• Proceedings of the Korea Information Processing Society Conference
• /
• 2019.10a
• /
• pp.1125-1128
• /
• 2019

사용자가 인터넷을 사용할 때 화면에 표시되는 텍스트나 그래픽 등을 웹 문서라고 하며 HTML5는 웹 문서를 제작하는 표준 언어의 일종이다. HTML5 중에서 web storage는 사용자가 인터넷을 통한 서비스를 받을 때 데이터를 저장하기 위한 기능으로 키와 값의 형태로 저장한다. web storage는 서버 측에서 사용되는 session storage와 클라이언트에서 사용되는 local storage가 있다. local storage 사용 시 데이터를 클라이언트에 평문 형태로 저장하며 만료 기간 없이 영구적인 특징을 갖고 있다. 이러한 특징은 공격자로부터 XSS 등의 공격에서 저장된 데이터의 접근 및 수정 그리고 탈취할 수 있어 공격자의 의도에 따라 데이터 가공 및 재사용이 가능하다는 문제가 있다. 보안 취약점 문제를 해결하기 위한 최근 연구들은 local storage에 저장된 데이터들을 암호화하여 기밀성을 높였다. 그러나 데이터 암호화를 사용하려면 잦은 암호 입력이나 온라인에서만 사용할 수 있다는 또 다른 문제점을 가지고 있다. 기존 보안 취약점 문제와 기존 연구의 문제점을 동시에 해결하기 위해 운영체제 사용자 정보와 기기의 정보를 활용하여 암호화에 필요한 사용자 인증을 자동화하였으며 검증을 위해 코드를 구현하고 테스트 하였다.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.14 no.3
• /
• pp.737-744
• /
• 2010

The use of RFID recently tends to increase and is expected to expand all over the industry and life. However, RFID is much vulnerable to the malign threats such as eavesdropping, replay attack, spoofing attack, location tracking in the process of authentication. In particular, it is difficult to apply authentication protocol used in the other previous system to low-priced RFID tag. After all, this paper suggests the scheme of efficient authentication protocol for RFID privacy protection. Compared to the previous scheme, suggested scheme reinforces the checking process of transmission data and is secure from eavesdropping and spoofing attack. It minimizes the operation work of the tag and is very useful to apply to the low-priced tag. It also has the merit to confirm the efficiency of communication by reducing the communication rounds.

• The Journal of Society for e-Business Studies
• /
• v.18 no.3
• /
• pp.107-123
• /
• 2013

In a wireless sensor network environment, it is required to ensure anonymity by keeping sensor nodes' identifiers not being revealed and to support real-time authentication, lightweight authentication and synchronization. In particular, there exist possibilities of location information leakage by others, privacy interference and security vulnerability when it comes to wireless telecommunications. Anonymity has been an importance issue in wired and wireless network environment, so that it has been studied in wide range. The sensor nodes are interconnected among them based on wireless network. In terms of the sensor node, the researchers have been emphasizing on its calculating performance limit, storage device limit, and smaller power source. To improve of biometric-based D. He scheme, this study proposes a real-time authentication protocol using Unique Random Sequence Code(URSC) and variable identifier for enhancing network performance and retaining anonymity provision.

• Journal of Digital Convergence
• /
• v.10 no.3
• /
• pp.23-37
• /
• 2012

Illegal game players' hacking and propagation of malignant code in online game exposes privacy of online game customers. So, online game companies have to support the standardized systems and operations of customers' privacies. Since online game companies implement authentication of information protection, which focuses on assets or physical, systemic security, they need a more professional system that is related to protection of individual privacy. We analyzed the individual information protection system, which includes ISO27001, ISMS of KISA, GMITS, ePrivacy, online game privacy protection guide, and BS10012. Using the suggested systems, we proposed the systemic tools that measure the level of individual information protection, which includes process and check items of each phase.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.37C no.10
• /
• pp.949-964
• /
• 2012

Our PC have been under constant threat of malicious codes and viruses today. As many new ways of cyber attacks are being developed, such as zero-day-attack, nobody's PC is guaranteed to be safe from the attacks. In case where a user uses the existing verification protocol on a unsecured PC, the user's verification information may well be threatened by sniffing or man-in-the-middle attack. Especially, deadly attacks like memory hacking would give hard time for users to even recognize any symptom of virus infection. Therefore, this paper designs secured QR-Login user verification protocol for smart devices that are ready to communicate with QR-Code and proposes a way to keep critical data safe when using the internet. This way, user would be able to safeguard his/her critical data even when under attack by unknown attacks and safely carry out extremely sensitive task, like financial trading, on the device.

• Proceedings of the Korean Information Science Society Conference
• /
• 1998.10a
• /
• pp.311-313
• /
• 1998

이동에이전트는 독립된 객체로서 자율성을 가지고 컴퓨터를 이동하며 부연된 임무를 수행하는 프로그램이다. 이동에이전트는 코드와 데이터로 구성된 프로그램이므로 쉽게 복제될 수 있다. 이렇게 복제된 이동에이전트를 이동에이전트 클론이라 한다. 복제된 클론은 원본과 구별이 불가능하다. 이것은 에이전트의 인증을 불가능하게 만들고 예상되지 않은 에이전트의 중복 수행을 야기하며 에이전트의 내부정보 유출 공격을 위한 수단으로 사용된다. 본 논문에서는 이동에이전트 클론에 의한 이러한 문제점을 고찰하고 온라인 상에서 클론의 존재를 탐지하고 실행을 방지하며 클론을 생성한 서버를 확인하는 프로토콜을 설계한다.

• Proceedings of the Korean Information Science Society Conference
• /
• 2004.04a
• /
• pp.364-366
• /
• 2004

보안은 유ㆍ무선 환경에서 가장 이슈가 되는 분야이다. 현재 이동 애드혹 망은 보안에 대한 고려 없이 진행이 되어있다. 고정된 기반구조를 가지고 있지 않기 때문에 보안은 이동 애드 혹 망에서 가장 취약한 점이며 많은 논문에서 ADOV 혹은 DSR 같은 프로토콜의 위협적인 요소들에 대해 문제점을 제시 하여왔다. 본 논문에서는 가장 가볍고 처리 속도가 빠른 메시지 인증 코드를 사용함으로써 AODV 라우팅(routing) 프로토골(protocol)에 보안기능을 제안하였다.

• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 1994.11a
• /
• pp.99-107
• /
• 1994

For the secure control of the communication satellite, security mechanisms should be employed on the ground station as well as on the spacecraft. In this paper, we present a security architecture fur the spacecraft command security of the communication satellite. An authentication mechanism is also proposed using message authentication code (MAC) based on the Data Encryption Standard (DES) cryptosystem.

• Journal of Korea Multimedia Society
• /
• v.7 no.9
• /
• pp.1282-1293
• /
• 2004

This paper proposes an asymmetric watermarking system using Public Key Infrastructure. The distinguishing characteristic of the proposed method connects between the two different techniques, cryptography technique and watermarking technique, by using the authentication technique. The connection between the two techniques are established based on the special qualities of each technique. Watermarks that are inserted into the digital contents consist of a digital signature described as an encrypted copyright information with the private key of a distributor or a copyright holder, and an authentication code. In the situation where the ownership of the digital contents has to be decided, authentication technique examines the data integrity of the digital contents based on an authentication and decides the ownership of the digital contents by examining whether it satisfies or not satisfies the integrity test. The formal case uses decryption method which compares the user defined copyright information, and the decrypted copyright information extracted from the watermark in the digital contents that are decrypted by distributors' public key The latter case determines the ownership by comparing the similarity between encrypted copyright information separated from the watermark that are extracted from the digital contents, and the user defined encrypted copyright information that are separated from the watermark The proposed method provides protection from the assault which attempts to identify or erase the encoding key.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.39B no.4
• /
• pp.207-215
• /
• 2014

Password based authentication systems are most widely used for user convenience in web services. However such authentication systems are known to be vulnerable to various attacks such as password guessing attack, dictionary attack and key logging attack. Besides, many of the web systems just provide user authentication in a one-way fashion such that web clients cannot verify the authenticity of the web server to which they set access and give passwords. Therefore, it is too difficult to protect against DNS spoofing, phishing and pharming attacks. To cope with the security threats, web system adopts several enhanced schemes utilizing one time password (OTP) or long and strong passwords including special characters. However there are still practical issues. Users are required to buy OTP devices and strong passwords are less convenient to use. Above all, one-way authentication schemes generate several vulnerabilities. To solve the problems, we propose a multi-channel, multi-factor authentication scheme by utilizing QR-Code. The proposed scheme supports both user and server authentications mutually, thereby protecting against attacks such as phishing and pharming attacks. Also, the proposed scheme makes use of a portable smart device as a OTP generator so that the system is convenient and secure against traditional password attacks.