• Journal of the Korea Society of Computer and Information
• /
• v.12 no.2 s.46
• /
• pp.171-180
• /
• 2007

The financial crime that used morale anger Phishing, Pharming, Vishing, SMiSing etc. will gain during recent cyber crimes. We are study systematically whether or not leakage of information and infringement can how easily occur to Phishing, Vishing, SMiSing using a social engineering technique and VoIP at these papers through experiment. A hacker makes Phishing, Vishing site, and test an information infringement process of a user through PiSing mail and a virus, a nasty code, Vishing, a SMiSing character, disarmament of Keylogger prevention S/W etc. as establish server. Information by Phishing, Vishing, SMiSing is infringed with leakage in the experiment results, and confirm, and test certified certificate and White List and a certified authentication mark, plug-in program installation etc. to prevention, and security becomes, and demonstrate. Technical experiment and prevention regarding Phishing of this paper and Vishing attack reduce the damage of information infringement, and be education for Ubiquitous information security will contribute in technical development.

• Journal of the Korea Society of Computer and Information
• /
• v.13 no.1
• /
• pp.253-260
• /
• 2008

This paper is based on the ubiquitous network of telematics technology, equipped with a black box to the car by a unique address given to IPv6. The driver's black box at startup and operation of certification, and the car's driving record handling video signals in real-time sensor signals handling to analyze the records. Through the recorded data is encrypted transmission, and the Ubiquitous network of base stations, roadside sensors through seamless mobility and location tracking data to be generated. This is a file of Transportation Traffic Operations Center as a unique address IPv6 records stored in the database. The car is equipped with a black box used on the road go to Criminal cases, the code automotive black boxes recovered from the addresses and IPv6, traffic records stored in a database to compare the data integrity verification and authentication via secure. This material liability in the courtroom and the judge Forensic data are evidence of the recognition as a highly secure. convenient and knowledge in the information society will contribute to human life.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.8 no.6
• /
• pp.1505-1512
• /
• 2007

The RFID Technology (which is importantly used at the Ubiquitous environment) is attached to all of the units like the ID cards and then information on the units and units' environment is transferred and processed through the radio frequency. so it is the no touched recognition system. RFID Technology's research of the middle ware and wireless interface etc. is currently conducted and variously broaden like the industry of the distribution and logistics. This paper suggests that the gate control system which is based on RFID middle ware is realized to prevent the district and facility for security. The indication of this paper is that algorithm (which is to certificate Users' enterance through RFID EPC code) is proposed and realizes the user certification module, the control module of the gates' opening and closing, the maintenance module of the gate, the display module of coming and going information, test program ect. through RFID technology.

• The KIPS Transactions:PartC
• /
• v.10C no.4
• /
• pp.413-422
• /
• 2003

An active network is a new generation network based on a software-intensive network architecture in which applications are able to inject new strategies or code into the infrastructure for their immediate needs. Therefore, the secure active node architecture is needed to give the capability defending an active node against threats that may be more dynamic and powerful than those in traditional networks. In this paper, a security enforcement engine is proposed to secure active networks. We implemented an operating engine with security, authentication and a authorization modules. Using this engine, it is possible that active networks are protected from threats of the malicious active node.

• Journal of Platform Technology
• /
• v.9 no.1
• /
• pp.46-57
• /
• 2021

Recently, research has been actively conducted to utilize blockchain technology in various fields. In particular, blockchain-based smart contracts are applied to various automation systems that require reliability as they have the characteristics of recording data in a distributed ledger environment to verify the integrity and validity of data. However, blockchain does not provide data access control and information security because data is shared among network participants. In this paper, we propose a user dynamic access control mechanism utilizing smart contracts in blockchain environments. The proposed mechanism identifies the user's contextual information when accessing data, allocating the user's role and dynamically controlling the data access range. This can increase the security of the system and the efficiency of data management by granting data access dynamically at the time of user authentication, rather than providing the same services in roles assigned to each user group of the network system. The proposed mechanism is expected to provide flexible authentication capabilities through dynamic data access control by users to enhance the security of data stored within blockchain networks.

• Journal of the Korea Society of Computer and Information
• /
• v.26 no.12
• /
• pp.77-84
• /
• 2021

In this paper, we propose a system that uses image data and beacon data to classify authorized and unauthorized perosn who are allowed to enter a group facility. The image data collected through the IP camera uses YOLOv4 to extract a person object, and collects beacon signal data (UUID, RSSI) through an application to compose a fingerprinting-based radio map. Beacon extracts user location data after CNN-LSTM-based learning in order to improve location accuracy by supplementing signal instability. As a result of this paper, it showed an accuracy of 93.47%. In the future, it can be expected to fusion with the access authentication process such as QR code that has been used due to the COVID-19, track people who haven't through the authentication process.

• Journal of Internet Computing and Services
• /
• v.16 no.1
• /
• pp.47-55
• /
• 2015

Recently, the environment of a hospital information system is a trend to combine various SMART technologies. Accordingly, various smart devices, such as a smart phone, Tablet PC is utilized in the medical information system. Also, these environments consist of various applications executing on heterogeneous sensors, devices, systems and networks. In these hospital information system environment, applying a security service by traditional access control method cause a problems. Most of the existing security system uses the access control list structure. It is only permitted access defined by an access control matrix such as client name, service object method name. The major problem with the static approach cannot quickly adapt to changed situations. Hence, we needs to new security mechanisms which provides more flexible and can be easily adapted to various environments with very different security requirements. In addition, for addressing the changing of service medical treatment of the patient, the researching is needed. In this paper, we suggest a dynamic approach to medical information systems in smart mobile environments. We focus on how to access medical information systems according to dynamic access control methods based on the existence of the hospital's information system environments. The physical environments consist of a mobile x-ray imaging devices, dedicated mobile/general smart devices, PACS, EMR server and authorization server. The software environment was developed based on the .Net Framework for synchronization and monitoring services based on mobile X-ray imaging equipment Windows7 OS. And dedicated a smart device application, we implemented a dynamic access services through JSP and Java SDK is based on the Android OS. PACS and mobile X-ray image devices in hospital, medical information between the dedicated smart devices are based on the DICOM medical image standard information. In addition, EMR information is based on H7. In order to providing dynamic access control service, we classify the context of the patients according to conditions of bio-information such as oxygen saturation, heart rate, BP and body temperature etc. It shows event trace diagrams which divided into two parts like general situation, emergency situation. And, we designed the dynamic approach of the medical care information by authentication method. The authentication Information are contained ID/PWD, the roles, position and working hours, emergency certification codes for emergency patients. General situations of dynamic access control method may have access to medical information by the value of the authentication information. In the case of an emergency, was to have access to medical information by an emergency code, without the authentication information. And, we constructed the medical information integration database scheme that is consist medical information, patient, medical staff and medical image information according to medical information standards.y Finally, we show the usefulness of the dynamic access application service based on the smart devices for execution results of the proposed system according to patient contexts such as general and emergency situation. Especially, the proposed systems are providing effective medical information services with smart devices in emergency situation by dynamic access control methods. As results, we expect the proposed systems to be useful for u-hospital information systems and services.

• The Journal of the Korea Contents Association
• /
• v.15 no.10
• /
• pp.607-615
• /
• 2015

Mosts user of internet and smart phone has certificate, and uses it when money transfer, stock trading, on-line shopping, etc. Mosts user stores certificate in a hard disk drive of PC, or the external storage medium. In particular, the certification agencies are encouraged for user to store certificate in external storage media such as USB memory rather than a hard disk drive. User think that the external storage medium is safe, but when it is connect to a PC, certificate may be copied easily, and can be exposed to hackers through malware or pharming site. Moreover, if a hacker knows the user's password, he can use user's certificate without restrictions. In this paper, we suggest secure management scheme of the private key file using a password of the encrypted private key file, and a USB Memory's hardware information. The private key file is protected safely even if the encrypted private key file is copied or exposed by a hacker. Also, if the password of the private key file is exposed, USB Memory's container ID, additional authentication factor keeps the private key file safe. Therefore, suggested scheme can improve the security of the external storage media for certificate.

• Journal of the Institute of Electronics Engineers of Korea SP
• /
• v.40 no.5
• /
• pp.378-387
• /
• 2003

Digital watermarking is the technique that embeds invisible signalsincluding owner identification information, specific code, or pattern into multimedia data such as image, video and audio. Watermarking techniques can be classified into two groups; robust watermarking and fragile(semi-fragile) watermarking. The main purpose of the robust watermarking is the protection of copyright, whereas fragile(semi-fragile) watermarking prevents image or video data from illegal modifications. To achieve this goal watermark should survive from unintentional modifications such as random noise or compression, but it should be fragile for malicious manipulations. In this paper, an invertible semi-fragile watermarkingalgorithm for authentication and detection of manipulated location in MPEG-2 bit-stream is proposed. The proposed algorithm embeds two kinds of watermarks, which are embedded into quantized DCT coefficients. So it can be applied directly to the compressed bit-stream. The first watermark is used for authentication of video data. The second one is used for detection of malicious manipulations. It can distinguish transcodingin bit-stream domain from malicious manipulation and detect the block-wise locations of manipulations in video data. Also, since the proposed algorithm has an invertible property, recovering original video data is possible if the watermarked video is authentic.

• Proceedings of the KIEE Conference
• /
• 2011.07a
• /
• pp.1997-1998
• /
• 2011

범용적으로 쓰여지고 있는 id카드를 이용한 출입방식의 경우 카드 분실, 미소지시 또는 손상시 불편함을 초래하며 실질적인 보안의 효과를 기대하기에는 부족한 부분이 많은 실정이다. 또한 전국에 사업장을 가지고 있는 기업의 경우는 보안업체별 소스코드를 공개하지 않음에 따라 id카드를 통일하기 위하여 최초 설치 업체에 종속되는 문제점도 가지고 있다. 그리고 지문인식, 홍체인식 및 정맥인식 등은 출입통제시스템 자체의 단점과 더불어 이용자들의 불편함 그리고 정보수집에 따른 불쾌감을 발생하는 문제점을 가지고 있다. 이러한 단점을 극복할수 있는 얼굴인식 시스템의 경우 다양한 상황에서의 얼굴 검출 및 정보 처리등에 대한 문제점이 있어 정지화상이나 신분증에 화상데이타를 입력하여 비교하는 방법등에 대한 실용화가 많이 되어지고 있는 실정이나 이 역시 id카드가 없으면 출입이 허가되지 않는다는 문제점이 있다. 이러한 문제점을 극복하고 자연스러운 상태에서 인증 및 출입이 허가된다면 가장 이상적이고 경제적인 출입통제시스템 구축이 가능하므로 본 논문에서는 위 문제점에 대한 대안을 제시하고 증명을 통하여 현장에서 충분이 적용될 수 있음을 입증하고자 한다.