• Proceedings of the Korea Information Processing Society Conference
• /
• 2023.05a
• /
• pp.621-623
• /
• 2023

전자금융거래 시장이 활발해지며 이에 따라 신용 카드 이상 거래가 증가하고 있다. 따라서 많은 금융 기관은 신용 카드 이상 거래 탐지 시스템을 사용하여 신용 카드 이상 거래를 탐지하고 개인 피해를 줄이는 등 소비자를 보호하기 위해 큰 노력을 하고 있으며, 이에 따라 높은 정확도로 신용 카드 이상 거래를 탐지할 수 있는 실시간 자동화 시스템에 대한 개발이 요구되었다. 이에 본 논문에서는 머신러닝 기법 중 부스팅 알고리즘을 사용하여 더욱 정확한 신용 카드 이상 거래 탐지 시스템을 제안하고자 한다. XGBoost, LightGBM, CatBoost 부스팅 알고리즘을 사용하여 보다 정확한 신용 카드 이상 거래 탐지 시스템을 개발하였으며, 실험 결과 평균적으로 정밀도 99.95%, 재현율 99.99%, F1-스코어 99.97%를 취득하여 높은 신용 카드 이상 거래 탐지 성능을 보여주는 것을 확인하였다.

• Proceedings of the Korean Information Science Society Conference
• /
• 2004.10b
• /
• pp.316-318
• /
• 2004

현재 정보보호시스템의 에러로 않은 피해를 입고 있다. 특히 고 보안성이 요구되는 시스템에서의 정보 누출이 심각한 문제가 되고 있는데 이러한 시스템의 예로 스마트카드가 있다. 스마트카드는 오랜 시간 축적된 경험과 연구로써 그 보안성이 특히 우수하다고 할 수 있다. 그러나 애플리케이션 내에서 그리고 애플리케이션간의 정보흐름의 보안성은 보장되지 않는다. 따라서 개인 정보 누출의 위협이 존재한다. 소스프로그램 차원에서 보안적 정보흐름을 검사하는 연구들이 많이 진행되어 왔고 자동도구인 모델체커를 이용하는 연구들도 정차 증가하고 있다. 이런 연구들의 연장선상에서 본 논문에서는 SMV 모델체커를 이용해 자바 바이트 코드에 대한 정보흐름의 보안성을 검사하는 방법을 보인다.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2010.11a
• /
• pp.1090-1093
• /
• 2010

인터넷의 급격한 발전과 이용자의 증가로 인터넷은 이미 우리 사회에서 없어서는 안 될 중요한 요소가 되었다. 이러한 인터넷의 발달은 IT산업의 핵심요소가 되었으며 그 중요성이 점점 부각되고 있다. 특히 무선 네트워크는 다양한 단말기(노트북, PDA, 스마트폰)가 대중화되었고 이를 지원하는 표준이 만들어졌으며, 무선 네트워크 사용지역의 확대로 인하여 언제 어디에서나 정보환경에 가까이 접근할 수 있는 여건이 마련되었다. 그러나 이동성이 좋고 편리한 무선 네트워크의 장점의 이면에는 개인정보가 유출될 수 있는 치명적인 문제점들이 드러나기 시작했는데, 케이블을 사용하는 유선환경과는 달리 무선환경에서는 전파를 이용하여 통신하는 점을 악용하여 무선 AP를 도청하거나 패킷을 스니핑하여 개인정보를 유출하는 사례가 빈번하게 일어나고 있다. 본 논문에서는 현재 사용되고 있는 무선 네트워크의 기술표준을 분석해보고 실제 무선환경에서 개인정보가 얼마나 쉽게 노출될 수 있는가를 알아보기 위해 제작한 사설 안테나를 사용하여 무선 AP의 신호를 가로채 패킷을 분석하는 방법을 시연한다. 또한 안테나 각각의 지름을 달리하여 신호강도의 차이가 얼마나 있는지 분석하고, 개인정보를 보호하기 위한 방법을 제시한다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.2
• /
• pp.233-240
• /
• 2017

Fingerprint authentication identifies individuals based on user specific information. It is widely used as it is convenient, secure and has no risk of leakage, loss, or forgotten. However, the latent fingerprints remaining on the smart device's surface are vulnerable to smudge attacks. We analyze the usage patterns of individuals using smart device and propose methods to reconstruct damaged fingerprint images using fingerprint smudges. We examine the feasibility of smudge attacks with frequent usage situations by reconstructing fingerprint smudges collected from touch screens. Finally, we empirically verify the vulnerability of fingerprint authentication systems by showing high attack rates.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.4
• /
• pp.827-839
• /
• 2012

A cell phone is very close to the user and therefore should be considered in digital forensic investigation. Recently, the proportion of smartphone owners is increasing dramatically. Unlike the feature phone, users can utilize various mobile application in smartphone because it has high-performance operating system (e.g., Android, iOS). As acquisition and analysis of user data in smartphone are more important in digital forensic purposes, smartphone forensics has been studied actively. There are two way to do smartphone forensics. The first way is to extract user's data using the backup and debugging function of smartphones. The second way is to get root permission, and acquire the image of flash memory. And then, it is possible to reconstruct the filesystem, such as YAFFS, EXT, RFS, HFS+ and analyze it. However, this methods are not suitable to recovery and analyze deleted data from smartphones. This paper introduces analysis techniques for fragmented flash memory pages in smartphones. Especially, this paper demonstrates analysis techniques on the image that reconstruction of filesystem is impossible because the spare area of flash memory pages does not exist and the pages in unallocated area of filesystem.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.4
• /
• pp.757-766
• /
• 2013

The Malicious code that targets Android is growing dramatically as the number of Android users are increasing. Most of the malicious code have an intention of leaking personal information. Recently in Korea, a malicious code 'chest' has appeared and generated monetary damages by using malicious code to leak personal information and try to make small purchases. A variety of techniques to detect personal information leaks have been proposed on Android platform. However, the existing techniques are hard to apply to the user's smart-phone due to the characteristics of Android security model. This paper proposed a technique that detects and blocks file approaches and internet connections that are not allowed access to personal information by using the system call hooking in the kernel and white-list based approach policy. In addition, this paper proved the possibility of a real application on smart-phone through the implementation.

• Korea Trade Review
• /
• v.48 no.3
• /
• pp.243-262
• /
• 2023

This study provides a systematic review of smart trade contracts, examining the research trends and theoretical background of utilizing smart contracts and blockchain technology for the digitalization and automation of trade contracts. Smart trade contracts are a concept that applies the automated contract system based on blockchain to trade-related transactions. The study analyzes the technical and legal challenges and proposes solutions. The technical aspect covers the development of smart contract platforms, scalability and performance improvements of blockchain networks, and security and privacy concerns. The legal aspect addresses the legal enforceability of smart contracts, automatic execution of contract conditions, and the responsibilities and obligations of contract parties. Smart trade contracts have been found to have applications in various industries such as international trade, supply chain management, finance, insurance, and energy, contributing to the ease of trade finance, efficiency of supply chains, and business model innovation. However, challenges remain in terms of legal regulations, interaction with existing legal frameworks, and technological aspects. Further research is needed, including empirical studies, business model innovation, resolution of legal issues, security and privacy considerations, standardization and collaboration, and user experience studies to address these challenges and explore additional aspects of smart trade contracts.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.21 no.7
• /
• pp.1393-1400
• /
• 2017

As the number of smartphone users increases, vulnerability to privacy protection is increasing. This is because personal information is stored on various servers connected to the Internet and the user is authenticated using the same ID and password. Authentication methods such as OTP, FIDO, and PIN codes have been introduced to solve traditional authentication methods, but their use is limited for authentication that requires sharing with other users. In this paper, we propose the authentication method that is needed for the management of shared information such as hospitals and corporations. The proposed algorithm is an algorithm that can authenticate users in the same place in real time using smart phone IMEI, QR code, BLE, push message. We propose an authentication algorithm that can perform user authentication through mutual cooperation using a smart phone and can cancel realtime authentication. And we designed and implemented a mutual authentication system using proposed algorithm.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.24 no.6
• /
• pp.786-794
• /
• 2020

For systematic pet management, the pet registration system has established. It makes the owner of the pet is given greater responsibility through the pet registration system but it also provided with welfare. One of the advantages of the pet registration system is that prepare system what return to owner quickly and safety through information inquiry when the pets are lost. But there are some conflict with the law in the information inquiry, so it occurs interfere the system. In this paper, we propose using the Smart Contract to finding the missing animal effectively. Proposed method discloses only the partially information. Thus it will be eliminated conflict parts, and increases the information accessibility to increase the number of people who can inquiry information. In addition, keeping the RFID inquired feature for compatible with the existing system. The smart contract querying enables quickly and precision access to information. Lastly, compare the proposed method with existing method to see the improvement.

• Journal of KIISE
• /
• v.44 no.9
• /
• pp.918-931
• /
• 2017

Recently, the spread of smartphones and various wearable devices has led to increases in the accumulation and usage of personal information. As a result, privacy protection has become an issue. Even though there have been studies and efforts to improve legal and technological security measures for protecting privacy, personal information leakage accidents still occur. Rather than privacy requirements, analysts mostly focus on the implementation of security technology within software development. Previous studies of security requirements strongly focused on supplementing the basic principles and laws for privacy protection and securing privacy requirements without understanding the relationship between privacy and security. As a result, personal information infringement occurs continuously despite the development of security technologies and the revision of the Personal Information Protection Act. Therefore, we need a method for eliciting privacy requirements based on related privacy protection laws that are applicable to software development. We also should clearly specify the relationship between privacy and security. This study aims to elicit privacy requirements and create privacy assurances cases for Privacy Friendly System development.