• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.5
• /
• pp.941-950
• /
• 2021

Single Sign-On (SSO) service manages user's account passwords from multiple websites so that security in a high level is required. Users who use the SSO service are authenticated through the Identity Provider (IdP) when logging into the website. We present the security requirements that IdP can take in order to minimize the user's risk whose IdP account is compromised. We describe the security threats that arise when the security requirements are not satisfied. Through evaluation, we prove that the attacker's session cannot be canceled even if the user recognizes the attack if the IdP does not satisfy the security requirements.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.6
• /
• pp.1553-1561
• /
• 2018

The source code for Android is open and easy to modify depending on the purpose. Recently, this charateristic has been exploited to bypass the runtime protection technique and extract the original executable code. Unfortunately, Android devices are so fragmented that it is difficult to verify the integrity of the system. To solve this problem, this paper proposes a technique to verify the integrity of the execution environment indirectly using the features of the application permission. Before executing the original executable code, it loads and executes the dummy DEX file to monitor for abnormal events and determine whether the system is intact. The proposed technique shows a performance overhead of about 2 seconds and shows that it can detect the bypassing technique that is currently disclosed.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2014.05a
• /
• pp.207-210
• /
• 2014

Damage is increasing by (Smishing) hacking attack Smishing you use a smart phone after entering 2013. Takeover of personal information and direct financial damage in collaboration with graphics sewing machine hacking attack has occurred. Monetary damage that leads to Internet payment service (ISP) and secure payment system in conjunction with graphics sewing machine hacking attack on a smartphone has occurred. In this paper, I will study analysis in the laboratory examples of actual infringement vinegar sewing machine hacking attack. It is a major power security measures to prevent damage to the secure payment system that a case analysis and practical principle technical nest sewing machine hacking attack, using Smishing. In this paper, I will be to research to be able to through a smart phone, to the online payment safer and more convenient.

• Convergence Security Journal
• /
• v.17 no.5
• /
• pp.71-76
• /
• 2017

Today, it is an information society where a large number of users access and view important data in a large number of information assets as needed. In this complexity, techniques related Identify Management are being applied, in order to verify authorized user access to important information assets and manage of history. But, the ability access to sensitive information using account has the disadvantage of being able to open the way for information to the attacker when it is hijacked. Thus, in this paper, we propose a secure Identify Management System that can control the use of accounts based on the attitude of the account holder, but also enhances the security and does not hinder the convenience.

• Convergence Security Journal
• /
• v.18 no.3
• /
• pp.27-35
• /
• 2018

The certificate is electronic information issued by an accredited certification body to certify an individual or to prevent forgery and alteration between communications. Certified certificates are stored in PCs and smart phones in the form of encrypted files and are used to prove individuals when using Internet banking and smart banking services. Among the rapidly growing Android-based malicious applications are malicious apps that leak personal information, especially certificates that exist in the form of files. This paper proposes a method for judging whether malicious codes leak certificates by using DroidBox, an Android-based dynamic analysis tool.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2019.05a
• /
• pp.63-66
• /
• 2019

Recently, as the technology of drones develops, a malicious attack using a drones becomes a problem, and an anti-drone technology for detecting an attack dron for a malicious attack is required. However, currently used drone detection systems are expensive and require a lot of manpower. Therefore, in this paper, we propose an anti - drone method using the analysis and algorithms of the anti - drone that can monitor the attack drones. In this paper, we identify and detect attack drones using sniffing, and propose capture and deception algorithm through spoofing using current GPS based detection system.

• Journal of Platform Technology
• /
• v.10 no.4
• /
• pp.82-90
• /
• 2022

emerging. And it shows numerous possibilities and tremendous potentials in the virtual world. This metaverse is not limited to one type, but it is evolving and developing into a service in the form of a virtual convergence economy by breaking down boundaries. As a result, various security issues in metaverse are emerging. Metaverse performs all activities in the virtual space, so various problems such as privacy infringement, virtual asset theft, or fraud can occur. In this paper, a service security model is proposed to provide safe services on metaverse. To this end, we analyze security threats in the metaverse framework and propose a security service model to prevent threats. By evaluating the security of the proposed model, it was shown that safe services are effectively possible on the metaverse.

• Convergence Security Journal
• /
• v.22 no.3
• /
• pp.79-86
• /
• 2022

Voice phishing is a cyber crime in which fake financial institutions, the Public Prosecutor's Office, and the National Police Agency are impersonated to find out an individual's Certification number and credit card number or withdraw a deposit. Recently, voice phishing has been carried out in a subtle and secret way. Analyzing the trend of voice phishing that occurred in '18~'21, it was found that there is a seasonality that occurs rapidly at a time when the movement of money is intensifying in the trend of voice phishing, giving ambiguity to time series analysis. In this research, we adjusted seasonality using the X-12 seasonality adjustment methodology for accurate prediction of voice phishing occurrence trends, and predicted the occurrence of voice phishing in 2022 using the ARIMA model.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2023.05a
• /
• pp.176-177
• /
• 2023

최근 USB 저장장치의 데이터 노출 및 탈취 문제를 해결하기 위하여, 보안 USB 저장장치가 등장하였으나, 데이터를 보호하기 위한 다양한 보안기술을 적용함에도 불구하고, 사용자 인증 우회나 비밀번호 노출과 같은 취약점으로 인하여, 보안 USB에 저장된 중요한 자료나 민감한 정보가 노출되는 문제점이 지속해서 발견되는 실정이다. 이에 따라, 보안 USB의 취약점 연구도 지속적으로 연구되고 있지만, 보안 USB 취약점을 분석하는 것은 수동적이고, 많은 노력과 시간이 소요되므로, 취약점을 자동으로 진단하고 분석하는 도구가 요구된다. 따라서, 본 논문에서는 자동화된 취약점진단 및 분석 도구를 제작하기 위하여, F 제품을 대상으로, 해당 제품에서 제공하는 비밀번호인증에서 발생하는 취약점을 분석하고 실증하며, 그 결과를 기반으로 최종적으로는 보안 USB 취약점 익스플로잇 도구 프로토타입을 개발한다.

• Proceedings of the Korean Society of Computer Information Conference
• /
• 2023.07a
• /
• pp.213-214
• /
• 2023

스마트폰은 앱을 통하여 사람들에게 다양하고 유용한 기능을 제공하며, 새로운 앱들이 계속해서 개발되어 출시되고 있다. 그러나 이러한 긍정적인 측면에서 불구하고, 사람들의 편리한 사용에 대한 욕구를 이용하여, 신종 앱 사기와 같은 범죄가 발생하고 있으며, 이를 악용하여 금전적으로 피해를 주거나 개인정보를 탈취하는 범죄로가 증가되는 추세이다. 이와 같은 앱으로 인한 범죄를 대응하기 위하여, 신종 앱 사기 범죄를 분석하고 해결하는 방안이 요구되는 실정이다. 따라서 본 논문에서는 신종 앱 사기 범죄에 악용되는 가짜 앱을 탐지하고, 공식 기관에서 제공하는 정보를 기반으로 가짜 앱과 공식 앱에 대한 대량의 정보를 공유하는 프레임워크를 개발한다. 개발한 프레임워크를 통하여, 정보를 공유한 사람들에게 가짜 앱에 대한 정보를 알려주고, 공식 기관의 앱을 확인하는 안전한 모바일 환경을 제공할 것으로 사료된다.