• Journal of Convergence for Information Technology
• /
• v.8 no.6
• /
• pp.173-186
• /
• 2018

While cloud services are expanding, many users are having difficulty in adopting cloud services. This is because there is no information as to which cloud services can be trusted by users. loud service level agreement (Cloud SLA) is an agreement between cloud service providers and cloud service consumers using qualitative and quantitative indicators including quality and performance, etc. of cloud services. In this study, we propose a framework for cloud SLA that can be applied to the domestic cloud industry to improve service levels for cloud service providers and to protect users and also derive the detailed components of cloud SLA applicable to the domestic cloud industry using the proposed framework. Through this result, it is expected that the government will utilize the policy to enhance the reliability between cloud service providers and users under "the Act on the Development of Cloud Computing and Protection of Users", and eventually to activate cloud services by improving the quality and performance level of domestic cloud services and building a user trust.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.6
• /
• pp.1371-1378
• /
• 2018

Bluetooth is the key technology in the wireless connection of many Internet of Things (IoT) devices, especially focused on smartphones today. In addition, Bluetooth communication between the IoT device and the user is mainly performed via Bluetooth Low Energy (BLE), but as the Bluetooth technology gradually develops, the security vulnerability of the existing BLE is more prominent. Research on Bluetooth accessibility has been conducted steadily so far, but there is lack of research for data protection in Bluetooth communication. Therefore, in this paper, when sending and receiving data in BLE communication between IoT and users, we propose effective methods for communicating with each other through the Format Preserving Encryption Algorithm (FEA), not the plain text, and measures performance of FEA which is optimized in Arduino and PC.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.4
• /
• pp.753-773
• /
• 2019

CV(Connected Vehicle) technology provides safety-related services and user convenience-related services to vehicle. Safety-related services can cause privacy problem by continuously transmitting vehicle information to nearby vehicles or base stations. Therefore, safety-related services should provide vehicle anonymity for privacy protection. However, if convenience-related services such as payment services fail to provide vehicle anonymity, driver information related to safety-related services may also be leaked. In this paper, we design a payment protocol based on ECQV(Elliptic Curve Qu-Vanstone) impicit certificate and group signature that provides BU-anonymity and traceability. The proposed payment protocol makes it impossible to track vehicles from payment transactions history by separating roles of payment system components. Moreover, we define the security requirements that the vehicle payment protocol must satisfy and show that the protocol satisfies the requirements.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.4
• /
• pp.885-895
• /
• 2019

As seen in recent cases of hacking in financial services, attackers are attempting to hacking trustee with poor security management, rather than directly hacking a financial company. As a result, the consignor is strengthening the security check and control of the trustee, but small trustee has difficulties to invest in information security with the lack of computer facilities and the excessive cost of security equipment. In this paper I investigate the vulnerability of personal information processing life cycle standards in order to enhance the security of small consignee that receive personal information form the credit card company. To solve the vulnerability the company should use litigation management system constructed on cloud computing service and install VPN to secure confidentiality and intergrity in data transfer section. Also, to enhance the security of users, it is suggested to protect personal credit information by installing PC firewall and output security on user PC.

• Convergence Security Journal
• /
• v.17 no.5
• /
• pp.57-61
• /
• 2017

The National research networks exist to support advanced science and technology in each country. The national research network must meet the requirements of science and technology in each field and continuously develop around the continuously changing environment. In recent years, demand for data - oriented science and technology research forms has been increasing. To cope with this demand, advanced national research networks are establishing mid - to long - term strategies. In this paper, the status of the advanced research network and trends and requirements of the national research network are analyzed from the viewpoint of the change of the research network environment, the change of science / technology, and the change of industry and life. In order to respond to the analyzed requirements, we propose mid - to long - term development directions and plans for establishing future network backbone, providing user - centered collaborative research environment, providing global collaborative network service, and providing high - tech science and technology research data information protection service.

• Journal of Convergence for Information Technology
• /
• v.9 no.9
• /
• pp.33-37
• /
• 2019

According to the enforcement of the Cloud Computing Development and User Protection Act, a new paradigm called as Cloud Computing is coming to the fore among public and private domestic enterprises. Therefore, domestic companies should develop SaaS products specialized for the domestic market and try to preempt the IaaS market ahead of global companies. Now we are facing a necessity to combine all the cloud systems in Korean government to operate seamlessly in a harmony. In this paper, we will look at the prospect of future development of related industry through cloud computing concept and G-cloud's cloud management system (G-CMS). G-CMS can be seen as the first system to comprehensively manage heterogeneous Unix virtualization systems. G-CMS can also save costs by managing heterogeneous virtualization systems in data centers.

• Smart Media Journal
• /
• v.8 no.1
• /
• pp.19-26
• /
• 2019

At the opening ceremony of 2018 Winter Olympics in PyeongChang, an unknown cyber-attack occurred. The malicious code used in the attack is based on in-memory malware, which differs from other malicious code in its concealed location and is spreading rapidly to be found in more than 140 banks, telecommunications and government agencies. In-memory malware accounts for more than 15% of all malicious codes, and it does not store its own information in a non-volatile storage device such as a disk but resides in a RAM, a volatile storage device and penetrates into well-known processes (explorer.exe, iexplore.exe, javaw.exe). Such characteristics make it difficult to analyze it. The most recently released in-memory malicious code bypasses the endpoint protection and detection tools and hides from the user recognition. In this paper, we propose a method to efficiently extract the payload by unpacking injection through IDA Pro debugger for Dorkbot and Erger, which are in-memory malicious codes.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.21 no.3
• /
• pp.159-168
• /
• 2021

As the information age enters, the use of biometrics using the body is gradually increasing because it is very important to accurately recognize and authenticate each individual's identity for information protection. Among them, finger vein authentication technology is receiving a lot of attention because it is difficult to forge and demodulate, so it has high security, high precision, and easy user acceptance. However, the accuracy may be degraded depending on the algorithm for identification or the surrounding light environment. In this paper, we designed and manufactured a side-type finger vein recognizer that is highly versatile among finger vein measuring devices, and authenticated using the deep learning model of DenseNet-201 for high accuracy and recognition rate. The performance of finger vein authentication technology according to the influence of the infrared light source used and the surrounding visible light was analyzed through simulation. The simulations used data from MMCBNU_6000 of Jeonbuk National University and finger vein images taken directly were used, and the performance were compared and analyzed using the EER.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.14 no.5
• /
• pp.3-10
• /
• 2004

A Wireless Lan has an importance of access control, because we can use wireless Internet via AP(Access Point). Moreover, to use wireless LAN, we will go through authentication process of EAP. DoS(Denial of Service) attack is one of the fatal attack about these AP access and authentication process. That is, if malicious attacker keeps away access of AP or consumes memory of server and calculation ability of CPU and etc. compulsorily in authentication process, legal user can't get any services. In this paper, we presents the way of protection against the each attack that is classified into access control, allocation of resource, attack on authentication protocol. The first thing, attack to access control, is improved by pre-verification and the parameter of security level. The second, attack of allocation of resource, is done by partial stateless protocol. And the weak of protocol is done by time-stamp and parameter of access limitation.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.18 no.4
• /
• pp.79-91
• /
• 2008

Modern society as an information society, a lot of information is communicated in on-line. Specially, mobile environment based on radio communication has a characteristic of flexibility compared with wire communication and is developed rapidly. However, the more mobile technology is developed the more security for sensitive information is needed. Therefore, MTM(Mobile Trusted Module) is developed and promoted by TCG(Trusted Computing Group), which is an industry standard body to enhance the security level in the mobile computing environment. MTM, hardware security module for mobile environment, offers user's privacy protection, platform integrity verification, and individual platform attestation. On the other hand, secure migration scheme is required in case secret data or key is transferred from one platform to the other platform. In this paper, we analyze migration schemes which were described in TCG standard and other papers and then propose security maintenance scheme for secret data using USIM(Universal Subscriber Identity Module).