• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.39B no.4
• /
• pp.207-215
• /
• 2014

Password based authentication systems are most widely used for user convenience in web services. However such authentication systems are known to be vulnerable to various attacks such as password guessing attack, dictionary attack and key logging attack. Besides, many of the web systems just provide user authentication in a one-way fashion such that web clients cannot verify the authenticity of the web server to which they set access and give passwords. Therefore, it is too difficult to protect against DNS spoofing, phishing and pharming attacks. To cope with the security threats, web system adopts several enhanced schemes utilizing one time password (OTP) or long and strong passwords including special characters. However there are still practical issues. Users are required to buy OTP devices and strong passwords are less convenient to use. Above all, one-way authentication schemes generate several vulnerabilities. To solve the problems, we propose a multi-channel, multi-factor authentication scheme by utilizing QR-Code. The proposed scheme supports both user and server authentications mutually, thereby protecting against attacks such as phishing and pharming attacks. Also, the proposed scheme makes use of a portable smart device as a OTP generator so that the system is convenient and secure against traditional password attacks.

• Journal of Digital Convergence
• /
• v.13 no.12
• /
• pp.151-160
• /
• 2015

As a lexical meaning, casino is defined as "a certified gambling house, equipped with recreational facilities such as dance and music, etc., where people play roulette or cards." Casinos started from 17th to 18th century for European nobility and their social meetings and established a casino industry framework in the United States in the 1930s. The success of the casino business leads to the increase of sales; it became very helpful for the local and national government revenues and also for the related incidental tasks. Casino operations include a variety of fields, such as general customer management, dealer game management, security, account management, currency exchange, re-exchange management, marketing management, comp management and placement management, etc. These operations should be organically connected to each other by information systems such as a groupware, ERP and Customer Relationship Management (CRM), etc. In addition, in order to effectively manage comprehensive entertainment service, including accommodation and tourism, it is necessary to develop an information system which supports casino business and collateral entertainment service, collects the data generated throughout the business and provides information about the situations of management. Thus, this study will propose a casino information system designed and implemented, considering these details.

• The Transactions of the Korea Information Processing Society
• /
• v.5 no.6
• /
• pp.1593-1602
• /
• 1998

In this paper, a hybrid firewall system using the screening router, dual-homed gateway, screened host galeway and the application level gateway is proposed, The screened host gateway is comjXlsed of screening router, DMZ and bastion host. All external input traffics are filtered by screening router with network protrcol filtering, and transmitted to the bastion host performing application level filtering, The dual homed gateway is an internlediate equipment prohibiting direct access from external users, The application level gateway is an equipment enabling transmission using only the proxy server. External users can access only through the public servers in the DMZ, but internal users can aeee through any servers, The rule base which allows Telnet only lo the adrnilllslratol is applied to manage hosts in the DMZ According to the equipmental results, denial of access was in orderof Web. Mail FTP, and Telnet. Access to another servers except for server in DMZ were denied, Prolocol c1mials of UDP was more than that of TCP, because the many hosts broadcasted to networds using BOOTP and NETBIOS, Also, the illegal Telnet and FTP that transfer to inside network were very few.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.17 no.11
• /
• pp.51-56
• /
• 2016

In this paper, we propose an Arduino-based plant monitoring system. The proposed system is based on the Arduino platform, using an environmental sensor and a pressure sensor for measuring temperature, humidity and illuminance in order to monitor the state of the environment and the facilities of the plant. Monitoring data are transmitted to a ZigBee coordinator connected to a server through a radio frequency transceiver. When using a pressure sensor and the environment sensor data stored on the host server, checking the pressure in the environment of the plant and equipment is intended to report any alarm status to the administrator. Using a grid line-based key distribution scheme, the authentication node dynamically generates a data key to protect the monitoring information. Applying a ZigBee wireless sensor network does not require additional wiring for the actual implementation of a plant monitoring system. Possible working-environment monitoring of an efficient plant can help analyze the cause of any failure by backtracking the working environment when a failure occurs. In addition, it is easy to expand or add a sensor function using the Arduino platform and an expansion board.

• Journal of Digital Contents Society
• /
• v.9 no.4
• /
• pp.607-616
• /
• 2008

By the advancement of computer & network technology, the paridigm of 'Network Computer' has been realizing`. In what is called network computer, computer system and computing resource is incomparably seem to be expanded compared with conventional network technology[1]. Network connected computer system consitute a massive virtual computer, it is possible for people to use an enourmous amout of computing resource distributed widely through the network. It is also possible that we make client lightweight by the use of computer system & all shared computing resources on the network in our computer processing and we call this type of client system as thin-client. Thin-client and network computer are on and the same network paradigm in that both paradigm featuring the active use of computer system and resource on the network[2]. In network computer paragem, network itself is regarded as a basic platform for the transfer of application, so it is possible that client access remote serve system to run remote applications through the network[3]. In this paper, we propose the system architecture for the implementation of network computer by the use of Web browser, X window system and Pyjamas. By the use of network computer proposed in this paper, it is possible for people to run application on the server system as if he run local application, and it is expected to improve the security and maintenance efficiency.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2013.10a
• /
• pp.169-172
• /
• 2013

In this paper, we develop an application service of user authentication system using context awareness technology. The proposed security printer system service is applying 'NFC(Near Field Communication) technology', 'authentication system using communication with server, according to context awareness to application system. Our system extracts several context-awareness elements that happen through the user's printing with server communication. The proposed system property elements contain as print time, number of printing and name of document, etc. based on working memory operation as DB. This proposed system provide with context-awareness weight algorithm and analyzes the service which decides success or failure of user's printing. The develop app service is formed and applied when approved user who gets request. Approved user according to these context awareness tech will be provided with final service after authenticating again for the certain NFC card to reader. This results cab be contributed an authentication service based on context awareness weight algorithm and improved performance of management service in secure service applications.

• Journal of the Korea Society for Simulation
• /
• v.22 no.1
• /
• pp.9-20
• /
• 2013

Defense M&S for weapons effectiveness is a realistic way to support virtual warfare similar to real warfare. As the war paradigm becomes platform-centric to network-centric, people try to utilize smartphones as the source of sensor, and command/control data in the simulation-based weapons effectiveness analysis. However, there have been limited researches on integrating smartphones into the weapon simulators, partly due to high modeling cost - modeling cost to accomodate client-server architecture, and re-engineering cost to adapt the simulator on various devices and platforms -, lack of efficient mechanisms to exchange large amount of simulation data, and low-level of security. In this paper, we design and implement Smartphone Adaptor to utilize smartphones for the simulationbased weapons effectiveness analysis. Smartphone Adaptor automatically sends sensor information, GPS and motion data of a client's smartphone to a simulator and receives simulation results from the simulator on the server. Also, we make it possible for data to be transferred safely and quickly through JSON and SEED. Smartphone Adaptor is applied to OpenSIM (Open simulation engine for Interoperable Models) which is an integrated simulation environment for weapons effectiveness analysis, under development of our research team. In this paper, we will show Smartphone Adaptor can be used effectively in constructing a Live simulation, with an example of a chemical simulator.

• Journal of Digital Convergence
• /
• v.15 no.4
• /
• pp.285-293
• /
• 2017

They are rapidly evolving malicious attacks on smart devices, and to timely protect the smart devices from these attacks has become a very important issue. In particular, smishing attack has emerged as one of the most important threats on the smartphone. In this paper, we propose the cloud service that can fundamentally protect the user from the risk of smishing attack. The proposed scheme provides cloud messaging service that can filter text messages including URLs in the user's smart device, view and manage them through a virtual machine provided by a cloud server. The existing techniques for preventing smshing attacks protect only malicious code of a known pattern and there is the possibility of error such as FP(False Positive) or FN(False Negative). However, since the proposed method automatically filters all text messages including URLs, storing, viewing, and managing them in their own storage space on the cloud server, it can completely block the installation of malwares(malicious codes) on the user's smart device through smishing attacks.

• Journal of Internet Computing and Services
• /
• v.16 no.1
• /
• pp.47-55
• /
• 2015

Recently, the environment of a hospital information system is a trend to combine various SMART technologies. Accordingly, various smart devices, such as a smart phone, Tablet PC is utilized in the medical information system. Also, these environments consist of various applications executing on heterogeneous sensors, devices, systems and networks. In these hospital information system environment, applying a security service by traditional access control method cause a problems. Most of the existing security system uses the access control list structure. It is only permitted access defined by an access control matrix such as client name, service object method name. The major problem with the static approach cannot quickly adapt to changed situations. Hence, we needs to new security mechanisms which provides more flexible and can be easily adapted to various environments with very different security requirements. In addition, for addressing the changing of service medical treatment of the patient, the researching is needed. In this paper, we suggest a dynamic approach to medical information systems in smart mobile environments. We focus on how to access medical information systems according to dynamic access control methods based on the existence of the hospital's information system environments. The physical environments consist of a mobile x-ray imaging devices, dedicated mobile/general smart devices, PACS, EMR server and authorization server. The software environment was developed based on the .Net Framework for synchronization and monitoring services based on mobile X-ray imaging equipment Windows7 OS. And dedicated a smart device application, we implemented a dynamic access services through JSP and Java SDK is based on the Android OS. PACS and mobile X-ray image devices in hospital, medical information between the dedicated smart devices are based on the DICOM medical image standard information. In addition, EMR information is based on H7. In order to providing dynamic access control service, we classify the context of the patients according to conditions of bio-information such as oxygen saturation, heart rate, BP and body temperature etc. It shows event trace diagrams which divided into two parts like general situation, emergency situation. And, we designed the dynamic approach of the medical care information by authentication method. The authentication Information are contained ID/PWD, the roles, position and working hours, emergency certification codes for emergency patients. General situations of dynamic access control method may have access to medical information by the value of the authentication information. In the case of an emergency, was to have access to medical information by an emergency code, without the authentication information. And, we constructed the medical information integration database scheme that is consist medical information, patient, medical staff and medical image information according to medical information standards.y Finally, we show the usefulness of the dynamic access application service based on the smart devices for execution results of the proposed system according to patient contexts such as general and emergency situation. Especially, the proposed systems are providing effective medical information services with smart devices in emergency situation by dynamic access control methods. As results, we expect the proposed systems to be useful for u-hospital information systems and services.

• Convergence Security Journal
• /
• v.8 no.3
• /
• pp.73-81
• /
• 2008

We can find easily about researches or technical development that deal with grasping the location of an object with GPS(Global Positioning System) in order to use them as a useful information. Most researches or technical development on application of tracing have been developed for the purpose of tracing objects in broad area as physical distribution or transportation, but recently, there are many researches on tracing materials in premise area as a fork lift, carts, or the equipment of work. In general, a system that utilizes location information of objects needs data communication network to transmit location data and it ensures data communication network by using common networks(SK, LG, KFT) or wireless LAN. However these two methods need monthly payment for the rental fee or require considerable amount of investment for the early stage so it is difficult to use them merely for tracing premise subjects. This study was conducted to build a tracing system for premise area by local area RF relay algorithm with low cost applying RF relay algorithm to local area wireless communication(ZIGBEE, 424MHz, Bluetooth, 900MHz) system in order to supplement these demerits and included relay algorithm, RF locating information terminal, local area RF gab-fillers, a plan for collection server of locating information, and the way of realization as they are needed in this system. I consider that this study would be applicable with flexibility in the industry area that needs tracing solution within a specific area or needs ensuring data communication network, to transmit data in ubiquitous environment, by easier and more rapid way with lower cost.