• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.4
• /
• pp.743-755
• /
• 2013

In recent years, the malicious apps with malicious code in normal apps are increasingly redistributed in Android market, which may incur various problems such as the leakage of authentication information and transaction information and fraudulent transactions when banking apps to process the financial transactions are exposed to such attacks. Thus the financial authorities established the laws and regulations as an countermeasures against those problems and domestic banks provide the integrity verification functions in their banking apps, yet its reliability has not been verified because the studies of the safety of the corresponding functions have seldom been conducted. Thus this study suggests the vulnerabilities of the integrity verification functions of banking apps by using Android reverse engineering analysis techniques. In case the suggested vulnerabilities are exploited, the integrity verification functions of banking apps are likely to be bypassed, which will facilitate malicious code inserting attacks through repackaging and its risk is very high as proved in a test of this study. Furthermore this study suggests the specific solutions to those vulnerabilities, which will contribute to improving the security level of smartphone financial transaction environment against the application forgery attacks.

• Korean Security Journal
• /
• no.14
• /
• pp.125-140
• /
• 2007

This study was to analyze structural equation modeling of organizational culture, human resource management and organization performance in the private security corporation. To attain the goal of the study described above paragraphs, the employee of private security corporation located in Seoul, 2006 year were set as a collected group. Then, using the cluster random sampling method, finally drew out 300 peoples and analyzed 250 peoples in total. The material collection device was the brochure named . The validity of instrument was confirmed by confirmatory factor analysis(CFA) The result of reliability check up was here below; Chronbach' ${\alpha}=.724$. To analyze materials, correlation analysis, CFA, SEM were used as statistic analysis techniques. The conclusion based on above study method and the result of material analysis are follows; First, organizational culture influences on the human resource management. Second, organizational culture influences on the organizational performance. Third, human resource management influences on the organizational performance. Particularly, organizational culture influences indirectly on organizational performance throughout human resource management. Human resource management is very important variable mediating organizational culture and performance.

• Convergence Security Journal
• /
• v.5 no.2
• /
• pp.19-27
• /
• 2005

As home network is increasing to use, home network industry is developing too. Also, it is to be a popular subject in the network's topics. In this reasons, home network become a important thing because home gateway function is working between access network and home network. In the home network, it relates on the personal computer, home pad, and digital television. But, home gateway is not prepared standard point about techniques. Therefore, many kind of technique want to try for developing of home gateway's functions. Usually, we use ID/PASSWORD method in network control system. But, we found a lot of problems about classical network system while we experienced Jan/25 big trouble. We are considering about that home network system are using same network net. Therefore, seriously we have to check about security and safety at the home network's environment. This report focus on the home network's environment to control for using and efficiency and then it wants to find ways to protect from the internal and external attacks. Existing ID/PASSWORD method it used a electronic signature and the security against the approach from of external watch, the MIB structure of role base and the security of the Home network which leads the authority control which is safe even from the Home network inside it strengthened it used compared to it proposed.

• KIPS Transactions on Computer and Communication Systems
• /
• v.7 no.7
• /
• pp.183-194
• /
• 2018

With the rapid development of IoT(Internet of Things) technology, various convenient services such as smart home and smart city have been realized. However, IoT devices in unmanned environments are exposed to various security threats including eavesdropping and data forgery, information leakage due to unauthorized access. To build a secure IoT environment, it is necessary to use proper cryptographic technologies to IoT devices. But, it is impossible to apply the technologies applied in the existing IT environment, due to the limited resources of the IoT devices. In this paper, we survey the classification of IoT devices according to the performance and analyze the security requirements for IoT devices. Also we survey and analyze the use of cryptographic technologies in the current status of IoT open standard platform such as AllJoyn, oneM2M, IoTivity. Based on the research of cryptographic usage, we examine whether each platform satisfies security requirements. Each IoT open platform provides cryptographic technology for supporting security services such as confidentiality, integrity, authentication an authorization. However, resource constrained IoT devices such as blood pressure monitoring sensors are difficult to apply existing cryptographic techniques. Thus, it is necessary to study cryptographic technologies for power-limited and resource constrained IoT devices in unattended environments.

• Journal of the Institute of Electronics Engineers of Korea SD
• /
• v.44 no.7 s.361
• /
• pp.71-80
• /
• 2007

This paper describes an efficient hardware design of WiBro security processor (WBSec) supporting for the security sub-layer of WiBro wireless internet system. The WBSec processor, which is based on AES (Advanced Encryption Standard) block cipher algorithm, performs data oncryption/decryption, authentication/integrity, and key encryption/decryption for packet data protection of wireless network. It carries out the modes of ECB, CTR, CBC, CCM and key wrap/unwrap with two AES cores working in parallel. In order to achieve an area-efficient implementation, two design techniques are considered; First, round transformation block within AES core is designed using a shared structure for encryption/decryption. Secondly, SubByte/InvSubByte blocks that require the largest hardware in AES core are implemented using field transformation technique. It results that the gate count of WBSec is reduced by about 25% compared with conventional LUT (Look-Up Table)-based design. The WBSec processor designed in Verilog-HDL has about 22,350 gates, and the estimated throughput is about 16-Mbps at key wrap mode and maximum 213-Mbps at CCM mode, thus it can be used for hardware design of WiBro security system.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.2
• /
• pp.263-277
• /
• 2021

Taint analysis techniques are popularly used to detect web vulnerabilities originating from unverified user input data, such as Cross-Site Scripting (XSS) and SQL Injection, in web applications written in JavaScript. To detect such vulnerabilities, it would be necessary to trace variables affected by user-submitted inputs. However, because of the dynamic nature of JavaScript, it has been a challenging issue to identify those variables without running the web application code. Therefore, most existing taint analysis tools have been developed based on dynamic taint analysis, which requires the overhead of running the target application. In this paper, we propose a novel static taint analysis technique using symbol information obtained from the TypeScript (a superset of JavaScript) compiler to accurately track data flow and detect security vulnerabilities in TypeScript code. Our proposed technique allows developers to annotate variables that can contain unverified user input data, and uses the annotation information to trace variables and data affected by user input data. Since our proposed technique can seamlessly be incorporated into the TypeScript compiler, developers can find vulnerabilities during the development process, unlike existing analysis tools performed as a separate tool. To show the feasibility of the proposed method, we implemented a prototype and evaluated its performance with 8 web applications with known security vulnerabilities. We found that our prototype implementation could detect all known security vulnerabilities correctly.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.14 no.1
• /
• pp.111-118
• /
• 2019

For the security of a vast amount of information, it has been started to diagnose the site as a way of operating and managing the information owned by a company holding assets, to establish indexes to check the actual status and all kinds of standards to obtain security, and also to classify the information assets based on that. This has been extended to many different areas including policies to operate and manage information assets, services, the management of owned devices as physical assets, and also the management of logical assets for application software and platforms. Some of these information assets are already being operated in reality as new technology in new areas, for example, Internet of Things. Of course, a variety of electronic devices like Smart Home are being used in ordinary families, and unlike in the past, these devices generate a series of information life cycles such as accumulating and processing information. Moreover, as even distribution is now being realized, we are facing a task to secure the stability of information assets and also information that assets are holding. The purpose of this study is to suggest and apply standard security policy by moduling methods for information assets owned by companies and even families and obtain the enhancement of confidentiality as well as integrity.

• Convergence Security Journal
• /
• v.4 no.3
• /
• pp.47-55
• /
• 2004

Currently used to manage a whole bunch of networks is the Client/Server Network Management Technique in which a central manager system supports a number of managed ones. Unfortunately it has a big drawback: wasting network resources, most of all bandwidth, which is mainly caused by too much traffic between the central manager system and the managed ones. In a way to overcome this weak point, we have designed a new type of system, a Configuration Management System (CMS), based on code mobility which has been used in distributed network management systems. In this thesis we have compared the CMS with the currently used network management system, identified class to make Mobile Code, and analyzed the techniques of other network management systems in order to verify the validity of the new system.

• ETRI Journal
• /
• v.35 no.3
• /
• pp.501-511
• /
• 2013

Protecting privacy is an important goal in designing location-based services. Service providers want to verify legitimate users and allow permitted users to enjoy their services. Users, however, want to preserve their privacy and prevent tracking. In this paper, a new framework providing users with more privacy and anonymity in both the authentication process and the querying process is proposed. Unlike the designs proposed in previous works, our framework benefits from a combination of three important techniques: k-anonymity, timed fuzzy logic, and a one-way hash function. Modifying and adapting these existing schemes provides us with a simpler, less complex, yet more mature solution. During authentication, the one-way hash function provides users with more privacy by using fingerprints of users' identities. To provide anonymous authentication, the concept of confidence level is adopted with timed fuzzy logic. Regarding location privacy, spatial k-anonymity prevents the users' locations from being tracked. The experiment results and analysis show that our framework can strengthen the protection of anonymity and privacy of users by incurring a minimal implementation cost and can improve functionality.

• Journal of Distribution Science
• /
• v.15 no.10
• /
• pp.15-28
• /
• 2017

Purpose - With the rapid growth of Chinese mobile pay market, it's necessary to run a study of the aims why users prefer to intention of use for mobile fingerprint payment. To reach this goal, UTAUT added Perceived Security and DOI. Research design, data, and methodology - The researchers conducted this study by using collected 3126 responses and the collected data was analyzed by applying statistical techniques factor analysis, AMOS, and Cronbach's Alpha and SPSS 22.0. Results - The result shows that compatibility and relative advantage of mobile fingerprint payment have positive effect on performance expectancy and effort expectancy separately, and the performance expectancy and effort expectancy have positive effect on people's use intention of mobile fingerprint payment. Social influence has a positive effect on the users' use intention of mobile fingerprint payment, Facilitating conditions has a slight effect on the users' use intention of mobile fingerprint payment, Perceived security has the most significant effect on he users' use intention of mobile fingerprint payment. Conclusions - The research showed that compatibility is one of the most important elements that make users continue to use the product. The mobile fingerprint payment must own clearer advantages than other ones that it can reach the biggest market. The Social Influence has a positive influence on the intention of use.