• Proceedings of the Korea Information Processing Society Conference
• /
• 2010.11a
• /
• pp.1221-1224
• /
• 2010

스마트폰 사용자의 폭발적 증가와 함께 모바일 애플리케이션 시장에 대한 관심도 크게 증가하고 있다. 더불어 애플리케이션의 보안 위협 역시 증가하고 있는데 각 모바일 애플리케이션 마켓에서는 이에 대한 대처방안 중 하나로 코드사이닝 기법을 활용하고 있다. 코드사이닝 기법을 이용하여 애플리케이션 및 개발자에 대해 인증을 받는 방식에는 각 모바일 마켓별로 다른 점이 존재한다. 그 종류로는 개발자가 생성한 공개키와 해당 애플리케이션을 애플에 전송하고 애플이 이에 대한 검증을 하여 마지막 서명을 부여하는 방식의 애플 앱스토어, 개발자가 키와 증명서를 이용해 스스로 애플리케이션에 대해 증명서를 발급하는 방식의 구글 안드로이드 마켓, RIM에 등록되어 있는 코드사이닝 키를 이용하여 애플리케이션을 제출하면 자동적으로 서명을 받을 수 있는 블랙베리 앱월드, 사전에 개발자가 자기 증명을 통해 아이디를 발급받고 애플리케이션을 테스트 하우스에 등록하여 검증 및 서명을 받는 노키아오비스토어 등이 있다. 이와 같이 개발자 및 애플리케이션을 인증 받는 방식이 각 마켓별로 차이가 있는데 이에 대한 자세한 분석과 그에 따른 보안 위협에 대한 안정성에 대해 분석해 보겠다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.6
• /
• pp.1361-1376
• /
• 2015

Recently, the size of the mobile game market and the number of mobile game users are growing. Also, as the mobile game's life cycle is increasing at the same time, auto program issue reappears which has been appeared in PC online games. Gamers usually tend to ignore warning messages from antivirus programs and even worse they delete antivirus program to execute auto programs. Therefore, mobile game users are easily compromised if the auto program performs malicious behaviors not only for the original features. In this paper, we analyze whether seven auto programs of "clash of clans" which has a lot more users for a long time perform malicious behaviors or not. We forecast the possible security threats in near future and proposed countermeasures based on this analysis. By analyzing auto programs of highly popular mobile game of today, we can acquire the knowledge on auto program's recent trend such as their development platform, operating mode, etc. This analysis will help security analysts predict auto program's evolving trends and block potential threats in advance.

• Journal of Korea Multimedia Society
• /
• v.13 no.11
• /
• pp.1687-1697
• /
• 2010

The USIM-based AKA authentication process is essential to a mobile payment system on smart phone environment. In this paper a payment protocol and an AKA module are designed for mobile payment system which is suitable for openness smart phone environment. The payment protocol designs the cross authentication among components of the mobile payment system to improve the reliability of the components. The AKA module of mobile payment system based on 3GPP-AKA protocol prevents the exposure of IMSI by creating the SSK(Shared Secure Key) through advance registration and solves the SQN(SeQuence Number) synchronization problem by using timestamp. Also, by using the SSK instead of authentication vector between SN and authentication center, the existing bandwidth $(688{\times}N){\times}R$ bit between them is reduced to $320{\times}R$ bit or $368{\times}R$ bit. It creates CK and IK which are message encryption key by using OT-SSK(One-Time SSK) between MS and SN. In addition, creating the new OT-SSK whenever MS is connected to SN, it prevents the data replay attack.

• The Journal of the Korea Contents Association
• /
• v.13 no.10
• /
• pp.92-102
• /
• 2013

The definition of mobile phone was a device that can make and receive telephone calls or messages for communication but it has rapidly developed from communication tool into multi-function device. Especially since release of smart phone, Korea is one of the highest country in the world and the statistics can be interpreted into people positively accept new technology. Therefore it's time to study on usage behavior according to different generation of mobile phone. Based on media richness theory and elaboration likelihood model, we analyzed factors affecting usage behavior of mobile phone. Case study methodology were constructed a survey to female university students from 20-24 years of age.

• Journal of Internet Computing and Services
• /
• v.14 no.2
• /
• pp.73-85
• /
• 2013

As a way of augmenting constrained resources of mobile devices such as CPU and memory, many works on mobile cloud computing (MCC), where mobile devices utilize remote resources of cloud services or PCs, /have been proposed. A typical approach to resolving resource problems of mobile nodes in MCC is to offload functional components to other resource-rich nodes. However, most of the current woks do not consider a characteristic of dynamically changed MCC environment and propose offloading mechanisms in a conceptual level. In this paper, in order to ensure performance of highly complex mobile applications, we propose four different types of offloading mechanisms which can be applied to diverse situations of MCC. And, the proposed offloading mechanisms are practically designed so that they can be implemented with current technologies. Moreover, we define cost models to derive the most sutilable situation of applying each offloading mechanism and prove the performance enhancement through offloadings in a quantitative manner.

• Journal of Digital Convergence
• /
• v.17 no.11
• /
• pp.369-376
• /
• 2019

This study was aimed to develop a mobile wellness program, and then to examine the effectiveness of the program in office workers to improve their physical activity. A single group pre-test post-test design was used. A total of 26 office workers received a mobile wellness program using a wearable device during 12 weeks. Effectiveness of the intervention was measured at soon after a mobile wellness program. There were significant differences between pre-test and post-test on daily steps (t=-2.52, p=.018), competence (t=-2.12, p=.044), and wellness(t=-2.83, p=.009). In conclusion, the mobile wellness program using a wearable device is effective for office workers by improving daily steps and encouraging their competence and wellness.

• Journal of KIISE:Computing Practices and Letters
• /
• v.14 no.6
• /
• pp.589-593
• /
• 2008

These days, as a side effect of the growth of the mobile devices, malwares for the mobile devices also tend to increase and become more dangerous. Because embedded Linux is one of the advanced OSes on mobile devices, a solution to preventing malwares from infecting and destroying embedded Linux will be needed. We present a scheme using signature verification for embedded Linux that prevents executallle-Infecting malwares. The proposed scheme works under collaboration between mobile devices and a server. Malware detection is delegated to the server. In a mobile device, only integrity of all executables and dynamic libraries is checked at kernel level every time by kernel modules using LSM hooks just prior to loading of executables and dynamic libraries. All procedures in the mobile devices are performed only at kernel level. In experiments with a mobile embedded device, we confirmed that the scheme is able to prevent all executable-Infecting malwares while minimizing damage caused by execution of malwares or infected files, power consumption and performance overheads caused by malware check routines.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.15 no.2
• /
• pp.1-7
• /
• 2015

As recent smartphone is used around the world, all of the subscribers of the mobile communication is up to 47.7% about 24 million people. Smartphone has a vulnerability to security, and security-related incidents are increased in damage with the smartphone. However, precautions have been made, rather than analysis of the infection of most of the damage occurs after the damaged except for the case of the expert by way of conventional post-countermeasure. In this paper, we implement a mobile-based malware analysis systems apply a virtualization technology. It is designed to analyze the behavior through it. Virtualization is a technique that provides a logical resources to the guest by abstracting the physical characteristics of computing resources. The virtualization technology can improve the efficiency of resources by integrating with cloud computing services to servers, networks, storage, and computing resources to provide a flexible. In addition, we propose a system that can be prepared in advance to buy a security from a user perspective.

• The KIPS Transactions:PartB
• /
• v.16B no.5
• /
• pp.427-434
• /
• 2009

With the rapid evolution of the Internet and mobile environments, text including spelling errors such as newly-coined words and abbreviated words are widely used. These spelling errors make it difficult to develop NLP (natural language processing) applications because they decrease the readability of texts. To resolve this problem, we propose a spelling error correction model using a spelling error correction dictionary and a newspaper corpus. The proposed model has the advantage that the cost of data construction are not high because it uses a newspaper corpus, which we can easily obtain, as a training corpus. In addition, the proposed model has an advantage that additional external modules such as a morphological analyzer and a word-spacing error correction system are not required because it uses a simple string matching method based on a correction dictionary. In the experiments with a newspaper corpus and a short message corpus collected from real mobile phones, the proposed model has been shown good performances (a miss-correction rate of 7.3%, a F1-measure of 97.3%, and a false positive rate of 1.1%) in the various evaluation measures.

• KIPS Transactions on Software and Data Engineering
• /
• v.2 no.9
• /
• pp.589-594
• /
• 2013

As the concept of web characteristics represented by openness and mind sharing grows more and more popular, device log data generated by both users and developers have become increasingly complicated. For such reasons, a log data processing mechanism that automatically produces meaningful data set from large amount of log records have become necessary for mobile device UX(User eXperience) analysis. In this paper, we define the attributes of to-be-analyzed log data that reflect the characteristics of a mobile device and collect real log data from mobile device users. Along with the MapReduce programming paradigm in Hadoop platform, we have performed a mobile device User eXperience analysis in a distributed processing environment using the collected real log data. We have then demonstrated the effectiveness of the proposed analysis mechanism by applying the various combinations of Map and Reduce steps to produce a simple data schema from the large amount of complex log records.