• Proceedings of the KAIS Fall Conference
• /
• 2010.05a
• /
• pp.397-399
• /
• 2010

본 논문에서는 사용자의 원천 비밀정보의 직접적인 유출을 근본적으로 방지하고자, 사용자 스스로가 원천 비밀정보를 이용해 일회성의 가상 비밀정보를 생성, 키보드입력 및 화면 훔쳐보기와 리플레이 공격, 그리고 피싱 등의 공격으로부터 안전성을 보장할 수 있는 가상 비밀번호 입력 시스템을 제안한다.

• Proceedings of the Korean Information Science Society Conference
• /
• 2004.10a
• /
• pp.334-336
• /
• 2004

국내 전자상거래 제품과의 호환성과 확장성을 위하여 국내 전자서명 표준인 KCDSA(Korean Certificate-based Digital Signature Algorithm) 메커니즘을 PKCS(Public Key Cryptographic Standard) #11 암호 API(Application Programming Interface)에 기능을 추가한다. PKCS #11에서 정의한 키 관리(Hey Management) 함수의 입력 파라미터에 암호화할 키를 바로 입력하면 변조된 키를 전달할 수 있으므로, 본 논문에서는 안전한 키보호(Key Protection) 함수를 새로 정의하여 암호화할 키 대신 사용자 PIN(Personal Identification Number: 패스워드) 입력하여 사용자의 KCDSA 개인키와 공개키를 보다 더 안전하게 보관하고자 한다.

• Journal of Digital Convergence
• /
• v.17 no.2
• /
• pp.171-176
• /
• 2019

In modern times, many IoT products are being used as all things and devices are connected to the Internet and IoT products become easily accessible through the network. For the convenience of users, IoT products can be remotely operated automatically without manual operation. Various research and development are underway to improve the convenience of users by using IoT products. However, since only the convenience of the users is pursued, in terms of security, there is a serious problem that exposes the user's personal information. This paper has proposed a method to apply $moir{\acute{e}}$ technology to IoT products in order to improve the performance of security, and a method to increase the safety of IoT products using user face authentication based on shadow $moir{\acute{e}}$ as a $moir{\acute{e}}$ phenomenon method, and the projection $moir{\acute{e}}$. When comparing the existing IoT products and IoT products applied with $moir{\acute{e}}$ technology, IoT products applied with $moir{\acute{e}}$ technology are safer in terms of security.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2020.11a
• /
• pp.376-379
• /
• 2020

메신저 애플리케이션은 사용자의 채팅 로그나 전화번호와 같은 개인 정보를 데이터베이스에 저장하며, 비밀번호 관리 애플리케이션은 사용자의 비밀번호 정보를 데이터베이스에 저장한다. 따라서 사용자의 개인 정보들이 들어 있는 데이터베이스를 안전하게 보호하는 것은 매우 중요하다. 본 논문에서는 암호화된 데이터베이스를 복호화하기 위한 키를 저장하는 위치에 따라 애플리케이션을 분류하고, 각 경우 보안성이 어떻게 달라지는지에 관한 연구를 수행했다.

• Journal of rehabilitation welfare engineering & assistive technology
• /
• v.11 no.3
• /
• pp.119-126
• /
• 2017

In the clinical setting, the pressure bio-feedback device is used for the spinal rehabilitation of patients with back pain, but it has several disadvantages. The purpose of this study was to develop a digitalized pressure biofeedback system that provides precise exercise method and posture in real time during the spinal rehabilitation exercise by sensing and monitoring body movements and balance of users and providing biofeedback to users. After that, the usability testing for a digitalized pressure biofeedback system will be conducted to identify problems such as safety, performance, operability, and satisfaction, and suggest improvement directions. A total of 33 subjects were participated in the usability testing. The experts group and the users group evaluated the developed digitalized pressure biofeedback system on a scale of 5 points after using the equipment. In the user group, safety was 3.59, operability was 4.38, satisfaction was 4.49. In the expert group, safety was 2.86, operability was 3.91, and performance was 4.28. Based on the usability evaluation, if the problems of stability of the cradle for tablet PC, air injection, screen display, etc. are solved, it becomes a exercise device capable of accurately exercising and evaluating the function of the spine by checking its own motion state while the spinal stabilization exercise.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.34 no.4B
• /
• pp.377-386
• /
• 2009

IPTV technology for providing multimedia content with high-speed is the network which combines existing network, multimedia and internet technology etc. But internet, broadcasting and web technologies which is now being used is not optimized to IPTV because the security problem between user who gets content service through mobile units and content server is not guaranteed. This paper proposes user certification mechanism between mobile device and content server to receive the service which the user for the content chooses by mobile device safely. The proposed mechanism uses the random number which user creates and certification token for preventing illegal user who uses other's service that already paid. Also the proposed protocol encrypts the delicate data like user's information or profile using shared-key between java card attached on user's mobile device and grant sewer and then prevents reply attack which happens often in wireless section and man-in-the-middle attack by MAC.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.20 no.6
• /
• pp.1109-1122
• /
• 2016

Certificateless public key cryptography is a technique that can solve the certificate management problem of a public key cryptosystem and clear the key escrow issue of ID-based cryptography using the public key in user ID. Although the studies were actively in progress, many existing schemes have been designed without taking into account the safety of the secret value with the decryption key exposure attacks. If previous secret values and decryption keys are exposed after replacing public key, a valid private key can be calculated by obtaining the partial private key corresponding to user's ID. In this paper, we propose a new security model which ensures the security against the key exposure attacks and show that several certificateless public key encryption schemes are insecure in the proposed security model. In addition, we design a certificateless public key encryption scheme to be secure in the proposed security model and prove it based on the DBDH(Decisional Bilinear Diffie-Hellman) assumption.

• Journal of Digital Convergence
• /
• v.14 no.12
• /
• pp.201-208
• /
• 2016

The purpose of Email system is used to transmit important information between companies in today. But Email system has vulnerabilities such that changing email address of sender by attacker. So it is important to authenticate mail server and user using mail server. This paper proposed mail proxy located between mail servers that evaluate authority and authenticate sender and receiver. The proposed email platform has some functions to compose trusted domain and to authenticate mail servers in the domain. Also, if sender and recipient are valid users in mail system, each exchanges a key for confidentiality and the sender sends an e-mail encrypted with exchanged key to recipient. In this paper, we propose a key exchange scheme in proposed platform and verify this protocol using Casper which is the formal analysis tool. In the future research, we will study the overall platform of the domain configuration for the security of mail.

• The tire
• /
• s.246
• /
• pp.24-29
• /
• 2011

지식경제부 기술표준원에서는 2011.3.11일자로 자율안전확인대상 자동차용 타이어 안전기준 개정(안)을 입안 예고하였으며, 본고는 동 개정(안)의 취지 및 주요내용과 아울러 자동차용타이어가 품질관련 법규 "품질경영 및 공산품안전관리법" 상에서 어떻게 관리되는지에 대하여 요약한 것이다. 한편, 우리협회는 그간 국내타이어업계와 함께 기준치 이하의 저품질 타이어 유통 근절을 통한 타이어 사용자의 안전성 향상과 관련법규의 실효성 제고 차원에서 금번 타이어 안전기준 개정(안) 마련에 있어 적극 참여하여 왔다.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2006.05a
• /
• pp.869-872
• /
• 2006

일리노이 공대의 Gaia 프로젝트는 유비쿼터스 환경에서 컨텍스트 정보를 기반으로 사용자를 인증하고 어플리케이션에 대한 사용자의 접근 제어를 하는 Cerberus라는 프레임워크를 제안하였다. 그러나 Cerberus는 사용자의 식별 정보를 통해 접근 제어를 함으로써 생기는 문제점과 어플리케이션이 사용자의 접근 제어에 직접적으로 영향을 주는 문제점이 있다. 본 논문에서는 Cerberus의 문제점을 개선한 새로운 프레임워크를 제안한다. 이 프레임워크는RBAC(Role Based Access Control) 기반의 접근 제어 정책을 통한 안전성 항상 뿐만 아니라 어플리케이션에 대한 직접적인 접근 제어 봉쇄를 통해 정책 관리에 대한 일관성을 제공한다.