• The Journal of Information Technology
• /
• v.6 no.4
• /
• pp.147-162
• /
• 2003

The technique of information-communication rapidly developed has made it possible for us to do business through Internet. Electronic commerce was increased rapidly by the explosive development of the inter and communication revolution. E-Commerce has created a fundamentally new way of conduction and will change drastically accepted ways of doing business. Normally international trade has been formulated in a way that exporters and importers meet face-to-face and contract and pay by letter of credits. For the global electronic commerce to vitalized, the outstanding matters should encourage the creation of infrastructure of information security and new models in the field of electronic payment systems, electronic commerce agreement for remedy, adapting electronic date interchange in transport documents and negotiability of electronic bills of lading. The payment systems such as electronic fund transfers, tradecard system and electronic letters of credits issued by SWIFT system permit the parties concerned(sellers, buyers ad service providers) to settle payment electronically. Still they are many limitations for complete international electronic transactions. The following measures have to be taken to vitalize electronic trade transactions. It is needed to acquire information security such as authenticity, integrity, non-repudiation and confidentiality. All kinds of documents need to be replaced by electronic date exchange and the legal structure of international convention, national law for electronic payment systems have to be completed. Also a detailed guide of the banking operation and developing rules for electronic letters of credits need to be provided to adopt eUCP rules for the electronic presentation of documents.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.19 no.6
• /
• pp.110-119
• /
• 2018

Blockchain technology has been highly evaluated for its contracts (contracts for sale, real estate contracts) because of its excellent security, including integrity and non-repudiation. In a blockchain, these contract services can be developed using a technology called a smart contract, and several blockchain platforms provide a programming language for developing smart contracts. Bitcoin and Ethereum, typical blockchain platforms, provide the Bitcoin Scripts and Solidity languages. Using these programming languages, we can develop the smart contract, a digital contract that can be processed dynamically. Smart contracts are being developed in a variety of areas, but studies of designs based on a blockchain are insufficient. In this paper, we propose a meta-model and a static/dynamic design method based on Unified Modeling Language (UML) for smart contracts based on Ethereum. We propose a method for static design attributes and functions of smart contracts, and propose a technique for designing structures among contracts. Dynamic design proposes a technique for designing deployment, function calls, and synchronization among smart contracts, accounts, and blocks within a blockchain. Experiments verify the validity of the design method by applying the static/dynamic design method through real estate contracts.

• Journal of KIISE:Information Networking
• /
• v.32 no.6
• /
• pp.659-667
• /
• 2005

A Mobile Ad Hoc Network(MANET) is a multi hop wireless network with no prepared base stations or centralized administrations, where flocks of peer systems gather and compose a network. Each node operates as a normal end system in public networks. In addition to it, a MANET node is required to work as a router to forward traffic from a source or intermediate node to others. Each node operates as a normal end system in public networks, and further a MANET node work as a router to forward traffic from a source or intermediate node to the next node via routing path. Applications of MANET are extensively wide, such as battle field or any unwired place; however, these are exposed to critical problems related to network management, node's capability, and security because of frequent and dynamic changes in network topology, absence of centralized controls, restricted usage on network resources, and vulnerability oi mobile nodes which results from the special MANET's character, shared wireless media. These problems induce MANET to be weak from security attacks from eavesdropping to DoS. To guarantee secure authentication is the main part of security service In MANET because networks without secure authentication are exposed to exterior attacks. In this paper, a multistage authentication strategy based on CGSR is proposed to guarantee that only genuine and veritable nodes participate in communications. The proposed authentication model is composed of key manager, cluster head and common nodes. The cluster head is elected from secure nodes, and key manager is elected from cluster heads. The cluster head will verify other common nodes within its cluster range in MANET. Especially, ID of each node is used on communication, which allows digital signature and blocks non repudiation. For performance evaluation, attacks against node authentication are analyzed. Based on security parameters, strategies to resolve these attacks are drawn up.

• Journal of Digital Convergence
• /
• v.13 no.5
• /
• pp.213-218
• /
• 2015

In parallel with evolving information communication technology, M2M(Machine-to-Machine) industry has implemented multi-functional and high-performance systems, and made great strides with IoT(Internet of Things) and IoE(Internet of Everything). Authentication, confidentiality, anonymity, non-repudiation, data reliability, connectionless and traceability are prerequisites for communication security. Yet, the wireless transmission section in M2M communication is exposed to intruders' attacks. Any security issues attributable to M2M wireless communication protocols may lead to serious concerns including system faults, information leakage and privacy challenges. Therefore, mutual authentication and security are key components of protocol design. Recently, secure communication protocols have been regarded as highly important and explored as such. The present paper draws on hash function, random numbers, secret keys and session keys to design a secure communication protocol. Also, this paper tests the proposed protocol with a formal verification tool, Casper/FDR, to demonstrate its security against a range of intruders' attacks. In brief, the proposed protocol meets the security requirements, addressing the challenges without any problems.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.29 no.12C
• /
• pp.1692-1706
• /
• 2004

Recently, there are rapid development of information and communication and rapid growth of e-business users. Therefore we try to solve security problem on the internet environment which charges from wire internet to wireless internet or wire/wireless internet. Since the wireless mobile environment is limited, researches such as small size, end-to-end and privacy security are performed by many people. Wireless e-business adopts credit card WPP protocol and AIP protocol proposed by ASPeCT. WAP, one of the protocol used by WPP has weakness of leaking out information from WG which conned wire and wireless communication. certification chain based AIP protocol requires a lot of computation time and user IDs are known to others. We propose a Micro-Payment protocol based on credit card. Our protocol use the encryption techniques of the public key with ID to ensure the secret of transaction in the step of session key generation. IDs are generated using ECC based Weil Paring. We also use the certification with hidden electronic sign to transmit the payment result. The proposed protocol solves the privacy protection and Non-repudiation p개blem. We solve not only the safety and efficiency problem but also independent of specific wireless platform. The protocol requires the certification organization attent the certification process of payment. Therefore, other domain provide also receive an efficient and safe service.

• The KIPS Transactions:PartC
• /
• v.12C no.2 s.98
• /
• pp.301-308
• /
• 2005

According to banking online transaction grows very rapidly, guarantee validity about business transaction has more meaning. To offer guarantee validity about banking online transaction efficiently, certificate status verification system is required that can an ieai-time offer identity certification, data integrity, guarantee confidentiality, non-repudiation. Existing real-time certificate status verification system is structural concentration problem generated that one node handling all transactions. And every time status verification is requested, network overload and communication bottleneck are occurred because ail useless informations are transmitted. it does not fit to banking transaction which make much account of real response time because of these problem. To improve problem by unnecessary information and structural concentration when existing real-time certificate status protocol requested , this paper handle status verification that break up inspection server by domain. This paper propose the method of real~time certificate status verification that solves network overload and communication bottleneck by requesting certification using really necessary Reduction information to certification status verification. And we confirm speed of certificate status verification $15\%$ faster than existing OCSP(Online Certificate Status Protocol) method by test.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.14 no.3
• /
• pp.1428-1438
• /
• 2013

Services take place in Internet environment, a formation of the trust relationship between user and service provider for services. Different authentication schemes such as using Certificate of Public Key Infrastructure authentication and using ID/PW for a simple user authentication have been proposed for trust relationship. In addition, in the case of electronic financial transactions, transaction integrity and non-repudiation features are provided. These services are provided in Internet environment, use various measures to ensure service safety. However, it was difficult to prevent attacks using existing security technology because of emergence of MITB attack that manipulate the memory area of the Web browser and social engineering attacks such as phishing/pharming, requires application of new security technologies became. In this paper, we propose a concept of smart secure-pad, and utilize it safely formed a trust relationship between user and service provider, a model has been proposed to ensure safety of data transmission. Proposed model's security evaluation results show security against to MITB attack and phishing/pharming that can't be prevent attack using existing security technology. In addition, service provider can easily apply the model in safe environment can provide Internet service using provided representative services applying the proposed model.

• Journal of Internet Computing and Services
• /
• v.15 no.3
• /
• pp.79-90
• /
• 2014

User authentication based on ID and PW has been widely used. As the Internet has become a growing part of people' lives, input times of ID/PW have been increased for a variety of services. People have already learned enough to perform the authentication procedure and have entered ID/PW while ones are unconscious. This is referred to as the adaptive unconscious, a set of mental processes incoming information and producing judgements and behaviors without our conscious awareness and within a second. Most people have joined up for various websites with a small number of IDs/PWs, because they relied on their memory for managing IDs/PWs. Human memory decays with the passing of time and knowledges in human memory tend to interfere with each other. For that reason, there is the potential for people to enter an invalid ID/PW. Therefore, these characteristics above mentioned regarding of user authentication with ID/PW can lead to human vulnerabilities: people use a few PWs for various websites, manage IDs/PWs depending on their memory, and enter ID/PW unconsciously. Based on the vulnerability of human factors, a variety of information leakage attacks such as phishing and pharming attacks have been increasing exponentially. In the past, information leakage attacks exploited vulnerabilities of hardware, operating system, software and so on. However, most of current attacks tend to exploit the vulnerabilities of the human factors. These attacks based on the vulnerability of the human factor are called social-engineering attacks. Recently, malicious social-engineering technique such as phishing and pharming attacks is one of the biggest security problems. Phishing is an attack of attempting to obtain valuable information such as ID/PW and pharming is an attack intended to steal personal data by redirecting a website's traffic to a fraudulent copy of a legitimate website. Screens of fraudulent copies used for both phishing and pharming attacks are almost identical to those of legitimate websites, and even the pharming can include the deceptive URL address. Therefore, without the supports of prevention and detection techniques such as vaccines and reputation system, it is difficult for users to determine intuitively whether the site is the phishing and pharming sites or legitimate site. The previous researches in terms of phishing and pharming attacks have mainly studied on technical solutions. In this paper, we focus on human behaviour when users are confronted by phishing and pharming attacks without knowing them. We conducted an attack experiment in order to find out how many IDs/PWs are leaked from pharming and phishing attack. We firstly configured the experimental settings in the same condition of phishing and pharming attacks and build a phishing site for the experiment. We then recruited 64 voluntary participants and asked them to log in our experimental site. For each participant, we conducted a questionnaire survey with regard to the experiment. Through the attack experiment and survey, we observed whether their password are leaked out when logging in the experimental phishing site, and how many different passwords are leaked among the total number of passwords of each participant. Consequently, we found out that most participants unconsciously logged in the site and the ID/PW management dependent on human memory caused the leakage of multiple passwords. The user should actively utilize repudiation systems and the service provider with online site should support prevention techniques that the user can intuitively determined whether the site is phishing.