• 디지털산업정보학회논문지
• /
• 제15권4호
• /
• pp.51-62
• /
• 2019

Recently, as the number of Smart Phone users increase, the simple payment system has been able to make payments using only card information such as a registered password without extra authorized certificate authentication or input of card information. In this paper, it will examine and analyze simple payment system provided by IT companies and financial institutions and the simple payment system that operates global online payment system by case view of operational direction. Then with this examination, it will study ways to improve the problems with terms of convenience and stability in terms of users. In this paper, it will analyze the inconvenient problem in using the QR code system that recently introduced and will propose solutions. Also, it will propose suggestions to solve inconvenience that caused by system that supports NFC simple payment terminal in Korea is not universalize by analyze case study on the overseas simple payment system. It will also propose opinions on the matters that customer having responsible for event of a small financial accident related to loss or theft when using the simple payment system. Then it will suggest expected requirements to prepare new security technical countermeasures and solve the conditions of meeting expectation satisfaction of users.

• 한국정보통신학회:학술대회논문집
• /
• 한국정보통신학회 2015년도 추계학술대회
• /
• pp.560-563
• /
• 2015

기존에 사용되어지는 도어락 시스템은 키 또는 카드, 패드를 이용하는 방식으로 복제, 분실, 훼손 등의 위험과, 타인에게 노출되는 문제점을 가지고 있다. 본 논문에서는 기존의 도어락 시스템 문제점을 보완하고자 스마트폰에 내장된 Bluetooth통신과 OTP(One-Time-Password), Hide-Key 인증방식 및 Arduino를 활용한 스마트폰 기반의 무선 OTP 도어락 시스템 설계 및 구현함으로써 사용자들은 보안 및 노출의 위험성에서 벗어나 보다 편리하고 안전한 생활을 가능하게 한다.

• Journal of Communications and Networks
• /
• 제13권2호
• /
• pp.102-112
• /
• 2011

In this paper, we propose a privacy-preserving emergency call scheme, called PEC, enabling patients in life-threatening emergencies to fast and accurately transmit emergency data to the nearby helpers via mobile healthcare social networks (MHSNs). Once an emergency happens, the personal digital assistant (PDA) of the patient runs the PEC to collect the emergency data including emergency location, patient health record, as well as patient physiological condition. The PEC then generates an emergency call with the emergency data inside and epidemically disseminates it to every user in the patient's neighborhood. If a physician happens to be nearby, the PEC ensures the time used to notify the physician of the emergency is the shortest. We show via theoretical analysis that the PEC is able to provide fine-grained access control on the emergency data, where the access policy is set by patients themselves. Moreover, the PEC can withstandmultiple types of attacks, such as identity theft attack, forgery attack, and collusion attack. We also devise an effective revocation mechanism to make the revocable PEC (rPEC) resistant to inside attacks. In addition, we demonstrate via simulation that the PEC can significantly reduce the response time of emergency care in MHSNs.

• 융합보안논문지
• /
• 제8권4호
• /
• pp.1-8
• /
• 2008

최근 해킹 기법들은 기존보다 정교한 기술을 바탕으로 악성화 되어 그 피해 규모가 증가하고 있으며, 인터넷 사용자의 확대와 맞물려 그 위력은 커지고 있다. 특히 정보유출을 목적으로 제작한 해킹메일에 첨부된 악성코드의 피해가 급증하고 있다. 본 논문에서 이러한 정보유출형 악성코드를 효과적으로 분석, 탐지할 수 있는 기술에 관하여 연구한다. 또한 본 연구에서는 기존 악성코드의 탐지규칙과 해킹메일 악성코드 탐지규칙을 비교하였으며 이를 통해 해킹메일 악성코드 뿐 아니라 새로운 악성코드와 변종들에 대해서도 탐지할 수 있는 기술에 대해 설명한다.

• 한국컴퓨터정보학회논문지
• /
• 제23권10호
• /
• pp.73-80
• /
• 2018

The shared economy began with the concept of sharing the physical and intellectual assets of individuals with others. Nowadays, the concept of shared economy is becoming one of the industries as an enterprise type. Especially, with the development of the Internet and smart devices, various forms of shared economy have been developed in accordance with the need of sharing of individual income. Digital content is also a shareable commodity and it is seeking to utilize it as an item of shared economy. Accordingly, when digital contents are used as a shared economy, there are various possible threats -security threats that may arise in the course of transactions, potential for theft, alteration and hacking of contents. In this paper, we propose transaction method and content protection method using block chain-ethereum technology to reduce security threats and transparent transactions that can occur in digital contents transactions. Through the proposed method, the trust of the consumer and the supplier can be measured and the encryption can be performed considering the characteristics of the data to be traded. Through this paper, it is possible to increase the transparency of smart transaction of digital contents and to reduce the risk of content distortion, hacking, etc.

• 가족자원경영과 정책
• /
• 제10권3호
• /
• pp.23-43
• /
• 2006

The purpose of this study is to identify the types of consumer problems involving the use of online game services in Korea. This study analyzed the consumer damage cases by age and type that were reported to the Korea Consumer Protection Board (KCPB). The results of this study are as follows: The online game complaints varied by age. In the case of children, most complaints involved phone charging online game fees without parents' consent. There were similarities in the victimization of teens and children according to reason for complaint, handling result and type of damage. However, based on method of charging, mobile phone and credit card payments were causes in the case of teen victimization. Meanwhile, complaints among adults showed more complexity than the previous two groups such as cases relating to online game companies illegally seizing game items and game accounts, and charging fees for unused services caused by identity theft. By type of charging method, most complaints involved phone and mobile phone payments. According to the analysis result of online game victims, the monetary damage of consumers did not differ among socio-demographic variables such as age, residence, gender and occupation but there was difference in the method of charging. In the handling period, differences could be seen by age, year, gender and type of damage.

• 대한원격탐사학회지
• /
• 제23권5호
• /
• pp.465-471
• /
• 2007

Many hospitals have been considering new technology such as wireless sensor network(WSN). The technology can be used to track the location of medical devices needed for inspections or repairs, and it can also be used to detect of a theft of an asset. In an asset-tracking system using WSN, acquiring the location of moving sensor nodes inherently introduces uncertainty in location determination. In fact, the sensor nodes attached to an asset are prone to failure from lack of energy or from physical destruction. Therefore, even if the asset is located within the predetermined area, the asset-tracking application could "misunderstand" that an asset has escaped from the area. This paper classifies the causes of such unexpected situations into the following five cases: 1) an asset has actually escaped from a predetermined area; 2) a sensor node was broken; 3) the battery for the sensor node was totally discharged; 4) an asset went into a shadow area; 5) a sensor node was stolen. We implemented and installed our asset-tracking system in a hospital and continuously monitored the status of assets such as ventilators, syringe pumps, wheel chairs and IV poles. Based on this real experience, we suggest how to differentiate each case of location uncertainty and propose possible solutions to prevent them.

• 한국정보처리학회:학술대회논문집
• /
• 한국정보처리학회 2012년도 춘계학술발표대회
• /
• pp.792-795
• /
• 2012

최근 오픈 소스 커뮤니티가 활성화되고 수많은 오픈 소스들이 공개되고 있어서 많은 개발자들이 오픈 소스를 활용하고 있다. 그러나 오픈 소스도 정해진 라이선스 기반으로 공개되므로 오픈 소스를 사용할 때는 반드시 라이선스를 확인해야 한다. 본 논문에서는 안드로이드 앱의 라이선스 위반이나 코드 도용을 확인할 수 있는 방법으로서 안드로이드 앱 사이의 API 메소드 호출 유사도를 측정하는 방법을 제안한다. 원본 프로그램과 도용된 프로그램은 유사한 API 메소드를 사용할 것임을 예상할 수 있기 때문에 API 메소드 호출이 유사한 것을 확인하면 간접적으로 코드 도용을 확인할 수 있다. 본 논문에서 개발한 API 유사도 측정 도구는 안드로이드 앱의 소스 코드를 필요로 하지 않고, 안드로이드 달빅(Dalvik) 바이트 코드로부터 직접 API 호출 명령어를 분석하여 유사도를 측정한다는 특징이 있다. 본 논문에서 구현한 도구의 평가를 위해서 API 호출 유사도 비교 실험을 수행하였다. 그 결과, 실제로 API 호출 유사도가 높았던 두 앱이 서로 공통된 모듈을 포함하고 있음을 밝혀내었다. 그리고 선행 연구에서 제안했었던 안드로이드 달빅 코드 전체에 대한 유사도 비교 도구보다 비교 속도가 35% 정도 향상된 것을 확인하였다.

• International Journal of Computer Science & Network Security
• /
• 제21권8호
• /
• pp.360-368
• /
• 2021

This study aims at knowing both the level of information security awareness in the use of social media among female secondary school students in Makkah Al-Mukarramah, and the procedures that students follow when exposed to hacking or other security problems. The study relied on the descriptive survey approach. The results showed a high percentage of social media use among the study sample, and the most used applications by the students are snapchat and Instagram applications successively. In fact, 48% of the study sample have awareness of information security, the majority of the students memorize the password in the devices, most of them do not change them, and they have knowledge of fake gates and social engineering. However, their knowledge of electronic hacking is weak, and students do not share passwords with anyone at a rate of 67%. At the same time, they do not update passwords. Moreover, most of the procedures followed by students when exposed to theft and hacking is to change the e-mail data and the password, and the results varied apart from that, which reflects the weak awareness of the students and the weakness of procedures related to information security. The study recommends the necessity to raise awareness and education of the importance of information security and safety, especially in light of what the world faces from data electronic attacks and hackings of electronic applications.

• International Journal of Computer Science & Network Security
• /
• 제21권12호
• /
• pp.213-218
• /
• 2021

This paper proposes a technique for detecting a significant threat that attempts to get sensitive and confidential information such as usernames, passwords, credit card information, and more to target an individual or organization. By definition, a phishing attack happens when malicious people pose as trusted entities to fraudulently obtain user data. Phishing is classified as a type of social engineering attack. For a phishing attack to happen, a victim must be convinced to open an email or a direct message [1]. The email or direct message will contain a link that the victim will be required to click on. The aim of the attack is usually to install malicious software or to freeze a system. In other instances, the attackers will threaten to reveal sensitive information obtained from the victim. Phishing attacks can have devastating effects on the victim. Sensitive and confidential information can find its way into the hands of malicious people. Another devastating effect of phishing attacks is identity theft [1]. Attackers may impersonate the victim to make unauthorized purchases. Victims also complain of loss of funds when attackers access their credit card information. The proposed method has two major subsystems: (1) Data collection: different websites have been collected as a big data corresponding to normal and phishing dataset, and (2) distributed detection system: different artificial algorithms are used: a neural network algorithm and machine learning. The Amazon cloud was used for running the cluster with different cores of machines. The experiment results of the proposed system achieved very good accuracy and detection rate as well.