• Title/Summary/Keyword: User security

Search Result 2,715, Processing Time 0.025 seconds

Motion-Based User Authentication for Enhanced Metaverse Security (메타버스 보안 강화를 위한 동작 기반 사용자 인증)

  • Seonggyu Park;Gwonsang Ryu
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.34 no.3
    • /
    • pp.493-503
    • /
    • 2024
  • This paper addresses the issue of continuous user authentication within the metaverse environment. Recently, the metaverse plays a vital role in personal interaction, entertainment, education, and business, bringing forth significant security concerns. Particularly, vulnerabilities related to user identity verification have emerged as a major issue. This research proposes a novel method to verify identities by analyzing users' character movements in the metaverse through a pose estimation model. This method uses only video data for authentication, allowing flexibility in limited environments, and investigates how character movements contribute to user identification through various experiments. Furthermore, it explores the potential for extending this approach to other digital platforms. This research is expected to significantly contribute to enhancing security and innovating user identity verification methods in the metaverse environment.

Information Security on Learning Management System Platform from the Perspective of the User during the COVID-19 Pandemic

  • Mujiono, Sadikin;Rakhmat, Purnomo;Rafika, Sari;Dyah Ayu Nabilla, Ariswanto;Juanda, Wijaya;Lydia, Vintari
    • Journal of information and communication convergence engineering
    • /
    • v.21 no.1
    • /
    • pp.32-44
    • /
    • 2023
  • Information security breach is a major risk in e-learning. This study presents the potential information security disruptions in Learning Management Systems (LMS) from the perspective of users. We use the Technology Acceptance Model approach as a user perception model of information security, and the results of a questionnaire comprising 44 questions for instructors and students across Indonesia to verify the model. The results of the data analysis and model testing reveals that lecturers and students perceive the level of information security in the LMS differently. In general, the information security aspects of LMSs affect the perceptions of trust of student users, whereas such a correlation is not found among lecturers. In addition, lecturers perceive information security aspect on Moodle is and Google Classroom differently. Based on this finding, we recommend that institutions make more intense efforts to increase awareness of information security and to run different information security programs.

A Novel Security Scheme with Message Level Security for Hybrid Applications

  • Ma, Suoning;Joe, Inwhee
    • Proceedings of the Korea Information Processing Society Conference
    • /
    • 2016.04a
    • /
    • pp.215-217
    • /
    • 2016
  • With the popularity of smart device, mobile applications are playing more and more important role in people's daily life, these applications stores various information which greatly facilitate the user's daily life. However due to the frequent transmission of data in the network also increases the risk of data leakage, more and more developers began to focus on how to protect user data. Current mainstream development models include Native development, Web development and Hybrid development. Hybrid development is based on JavaScript and HTML5, it has a cross platform advantages similar to Web Apps and a good user experience similar to Native Apps. In this paper according to the features of Hybrid applications, we proposed a security scheme in Hybrid development model implements message-level data encryption to protect user information. And through the performance evaluation we found that in some scenario the proposed security scheme has a better performance.

Design of Infringement Accidents Preventing System Using DNS Information Retrieval Integration Method (DNS 정보 검색 연동 기법을 이용한 침해 사고 예방 시스템 설계)

  • Kim, Kwang-Sup;Park, Young-Gil;Ro, Soong-Hwan;Kim, Bong-Hyun
    • Journal of the Korea Institute of Information and Communication Engineering
    • /
    • v.16 no.9
    • /
    • pp.1955-1962
    • /
    • 2012
  • Recently the flow of information security has become a user-centered change. This is mostly breach of security by the normal and abnormal entering harmful files during user internet. Therefore, we would like to design security system that breach of security can be prevented in advance to improve using the reliability of DNS and system control in this paper. In other words, we would like to suggest method can be block randomly to access the site which information security system of user-centric is breached harmful files infected in user computer.

Real-time user behavior monitoring technique in Linux environment (Linux 환경에서 사용자 행위 모니터링 기법 연구)

  • Sung-Hwa Han
    • Convergence Security Journal
    • /
    • v.22 no.2
    • /
    • pp.3-8
    • /
    • 2022
  • Security threats occur from the outside, but more often from the inside. In particular, since the internal user knows about the information service, the security threat damage caused by the internal user is greater. In this environment, the actions of all users accessing information services should be monitored and recorded in real-time. However, the current operating system records only the logs of system and application execution, so there is a limit to monitoring user behavior in real-time. In such a security environment, damage may occur due to user's unauthorized actions. To solve this problem, this study proposes an architecture that monitors user behavior in real-time in a Linux environment. As a result of verifying the function to confirm the effectiveness of the proposed architecture, the console input values and output angles of all users who have access to the operating system are monitored in real-time and stored. Although the performance of the proposed architecture is somewhat slower than the identification and authentication functions provided by the operating system, it was confirmed that the performance was not at a level that users would recognize, and thus it was judged to be sufficiently effective. However, since this study focuses on monitoring the console behavior, it is impossible to monitor the behavior of user applications running in the background, so additional research is needed.

An Analysis of Security Threats and Security Requirements on the Designated PC Solution

  • Lee, Kyungroul;Lee, Sun-Young;Yim, Kangbin
    • Journal of the Korea Society of Computer and Information
    • /
    • v.22 no.5
    • /
    • pp.29-39
    • /
    • 2017
  • In this paper, we analyse security threats and security requirements about the designated PC solution which restricts usable PCs that are only an user own PCs or a registered PC for online banking or very important services. Accordingly, causable threats of the designated PC solution are classified a process, a network layer, a software module, and an environment of platform, and we draw security requirements based on analysed security threats. Results of this research are considered utilization of criteria for improving security of the designated PC solution and standards for giving hint of imposition of the designated PC solution.

A Identity Escrow mechanism supporting key recovery (키 복구를 지원하는 향상된 신원위탁 메커니즘)

  • 이용호;이임영;김주한;문기영
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.12 no.3
    • /
    • pp.119-128
    • /
    • 2002
  • In case certification between user and service provider is achieved, problem that user's identity is revealed is occurring by social issue, so it was presented identity escrow scheme to solve these problem. In identity escrow scheme, the issuer who have correct user's identity transmits securely anonymity authentication information to user, and user achieves authentication phase with service provider keeping oneself anonymity using this. In this paper, we present requirement for security and trusty of identity escrow scheme and propose new mechanism that can security this. Also, propose method that service provider can deliver securely contents to user and propose mechanism that improve that support ky recovery at encryption communication that using secret key that it was generated by key agreement between users.

Design of COS for smart card user authentication using signature (서명을 이용한 스마트카드 사용자 인증을 위한 COS 설계)

  • 송영상;신인철
    • Journal of the Institute of Electronics Engineers of Korea CI
    • /
    • v.41 no.4
    • /
    • pp.103-112
    • /
    • 2004
  • This paper suggests the way to realize smart card security system by using handwritten signature instead of a password which is traditionally used for user authentication. Because of the familiarity of signature we don't need to try to remember the password and signature is difficult to be used by guess or illegal forced situation. The feature data of handwritten signature is large, so we designed COS which is consist of special commands for processing user's handwritten signature data, user authentication, and basic commands based on ISO 7816-3. Also protocol among user, smart card terminal and DB server is designed. In registration process, the feature data of user signature is saved in both a DB server and a smart card. User authentication is processed by comparing the user signature and the saved feature data in a smart card and in a DB server. And the authentication result and hash value of signature data in DB server are transferred to smart card. During this process the authentication between DB server and user is finished. The proposed security system has more higher level of security in user authentication of smart card and it will Provide safer and more convenient security services.

Secure GSM User Authentication Protocol For User Privacy (사용자 프라이버시를 위한 안전한 GSM 사용자인증 프로토콜)

  • Park, Mi-Og;Kim, Chang-Min
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.16 no.6
    • /
    • pp.157-161
    • /
    • 2006
  • GSM(Global System for Mobile communications) that is the most popular standard for mobile phones, has more than 70% users in the world and the number of users increase continuously. However GSM system has the problem that cannot normally authenticate a user by the exposure of IMSI that is able to uniquely authenticate MS? during the user authentication procedure. In this paper? we provide security enhancement and user privacy by adopting a temporary id and an encryption scheme. Moreover we provide fast user authentication via architecture modification of the conventional GSM user authentication protocol.

A Design Of Role-based Emergency Medical Information Security System REMISS (역할기반 응급의료정보보안시스템 REMISS의 설계)

  • Kim, Hyung-Hoon;Cho, Jeong-Ran
    • Journal of the Korea Society of Computer and Information
    • /
    • v.19 no.10
    • /
    • pp.185-195
    • /
    • 2014
  • In this paper, we designed a role-based emergency medical information security system REMISS added the security concept to the existing emergency medical information system. Also we suggested a REMISS protocol based on HL7 for using the emergency medical information and the security information. The procedure of security consists of user authentication phase and role/permission assign phase in the REMISS. The REMISS can supply proper security service since the REMISS assign proper permissions to each users of emergency medical information system and allow the user to access the permitted emergency medical information by using security information of the REMISS. There are some advantages that REMISS can adapt to the changing of the role of each user by dynamic exchanging the security information and assigning permissions to each user.