• International Journal of Computer Science & Network Security
• /
• v.23 no.6
• /
• pp.169-175
• /
• 2023

Ethical hackers are using different tools and techniques to encounter malicious cyber-attacks generated by bad hackers. During the software development process, development teams typically bypass or ignore the security parameters of the software. Whereas, with the advent of online web-based software, security is an essential part of the software development process for implementing secure software. Security features cannot be added as additional at the end of the software deployment process, but they need to be paid attention throughout the SDLC. In that view, this paper presents a new, Ethical Hacking - Software Development Life Cycle (EH-SDLC) introducing ethical hacking processes and phases to be followed during the SDLC. Adopting these techniques in SDLC ensures that consumers find the end-product safe, secure and stable. Having a team of penetration testers as part of the SDLC process will help you avoid incurring unnecessary costs that come up after the data breach. This research work aims to discuss different operating systems and tools in order to facilitate the secure execution of the penetration tests during SDLC. Thus, it helps to improve the confidentiality, integrity, and availability of the software products.

• Journal of Digital Convergence
• /
• v.11 no.10
• /
• pp.217-224
• /
• 2013

Due to the development of mobile technologies, the carrier (telecommunications) billing service market is rapidly growing. carrier (telecommunications) billing service allows users to make on-line purchases through mobile-billing. Users find this particularly convenient because the payment acts as a credit transaction. Furthermore, the system is commonly believed to be secure through its use of SMS (Short Message Service) authentication and a real-time transaction history to confirm the transaction. Unfortunately, there is a growing number of fraudulent transactions threaten the future of this system. The more well documented types of security breaches involves hackers intercepting the authentication process. By contaminating the device with security breaching applications, hackers can secretly make transactions without notifying users until the end of month phone bill. This study sheds light on the importance of this societal threat and suggests solutions. In particular, "secure" systems need to be more proactive in addressing the methods hackers use to make fraudulent transactions. Our research partially covers specific methods to prevent fraudulent transactions on carrier billing service providers' systems. We discuss about the proposed improvements such as complement of electronic payment systems, active promotion for fraudulent transactions enhanced monitoring, fraud detection and introduce a new authentication service. This research supports a future of secure communications billing services, which is essential to expanding new markets.

• Journal of the Korea Computer Industry Society
• /
• v.8 no.4
• /
• pp.253-262
• /
• 2007

As the internet environment is applied in the various service field, the recognition on security is increasing. Because the authentication methods for web service user do not confirm person oneself, the serious problems of reliability, safety and security can be caused. In order to solve this problems, the authentication methods of user id and password or authentication key is used. Because the password and authentication key using the existent authentication methods for security is composed of a string, authentication information can easily hacked or leaked by hackers, and the serious problems of security can be caused. In this paper, in order to improve the web security, an authentication module using the fingerprint that have the unique properties of person is proposed. As the proposed module makes use of fingerprint authentication, the security of the web service user from hackers can be maintained. The proposed method is more excellent than the existent method in the web security.

• Journal of Digital Convergence
• /
• v.13 no.4
• /
• pp.235-246
• /
• 2015

Understanding the various unspecified hacking and repeated cyber DDoS attacks, finally was able to find a solution in the methods of attacks. Freely researching approach that combines the attacker and defender, offensive and defensive techniques can be called a challenge to discover the potential in whimsy. In this paper we test and evaluate "KWON-GA", global white hackers team has made by many years of experiences in infiltration and diagnosis under guise of offence is the best defence. And it is knowledge information ICT Convergence security solution which is developed for the purpose of defence, it provide customization policy that can be fit to customer's system environment with needed techniques and it is processed with unique proprietary technology so that it's not possible to scan. And even if it has leaked internally it's impossible to analyze so hackers can't analyze vulnerability, also it can't be abused as hacking tools.

• Journal of KIISE:Information Networking
• /
• v.33 no.2
• /
• pp.113-130
• /
• 2006

Recently with the explosive growth of Internet applications, the attacks of hackers on network are increasing rapidly and becoming more seriously. Thus information security is emerging as a critical factor in designing a network system and much attention is paid to Network Intrusion Detection System (NIDS), which detects hackers' attacks on network and handles them properly However, the performance of current intrusion detection system cannot catch the increasing rate of the Internet speed because most of the NIDSs are implemented by software. In this paper, we propose a new high performance network intrusion using Network Processor. To achieve fast packet processing and dynamic adaptation of intrusion patterns that are continuously added, a new high performance network intrusion detection system using Intel's network processor, IXP1200, is proposed. Unlike traditional intrusion detection engines, which have been implemented by either software or hardware so far, we design an optimized architecture and algorithms, exploiting the features of network processor. In addition, for more efficient detection engine scheduling, we proposed task allocation methods on multi-processing processors. Through implementation and performance evaluation, we show the proprieties of the proposed approach.

• Journal of Internet Computing and Services
• /
• v.11 no.4
• /
• pp.143-158
• /
• 2010

The illegal leakage of enterprise digital confidential information will threaten the enterprise with bankruptcy. Today since most small-and-medium companies have no capability to fight against illegally compromising their critically confidential documents in spite of knowing the leakage of them, strongly safe distribution system of the digital confidential documents should be designed so in secure as to prevent any malicious intent of embezzlement from accessing the critical information. Current DRM-based protection system is not always perfect to protect the digital secrets, even seems to leave the secrets open. Therefore our study has analyzed the illegal leakage paths that hackers attack against and the vulnerability of the current protection systems. As result, we study the group communication based system architecture satisfying the security conditions to make even legitimate working employee keep out of the confidential documents, without performance degradation. The main idea of this architecture is to stay every secrets in encrypted form; to isolate the encrypted documents from the crypto-key; to associate every entity with one activity and to authenticate every entity with DSA-based public key system; multiple authentication method make hackers too busy to get a privilege to access the secrets with too many puzzle pieces. This paper deal with the basic architectural structure for the above issues.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.33 no.5B
• /
• pp.386-394
• /
• 2008

Adoption of wireless communication facilities in mobile devices leads to increased vulnerability in individual privacy. One of such cases was discovered when a smart mobile phone of Paris Hilton at Oscar Award Ceremony was hacked a Swedish group of hackers. In this study, I wondered what sort of personal information could be exposed to hackers in such cases. In the course of survey, it was recognized that technical analysis of flash memory in mobile devices to check what kinds of data are stored there is technically almost impossible, since they are usually built in a proprietary manner. No generic tools could apply to discover their contents. Having recognized technical difficulties, it was inevitable to resort to a questionnaire survey to see awareness level with regard to personal privacy. We collected response from three hundred respondents by posting the questionnaire at World Survey on-line research site. What we have discovered was quite astonishing that even personal residence registration numbers have been found from nine of every ten respondents. Other data revealed include phone numbers, names, and personal bank accounts.

• Journal of Information Technology Services
• /
• v.20 no.5
• /
• pp.119-136
• /
• 2021

Since the global spread of COVID-19, social distancing and untact service implementation have spread rapidly. With the transition to a non-face-to-face environment such as telework and remote classes, cyber security threats have increased, and a lot of cyber compromises have also occurred. In this study, cyber-attacks and response cases related to COVID-19 are summarized in four aspects: cyber fraud, cyber-attacks on companies related to COVID-19 and healthcare sector, cyber-attacks on untact services such as telework, and preparation of untact services security for post-covid 19. After the outbreak of the COVID-19 pandemic, related events such as vaccination information and payment of national disaster aid continued to be used as bait for smishing and phishing. In the aspect of cyber-attacks on companies related to COVID-19 and healthcare sector, we can see that the damage was rapidly increasing as state-supported hackers attack those companies to obtain research results related to the COVID-19, and hackers chose medical institutions as targets with an efficient ransomware attack approach by changing 'spray and pray' strategy to 'big-game hunting'. Companies using untact services such as telework are experiencing cyber breaches due to insufficient security settings, non-installation of security patches, and vulnerabilities in systems constituting untact services such as VPN. In response to these cyber incidents, as a case of cyber fraud countermeasures, security notices to preventing cyber fraud damage to the public was announced, and security guidelines and ransomware countermeasures were provided to organizations related to COVID-19 and medical institutions. In addition, for companies that use and provide untact services, security vulnerability finding and system development environment security inspection service were provided by Government funding programs. We also looked at the differences in the role of the government and the target of security notices between domestic and overseas response cases. Lastly, considering the development of untact services by industry in preparation for post-COVID-19, supply chain security, cloud security, development security, and IoT security were suggested as common security reinforcement measures.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.21 no.3
• /
• pp.91-98
• /
• 2021

In most hacking attacks, hackers tend to access target systems in a variety of circumvent connection methods to hide their original IP. Therefore, finding the attacker's IP(Internet Protocol) from the defender's point of view is one of important issue to recognize hackers. If an attacker uses a proxy, original IP can be obtained through a program other than web browser in attacker's computer. Unfortunately, this method has no effect on the connection through VPN(Virtual Private Network), because VPN affects all applications. In an academic domain, various IP traceback methods using network equipments such as routers have been studied, but it is very difficult to be realized due to various problems including standardization and privacy. To overcome this limitation, this paper proposes a practical way to use client's network configuration temporarily until it can detect original IP. The proposed method does not only restrict usage of network, but also does not violate any privacy. We implemented and verified the proposed method in real internet with various VPN tools.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.20 no.3
• /
• pp.9-21
• /
• 2010

Recently, famous online shopping websites were hit by hacking attack, and many users' personal information such as ID, password, account number, personal number, credit card number etc. were compromised. Hackers are continuing to attack online shopping websites, and the number of victims of these hacking is increasing. Especially, the exposure of credit card numbers is dangerous, because hackers maliciously use disclosed card numbers to gain money. In 2007 Financial Cryptography Conference, Ian Molly et al. firstly proposed dynamic card number generator, but it doesn't meet reuse resistant. In this paper, we analyzed security weaknesses of Ian Molly's scheme, and we proposed a new one-time virtual card number generator using a mobile device which meets security requirements of one-time virtual card numbers. Then, we propose one-time credit card number generation and transaction protocol using Integrated Authentication Center for user convenience and security enhancement.