• Journal of Convergence Society for SMB
• /
• v.5 no.3
• /
• pp.21-26
• /
• 2015

As mobile contents grow up, In App Billing is brisk at applications including mobile contents. But some of users don't pay and use charged content for free to use cheating payment module or hacking through applications. Call this bypass payment. Applications, helping bypass, are Freedom, IAP Cracker, and DNS server suggested by the hacker named Borodin. In case of mobile game, Despite sell a lot of charged content but income is different revenue in sales log with real profits. Because of users using bypass payment application. Management plan to bypass payment are checking OrderID, encrypting public key and verifying receipt.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2010.10a
• /
• pp.125-128
• /
• 2010

Linux server offers various kinds of service including web, FTP, and SSH. The users of these kinds of service are trying to hack by making use of it. That’s why some countermeasures are required for the security of the server. In this thesis, each type of service log of multiple Linux server was analyzed, and a solution was developed to monitor and control the multiple Linux server system not based on Linux but based on Windows.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.38B no.12
• /
• pp.937-943
• /
• 2013

Internet Explorer is the popular internet browser the most in domestic. In some version of Internet Explorer, user information could be leaked cause CORS(Cross-Origin Resource Sharing) Internet Explorer support. Different before, without setup a malicious program, attacker can get the user information even account information, credit card usage list and user information with SNS or internet portal site logged in regardless of secure program. Not only Internet Explorer but also mobile browser, it could be. In this paper, we make study of the potential disclosure of user information by attack using CORS, second attack and the way to improvement of vulnerability of CORS.

• 한국정보교육학회:학술대회논문집
• /
• 2006.08a
• /
• pp.263-268
• /
• 2006

토론학습시 보다 자발적인 아동의 참여를 향상시킬 수 있는 웹토론시스템은 시간의 편의성을 제공하고 학습자간의 상호작용을 활발하게 한다. 그러나 기존 웹토론시스템은 능숙한 자판사용능력과 물리적인 교육적 환경을 요구한다. Wiki는 하와이어로 '빨리'라는 뜻으로 누구나 '자유롭게' 정보와 지식을 편집할 수 있는 동적 프로그래밍 도구이다. Wiki를 사용하여 기존의 웹토론시스템의 단점을 보안한 본 시스템의 목적은 학습자의 자발적인 토론참여와 토론학습에 대한 흥미를 유발하는 것이다. 본 시스템의 특징은 다음과 같다. 첫째, 본 시스템은 웹토론에 대한 학생들의 흥미를 높일수 있다. 즉 누구나 관리자가 될 수 있는 기능을 이용해서 학생들의 흥미를 유발하였기 때문이다. 둘째, Wiki 웹토론시스템은 기존의 웹토론시스템보다 사용이 편리하여 학생의 참여도를 향상시키고 토론학습에 대한 관심을 증대시킬 수 있다. 기존의 웹토론시스템은 회원가입을 해야하고 로그인을 해야만 토론학습에 참여할 수 있지만 본 시스템은 웹페이지접속만으로도 가능하게 하였다. 셋째, Wiki 웹토론시스템은 웹토론를 학습하는 과정을 공개하여 올려지는 자료나 다른 사람의 의견을 통해 지식공유를 가능하게 한다. 즉, 자신이 찾은 주장의 근거을 찾는 과정에서나 또 그 근거를 통해 새로운 지식을 알게 되고 본 시스템에서 의견을 개진하고 다른 사람의 의견의 근거를 살펴보면서 지식을 공유하게 한다.

• Journal of the Korea Society of Computer and Information
• /
• v.10 no.1 s.33
• /
• pp.27-34
• /
• 2005

Current security reinforcement systems are Passive defense system that only blocks filter to all traffic from the attacker. So, Those are weak re-attack and Stepping Stones attack because active response about attacker is lacking. Also, present techniques of traceback need much time and manpower by log information collection and trace through the personal inspection and active response is lacking. In this paper, We propose technique for TCP connection traceback that can apply in present internet and trace to inserted marking on IP header to correspond re-attack and Stepping Stones attack. Therefore, Proposed technique is unnecessary correction of existing network component and can reduce size of marked information and overhead of resources.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2002.05a
• /
• pp.490-493
• /
• 2002

Many servers that is operated in present earth are UNIX base, is trend that server of LINUX base is increasing steadily recently. When users who have account to this server wish to do remote access, instruction that use most easily is‘telnet’, security does not consist entirely about ID and password that this uses at communication substance as well as login. The interest about latest SSH is rising by the alternative, but SSH has various kinds problem in following telnet's fame. Therefore, We studied about problems and the solution that can happen when window users attempted remote access laying stress on OpenSSH.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2002.05a
• /
• pp.498-501
• /
• 2002

In the process of Log-In to the system, clear User authentication is the beginning of the information protection service. In the open communication system of today, it is true that a password as security instrument and the inner mechanism of the system and cryptography algorithm for the support of this are also poor. For this reason, this dissertation had a final aim to design the user authentication system, which offer the accuracy and safety. It used RSA and CBC mode of DES as cryptography algorithm and used the Challenge-Response scheme at a authentication protocol and designed the User authentication system to which user access using one time password, output of token to guarantee the safety of the authentication protocol. Alto by using the Public key cryptography algorithm, it could embody the more safe User authentication system.

• KSCI Review
• /
• v.15 no.1
• /
• pp.53-64
• /
• 2007

Avoid at damage systems in order to avoid own IP address exposure, and an invader does not attack directly a system in recent hacking accidents at these papers, and use Stepping stone and carry out a roundabout attack. Use network audit Policy and use a CIS, AIAA technique and algorithm, the Sleep Watermark Tracking technique that used Thumbprints Algorithm, Timing based Algorithm, TCP Sequence number at network bases, and Presented a traceback system at TCP bases at log bases, and be at these papers Use the existing algorithm that is not one module in a system one harm for responding to invasion technology develop day by day in order to supplement the disadvantage where is physical logical complexity of configuration of present Internet network is large, and to have a fast technology development speed, and presentation will do an effective traceback system.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2015.04a
• /
• pp.404-405
• /
• 2015

최근 IT기술과 인터넷의 발전으로 시간과 공간에 제한을 두지 않고 업무를 처리해야 하는 상황으로 업무환경이 급격히 변화되고 있다. 특히 기업에서는 외부 네트워크와 정보교환의 필요성이 증가되었고, 구성원들의 잦은 외근, 출장 등 사무실 밖에서 업무를 처리하는 비중이 높아져, 내부뿐만 아니라 외부와의 정보공유를 하는데 있어 안전한 네트워크 구조를 요구하고 있다. 외부에서 효율적이고 안전하게 내부시스템에 접속할 수 있게 사용되는 것이 VPN(가상사설망: Virtual Private Network)으로, 기관 및 기업에서 VPN을 지속적으로 도입하여 운영하고 있다. 하지만 VPN에 인증이 성공되면 다양한 업무시스템에 접근이 용이하기 때문에, 악의적인 사용자로부터 정보유출이 손쉽게 이루어질 수 있다. 따라서 본 연구에서는 사용되고 있는 VPN에 대해 관리가 잘 이루어지는지 확인하는 실태점검 리스트를 제시하고, VPN에 대한 정보유출방지 모니터링을 위해 VPN의 접속로그를 분석하여 정보유출 보안위협행위를 탐지할 수 있는 시나리오를 도출하고자 한다.

• KIPS Transactions on Computer and Communication Systems
• /
• v.8 no.1
• /
• pp.9-16
• /
• 2019

Smartphones are becoming a portable computer. As a result, even the most sensitive financial application services are now available anywhere on the smartphone. Compared to general PCs, smartphones communicate with external devices through various channels such as wireless internet, mobile communication network, Bluetooth, and NFC, and a wide variety of applications are provided. Therefore, if vulnerabilities exist, the possibility of attack damage increases. In this paper, we analyze the vulnerabilities of dynamic virtual keyboards used in login of banking apps of smartphones with various physical constraints and propose countermeasures.