• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.1
• /
• pp.73-81
• /
• 2021

When downloading files using an app or web-based application on the user's mobile phone, the path is set to be saved in the pre-defined default directory. Many applications requiring access to storage, including file managers, require a write or read permission of storage to provide numerous functions and services. This means that the application will have direct access to the download folder where the numerous files downloaded. In this paper, to prove our feasibility of attack using the security vulnerabilities mentioned above, we developed a file hacking function disguised as an encryption function in the file management application. The file that encrypted will be sent to hackers via E-mail simultaneously on the background. The developed application was evaluated from VirusTotal, a malicious analysis engine, was not detected as a malicious application in all 74 engines. Finally, in this paper, we propose a defense technique and an algorithm based on the Trusted Execution Environment (TEE) to supplement these storage vulnerabilities.

• Journal of Digital Convergence
• /
• v.20 no.2
• /
• pp.455-462
• /
• 2022

This study was conducted to find ways to utilize human-centered IT in caring for elderly people who live alone. Through focus group interviews with experts, this study investigated the problems with delivery system, and ethical issues. Problems such as lack of trust, supplier-centered care, and uniform service provision were derived as major problems in the delivery system. These findings indicate that IT should be used as an auxiliary means of face-to-face services and to be controllable and convenient. Issues such as "guaranteeing the right to self-determination," "protecting privacy," "sufficiently guaranteeing the right to know," and "encompassing blind spots" were raised as important ethical issues related to human-centered IT utilization. Based on the research results, this study presented the necessity of designing user-centered information technology and the necessity of developing ethical indicators for the use of human-centered technology.

• Journal of Information Technology Services
• /
• v.23 no.1
• /
• pp.97-121
• /
• 2024

As data usage grows in importance, ensuring individual control over personal information becomes critical. The emergence of the 'MyData' concept addresses this, particularly in financial services. Although the institutional and technological framework for financial MyData services is in place, there's a need to establish consumer understanding and perception of its usefulness and safety for successful activation. This study focuses on investigating the impact of trust on the intention to use the new mobile banking service, financial MyData. This study has three objectives. Firstly, to analyze whether trust in financial MyData services and trust in financial MyData service providers affect the intention to use financial MyData services. Secondly, to analyze the process of forming trust in financial MyData services based on the phenomenon of transferring trust in service providers to trust in services. Thirdly, to identify the process by which trust transfer occurs between service providers and financial MyData services. Ultimately, the goal of this study is to promote the intention to use financial MyData services based on the concept of trust and to activate these services. In summary, this study emphasizes the significance of trust in financial MyData services, exploring its impact on user intention and the transfer of trust from providers to services. By promoting consumer trust, the research aims to contribute to the activation of financial MyData services.

• The Journal of Society for e-Business Studies
• /
• v.21 no.1
• /
• pp.65-77
• /
• 2016

As respecting one's privacy becomes an important issue in mobile device data analysis, on-device analysis is getting attention, in which the data analysis is conducted inside a mobile device without sending data from the device to outside. One possible application of the on-device analysis is gender prediction using text data in mobile devices, such as text messages, search keyword, website bookmarks, and contact, which are highly private, and the limited computing power of mobile devices can be addressed by utilizing the word comparison method, where words are selected beforehand and delivered to a mobile device of a user to determine the user's gender by matching mobile text data and the selected words. Moreover, it is known that performing prediction after filtering instances using definite evidences increases accuracy and reduces computational complexity. In this regard, we propose a two-phase approach to on-device gender prediction, where both discriminability and popularity of a word are sequentially considered. The proposed method performs predictions using a few highly discriminative words for all instances and popular words for unclassified instances from the previous prediction. From the experiments conducted on real-world dataset, the proposed method outperformed the compared methods.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.1
• /
• pp.5-14
• /
• 2017

Many web services which use OAuth Protocol offer users to log in using their personal profile information given by resource servers. This method reduces the inconvenience of the users to register for new membership. However, at the time a user finishes using OAuth client web service, even if he logs out of the client web service, the resource server remained in the login state may cause the problem of leaking personal information. In this paper, we propose a solution to mitigate the threat by providing an additional security behavior check: when a user requests to log out of the Web Client service, he or she can make decision whether or not to log out of the resource server via confirmation notification regarding the state of the resource server. By utilizing the proposed method, users who log in through the OAuth Protocol in the public PC environment like department stores, libraries, printing companies, etc. can prevent the leakage of personal information issues that may arise from forgetting to check the other OAuth related services. To verify our study, we implement a Client Web Service that uses OAuth 2.0 protocol and integrate it with our security behavior check. The result shows that with this additional function, users will have a better security when dealing with resource authorization in OAuth 2.0 implementation.

• Journal of Korean Library and Information Science Society
• /
• v.38 no.3
• /
• pp.53-72
• /
• 2007

The Internet is now an integral part of the everyday lives of a majority of people. They are demanding web sites that offer credible information - Just as much as they want sites that are easy to navigate. But the online reality today is that few Internet users say they can trust the web sites that have products for sale or the sites that offer advice about which products and services to buy. Users want the web sites they visit to provide clear information to allow them to judge the site's credibility. Users want to know who runs the site; how to reach those people; the site's privacy policy; and how the site deals with mistakes. In the eyes of users all sites ate not equal. Users have different credibility standards for different types of sites. For news and information sites users want advertising clearly labeled as advertising. And users want the site to provide a list of the editors responsible for the site's contents, including the editor's email address. For e-commerce sites, user expectations and demands are just about as high as they can be. They say that it is very important that these sites provide specific, accurate information about the site's policies and practices.

• Journal of KIISE:Computer Systems and Theory
• /
• v.30 no.2
• /
• pp.78-92
• /
• 2003

In related to mobile communication environment, many researchers have studied problems concerning current locations of mobile users and exposure of their movements in the privacy aspect so far [1,2,3,4,5,6,7,8,9]. Among them, Kesdogan and Pfitzmann [3,6] proposed effective solutions using temporary pseudonym identification, called TP(Temporary Pseudonym ) to solve them. After that, Kesdogan et al. proposed an improved method protecting mobile users from some types of attacks of network providers in [8]. However, among their methods, in particular the method, attaching the other new device (so-called Reachability Manager) to system against active attack of network providers, is alterative rather than practical and is not clear. Moreover, it requires the other cost and overhead. Therefore we propose a practical method against active attack of network providers without attaching new device in original environments. The basie idea of proposed method is to protect a fraud act of network provider as a inside user by exchanging a secret information, which only users and network providers know, via network provider between mobile user and the trusted third party (so-called Trust Device). Moreover, we introduce a new payment protocol which applied our method.

• Journal of the Korea Society of Computer and Information
• /
• v.25 no.8
• /
• pp.159-172
• /
• 2020

Social networking services (SNS) are developing significantly with the Internet and smartphones. It's a friendly social media, but if you think deeply about it, you'll find that it has a variety of faces. It is a communication tool between users, a medium for delivering information, an infrastructure for providing applications, and a community where people with common interests gather. In recent years, business tools, shopping and payment methods are also being swallowed. The influence of the spread of SNS on the real world is also expanding, and the work being dealt with from a sociological perspective is also increasing. Also, if you pay attention to the technical aspects of SNS, it is composed of various technical elements, such as infrastructure that handles large-scale access, user interface that supports comfortable use, and big data analysis to understand people's behavior more deeply. However, I usually use it as usual. However, if you look through SNS, you can see that the situation is surprisingly profound and multifaceted. This study began by looking at the history and current status of SNS and attempted to find its status through comparison with other media. From the point of view of relationship with society, it can be a risk and legal issue when using SNS, such as crimes using bad social media or social media. It is also necessary to comment on the activities on SNS or the guidelines established by the operators. Therefore, various legal issues on SNS will be discussed. Also, as an example of using SNS, I will introduce an example of using SNS in disaster response. From a more technical point of view, you will receive commentary on SNS's network-based technology and SNS's information use, and these articles will help you understand and use SNS safely and help you further utilize or develop SNS.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.4
• /
• pp.739-751
• /
• 2014

We are using our smartphone for our business as well as ours lives. Thus, user's privacy data and a company secret are stored at smartphone. By the way, the saved data on smartphone database can be exposed to a malicous attacker when a malicous app is installed in the smartphone or a user lose his/her smartphone because all data are stored as form of plaintext in the database. To prevent this disclosure of personal information, we need a database encryption method. However, if a database is encrypted, it causes of declining the performance. For example, when we search specific data in condition with encrypted database, we should decrypt all data stored in the database or search sequentially the data we want with accompanying overhead[1]. In this paper, we propose an efficient and searchable encryption method using variable length bloom filter under limited resource circumstances(e.g., a smartphone). We compare with existing searchable symmetric encryption. Also, we implemented the proposed method in android smartphone and evaluated the performance the proposed method. As a result through the implementation, We can confirm that our method has over a 50% improvement in the search speed compared to the simple search method about encrypted database and has over a 70% space saving compared to the method of fixed length bloom filter with the same false positive rate.

• Journal of the Korean Society for Library and Information Science
• /
• v.57 no.4
• /
• pp.333-351
• /
• 2023

This study investigates user behavior in library spaces through the lens of AI camera analytics. By leveraging the face recognition and tracking capabilities of AI cameras, we accurately identified the gender and age of visitors and meticulously collected video data to track their movements. Our findings revealed that female users slightly outnumbered male users and the dominant age group was individuals in their 30s. User visits peaked between Tuesday to Friday, with the highest footfall recorded between 14:00 and 15:00 pm, while visits decreased over the weekend. Most visitors utilized one or two specific spaces, frequently consulting the information desk for inquiries, checking out/returning items, or using the rest area for relaxation. The library stacks were used approximately twice as much as they were avoided. The most frequented subject areas were Philosophy(100), Religion(200), Social Sciences(300), Science(400), Technology(500), and Literature(800), with Literature(800) and Religion(200) displaying the most intersections with other areas. By categorizing users into five clusters based on space utilization patterns, we discerned varying objectives and subject interests, providing insights for future library service enhancements. Moreover, the study underscores the need to address the associated costs and privacy concerns when considering the broader application of AI camera analytics in library settings.