• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.3
• /
• pp.537-544
• /
• 2012

With wireless network infrastructure, the number of smart-phone users is remarkably increasing in the world and the amounts of damage due to the smart-phone malwares are also raised. Many security solutions for wireless network have come into the market but these solutions are for companies or large enterprises, therefore, the public users of smart-phone don't feel easy to select as their solutions and it is difficult to detect unknown malwares. In this paper, we propose the mobile security diagnostic system for public smart-phone users, which provides functions like smart-phone system check, comparison with blacklist of applications and collecting malwares.

• International Journal of Computer Science & Network Security
• /
• v.24 no.6
• /
• pp.99-108
• /
• 2024

The Internet of Things (IoT) is a novel concept that allows a large number of objects to be connected to the Internet while also allowing them to be controlled remotely. The Internet of Things is extensive and has become an almost inseparable part of our daily lives. Users' personal data is frequently obtained by these linked gadgets and stored online. In recent years, the security of acquired data has become a major concern. As devices grow more linked, privacy and security concerns grow more pressing, and they must be addressed as soon as possible. IoT implementations and devices are particularly vulnerable to attacks that might adversely affect customer security and privacy, which might have an impact on their practical utility. The goal of this study is to bring attention to the security and privacy concerns that exist in IoT systems. To that purpose, the paper examines security challenges at each level of the IoT protocol stack, identifies underlying impediments and critical security requirements, and provides a rapid overview of available security solutions for securing IoT in a layered environment.

• International Journal of Computer Science & Network Security
• /
• v.23 no.6
• /
• pp.155-161
• /
• 2023

In the process of remarkable progress in the medical and technical field and activating the role of technology in health care services and applications, and since the safety of medical data and its protection from security violations plays a major role in assessing the security of health facilities and the safety of medical servers Thus, it is necessary to know the cyber vulnerabilities in health information systems and other related services to prevent and address them in addition to obtaining the best solutions and practices to reach a high level of cybersecurity against attackers, especially due to the digital transformation of health care systems and the rest of the dealings. This research is about what cyberattacks are and the purpose of them, in addition to the methods of penetration. Then challenges, solutions and some of the security issues will be discussed in general, and a special highlight will be given to obtaining a safe infrastructure to enjoy safe systems in return.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.13 no.5
• /
• pp.81-90
• /
• 2003

Existing web-based system management software solutions show some limitations in time and space. Moreover, they possess such as shortcomings unreliable error message announcements and difficulties with real-time assistance suppers and emergency measures. In order to solve these deficiencies, Wireless Remote Control System was designed and implemented. Wireless Remote Control System is able to manage and monitor remote systems by using mobile communication devices for instantaneous control. The implementation of Wireless Remote Control System leads to these security Problems as well as solutions to aforementioned issues with existing web-based system management software solutions. Therefore, this paper has focused on the security matters related to Wireless Remote Control System. The designed security functions include mobile device user authentication and target system access control. For security verification of these security functions introduced CPN(Coloured Petri Nets) which is capable of expressing every possible state for each stage. And then in this paper was verified its security through PI(Place Invariant) based on CPN(Coloured Petri Nets). The CPN expression and analysis method of the proposed security function can also be a useful method for analyzing other services in the future.

• Journal of Information Processing Systems
• /
• v.15 no.4
• /
• pp.904-919
• /
• 2019

Many security systems rely solely on solutions based on Artificial Intelligence, which are weak in nature. These security solutions can be easily manipulated by malicious users who can gain unlawful access. Some security systems suggest using fingerprint-based solutions, but they can be easily deceived by copying fingerprints with clay. Image-based security is undoubtedly easy to manipulate, but it is also a solution that does not require any special training on the part of the user. In this paper, we propose a multi-factor security framework that operates in a three-step process to authenticate the user. The motivation of the research lies in utilizing commonly available and inexpensive devices such as onsite CCTV cameras and smartphone camera and providing fully secure user authentication. We have used technologies such as Argon2 for hashing image features and physically unclonable identification for secure device-server communication. We also discuss the methodological workflow of the proposed multi-factor authentication framework. In addition, we present the service scenario of the proposed model. Finally, we analyze qualitatively the proposed model and compare it with state-of-the-art methods to evaluate the usability of the model in real-world applications.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.18 no.6B
• /
• pp.259-269
• /
• 2008

Applying Varying Pseudonym (VP) to design of Radio Frequency Identification (RFID) authentication protocol outperforms the other existing approaches in several respects. However, this approach is prone to the well-known denial-ofservice (DOS) attack. In this paper, we examine the de-synchronization problems of VP-based RFID authentication protocols, and propose effective solutions to eliminate such weaknesses. We shall show that the proposed solutions indeed improve the security for these protocols, and moreover, these solutions require 0(1) computational cost for identitying a tag and 0(1) key space on the tag. These excellent performances make them very attractive to many RFID applications.

• Korean Security Journal
• /
• no.29
• /
• pp.87-113
• /
• 2011

Korean security industry has history of more than half a century, and it is growing fast. Private security industry contributes not only to livelihood safety, but also to national security. The area of the industry is being expanded. Security Act is closely related to the security industry, and has contributed to the growth of private security industry sector. Security Act of Korea, which was established in 1976, was originally made after Japanese Security Act. But nowadays, Korean Security Act is as systematic as the Japanese act. However, for 10 years, Security Act of Korea has been stagnant, not able to reflect security industries' demand. The writer has contributed to the development of Security Act. In 1995, the writer wrote the basic framework of Security Instructor Qualifications System and drafted Security Act in 2002. There are currently many problems in existing Security Act, but there are four representative problems. (1) No more establishment of new security sector, (2) excessively slack qualification criteria, (3) the education system for guards, (4) the security Instructor examination system. This paper derives problems of current Security Act, and suggests solutions for them. Not only the academic world, but all of us should pay attention to the revision of Security Act.

• The Journal of Society for e-Business Studies
• /
• v.6 no.1
• /
• pp.17-33
• /
• 2001

EC(Electronic Commerce) which is done on the virtual space through Internet has strong point like independence from time and space. On the contrary, it also has weak point like security problem because anybody can access easily to the system due to open network attribute of Internet, Therefore, we need the solutions that protect the EC security problem for safe and useful EC activity. One of these solutions is the implementation of strong cipher system. YK2(Young Ku King) cipher system proposed in this paper is good solution for the EC security and it overcome the limit of current block cipher system using 128 bits key length for input, output, encryption key and 32 rounds. Moreover, it is designed for the increase of time complexity by adapting more complex design for key scheduling algorithm regarded as one of important element effected to encryption.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.16 no.1
• /
• pp.67-78
• /
• 2020

Typical security solutions such as intrusion detection system are not suitable for detecting advanced persistent attack(APT), because they cannot draw the big picture from trivial events of security solutions. Researches on techniques for detecting multiple stage attacks by analyzing the correlations between security events or alerts are being actively conducted in academic field. However, these studies still use events from existing security system, and there is insufficient research on the structure of the entire security system suitable for advanced persistent attacks. In this paper, we propose an attack path and intention recognition system suitable for multiple stage attacks like advanced persistent attack detection. The proposed system defines the trace format and overall structure of the system that detects APT attacks based on the correlation and behavior analysis, and is designed with a structure of detection system using deep learning and big data technology, etc.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.6 no.2
• /
• pp.498-514
• /
• 2012

Machine to machine (M2M) communications is the hottest issue in the standardization and industry area, it is also defined as machine-type communication (MTC) in release 10 of the 3rd Generation Partnership Project (3GPP). Recently, most research have focused on congestion control, sensing, computing, and controlling technologies and resource management etc., but there are few studies on security aspects. In this paper, we first introduce the threats that exist in M2M system and corresponding solutions according to 3GPP. In addition, we present several new security issues including group access authentication, multiparty authentication and data authentication, and propose corresponding solutions through modifying existing authentication protocols and cryptographic algorithms, such as group authentication and key agreement protocol used to solve group access authentication of M2M, proxy signature for M2M system to tackle authentication issue among multiple entities and aggregate signature used to resolve security of small data transmission in M2M communications.