• Journal of the Korea Society of Computer and Information
• /
• v.20 no.1
• /
• pp.143-151
• /
• 2015

Biometric technology has been proposed as a new means to replace conventional PIN or password because it is hard to be lost and has the low possibility of illegal use. However, unlike a PIN, password, and personal information there is no way to modify the exposure if it is exposed and used illegally. Therefore, the existing single modality with single biometrics is critical when it expose. However in this paper, we use a multi-modality and multi-biometrics to authenticate between users and TTP or between users and financial institutions. Thereby, we propose a more reliable method and compared this paper with existed methods about security and performance in this paper.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.20 no.6
• /
• pp.157-169
• /
• 2010

As the information society changes into the ubiquitous computing society, the importance of information security has increased. Governments and enterprises are carrying out various information security activities to operate their information asset effectively. Since 2006, the Korean government has implemented 'Advance Diagnosis' policy to analyze the vulnerability of the information security from the early stage of the information system development to secure the information stability. This study proposes an analyzing framework for the economic effects of Advance Diagnosis for Information Security and presents an illustrative application em a real Advance Diagnosis case. The results of this study can be applied to secure the economic justification of government policies for the security of information systems.

• The Journal of Information Systems
• /
• v.24 no.2
• /
• pp.209-240
• /
• 2015

Purpose This study investigates the relationships between various attributes of smart banking (convenience, security, convergence, and economy), user features (familiarity and innovativeness), perceived usefulness, trust, satisfaction, and continuance intentions and provides a comparison of Google's Android OS and Apple's iOS. Design/methodology/approach We considered a sample of 245 respondents and used structural equation modeling to analyze the data. Findings The results indicate that convergence and familiarity significantly affected perceived usefulness and that security and economy significantly affected perceived trust in smart banking services. The relationships of security, economy, and innovativeness to perceived usefulness and those of convenience and familiarity to perceived trust were stronger for the Android OS than for iOS. The study contributes by proposing an integrated framework and providing a comparison between the Android OS and iOS in the context of smart banking.

• The Journal of Society for e-Business Studies
• /
• v.9 no.3
• /
• pp.227-241
• /
• 2004

With the expansion of internet usage and the advanced technology for information and communication, the international e-Trade environment gradually migrates from the VAN/EDI to the global Internet-based e-Traed on an ebXML framework. In an effort to provide a Internet-based e-Trade environment with a security and trust, this paper analyzes security components and proposed the SSL and ebXML security technologies in order to assure of the trust and security over Internet-based e-Trade. In addition, this paper presents 3-phase methodology to realize the secure and trustworthy Internet-based e-Trade. In summary, as the first phase, the e-Trade business processes are re-engineered and the digital signature council for mutual recognition is orgainzed. And as the second phase, the Internet-based e-Trade system and the concerned digital signature technology are implemented. Finally as third phase, the PKI mutual recognition agreement is signed by parties concerned and then the Internet-based e-trade business is started. Furthermore, this paper presents the promising Internet-based e-Trade models where the digital signature can be applied.

• Convergence Security Journal
• /
• v.11 no.6
• /
• pp.67-72
• /
• 2011

A system that provides a ubiquitous service is a networked system that has to overcome their circumstances that the service survivability is weak. the survivability of a networked system is defined as an ability of the system that can offer their services without interruption, regardless of whether components comprising the system are under failures, crashes, or physical attacks. This paper presents an approach that end users can obtain a quantitative evaluation of U-service survivability to reflect intended cyber attacks causing the networked system to fall into byzantine failures in addition to the definition of the survivability. In this paper, a Jini system based on wireless local area networks is used as an example for quantitative evaluation of U-service survivability. This paper also presents an continuous time markov chain (CTMC) Model for evaluation of survivability of U-service that a Jini system provides, and an approach to evaluate the survivability of the U-service as a blocking probability that end users can not access U-services.

• Convergence Security Journal
• /
• v.13 no.3
• /
• pp.17-23
• /
• 2013

Clustering is required to configure clustering interdependent structural technology. Clustering handles variable workloads or impede continuity of service to continue operating in the event of a failure. Long as high-availability clustering feature focuses on server operating systems. Active-standby state of two systems when the active server fails, all services are running on the standby server, it takes the service. This function switching or switchover is called failover. Long as high-availability clustering feature focuses on server operating systems. The cluster node that is running on multiple systems and services have to duplicate each other so you can keep track of. In the event of a node failure within a few seconds the second node, the node shall perform the duties broken. Structure for high-availability clustering efficiency should be measured. System performance of infrastructure systems performance, latency, response time, CPU load factor(CPU utilization), CPU processes on the system (system process) channels are represented.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.5
• /
• pp.803-813
• /
• 2013

As the developments of smart devices and social network services, the amount of data has been exploding. The world is facing Big data era. For these reasons, the Big data processing technology which is a new technology that can handle such data has attracted much attention. One of the most representative technologies is Hadoop. Hadoop Distributed File System(HDFS) designed to run on commercial Linux server is an open source framework and can store many terabytes of data. The initial version of Hadoop did not consider security because it only focused on efficient Big data processing. As the number of users rapidly increases, a lot of sensitive data including personal information were stored on HDFS. So Hadoop announced a new version that introduces Kerberos and token system in 2009. However, this system is vulnerable to the replay attack, impersonation attack and other attacks. In this paper, we analyze these vulnerabilities of HDFS security and propose a new protocol which complements these vulnerabilities and maintains the performance of Hadoop.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.2
• /
• pp.373-381
• /
• 2017

Currently, various types of user authentication methods based on public certificates are used in domestic financial transactions. Such an authorized certificate method has a problem that a different security module must be installed every time a user connects an individual financial company to a web server. Also, the financial company relying on this authentication method has a problem that a new security module should be additionally installed for each financial institution whenever a next generation authentication method such as biometric authentication is newly introduced. In order to solve these problems, we propose an integrated authentication system that handles user authentication on behalf of each financial institution in financial transactions, and proposes an integrated authentication protocol that handles secure user authentication between user and financial company web server. The new authentication protocol is a modified version of OAuth2.0 that increases security and efficiency. It is characterized by performing a challenge-response protocol with a pre-shared secret key between the authentication server and the financial company web server. This gives users a convenient and secure Single Sign-On (SSO) effect.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.6
• /
• pp.1225-1234
• /
• 2019

The security of the firmware is more important because embedded devices have become popular. Network devices such as routers can be attacked by attackers through web application vulnerabilities in embedded firmware. Therefore, they must be found and removed quickly. The Firmadyne framework proposes a dynamic analysis method to find vulnerabilities after emulating firmware. However, it only performs vulnerability checks according to the analysis methods defined in the tool, thus limiting the scope of vulnerabilities that can be found. In this paper, fuzzing is performed in emulation-based environment through fuzzing, one of the software security test techniques. We also propose a Fabfuzz tool for efficient emulation based fuzzing. Experiments have shown that in addition to the vulnerabilities identified in existing tools, other types of vulnerabilities have been found.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.17 no.6
• /
• pp.77-87
• /
• 2007

It will need a quite long time to replace IPv4 protocol, which currently used, with IPv6 protocol completely, thus we will use both IPv4 and IPv6 together in the Internet during the period. For coexisting protocols, IETF standardized various IPv4/IPv6 transition mechanisms. However, new security problems of IPsec adaptation and IPv6 packet filtering can be raised by tunneling mechanism which mainly used in transition mechanisms. To resolve these problems, we suggested two improved schemes for packet filtering functions, which consists of an inner header filtering scheme and a dedicated filtering scheme for IPv4/IPv6 transition mechanisms. Also we implemented our proposed schemes based on Linux Netfilter framework, and we tested their filtering functions and evaluated experimental performance of our implementation on IPv4/IPv6 transition testbed. These evaluation tests indicated that our improved packet filtering functions can solve packet filtering problems of IPv4/IPv6 transition mechanisms without severely affecting system performance.