• Journal of the Korean Institute of Intelligent Systems
• /
• v.14 no.4
• /
• pp.506-511
• /
• 2004

Biometrics is getting more and more attention in recent years for security and other concerns. So far, only fingerprint recognition has seen limited success for on-line security check, since other biometrics verification and identification systems require more complicated and expensive acquisition interfaces and recognition processes. Hand-Geometry has been used for biometric verification and identification because of its acquisition convenience and good performance for verification and identification performance. Hence, it can be a good candidate for online checks. Therefore, this paper proposes a Hand-Geometry recognition system based on geometrical features of hand. From anatomical point of view, human hand can be characterized by its length, width, thickness, geometrical composition, shapes of the palm, and shape and geometry of the fingers. This paper proposes thirty relevant features for a Hand-Geometry recognition system. However, during experimentation, it was discovered that length measured from the tip of the finger was not a reliable feature. Hence, we propose a new technique based on Genetic Algorithm for extraction of the center of nail bottom, in order to use it for the length feature.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.4
• /
• pp.607-616
• /
• 2014

Face recognition is a big challenge in surveillance system since different rotation angles of the face make the difficulty to recognize the face of the same person. This paper proposes a novel method to recognize face with different head poses by using 3D information of the face. Firstly, head pose estimation (estimation of different head pose angles) is accomplished by the POSIT algorithm. Then, 3D face image data is constructed by using head pose estimation. After that, 2D image and the constructed 3D face matching is performed. Face verification is accomplished by using commercial face recognition SDK. Performance evaluation of the proposed method indicates that the error range of head pose estimation is below 10 degree and the matching rate is about 95%.

• Journal of Industrial Convergence
• /
• v.21 no.7
• /
• pp.41-49
• /
• 2023

In recent years, various educational institutions have used online certificate services to verify academic achievement related to graduation and grades. However, the certificate of the existing system has limitations in verifying and tracking whether it is true or not and detailed academic background. In this regard, cases of forgery/falsification of online/offline certificates continue to occur. This study proposes a blockchain-based verification method that is safe from forgery and alteration, focusing on university institutions. Necessary information such as detailed class categories for each department, attendance, and detailed grades was collected/analyzed to create a linkage relationship through blockchain. In addition, the system/network environment required for blockchain sharing was considered, and it was implemented as an extension module in the form of an independent web application. As a result of the block chain verification, it was proved that the safe trust verification of educational information and the relationship between detailed information can be traced. This study aims to contribute to the improvement of academic credential verification services and information security for Korean educational institutions in the future.

• Journal of Digital Convergence
• /
• v.12 no.8
• /
• pp.113-127
• /
• 2014

The use of mobile devices offers a variety of services to the individuals and companies. On the other hand, security threats and new mobile security threats that exist in IT infrastructure to build the environment for mobile services are present at the same time. Services such as mobile and vaccine management services, such as MDM (Mobile Device Management) has attracted a great deal of interest in order to minimize the threat of security in mobile environment. These solutions can not protect an application that was developed for the mobile service from the threat of vulnerability of mobile application itself. Under these circumstances, in this paper, we proposed mobile application security checklists based on application security review items in order to prevent security accidents that can occur in a mobile service environment. We collected and analyzed Android applications, we performed a total inspection of the applications for verification of the effectiveness of the check items. And we checked that the check items through a survey of experts suitability was verified.

• Journal of KIISE:Information Networking
• /
• v.28 no.3
• /
• pp.369-376
• /
• 2001

The firewall systems can be installed between the intemal network and the extemal network. The firewall systems has the least privilege, so its does not provide transparency to user. This problem of transparency can be solved by using the proxy. In this thesis, I have designed and verified the FTP-PSM(FTP-Proxy Security Mode]) which provides transparency for the firewall systems and has a strong security function. FTP-PSM doesn't finish its work after implementing a command. Instead, its does several security functions such as user authentication, MAC(MandatOlY Access Controll, DAC(Discretionary Access Controll and authentication of user group. Those data must not be lost under any circumstances in order to implement the above security functions. So, the security against such problems as falling into deadlock or unlimited loop during the implementation must be verified. Therefore, FTP-PSM suggested in thesis was verified its security through PHPlace Invariant) based on CPNlCo]oured Petri Net).

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2021.10a
• /
• pp.443-444
• /
• 2021

Security threats to information services are increasingly being developed, and the frequency and damage caused by security threats are also increasing. In particular, security threats occurring inside the organization are increasing significantly, and the size of the damage is also large. A zero trust model has been proposed as a way to improve such a security environment. In the zero trust model, a subject who has access to information resources is regarded as a malicious attacker. Subjects can access information resources after verification through identification and authentication processes. However, the initially proposed zero trust model basically focuses on the network and does not consider the security environment for systems or data. In this study, we proposed a zero trust-based access control mechanism that extends the existing zero trust model to the file system. As a result of the study, it was confirmed that the proposed file access control mechanism can be applied to implement the zero trust model.

• Convergence Security Journal
• /
• v.19 no.4
• /
• pp.43-53
• /
• 2019

Recently, a number of military intranet infiltrations suspected of North Korea have been discovered. There was a problem that a vulnerability could occur due to the modification of user authentication data that can access existing military information systems. In this paper, we applied mutual verification technique and API (Application Programming Interface) forgery / forgery blocking and obfuscation to solve the authentication weakness in web browsers that comply with FIDO (Fast IDentity Online) standard. In addition, user convenience is improved by implementing No-Plugin that does not require separate program installation. Performance tests show that most browsers perform about 0.1ms based on the RSA key generation rate. In addition, it proved that it can be used for commercialization by showing performance of less than 0.1 second even in the digital signature verification speed of the server. The service is expected to be useful for improving military information system security as an alternative to browser authentication by building a web secure storage.

• Journal of Digital Convergence
• /
• v.12 no.5
• /
• pp.249-254
• /
• 2014

Recent advancement of USN technology has lent itself to the evolving communication technology for implantable devices in the field of medical service. The wireless transmission section for communication between implantable medical devices and patients is a cause of concern over invasion of privacy, resulting from external attackers' hacking and thus leakage of private medical information. In addition, any attempt to manipulate patients' medical information could end up in serious medical issues. The present study proposes an authentication protocol safe against intruders' attacks when RFID/USN technology is applied to implantable medical devices. Being safe against spoofing, information exposure and eavesdropping attacks, the proposed protocol is based on hash-function operation and adopts session keys and random numbers to prevent re-encryption. This paper verifies the security of the proposed protocol using the formal verification tool, Casper/FDR.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.14 no.5
• /
• pp.11-21
• /
• 2004

To authorize IPSec-VPN Client in Client-to-Gateway type of the IPSec-VPN system, it can be normally used with ID/Password verification method or the implicit authorization method that regards implicitly IPSec-VPN gateway as authorized one in case that the IPSec-VPN client is authenticated. However, it is necessary for the Client-to-Gateway type of the IPSec-VPN system to have a more effective user authorization mechanism because the ID/Password verification method is not easy to transfer the ID/Password information and the implicit authorization method has the vulnerability of security. This paper proposes an effective user authorization mechanism using an attribute certificate and designs a user authorization engine. In addition, it is implemented in this study. The user authorization mechanism for the IPSec-VPN system proposed in this study is easy to implement the existing IPSec-VPN system. Moreover, it has merit to guarantee the interoperability with other IPSec-VPN systems. Furthermore, the user authorization engine designed and implemented in this paper will provide not only DAC(Discretional Access Control) and RBAC(Role-Based Access Control) using an attribute certificate, but also the function of SSO(Single-Sign-On).

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.17 no.1
• /
• pp.115-119
• /
• 2007

The IPv6 protocol provides the method to automatically generate an address of a node without additional operations of administrators, Before the generated address is used, the duplicate address detection (DAD) mechanism is required in order to verify the address. However, during the process of verification of the address, it is possible for a malicious node to send a message with the address which is identical with the generated address, so the address can be considered as previously used one; although the node properly generates an address, the address cannot be used. In this paper, we present a strong scheme to perform the DAD mechanism based on hash functions in IPv6 networks. Using this scheme, many nodes, which frequently join or separate from wireless networks in public domains like airports, terminals, and conference rooms, can effectively generate and verify an address more than the secure neighbor discovery (SEND) mechanism.