• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.15 no.4
• /
• pp.29-38
• /
• 2005

Because IEEE 802.11 has several security vulnerabilities, IEEE 802.11i was proposed and accepted. But IEEE 802.11i has much overhead for most of users for the web surfing. Besides not only node the authentication but also the packet authentication is needed to communicate. Although IEEE 802.11i uses TKIP(Temporal Key integrity Protocol) and CCMP(CTR with CBC-MAC Protocol), they have a lot of overheads. In this paper, Lightweight Packet Authentication(LIPA) is proposed. LIPA has less overhead and short delay so that it can be affordable for simple web-surfing which does not need stronger security. After comparing performances of LIPA with those of TKIP and CCMP, LIPA is more efficient than other schemes for transmitting packets.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.21 no.5
• /
• pp.181-195
• /
• 2011

There's a controversy about an invasion of privacy which includes a leakage of private information and linking of user's behavior on internet. Although many solutions for this problem are proposed, we think anonymous authentication, authorization, and payment mechanism is the best solution for this problem. In this paper, we propose an effective anonymity-based method that achieves not only authentication but also authorization. Our proposed method uses anonymous qualification certificate and group signature method as an underlying primitive, and combines anonymous authentication and qualification information. An eligible user is legitimately issued a group member key pair through key issuing process and issued some qualification certificates anonymously, and then, he can take the safe and convenience web service which supplies anonymous authentication and authorization. The qualification certificate can be expanded according to application environment and it can be used as payment token.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.42 no.2
• /
• pp.349-357
• /
• 2017

Many Web sites adopt SMS(Short Message Service)-based user authentication when a user loses her password or approves an online payment. In SMS-based authentication, the authentication server sends a text in plaintext to a user's phone, and it allows an attacker who eavesdrops or intercepts the text to impersonate a valid user(victim). We propose a challenge-response scheme to prove to the authentication server that a user is in a certain place at the moment with her smartphone beside her. The proposed scheme generates a response using a challenge by the server, user's current location, and a secret on the user's smartphone all together. Consequently, the scheme is much more secure than SMS-based authentication that simply asks a user to send the same text arrived on her phone back to the server. In addition to entering the response, which substitutes the SMS text, the scheme also requests a user to input a passphrase to get the authentication process started. We believe, however, the additional typing should be tolerable to most users considering the enhanced security level of the scheme.

• Journal of Digital Convergence
• /
• v.14 no.4
• /
• pp.201-208
• /
• 2016

Recently, non-standard techniques of web like Active-X caused not only user inconvenience but also barriers to the business of Internet. The government recognized that the serious environmental situation of using Internet is needed to be improved. Especially, HTML5 convergence technology is meant to be a specific platform over the devices, users, and systems. It also means web standards to support more creative business service model and emerging market. In this paper, we performed a survey on Web standards compliance and web development professional level of domestic web developers. In addition, we present the basic direction of government policy of software and software-positive human resources policy, that is based on the analysis of the survey results. Our study will be able to contribute to construct policies to support digital convergence industry and to strengthen technical assistance and expertise to build training programs for the spread of global Web standards (HTML5).

• Journal of Nutrition and Health
• /
• v.47 no.2
• /
• pp.145-156
• /
• 2014

Purpose: The purpose of this study was to establish accreditation systems of reliable educational materials for nutrition and dietary life which could be used in schools, workplace, and health promotion. Methods: The study was conducted from April 2011 to October 2011. Literature reviews, institutional visits, and telephone interviews were conducted. Expert meetings and advisory councils were held in order to receive feedback on development of the accreditation systems. A survey was conducted for the accreditation procedures on 143 professionals, including professors, researchers, health and medical experts, teachers, nutrition teachers, dietitians, and clinical nutritionists. Results: The final procedure of the developed accreditation system was finalized as follows: 1) receiving application twice per year 2) complete desk review (written evaluation) by three reviewers within two months, 3) board review (all board members) and decision, and 4) notification of results. The accreditation system is set for printed materials, web-site, and materials for activities. The certificate and accreditation mark is issued to the final certified educational materials. Expiration date is established only for the web-site form. The accreditation length lasts for two years, and can be extended by renewal application. Conclusion: The dietary and nutrition related materials, which are certificated by this accreditation system, could impart reliable information and knowledge to both learners and educators, and help them in effective selection of educational materials. Therefore, this accreditation system might be expected to increase satisfaction for teaching and learning about nutrition and healthy dietary life.

• Convergence Security Journal
• /
• v.12 no.1
• /
• pp.17-25
• /
• 2012

SQL Injection techniques disclosed web hacking years passed, but these are classified the most dangerous attac ks. Recent web programming data for efficient storage and retrieval using a DBMS is essential. Mainly PHP, JSP, A SP, and scripting language used to interact with the DBMS. In this web environments application does not validate the client's invalid entry may cause abnormal SQL query. These unusual queries to bypass user authentication or da ta that is stored in the database can be exposed. SQL Injection vulnerability environment, an attacker can pass the web-based authentication using username and password and data stored in the database. Measures against SQL Inj ection on has been announced as a number of methods. But if you rely on any one method of many security hole ca n occur. The proposal of four levels leverage is composed with the source code, operational phases, database, server management side and the user input validation. This is a way to apply the measures in terms of why the accident preventive steps for creating a phased step-by-step response nodel, through the process of management measures, if applied, there is the possibility of SQL Injection attacks can be.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2008.10a
• /
• pp.850-853
• /
• 2008

As th Internet grew rapidly, the Electronic Commerce that is based on Internet increased. The Electronic Commerce is unsubstantial in the mutual authentication between the parties and a commerce As a solution to this issue, a Web server uses a Client Message technology. The purpose of Client Message is to validate the user and the electronic commercial transaction. Further, it increases efficiency and offers several ability at various purposes. However, the Client Message is transferred and stored as an unencrypted text file, the information can be exposed easily to the network threats, end system threats, and Client Message harvesting threats. In this paper designed by used crypto algorithm a Secure Message as a solution to the issue have proposed above. Further, designed a security service per Network transmitting message to transfer client's user input information to a Web server safety.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2011.10a
• /
• pp.241-244
• /
• 2011

Recently, Due to development of Internet techniques, user suddenly increased that Used of Web services and with out constraints of place and time has been provided. typically, Web services used ID/Password authentication. User confirmed personal data Stored on Web servers after user authorized. web service provider is to provide variety security techniques for the protection personal information. However, recently accident has happened is the malicious attackers may capture user information such as users entered personal information through new keyboard hooking. In this paper, we propose a keyboard hooking protected password input method using CAPTCHA. The proposed password input method is based on entering the password using mouse click or touch pad on the CAPTCHA image. The mapping of CAPTCHA image pixels is random.

• KIPS Transactions on Computer and Communication Systems
• /
• v.4 no.1
• /
• pp.31-36
• /
• 2015

As web accessibility has been easier, security issue becomes much more important in web applications demanding user authentication. Cookie is used to reduce the load of the server from the session in web applications and manage the user information efficiently. However, the cookie containing user information can be sniffed by an attacker. With this sniffed cookie, the attacker can retain the web application session of the lawful user as if the attacker is the lawful user. This kind of attack are called cookie replay attack and it causes serious security problems in web applications. In this paper, we have introduced a mechanism to detect cookie replay attacks and defend them, and verified effectiveness of the mechanism.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.33 no.6C
• /
• pp.520-528
• /
• 2008

At present Content Management Systems (CMS) with various and diverse web contents have been in wide applications. But, for CMS of each enterprise has its own metadata which is very different from others, it causes the serious problem of web contents repetition. Also, it's a difficult technology to support protecting copyright of web contents which are in separated CMSs. Therefore, in this paper, we solved the problem of contents repetition through metadata integration between mutually heterogeneous CMSs. We also propose the technology of web contents authentication code for avoiding contents repetition and applying digital rights protection by supporting safe ship in vast quantity of contents.