• Journal of Korea Multimedia Society
• /
• v.19 no.2
• /
• pp.308-315
• /
• 2016

With the advancement in the area of cloud storage services as well as a tremendous growth of social networking sites, permission for one web service to act on the behalf of another has become increasingly vital as social Internet services such as blogs, photo sharing, and social networks. With this increased cross-site media sharing, there is a upscale of security implications and hence the need to formulate security protocols and considerations. Recently, OAuth, a new protocol for establishing identity management standards across services, is provided as an alternative way to share the user names and passwords, and expose personal information to attacks against on-line data and identities. Moreover, OwnCloud provides an enterprise file synchronizing and sharing that is hosted on user's data center, on user's servers, using user's storage. We propose a secure Social Networking Site (SSN) access based on OAuth implementation by combining two novel concepts of OAuth and OwnCloud. Security analysis and performance evaluation are given to validate the proposed scheme.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.12 no.6
• /
• pp.2946-2959
• /
• 2018

Choi et al's work [1] in 2015 demonstrated that the resident registration numbers (RRNs) of individuals could be conveniently estimated through their personal information that is ordinarily disclosed in social network services. As a follow-up to the study, we introduce the status of the RRN system in Korea in terms of its use in the online environment, particularly focusing on their secure use. We demonstrate that it is still vulnerable against a straightforward attack. We establish that we can determine the RRNs of the current president Moon Jae-In and the world-class singer PSY.

• Journal of the Korea Society of Computer and Information
• /
• v.29 no.4
• /
• pp.83-89
• /
• 2024

After the end of the service of Internet Explorer, the use of ActiveX ended, and the Non-ActiveX policy spread. HTML5 is used as a standard protocol for web pages established based on the Non-ActiveX policy. HTML5, developed in the W3C(World Wide Web Consortium), provides a better web application experience through API, with various elements and properties added to the browser without plug-in. However, new security vulnerabilities have been discovered from newly added technologies, and these vulnerabilities have widened the scope of attacks. There is a lack of research to find possible security vulnerabilities in HTML5-applied websites. This paper proposes a model for detecting tags and attributes with web vulnerabilities by detecting and analyzing security vulnerabilities in web pages of public institutions where plug-ins have been removed within the last five years. If the proposed model is applied to the web page, it can analyze the compliance and vulnerabilities of the web page to date even after the plug-in is removed, providing reliable web services. And it is expected to help prevent financial and physical problems caused by hacking damage.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.14 no.3
• /
• pp.1428-1438
• /
• 2013

Services take place in Internet environment, a formation of the trust relationship between user and service provider for services. Different authentication schemes such as using Certificate of Public Key Infrastructure authentication and using ID/PW for a simple user authentication have been proposed for trust relationship. In addition, in the case of electronic financial transactions, transaction integrity and non-repudiation features are provided. These services are provided in Internet environment, use various measures to ensure service safety. However, it was difficult to prevent attacks using existing security technology because of emergence of MITB attack that manipulate the memory area of the Web browser and social engineering attacks such as phishing/pharming, requires application of new security technologies became. In this paper, we propose a concept of smart secure-pad, and utilize it safely formed a trust relationship between user and service provider, a model has been proposed to ensure safety of data transmission. Proposed model's security evaluation results show security against to MITB attack and phishing/pharming that can't be prevent attack using existing security technology. In addition, service provider can easily apply the model in safe environment can provide Internet service using provided representative services applying the proposed model.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.7 no.5
• /
• pp.1041-1051
• /
• 2012

Attack on Cloud Computing, an intensive service solution using network infrastructure recently released, generates service breakdown or intrusive incidents incapacitating developmental platforms, web-based software, or resource services. Therefore, it is needed to conduct research on security for the operational information of three kinds of services (3S': laaS, PaaS, SaaS) supported by the Cloud Computing system and also generated data from the illegal attack on service blocking. This paper aims to build a system providing optimal services as a 4-stage defensive method through the test on the attack and defense of Cloud Computing services. It is a defense policy that conducts 4-stage, orderly and phased access control as follows: controlling the initial access to the network, controlling virtualization services, classifying services for support, and selecting multiple routes. By dispersing the attacks and also monitoring and analyzing to control the access by stage, this study performs defense policy realization and analysis and tests defenses by the types of attack. The research findings will be provided as practical foundational data to realize Cloud Computing service-based defense policy.

• Journal of Digital Convergence
• /
• v.13 no.10
• /
• pp.279-285
• /
• 2015

In this paper, we present the design and implementation of a realtime DNS Query Analysis System to detect and to protect from DNS attacks. The proposed system uses mirroring to collect data in DMZ, then analizes the collected data. As a result of the analysis, if the proposed system finds attack information, the information is used as a filtering information of firewall. statistic of the collected data is viewed as a realtime monitoring information on the web. To verify the effictiveness of the proposed system, we have built the proposed system and conducted some experiments. As the result, Our proposed system can be used effectively to defend DNS spoofing, DNS flooding attack, DNS amplification attack, can prevent interior network's attackers from attacking and provides realtime DNS query statistic information and geographic information for monitoring DNS query using GeoIP API and Google API. It can be useful information for ICT convergence and the future work.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.21 no.1
• /
• pp.15-26
• /
• 2011

The development of IT technology and information communication networks activated to online financial transactions; the users were able to get a variety of financial services. However, unlike the positive effect that occurred on 7 July 2009 DDoS(Distribute Denial of Service) attacks, such as damaging to the user, which was caused negative effects. Authentication technology(OTP) is used to online financial transaction, which should be reviewed to safety with various points because the unpredictable attacks can bypass the authentication procedure such as phishing sites, which is occurred. Thus, this paper proposes mobile OTP(One Time Password) Mechanism, which is based on PKI to improve the safety of OTP authentication. The proposed Mechanism is operated based on PKI; the secret is transmitted safely through signatures and public key encryption of the user and the authentication server. The users do not input in the web site, but the generated OTP is directly transmitted to the authentication server. Therefore, it is improvement of the availability of the user and the resolved problem is exposed from the citibank phishing site(USA) in 2006.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2007.06a
• /
• pp.457-460
• /
• 2007

Recently, Network companies have introduced security solutions to protect the network from intrusions, attacks and viruses but the network has still weakness and vulnerability. It is time to bring more stable and reliable authentication system that would meet the Internet user's need. In this study, Current broadband networks don't have hierarchic and stable authentication solutions. And so, an integrated and hierarchic system is needed to provide a various kinds of application services.

• International Journal of Advanced Culture Technology
• /
• v.9 no.4
• /
• pp.288-294
• /
• 2021

There are various ways to be infected with malicious code due to the increase in Internet use, such as the web, affiliate programs, P2P, illegal software, DNS alteration of routers, word processor vulnerabilities, spam mail, and storage media. In addition, malicious codes are produced more easily than before through automatic generation programs due to evasion technology according to the advancement of production technology. In the past, the propagation speed of malicious code was slow, the infection route was limited, and the propagation technology had a simple structure, so there was enough time to study countermeasures. However, current malicious codes have become very intelligent by absorbing technologies such as concealment technology and self-transformation, causing problems such as distributed denial of service attacks (DDoS), spam sending and personal information theft. The existing malware detection technique, which is a signature detection technique, cannot respond when it encounters a malicious code whose attack pattern has been changed or a new type of malicious code. In addition, it is difficult to perform static analysis on malicious code to which code obfuscation, encryption, and packing techniques are applied to make malicious code analysis difficult. Therefore, in this paper, a method to detect malicious code through dynamic analysis and static analysis using Trojan-type Downloader/Dropper malicious code was showed, and suggested to malicious code detection and countermeasures.

• International conference on construction engineering and project management
• /
• 2011.02a
• /
• pp.582-585
• /
• 2011

During disaster response, prioritization of limited resources is one of the most important bust challenging tasks. At the same time, it is imperative to timely provide the rescuers with the adequate equipment to facilitate lifesaving operations. However, supply of high demand equipment was insufficient during the initial phase of disaster response, challenging lifesaving operations in the case of the 9-11 terrorist attacks. In respond to the Haiti Earthquake, spatial information of the geographic area was not sufficient to support the search and rescue operations in the early phase of disaster response. However, with the help of civilians, information such as road names, infrastructure damage, and victim locations were updated into the spatial data repository. At the same time, resource outside of the disaster affected zone converges into the area to assist the response efforts, which is the effect of convergence that often made resource coordination challenging in large scale disasters. To efficiently collect information and utilize the converging resources, this paper proposes a flexible data repository for information update for equipment utilization in large scale disaster response scenarios.