• Convergence Security Journal
• /
• v.23 no.1
• /
• pp.19-25
• /
• 2023

The current network environment provides a real-time interactive service from an initial one-way information prov ision service. Depending on the form of web-based information sharing, it is possible to provide various knowledge a nd services between users. However, in this web-based real-time information sharing environment, cases of damage by illegal attackers who exploit network vulnerabilities are increasing rapidly. In particular, for attackers who attempt a phishing attack, a link to the corresponding web page is induced after actively generating a forged web page to a user who needs a specific web page service. In this paper, we analyze whether users directly and actively forge a sp ecific site rather than a passive server-based detection method. For this purpose, it is possible to prevent leakage of important personal information of general users by detecting a disguised webpage of an attacker who induces illegal webpage access using traceback information

• Journal of Convergence for Information Technology
• /
• v.12 no.3
• /
• pp.38-45
• /
• 2022

Due to the development of fintech technology, financial transactions using smart phones are being activated. The password for user authentication during financial transactions is entered through the virtual keypad displayed on the screen of the smart phone. When the password is entered, the attacker can find out the password by capturing it with a high-resolution camera or spying over the shoulder. A virtual keypad with security applied to prevent such an attack is difficult to input on a small touch-screen, and there is still a vulnerability in peeping attacks. In this paper, the entire keypad is divided into several groups and displayed on a small screen, touching the group to which the character to be input belongs, and then touching the corresponding character within the group. The proposed method selects the group to which the character to be input belongs, and displays the keypad in the group on a small screen with no more than 10 keypads, so that the size of the keypad can be enlarged more than twice compared to the existing method, and the location is randomly placed, hence location of the touch attacks can be blocked.

• Convergence Security Journal
• /
• v.22 no.3
• /
• pp.33-39
• /
• 2022

Recently, cyberattacks on infrastructure have been continuously occurring with the starting of neutralizing the user authentication function of information systems. Accordingly, the vulnerabilities of system are increasing day by day, such as the increase in the vulnerabilities of the encryption system. In this paper, an alternative technique for the symmetric key algorithm has been developed in order to build the encryption algorithm that is not easy for beginners to understand and apply. Vigenere Cipher is a method of encrypting alphabetic text and it uses a simple form of polyalphabetic substitution. The encryption application system proposed in this study uses the simple form of polyalphabetic substitution method to present an application model that integrates the three steps of encryption table creation, encryption and decryption as a framework. The encryption of the original text is done using the Vigenère square or Vigenère table. When applying to the automatic generation of secret keys on the information system this model is expected that integrated authentication work, and analysis will be possible on target system. ubstitution alphabets[3].

• Convergence Security Journal
• /
• v.22 no.2
• /
• pp.51-57
• /
• 2022

Recently, the concept of zero trust has been introduced, and it is necessary to strengthen the security elements required for the next-generation security control system. Also, the security paradigm in the era of the 4th industrial revolution is changing. Cloud computing and the cybersecurity problems caused by the dramatic changes in the work environment due to the corona 19 virus continue to occur. And at the same time, new cyber attack techniques are becoming more intelligent and advanced, so a future security control system is needed to strengthen security. Based on the core concept of doubting and trusting everything, Zero Trust Security increases security by monitoring all communications and allowing strict authentication and minimal access rights for access requesters. In this paper, we propose a security enhancement plan in the security control field through a zero trust security model that can understand the problems of the existing security control system and solve them.

• Convergence Security Journal
• /
• v.22 no.2
• /
• pp.3-8
• /
• 2022

Security threats occur from the outside, but more often from the inside. In particular, since the internal user knows about the information service, the security threat damage caused by the internal user is greater. In this environment, the actions of all users accessing information services should be monitored and recorded in real-time. However, the current operating system records only the logs of system and application execution, so there is a limit to monitoring user behavior in real-time. In such a security environment, damage may occur due to user's unauthorized actions. To solve this problem, this study proposes an architecture that monitors user behavior in real-time in a Linux environment. As a result of verifying the function to confirm the effectiveness of the proposed architecture, the console input values and output angles of all users who have access to the operating system are monitored in real-time and stored. Although the performance of the proposed architecture is somewhat slower than the identification and authentication functions provided by the operating system, it was confirmed that the performance was not at a level that users would recognize, and thus it was judged to be sufficiently effective. However, since this study focuses on monitoring the console behavior, it is impossible to monitor the behavior of user applications running in the background, so additional research is needed.

• Convergence Security Journal
• /
• v.23 no.5
• /
• pp.29-34
• /
• 2023

KMS (Knowledge Management System) is used by various organizations to share information. This KMS includes important information as well as basic information used by each organization. To protect infortant information stored in KMS, many KMS use user identification and authentication features. In such a KMS security environment, if the account information of a user who can access the KMS is leaked, a malicious attacker using the account information can access the KMS and access all authorized important information. In this study, we propose KMS with user access control function that can protect important information even if user account information is leaked. The KMS with the user access control function proposed in this study protects the stored files in the KMS by applying an encryption algorithm. Users can access important documents by using tokens after logging in. A malicious attacker without a Token cannot access important files. As a result of checking the unit function for the target user access control function for effectiveness verification, it was confirmed that the access control function to be provided by KMS is normally provided.

• Convergence Security Journal
• /
• v.23 no.5
• /
• pp.143-150
• /
• 2023

Applications on physically unclonable circuits (PUFs) for implementing and utilizing security protocols with hardware is on the rise. PUFs have the capability to perform functions such as authentication, prevention of replication, and secure storage of critical information in integrated circuits and security systems. Through the implementation of physically unclonable circuits, a wide range of security features, including confidentiality, integrity, and availability, can be applied. Therefore, PUFs are promising candidate to build secure integrated circuits and hardware systems. However, in order that PUFs possess security features, PUFs should possess characteristics such as unpredictability, uniqueness, and robustness characteristics. This study provides a detailed explanation and introduction of the methods to characterize the PUF properties. By applying the results, it becomes possible to quantitatively evaluate the characteristics of implemented PUFs and assess their availabilities for security system applications.

• Convergence Security Journal
• /
• v.23 no.5
• /
• pp.125-133
• /
• 2023

This paper proposes an AI model that determines parking and non-parking zones based on return authentication photos to address parking issues that may arise in shared electric scooter systems. In this study, we used a pre-trained Segformer_b0 model on ADE20K and fine-tuned it on tactile blocks and electric scooters to extract segmentation maps of objects related to parking and non-parking areas. We also presented a method to perform binary classification of parking and non-parking zones using the Swin model. Finally, after labeling a total of 1,689 images and fine-tuning the SegFomer model, it achieved an mAP of 81.26%, recognizing electric scooters and tactile blocks. The classification model, trained on a total of 2,817 images, achieved an accuracy of 92.11% and an F1-Score of 91.50% for classifying parking and non-parking areas.

• Journal of Advanced Technology Convergence
• /
• v.3 no.2
• /
• pp.9-15
• /
• 2024

Due to the high inflation rate of dining out, along with changes in group meals or cafeteria services, office workers are increasingly using workplace cafeterias to reduce their meal expenses even slightly. With the recent development of ICT technology, various fields are realizing that not only are smartphones becoming more popular, but they are also becoming an integration of the latest technologies. In this paper, we analyze the current status of cafeterias with a large number of customers and propose ways to improve problems or difficulties. Since most people always carry their smartphones for urgent communication or work tasks, we aim to develop a cafeteria management system that utilizes the NFC function of smartphones. By presenting the process from customer entry to menu selection, it will enable more efficient use of the cafeteria.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.2 no.1
• /
• pp.52-61
• /
• 2007

The u-City is next generation IT-City which is to enhance the quality of life and convenience of life base on merger up-to-date communication infrastructure with u-IT services. To realize u-City, intelligent building is built for citizens to make a space of comfortable life. The intelligent building is possible to be constructed by communication infrastructure for various U-services. This paper mentions the ranges of communication infrastructure and shows how to construct it each range through regulation, law and technical. Lastly, the topics are suggested to build successfully u-City constructions in Korea.