• KSCI Review
• /
• v.14 no.2
• /
• pp.245-254
• /
• 2006

Web Forensics algorithm used to an extraction of technical Web Forensics data to be adopted to proof data regarding a crime cyber a computer at data of a great number of log History is an essential element. Propose Web Forensics algorithm, and design at these papers, and try to implement in a Web server system of an actual company. And make the Web dispatch Loging system configuration experiment that applied integrity regarding Web log History information or authentication regarding an information source. Design Web Forensics algorithm and the Flow which used for Web log History analyses at server of e-mail, webmail, HTTP (Web BBS, Blog etc.), FTP, Telnet and messengers (MSN, NateOn, Yahoo, DaumTouch. BuddyBuddy, MsLee, AOL, SoftMe) of a company, and implement through coding. Therefore have a purpose of these paper to will contribute in scientific technical development regarding a crime cyber a computer through Web Forensics.

• Journal of the Korea Convergence Society
• /
• v.8 no.11
• /
• pp.7-13
• /
• 2017

In recent years, cloud computing technology has been socially emerged that provides services remotely as various devices are used. However, there are increasing attempts by some users to provide cloud computing services with malicious intent. In this paper, we propose a property - based multi - level hierarchical approach to facilitate authentication access for users accessing servers in cloud environment. The proposed method improves the security efficiency as well as the server efficiency by hierarchically distributing a set of attribute values by replacing the order of the user 's attribute values in the form of bits according to a certain rule. In the performance evaluation, the proposed method shows that the accuracy of authentication according to the number of attributes is higher than that of the existing method by an average of 15.8% or more, and the authentication delay time of the server is decreased by 10.7% on average. As the number of attributes increases, the average overhead change is 8.5% lower than that of the conventional method.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.16 no.3
• /
• pp.605-614
• /
• 2012

Nowadays u-healthcare which is very sensitive to the character of user's information among other ubiquitous computing field is popular in medical field. u-healthcare deals extremely personal information including personal health/medical information so it is exposed to various weaknees and threats in the part of security and privacy. In this paper, RFID based patient's information protecting protocol that prevents to damage the information using his or her mobile unit illegally by others is proposed. The protocol separates the authority of hospital(doctor, nurse, pharmacy) to access to patient's information by level of access authority of hospital which is registered to management server and makes the hospital do the minimum task. Specially, the management server which plays the role of gateway makes access permission key periodically not to be accessed by others about unauthorized information except authorized information and improves patient's certification and management.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.31 no.5B
• /
• pp.478-485
• /
• 2006

In this paper, we analyze the conditions of generating the dynamic Web documents in multi-user server and propose effective method for it. PSSI technique leads to replace the complex process of modifying a CGI source program by simply correcting the HTML Web document in the external file form. This technique has the strong points of CGI, flexibility and security of programming as well as those of SSI, easiness of modifying Web documents. Due to the characteristics of PSSI that Web source documents are in the form of external file, we show that with a single CGI program an individual user can design and modify his own Web documents in his directory. This means that PSSI technique has more advantage in managing the server than the CGI method which requires CGI program to be set up whenever that service is needed.

• Journal of KIISE:Computing Practices and Letters
• /
• v.9 no.5
• /
• pp.498-508
• /
• 2003

In the field of finance, Trading System of Securities is a very vulnerable application when it faces any small problems just for one minute. Since Trading System changes its environment from mainframes to client/server, its safety becomes the most important factor. Even though most If systems are configured by general guidelines currently, Trading System is an exception that it is configured by specific and rather ad hoc guidelines in order to ensure its safe management. In this thesis, I will prove the validity of specific and ad hoc configuration in the environment of Trading Systems where I use both XA interface system and Non-XA interface to configure its system based on 3-Tier Client/server computing environment through middleware, TP-Monitor, in the X/Open DTP Model. In order to validate the Trading System, I will compare and analyze the error of data of an order and ability to restore using both XA and Non-XA interfaces while testing take-over scenario on the assumption of the system's failure.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.16 no.1
• /
• pp.41-54
• /
• 2020

In this paper, it will study various problems such as personal information infringement from when using various useful Apps in the Smartphone environment. It also researched the vulnerabilities Mobile Apps and the risks of personal information leakage when using Smartphone information to decrease threat and find solution. In the second chapter, it will check the existing Mobile App related Apps. In the third chapter, it will check the threats and major factors that caused by the leakage of personal information which related to the app. Then it will suggest solution and end with conclusion. This paper also looked at various problems that caused by illegal adverse effect from illegal personal information collection. Then it researched and made suggestion to make consideration on safety of personal information and privacy infringement that threat to personal information For safety of mobile banking, it proposed a safety method to separate and manage the code which has the core logic which required to run the App. For safety of direction App, when running the direction App, even if the information is collected, location information for unauthorized accessed will encrypt and store in DB, so that access to personal information is difficult. For delivery App environment, by using the national deliver order call center's representative phone to receive a telephone order then, the customer information is delivered to the branch office when it receive order and it will automatically delete information from the server when the delivery is completed by improving DB server of order. For the smart work app environment, the security solution operates automatically by separating and make independent private and work areas. Then it will suggest initialization for company's confidential business information and personal information to safe from danger even if loss.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.8 no.11
• /
• pp.3916-3936
• /
• 2014

Smartphone applications like games, image processing, e-commerce and social networking are gaining exponential growth, with the ubiquity of cellular services. This demands increased computational power and storage from mobile devices with a sufficiently high bandwidth for mobile internet service. But mobile nodes are highly constrained in the processing and storage, along with the battery power, which further restrains their dependability. Adopting the unlimited storage and computing power offered by cloud servers, it is possible to overcome and turn these issues into a favorable opportunity for the growth of mobile cloud computing. As the mobile internet data traffic is predicted to grow at the rate of around 65 percent yearly, even advanced services like 3G and 4G for mobile communication will fail to accommodate such exponential growth of data. On the other hand, developers extend popular applications with high end graphics leading to smart phones, manufactured with multicore processors and graphics processing units making them unaffordable. Therefore, to address the need of resource constrained mobile nodes and bandwidth constrained cellular networks, the computations can be migrated to resourceful servers connected to cloud. The server now acts as a bridge that should enable the participating mobile nodes to offload their computations through Wi-Fi directly to the virtualized server. Our proposed model enables an on-demand service offloading with a decision support system that identifies the capabilities of the client's hardware and software resources in judging the requirements for offloading. Further, the node's location, context and security capabilities are estimated to facilitate adaptive migration.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.35 no.3B
• /
• pp.462-473
• /
• 2010

The RFID system has the security problem of location tracking and user privacy. In order to solve this problem, the cryptographic access method using hash function is difficult to in real applications. Because there is a limit of computing and storage capacity of Tag, but the safety is proved. The lightweight authentication methods like HB and LMAP guarantee the high efficiency, but the safety is not enough to use. In this paper, we use the AES for RFID Authentication, and solve the problem of using fixed key with key change step by step. The symmetric keys of the tag and server are changed by the random number generated by tag, reader and server successively. This could prevent the key exposure. As a result, the output of the tag and reader always changes. These key changes could make it possible to prevent eavesdropping, replay attack, location tracking and spoofing.

• Journal of Internet Computing and Services
• /
• v.2 no.4
• /
• pp.41-53
• /
• 2001

Multi-distributed web cluster model built for high availability E-Business model exposes internal system nodes on its structural characteristics and has a potential that normal job performance is impossible due to the intentional prevention and attack by an illegal third party. Therefore, the security system which protects the structured system nodes and can correspond to the outflow of information from illegal users and unfair service requirements effectively is needed. Therefore the suggested distributed invasion detection system is the technology which detects the illegal requirement or resource access of system node distributed on open network through organic control between SC-Agents based on the shared memory of SC-Server. Distributed invasion detection system performs the examination of job requirement packet using Detection Agent primarily for detecting illegal invasion, observes the job process through monitoring agent when job is progressed and then judges the invasion through close cooperative works with other system nodes when there is access or demand of resource not permitted.

• Journal of Digital Convergence
• /
• v.16 no.1
• /
• pp.159-164
• /
• 2018

Biometric information does not need to be stored separately, and there is no risk of loss and no theft. For this reason, it has been attracting attention as an alternative authentication means for existing authentication means such as passwords and authorized certificates. However, there may be a privacy problem due to leakage of personal information stored in the server. To overcome these weaknesses, FIDO solved the problem of leakage of personal information on the server by using biometric information stored on the user device and authenticating. In this paper, we propose a multiple biometric authentication method that can be used in FIDO environment. In order to utilize multiple biometric information, fingerprints and EEG signals can be generated and used in FIDO system. The proposed method can solve the problem due to limitations of existing 2-factor authentication system by authentication using multiple biometric information.