• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.20 no.4
• /
• pp.7-16
• /
• 2020

The mobile electronic notification service delivers notifications through mobile phone text or app-based message push to solve various problems of the paper-based mail service. And it is a service that an electronic document relay company proves to prove delivery. In order for public and administrative agencies to provide mobile electronic notification service, the user's identification information of the mobile phone number or the subscribed app is required. To overcome these limitations, ICT-regulated sandbox system was used to allow collective conversion of users' resident registration numbers into connecting information (CI). Therefore, in this paper, we propose a technical method for safe management of user CI in mobile electronic notice service, identity verification of electronic notice readers, and prevention of forgery and forgery of electronic notices. Through the proposed method, it is confirmed that the service can be activated by minimizing the adverse function of the mobile electronic notification service by securing the user's convenience and technical safety for the CI.

• Information Systems Review
• /
• v.25 no.4
• /
• pp.47-65
• /
• 2023

In this paper, we investigate how the online voting system can be a trust-based system from a technical perspective. Under four principles of voting, we finely evaluate the existing belief that offline voting is safer and more reliable than online voting based on procedural processes, technical principles. Many studies have suggested the ideas for implementing online voting system, but they have not attempted to strictly examine the technologies of online voting system from the perspective of voting requirements, and usually verification has been insufficient in terms of practical acceptance. Therefore, this study aims to analyze how the technologies are utilized to meet the demanding requirements of voting based on the technologies proven in the field. In addition to general data encryption, online voting requires more technologies for preventing data manipulation and verifying voting results. Moreover, high degree of confidentiality is required because voting data should not be exposed not only to outsiders but also to managers or the system itself. To this end, the security techniques such as Blind Signature, Bit Delegation and Key Division are used. In the case of blockchain-based voting, Mixnet and Zero-Knowledge Proof are required to ensure anonymity. In this study, the current status of the online voting system is analyzed based on the field system that actually serves. This study will enhance our understanding on online voting security technologies and contribute to build a more trust-based voting mechanism.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.20 no.8
• /
• pp.1466-1477
• /
• 2016

Public key infrastructure(PKI), principle technology of the certificate, is a security technology providing functions such as identification, non-repudiation, and anti-forgery of electronic documents on the Internet. Our government and financial organizations use PKI authentication using ActiveX to prevent security accident on the Internet service. However, like ActiveX, plug-in technology is vulnerable to security and inconvenience since it is only serviceable to certain browser. Therefore, the research on HTML5 authentication system has been conducted actively. Recently, domestic bank introduced PKI authentication complying with web standard for the first time. However, it still has inconvenience to register a certification on each website because of same origin policy of web storage. This paper proposes the certificate based SSO protocol that complying with web standard to provide user authentication using certificate on several sites by going around same origin policy and its security proof.

• Journal of the Korea Convergence Society
• /
• v.11 no.3
• /
• pp.27-35
• /
• 2020

The purpose of this study is to study the technical implementation methods to prevent problems such as the record of important educational activities of the student life record department or the continuous illegal leakage and manipulation. To this end, in this paper, by applying a private blockchain that can be participated only by a given organization or individual, it prevents outsiders from participating in the block network, and creates legitimate authority by creating two types of block data: student information block and access record block in the life record book. We proposed a block mechanism that can be registered, modified, and accessed only by authorized staff members. As a result, we have prepared an alternative to prevent forgery and alteration of the living records by third parties and to secure the integrity of the living records. If applied to the educational administrative information system, social consensus will be established that the operation and management of the life record book is reliable.

• The KIPS Transactions:PartC
• /
• v.16C no.5
• /
• pp.575-582
• /
• 2009

With all merits of electronic documents, there exist threats to the security such as illegal outflow, destroying, loss, distortion, etc. The techniques to protect the electronic documents against illegal forgery, alteration, removal are strongly requested. Even though various security technologies have been developed for electronic documents, most of them are emphasized to prevention of forgery or repudiation. This paper presents some problems in cryptography technologies currently used in the existing electronic document systems, and offer efficient methods to adopt cryptography algorithms to improve and secure the electronic document systems. To validate performance of the proposed random rearrangement method comparing with the existing cryptographies, basic elements have been compared, and it has been proved that the proposed method gives better results both in security and efficiency.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.7 no.4
• /
• pp.797-803
• /
• 2012

Recently demands in construction of the stand-alone networks and interconnection between convergence devices have led an increase in research on and much attention has been paid to the application of MANET as a Ubiquitous network which is growing fast. With performance both as hosts and routers, easy network configuration, and fast response, mobile nodes participating in MANET are suitable for Embedded computing, but have vulnerable points, such as lack of network scalability and dynamic network topology due to mobility, passive attacks, active attacks, which make continuous security service impossible. In this study, hashed AODV routing is used to protect from counterfeiting messages by malicious nodes in the course of path finding and setting, and disguising misrouted messages as different mobile nodes and inputting them into the network.

• Convergence Security Journal
• /
• v.15 no.2
• /
• pp.33-41
• /
• 2015

A safe Linux system for security enhancement should have an audit ability that prohibits an illegal access and alternation of data as well as trace ability of illegal activities. In addition, construction of the log management and monitoring system is a necessity to clearly categorize the responsibility of the system manager or administrator and the users' activities. In this paper, the Linux system's Security Log is analyzed to utilize it on prohibition and detection of an illegal protrusion converting the analyzed security log into a database. The proposed analysis allows a safe management of the security log. This system will contribute to the enhancement of the system reliability by allowing quick response to the system malfunctions.

• Journal of IKEEE
• /
• v.19 no.4
• /
• pp.610-616
• /
• 2015

In this paper, an electronic ID system satisfying security requirements of authentication certificate was designed using fingerprint recognition. The proposed electronic ID system generates a digital signature with forgery prevention, confidentiality, content integrity, and personal identification (=non-repudiation) using fingerprint information, and also encrypts, sends, and verify it. The proposed electronic ID system exploits fingerprint instead of user password, so it avoids leakage and hijacking. And it provides same legal force as conventional authentication certificate. The proposed electronic ID consists of 4 modules, i.e. HSM device, verification server, CA server, and RA client. Prototypes of all modules are designed and verified to have correct operation.

• Journal of Internet Computing and Services
• /
• v.10 no.2
• /
• pp.53-63
• /
• 2009

e-Passport system is new type of emigration and immigration control system and it is a research to introduce the e-Passport Authentication Protocol with Improved Efficiency is lively proceeded over the entire world. The e-Passport's chip has a biometric information and personal identification information, Radio Frequency Identification(RFID) technology is used for communication with the Inspection System(IS). However, the feature of the RFID system may bring about various security threats such as eavesdropping, data forgeries, data alternation, cloning, biometric data-leakage. Therefore, in this paper, we analyse the e-Passport system's authentication protocol to protect vulnerability and proposed e-Passport system's authentication protocol reduce computation. Also, we compared their efficiency.

• Convergence Security Journal
• /
• v.18 no.3
• /
• pp.27-35
• /
• 2018

The certificate is electronic information issued by an accredited certification body to certify an individual or to prevent forgery and alteration between communications. Certified certificates are stored in PCs and smart phones in the form of encrypted files and are used to prove individuals when using Internet banking and smart banking services. Among the rapidly growing Android-based malicious applications are malicious apps that leak personal information, especially certificates that exist in the form of files. This paper proposes a method for judging whether malicious codes leak certificates by using DroidBox, an Android-based dynamic analysis tool.