• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.4
• /
• pp.731-742
• /
• 2017

For all the various cryptographic techniques related to security, social technological attacks such as a shoulder surfing are infeasible to block off completely. Especially, the attacks are executed against financial facilities such as automated teller machine(ATM) which are located in public areas. Furthermore, online financial services whose rate of task management is consistently increasing are vulnerable to a shoulder surfing, smudge attacks, and key stroke inference attacks with google glass behind the convenience of ubiquitous business transactions. In this paper, we show that the security of ATM and internet banking can be reinforced against a shoulder surfing by using One-Time Keypad(OTK) and compare the security of OTK with those of ordinary keypad and One-Time Password(OTP).

• Spatial Information Research
• /
• v.20 no.1
• /
• pp.59-69
• /
• 2012

For the USN(Ubiquitous Sensor Network) environment which generally uses spatial sensor data as well as aspatial sensor data, a sensor database system to manage these sensor data is essential. In this reason, some sensor database systems such as TinyDB, Cougar are being developed by many researchers. However, since most of them do not support spatial data types and spatial operators to manage spatial sensor data, they have difficulty in processing spatial sensor data. Therefore, this paper developed a spatial sensor database system by extending TinyDB. Especially, the system supports spatial data types and spatial operators to TinyDB in order to manage spatial sensor data efficiently and provides the memory management function and the filtering function to reduce the system overload caused by sensor data streams. Lastly, we compared the processing time, accuracy, and memory usage of the spatial sensor database system with those of TinyDB and proved its superiority through the performance evaluation.

• Journal of Digital Contents Society
• /
• v.6 no.1
• /
• pp.19-24
• /
• 2005

Mobile service is able to offer the elastic service to anyone regardless of the place and the tin. With this characteristics, the ubiquitous service could be also provided even to the place which the access was limited with the existing line service, which could improve the mutual connection and could result in the service extension Mobile communication companies, which realized the limit of sale only by telephone conversation, have made an effort to develop wireless internet with concentration as its alternation. Especially concentrating their effort both to the development of distinctive and various contents and to tin development of system for mobile service such as the mobile banking, mobile game and etc., they have done their best to secure the number of the people using the wireless internet. This study is to propose the electronic account system based on the mobile as a case study of contents production for such a mobile service. This system has its advantage to perform the financial management immediately when the income and outcome happen without limitation of the time and space. The information could be stored, searched and modified by using of the mobile phone for this system was made up for the weak point of the financial management for wired internet.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.2 no.6
• /
• pp.312-332
• /
• 2008

Password-based authentication key exchange (PAKE) protocols in the literature typically assume a password that is shared between a client and a server. PAKE has been applied in various environments, especially in the “client-server” applications of remotely accessed systems, such as e-banking. With the rapid developments in modern communication environments, such as ad-hoc networks and ubiquitous computing, it is customary to construct a secure peer-to-peer channel, which is quite a different paradigm from existing paradigms. In such a peer-to-peer channel, it would be much more common for users to not share a password with others. In this paper, we consider password-based authentication key exchange in the three-party setting, where two users do not share a password between themselves but only with one server. The users make a session-key by using their different passwords with the help of the server. We propose an efficient password-based authentication key exchange protocol with different passwords that achieves forward secrecy in the standard model. The protocol requires parties to only memorize human-memorable passwords; all other information that is necessary to run the protocol is made public. The protocol is also light-weighted, i.e., it requires only three rounds and four modular exponentiations per user. In fact, this amount of computation and the number of rounds are comparable to the most efficient password-based authentication key exchange protocol in the random-oracle model. The dispensation of random oracles in the protocol does not require the security of any expensive signature schemes or zero-knowlegde proofs.

• KIPS Transactions on Computer and Communication Systems
• /
• v.2 no.12
• /
• pp.541-552
• /
• 2013

Recently software security of the smart phone is an important issue in the field of information science and technology due to fast propagation of smart technology in our life. The smart phone as the security critical systems which are utilizing in terminal systems of the banking, ubiquitous home management, airline passengers screening, and so on are related to the risk of costs, risk of loss, risk of availability, and risk by usage. For the security issues, software hazard analysis of smart phone is the key approaching method by use of observed failures. In this paper, we propose an efficient integrative framework for software security analysis of the smart phone using Fault Tree Analysis (FTA) and Failure Mode Effect Analysis (FMEA) to gain a convergence security and reliability analysis technique on hand handle devices. And we discuss about that if a failure mode effect analysis performs simpler, not only for improving security but also reducing failure effects on this smart device, the proposed integrative framework is a key solution.