• The Journal of the Korea Contents Association
• /
• v.17 no.6
• /
• pp.32-38
• /
• 2017

Despite the opinion that certificate is useless, half of the population in Korea (approx. 35 million) get an certificate, and use it for internet banking, internet shopping, stock trading, and so on. Most users store their certificates on a usb memory or smartphone, and certificates or passwords stored on such storage media can be easily attacked and used to disguise as legitimate users. Due to these security problem of certificate, a various authentication technologies has been proposed such as smartphone owner authentication using SMS, and a personal authentication using biometric authentication. However, a safe technique is not presented yet without user password, and certificate. In this paper, I proposed a method to secure certificate/private key without a user password using a combination of USIM card and smartphone's information. Even if a hacker gets the user password, the certificate, and the private key, he can not use the certificate. User do not need to remember complex password which is a combination of alphabetic / numeric / special characters, and use his certificate safely.

• KIISE Transactions on Computing Practices
• /
• v.23 no.3
• /
• pp.177-182
• /
• 2017

To develop computer and communication in the information society, difficulties exist in managing the enormous data manually. Also, loss of data due to natural disasters or hacker attacks, generate a variety of disasters in the IT securities. Hence, there is an urgent need for an information protection management system in order to mitigate these incidents. Information Security Management System has various existing frameworks for IT disaster management. These include Cyber Security Framework, Risk Management Framework, ISO / IEC 27001: 2013, and COBIT 5.0. Each framework analyses and compares the entry for IT disaster recovery from among the various available data. In this paper, we describe a single integrated management scheme for fast resolution of IT disasters.

• KIISE Transactions on Computing Practices
• /
• v.23 no.8
• /
• pp.504-509
• /
• 2017

Preserving the integrity of the booting process is important. Recent rootkit attacks and subverting OS attacks prove that any post-OS security mechanism can be easily circumvented if the booting process is not properly controlled. Using an actual case as an example, the hacker of the Se-jong government office simply bypassed the user's password authentication by compromising the normal booting process. This paper analyzes existing pre-OS protection using secure boot and measured boot, and proposes another bootloader that overcomes the limitations. The proposed bootloader not only guarantees the integrity of all the pre-OS binaries, bootloaders, and kernel, it also makes explicit records of integrity in the booting process to the external TPM device, so that we can track modifications of BIOS configurations or unintended booting process modifications.

• Asian-Australasian Journal of Animal Sciences
• /
• v.12 no.3
• /
• pp.341-347
• /
• 1999

Pregnant Yorkshire gilts were utilized to investigate the efficacy of exogenous administration of pST and/or insulin in enhancing prenatal piglet survival, uteroplacental and umbilical cord growth and development. Gilts were randomly assigned in a $2{\times}2$ factorial arrangement to four treatment combinations consisting of either daily i.m. injections of 5 mg pST (P, n=23); 0.50 IU/kg of insulin (I, n=23); combination of pST and insulin (P+I, n=23); or 1 ml of saline as control (C, n=23) from gestation Day 30 to 70. All gilts were sacrificed on gestation d 113 to evaluate piglet survival and uteroplacental or umbilical cord development Uteri were longer (346.3 vs 325.7 cm; p<0.05), and heavier (3122.8 vs 2940.7 g; p<0.05) in insulin treated gilts. Only placental macroscopic surface area was enhanced by maternal insulin injections (p<0.05) Incidence of umbilical cord abnormalities were low (14.3%), and they were independent of maternal treatment, occurring more in short cords than in long ones (21 vs 12%; p<0.05). A 6% increase in cord length (53.2 vs 48.6 cm; p=<0.05) was observed in piglets from treated gilts compared with controls. Significant sex differences (in favour of males) were observed in piglet weight, crown rump length and for most umbilical or placental parameters. Gilt weight gains from breeding to Day 113 of gestation were 10% and 15% greater in pST and insulin treated gilts compared with controls. These data indicate that prepartum injections of pST and/or insulin to gestating gilts seem to have a beneficial effect on uteroplacental or umbilical cord development and promote conditions conducive for perinatal piglet survival.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.18 no.3
• /
• pp.41-48
• /
• 2017

Recently, there has been a lot of ongoing research regarding financial transactions and payments due to the emergence of financial technology (FinTech). Payments have been processed through cash and credit cards, and payment methods have been simplified and are more convenient, with mobile payment via mobile cards and mobile phones. This study offers a new mobile payment method by using a mobile phone instead of a card reader or terminal. For payments, authentication is processed with the user's biometrics and a built-in fingerprint scanner, and the payment is processed after receiving an authentication code issued by the authorizing institution to confirm the user's identity. User biometrics and payment information is secured from any kind of malicious hacker by saving it in a Fast Identity Online (FIDO) Trusted Execution Environment (TEE) section in a smartphone. Regarding key security, every key is securely created in the FIDO TEE section, providing secure mobile payment by neutralizing various malicious attacks, including sniffing and the man-in-the middle attack.

• KSCI Review
• /
• v.14 no.2
• /
• pp.215-224
• /
• 2006

Regarding a spam attack and the interception that a spinoff is largest among Vulnerability of VoIP at these papers study. Write scenario of a spam attack regarding VoIP Vulnerability, and execute Call spam. Instant Messaging spam, Presence spam attack. A spam attack is succeeded in laboratories, and prove. and confirm damage fact of a user in proposals of a spam interception way of VoIP service, 1) INVITE Request Flood Attack 2) Black/White list, 3) Traceback, 4) Black Hole-Sink Hole, 5) Content Filtering, 6) Consent based Communication, 7) Call act pattern investigation, 8) Reputation System Propose, and prove. Test each interception plan proposed in VoIP networks, and confirm security level of a spam interception. Information protection of VoIP service is enlarged at WiBro, BcN. and to realize Ubiquitous Security through result of research of this paper contribute, and may make.

• Convergence Security Journal
• /
• v.8 no.1
• /
• pp.1-7
• /
• 2008

The hacking method came to be more complicated, became program ant it was automated. That is hacking trend of recent times. Before, The password crack, catch root authority is trend of hacking which uses the vulnerability of server. Hacker attack network or all of domain not some host. Web application system at hacking technique develops and improve transmitted data through the network shows many vulnerability. The massive data are transmitted through the network without encipherment filtering. It will be able to bring about the neck of a bottle actual condition which is serious in security system because of the network where the user comes to be many it leads and the data which is delivered comes to be many. In this paper, we propose web application system to prevent overload from bottleneck in encipherment system. It can solve security key trust problem in encoding and decoding with public key infrastructure.

• Journal of Internet Computing and Services
• /
• v.19 no.5
• /
• pp.55-66
• /
• 2018

Since existing server-based authentications use vulnerable password-based authentication, illegal leak of personal data occurs frequently. Since this can cause illegal ID compromise, alternative authentications have been studied. Recently token-based authentications like OAuth 2.0 or JWT have been used in web sites, however, they have a weakness that if a hacker steals JWT token in the middle, they can obtain plain authentication data from the token, So we suggest a new authentication method using the verification token of authentic code to encrypt authentication data with effective time. The verification is to compare an authentication code from decryption of the verification-token with its own code. Its crypto-method is based on do XOR with ECDH session key, which is so fast and efficient without overhead of key agreement. Our method is outstanding in preventing the personal data leakage.

• Journal of the Institute of Electronics Engineers of Korea SD
• /
• v.40 no.4
• /
• pp.51-57
• /
• 2003

The development of the communication network and the other network method can generate serious social problems. So, it is highly required to control security of network. These problems related security will be developed and keep up to confront with anti-security field such as hacking, cracking. The way to preserve security from hacker or cracker without developing new cryptographic algorithm is keeping the state of anti-cryptanalysis in a prescribed time by means of extending key-length. In this paper, we proposed M3 algorithm for the reduced processing time in the montgomery multiplication part. Proposed M3 algorithm using the matrix function M(.) and lookup table perform optionally montgomery multiplication with repeated operation. In this result, modified repeated operation part produce 30% processing rate than existed montgomery multiplicator. The proposed montgomery multiplication structured unit array method in carry generated part and variable length multiplication for eliminating bottle neck effect with the RSA cryptosystem. Therefore, this proposed montgomery multiplier enforce the real time processing and prevent outer cracking.

• The Journal of the Korea Contents Association
• /
• v.20 no.2
• /
• pp.15-26
• /
• 2020

Secure boot is security technology that verifies the integrity of the computer system in boot stage and controls the boot process accordingly. The computer system can establish a secure execution environment from the threat of various malwares by security boot and also supports the recovery when system in emergency case. Recently, Secure boot has been adopted by various modern computer manufacturers to protect users' information from hacker attacks and to prevent abuse of their products by malicious users. In this paper, we classify security boot developed by various companies and organizations by platform, and analyze the design and development purpose of each security boot and investigate the limitation of design. It can be used as a reference for system security designers in various information of security boot development method and security design of system.