• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.20 no.4
• /
• pp.786-792
• /
• 2016

Camellia was jointly developed by Nippon Telegraph and Telephone Corporation and Mitsubishi Electric Corporation in 2000. Camellia specifies the 128-bit message block size and 128-, 192-, and 256-bit key sizes. In this paper, a modified round operation block which unifies a register setting for key schedule and a conventional round operation block is proposed. 16 ROMs needed for key generation and round operation are implemented using only 4 dual-port ROMs. Due to the use of a message buffer, encryption/decryption can be executed without a waiting time immediately after KA and KB are calculated. The suggested block cipher Camellia algorithm is designed using Verilog-HDL, implemented on Virtex4 device and operates at 184.898MHz. The designed cryptographic core has a maximum throughput of 1.183Gbps in 128-bit key mode and that of 876.5Mbps in 192 and 256-bit key modes. The cryptographic core of this paper is applicable to security module of the areas such as smart card, internet banking, e-commerce and satellite broadcasting.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2007.06a
• /
• pp.837-840
• /
• 2007

Recently, Not only PC environment but also movile environment using XML for translating data. But the mobile delevopment is more limited but need highler security than PC environment Because there is some important service such as mobile banking. In this paper, We development the system to encrypt and decrypt the XML data in order to protect data, And the system is observing the recommendation of the XML Encryption Syntax and Processing by W3C. When encrypting the data, We use the entryption algorithm DES, Triple-DES, AES, SEED and RSA. and consideration of the mobile environment Last, We test the system at WIPI environment.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.2
• /
• pp.271-278
• /
• 2015

We use various types of cryptographic algorithms for the protection of personal and sensitive informations in the application environments, such as an internet banking and an electronic commerce. However, recent researches were introduced that if we implement modes of operation, padding method and other cryptographic implementations in a wrong way, then the critical information can be leaked even though the underlying cryptographic algorithms are secure. Among these attacking techniques, the padding oracle attack is representative. In this paper, we analyze the possibility of padding oracle attacks of 12 kinds of padding techniques that can be applied to the CBC operation mode of a block cipher. As a result, we discovered that 3 kinds were safe padding techniques and 9 kinds were unsafe padding techniques. We propose 5 considerations when designing a safe padding techniques to have a resistance to the padding oracle attack through the analysis of three kinds of safe padding techniques.

• Convergence Security Journal
• /
• v.7 no.3
• /
• pp.101-107
• /
• 2007

In recent years, electronic financial services, such as internet banking, come into wide use since the personal computer and network technology have made reasonably good progress. The growth of electronic financial service contributes to promoting the business efficiency of financial institution and promoting the convenience of financial customer, while the security on electronic financial service is getting more important because it is not face-to-face financial service. Therefore, the financial sector had decided to introduce the OTP (One Time Password) in order to authenticate the identification of customer and has built the Integrated OTP Authentication Center for a customer being able to use only one OTP token in electronic financial transaction with several financial institution. In this paper, we introduce the business of Integrated OTP Authentication Center and present the security analysis on integrated OPT authentication service, which is the main function of Integrated OTP Authentication Center.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.17 no.3
• /
• pp.525-532
• /
• 2013

Recently. smartphones have been popularized rapidly and now located deep in our daily life, providing a variety of services from banking, SNS (Social Network Service), and entertainment to smart-work mobile office through apps. Such smartphone apps can be easily downloaded from what is known as app store which, however, bears many security issues as software developers can just as easily upload to it. Military apps will be exposed to a myriad of security threats if distributed through internet-basis commercial app store. In order to mitigate such security concerns, this paper suggests a security guidelines for establishing a military-excusive app store and security verification system which prevent the security hazards that can occur during the process of development and distribution of military-use mobile apps.

• Convergence Security Journal
• /
• v.16 no.4
• /
• pp.25-34
• /
• 2016

This paper shall suggest the improvement model for invigorating cyber threat information sharing from the national level, which includes, inter alia, a comprehensive solutions such as the legislation of a guideline for information sharing, the establishment of so-called National Center for Information Sharing, the construction and management of a integrated information system, the development of techniques for automatizing all the processes for gathering, analyzing and delivering cyber threat information, and the constitution of a private and public joint committee for sharing information, so much so that it intends to prevent cyber security threat to occur in advance or to refrain damage from being proliferated even after the occurrence of incidents.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.5 no.4
• /
• pp.231-247
• /
• 2009

With the growth of e-commerce banks make the best use of internet banking which can provide all sorts of financial services in cyber space and satisfy customers beyond traditional banking services which are cash reserve and loan based on retail. For survival of internet banking high quality of service should be provided to customers. For this, the attributes of service quality in internet banking should be identified first. The studies on scale of service quality in internet banking have been divided into two ways. While traditional way has focused on SERVQUAL, several researchers have developed scale of e-service quality. However, the dimension of e-service quality is applied from the traditional dimension of service quality. In this paper five dimensions of tangibles, reliability, responsiveness, assurance, and empathy based on SERVQUAL are used as scale of service quality in internet banking through reviewing previous studies. In addition, because service value is correlated to service quality, the dimensions of service quality can affect e-service value. The positive relationship among e-service value, customer satisfaction, and customer loyalty in online or offline service has been identified by previous studies. The purpose of this study is to identify the relationship among service quality, e-service value, customer satisfaction, and customer loyalty in internet banking. SPSS 12.0 is used to test validity and reliability of questionnaire items and correlation of variables and AMOS 4.0 is used to test the hypotheses. The results of this study show that the responsiveness, assurance, and empathy factors of service quality have a positive effect on service value and that the tangible and assurance factors have a positive effect on customer satisfaction. It also shows that e-service value affects positively customer satisfaction and loyalty. Customer satisfaction affects positively customer loyalty. Therefore, to enhance customer satisfaction and loyalty, service quality and value of internet banking should be improved through reinforcing customers' trust in internet service quality.

• Journal of Digital Convergence
• /
• v.12 no.5
• /
• pp.1-12
• /
• 2014

Recently, the need for non-stop service is increasing by the business mission-critical Internet banking, e-payment, e-commerce, home shopping, securities trading, and petition business increases, clustered in a single database of existing, redundant research on high-availability technologies related to technique, etc. is increasing. It provides an API based on the Active Log in addition to the technique of redundancy, ALTIBASE$^{TM}$ Log Analyzer (below, ALA), provides scalability and communication of the same model or between heterogeneous. In this paper, we evaluated the performance of ALA by presenting the design of the database system that you can use the ALA, to satisfy all the synchronization features high scalability and high availability, real-time.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2001.10a
• /
• pp.517-520
• /
• 2001

According to the rapid development of information and communication, various services are offered using information and communication infrastructure for example e-commerce, internet banking stork dealings, etc. This time, the most important problem is personal identification. But now secret number that is used to personal identification mostly can be misappropriated. To solve this problem, this paper proposes smart card identification system using 1 vs. 1 fingerprint matching. Information protection and security of smart card excel and use is convenient. And fingerprint becomes the focus of public attention in biometric field. Implemented system in this paper is based on PC. This system stores minutia that is fingerprint information into smart card and compare it with personal minutia. Therefore this system is sure to be on personal identification. If this system is applied to various services, safety degree of services will be enhanced.

• Journal of Digital Convergence
• /
• v.13 no.5
• /
• pp.219-226
• /
• 2015

OTP(One Time Password) is for user authentication of Internet banking and users should carry their security card or OTP generator to use OTP. If they lost their security card or OTP generator, there is at risk for OTP leak. This paper suggests a new User Authentication Framework using personal health information from diverse technology of u-Health. It will cover the problem of OTP loss and illegal reproduction A User Authentication Framework is worthy of use because it uses various combinations of user's physical condition which is inconstant. This protocol is also safe from leaking information due to encryption of reliable institutes. Users don't need to bring their OTP generator or card when they use bank, shopping mall, and game site where existing OTP is used.