• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.40 no.3
• /
• pp.497-505
• /
• 2015

Existing Wi-Fi networks require users to follow network settings of the AP (Access Point), resulting in inconveniences for users, and the password of the AP is shared by all users connected to the AP, causing security information leaks as time goes by. We propose, in this work, a personalized secure Wi-Fi network, in which each user is assigned her own virtual Wi-Fi network. One virtual Wi-Fi per user makes the user-centric network configuration possible. A user sets a pair of her own SSID and password on her device a priori, and the AP publishes its public key in a suitable way. The AP also maintains an open Wi-Fi channel, to which users can connect anytime. On user's request, the user device sends a connection request message containing a pair of SSID and password encrypted with the AP's public key. Receiving the connection request message, the AP instantiates a new virtual AP secured with the pair of SSID and password, which is dedicated to that single user device. This virtual network is securer because the password is not shared among users. It is more convenient because the network adapts itself to the user device. Experiments show that these advantages are obtained with negligible degradation in the throughput performance.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.14 no.3
• /
• pp.1428-1438
• /
• 2013

Services take place in Internet environment, a formation of the trust relationship between user and service provider for services. Different authentication schemes such as using Certificate of Public Key Infrastructure authentication and using ID/PW for a simple user authentication have been proposed for trust relationship. In addition, in the case of electronic financial transactions, transaction integrity and non-repudiation features are provided. These services are provided in Internet environment, use various measures to ensure service safety. However, it was difficult to prevent attacks using existing security technology because of emergence of MITB attack that manipulate the memory area of the Web browser and social engineering attacks such as phishing/pharming, requires application of new security technologies became. In this paper, we propose a concept of smart secure-pad, and utilize it safely formed a trust relationship between user and service provider, a model has been proposed to ensure safety of data transmission. Proposed model's security evaluation results show security against to MITB attack and phishing/pharming that can't be prevent attack using existing security technology. In addition, service provider can easily apply the model in safe environment can provide Internet service using provided representative services applying the proposed model.

• Journal of KIISE
• /
• v.42 no.9
• /
• pp.1175-1184
• /
• 2015

Recently, there has been an explosive increase in the volume of multimedia data that is available as a result of the development of multimedia technologies. More and more data is becoming available on a variety of web sites, and it has become increasingly cost prohibitive to have a single data server store and process multimedia files locally. Therefore, many service providers have been likely to outsource data to cloud storage to reduce costs. Such behavior raises one serious concern: how can data users be authenticated in a secure and efficient way? The most widely used password-based authentication methods suffer from numerous disadvantages in terms of security. Multi-factor authentication protocols based on a variety of communication channels, such as SMS, biometric, or hardware tokens, may improve security but inevitably reduce usability. To this end, we present a data block-based authentication scheme that is secure and guarantees usability in such a manner where users do nothing more than enter a password. In addition, the proposed scheme can be effectively used to revoke user rights. To the best of our knowledge, our scheme is the first data block-based authentication scheme for outsourced data that is proven to be secure without degradation in usability. An experiment was conducted using the Amazon EC2 cloud service, and the results show that the proposed scheme guarantees a nearly constant time for user authentication.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.20 no.10
• /
• pp.1-6
• /
• 2019

As mobile technologies such as Internet of Things (IoT)-based smart homes and financial technologies (FinTech) are developed, authentication by smart devices is used everywhere. As a result, presence-based biometric authentication using smart devices has become a new mainstream in knowledge-based authentication methods like the existing passwords. The electrocardiogram (ECG) is less prone to forgery, and high-level personal identification is its unique feature from among various biometric authentication methods, such as the pulse, fingerprints, the face, and the iris. Biometric authentication using an ECG is receiving a great deal of attention due to its uses in healthcare and FinTech. In this study, we implemented an ECG authentication system that allows users to easily measure and authenticate their ECG waveforms using a miniaturized wearable device, rather than a large and expensive measurement device. The implemented ECG authentication system identifies ECG features through P-Q-R-S-T feature point identification, and was user-certified under the proposed authentication protocols. Finally, assessment of measurements in a majority of adult males showed a relatively low false acceptance rate of 1.73%, and a low false rejection rate of 4.14%, in a stable normal state. In a high-activity state, the false acceptance rate was 13.72%, and the false rejection rate was 21.68%. In a high-heart rate state, the false acceptance rate was 10.48%, and the false rejection rate was 11.21%.

• KIPS Transactions on Computer and Communication Systems
• /
• v.12 no.3
• /
• pp.111-118
• /
• 2023

Cyber attacks are increasing worldwide, and attacks on personal privacy such as CCTV and IP camera hacking are also increasing. If you search for IP camera hacking methods in spaces such as YouTube, SNS, and the dark web, you can easily get data and hacking programs are also on sale. If you use an IP camera that has vulnerabilities used by hacking programs, you easily get hacked even if you change your password regularly or use a complex password including special characters, uppercase and lowercase letters, and numbers. Although news and media have raised concerns about the security of IP cameras and suggested measures to prevent damage, hacking incidents continue to occur. In order to prevent such hacking damage, it is necessary to identify the cause of the hacking incident and take concrete measures. First, we analyzed weak account settings and web server vulnerabilities of IP cameras, which are the causes of IP camera hacking, and suggested solutions. In addition, as a specific countermeasure against hacking, it is proposed to add a function to receive a notification when an IP camera is connected and a function to save the connection history. If there is such a function, the fact of damage can be recognized immediately, and important data can be left in arresting criminals. Therefore, in this paper, we propose a method to increase the safety from hacking by using the connection notification function and logging function of the IP camera.

• Smart Media Journal
• /
• v.12 no.11
• /
• pp.27-35
• /
• 2023

Fourth Industrial Revolution and COVID-19 pandemic have boosted the use of Government 24 app for public service complaints in the era of non-face-to-face interactions. there has been a growing influx of complaints and improvement demands from users of public apps. Furthermore, systematic management of public apps is deemed necessary. The aim of this study is to analyze the grievances of Government 24 app users, understand the current dissatisfaction among citizens, and propose potential improvements. Data were collected from the Google Play Store from May 2, 2013, to June 30, 2023, comprising a total of 6,344 records. Among these, 1,199 records with a rating of 1 and at least one 'thumbs-up' were used for topic modeling analysis. The analysis revealed seven topics: 'Issues with certificate issuance,' 'Website functionality and UI problems,' 'User ID-related issues,' 'Update problems,' 'Government employee app management issues,' 'Budget wastage concerns ((It's not worth even a single star) or (It's a waste of taxpayers' money)),' and 'Password-related problems.' Furthermore, the overall trend of these topics showed an increase until 2021, a slight decrease in 2022, but a resurgence in 2023, underscoring the urgency of updates and management. We hope that the results of this study will contribute to the development and management of public apps that satisfy citizens in the future.