases of smishing crime reports and smishing experiences of victims were analysed and 10 police officers who investigates smishing crime were interviewed. The results indicated that smishing crime can be divided into the preparation stage and the implementation stage. In the preparation stage, two modus operandi patterns, collection of personal information and text message script composition, were identified. In the implementation stage, seven modus operandi patterns were identified: sending smishing text messages and installation of malicious mobile applications, leak personal information, sending personal information to smishing crime organization through online server, payment attempt using collected personal information, intercept authorization code, completion of payment using intercepted authorization code, and payment amount was delivered to victims. Further implications were discussed.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.18 no.7
• /
• pp.1634-1642
• /
• 2014

Mobile RFID system, that consists of the existing RFID reader mounted on the mobile devices such as smartphones, is able to provide the users a variety of services and convenience. But security of mobile RFID system is too weak like the existing RFID system. In this paper, the mobile RFID mutual authentication protocol with high level of security is proposed to overcome the troubles such as cryptographic protocols in the existing RFID system responding with the same value in every authentication procedure and the exposure in the exchange of messages. The proposed protocol exchanges messages unexposed by using the random numbers generated in the mutual authentication between the tag and the reader and making numbers coded with the symmetric key. Besides, the protocol uses the mutual authentication utilizing OTP by considering the characteristics of the reader embedded in mobile devices in the mutual authentication process between the reader and the server. Because changed message in every authentication, which produces safe from spoofing attacks and replay attacks, etc.

• The Journal of Korea Institute of Information, Electronics, and Communication Technology
• /
• v.8 no.6
• /
• pp.491-496
• /
• 2015

Cloud computing has emerged with promise to decrease the cost of server additional cost and expanding the data storage and ease for computer resource sharing and apply the new technologies. However, Cloud computing also raises many new security concerns due to the new structure of the cloud service models. Therefore, the secure user authentication is required when the user is using cloud computing. This paper, we propose the enhanced AdaBoost algorithm for access cloud security zone. The AdaBoost algorithm despite the disadvantage of not detect a face inclined at least 20, is widely used because of speed and responsibility. In the experimental results confirm that a face inclined at least 20 degrees tilted face was recognized. Using the FEI Face Database that can be used in research to obtain a result of 98% success rate of the algorithm perform. The 2% failed rate is due to eye detection error which is the people wearing glasses in the picture.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2017.05a
• /
• pp.285-287
• /
• 2017

Currently, the world of data communication is not simply communication between server and user in a wired way, but using wireless environment, various devices communicate with each other in a wider and diverse environment to generate a large amount of data. In this environment, IoT is now located deep in our lives, and IoT technologies are used in many tasks, but the data used in IoT is exposed without sufficient protection from malicious behavior. Most of these devices do not have enough computing power to cope with malicious attacks. In this paper, we aim to make all devices that have sufficient computing power and safety from simple sensors to be able to have security according to the situation. The proposed technology is based on the importance of the device and computing power, and it is possible to select the encryption technology selectively and to improve security.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.33 no.2C
• /
• pp.208-218
• /
• 2008

We are sure that RFID system should be a widely used automatic identification system because of its various advantages and applications. However, many people know that invasions of privacy in RFID system is still critical problem that makes it difficult to be used. Many works for solving this problem have focused on light-weight cryptographic functioning in the RFID tag. An agent scheme is another approach that an agent device controls communications between the tag and the reader for protecting privacy. Generally an agent device has strong security modules and enough capability to process high-level cryptographic protocols and can guarantees consumer privacy. In this paper, we present an enhanced mobile agent for RFID privacy protection. In enhanced MARP, we modified some phases of the original MARP to reduce the probability of successful eavesdropping and to reduce the number of tag's protocol participation. And back-end server can authenticate mobile agents more easily using public key cryptography in this scheme. It guarantees not only privacy protection but also preventing forgery.

• Journal of Convergence Society for SMB
• /
• v.6 no.3
• /
• pp.29-35
• /
• 2016

This paper presents the design of a user authentication system (DCIAS) using the device constant information. Defined design a new password using the access device constant information to be used for user authentication during system access on the network, and design a new concept the user authentication system so that it can cope with the threat required from passive replay attacks to re-use the password obtained in other applications offer. In addition, by storing a password defined by the design of the encrypted random locations in the server and designed to neutralize the illegal access to the system through the network. Therefore proposed using the present system, even if access to the system through any of the network can not know whether any where the password is stored, and if all right even stored information is not easy to crack's encrypted to neutralize any replay attacks on the network to that has strong security features.

• Journal of Korea Society of Industrial Information Systems
• /
• v.12 no.3
• /
• pp.47-59
• /
• 2007

IPv4 NAT, which often used in households or under SOHO environments, is one of the factors that delays IPv6 propagation. As IPv4 NAT does not operate properly under the transition mechanism like ISATAP or 6to4 that acts as IPv6-in-IPv4 tunneling type, Microsoft proposed Teredo in order to resolve this issue. However, tunneling transition mechanism like Teredo has a security problem. That is, being tunneled packets have dual IP headers; general firewall systems apply the filtering rules only to the outer header but not inner header when these packets pass the firewall. Furthermore, attacks using unregistered server and relay can take place in Teredo. To resolve these problems, we propose a new packet filtering mechanism exclusively for Teredo. The proposed packet filtering mechanism was designed and implemented by using Linux Netfilter and ip6tables. Through functional and experimental performance tests, this packet filtering system was found operating properly and solving the Teredo packet filtering problems without serious performance degradation.