• Journal of KIISE
• /
• v.41 no.9
• /
• pp.715-727
• /
• 2014

The number of subscribers in 4th generation mobile system has been increased rapidly. Along with that, preserving subscribers' privacy has become a hot issue. To prevent users' location from being revealed publicly is important more than ever. In this paper, we first show that the privacy-related problem exists in user authentication procedure in 4th generation mobile system, especially LTE. Then, we suggest an attack model which allows an adversary to trace a user, i.e. he has an ability to determine whether the user is in his observation area. Such collecting subscribers' location by an unauthorized third party may yield severe privacy problem. To keep users' privacy intact, we propose a modified authentication protocol in LTE. Our scheme has low computational overhead and strong secrecy so that both the security and efficiency are achieved. Finally, we prove that our scheme is secure by using the automatic verification tool ProVerif.

• Convergence Security Journal
• /
• v.15 no.2
• /
• pp.25-31
• /
• 2015

While information and communication develop, the Electronic commerce payment system is progressing. Recently, a government established the electronic commerce activation policy which simplified a payment Through this policy, the information which the financial company monopolizes can be fused with the other industry and create the popularization use of the electronic payment service and value added services. But on the other hand, the concern for the security is very high, Accordingly, the finnancial institute take a restriction of the requirements for the participation company according to the financial scale, this policy is led by the private institue, rather making a participation of fin tech venture difficulty. This paper tries to deal with the technical and legal problems for the activation of electronic payment system and fin tech. So I will examine the security matter that follows in grifting the innovation technology onto the existing payment service and propose a desirable way to improve the current legislation.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.12 no.4
• /
• pp.671-678
• /
• 2017

Recent advances in Internet of Things (IoT) encourage us to use IoT devices in daily living areas. However, as IoT devices are being ubiquitously used, concerns onsecurity and privacy of IoT devices are getting grown. Key management is an important and fundamental task to provide security services. For better security, we should restrict reusing a same key in sequential authentication sessions, but it is difficult to manually update and memorize keys. In this paper, we propose a hardware security module(HSM) for automated key management in IoT devices. Our HSM is attached to an IoT device and communicates with the device. It provides an automated, secure key update process without any user intervention. The secure keys provided by our HSM can be used in the user and device authentications for any internet services.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.2
• /
• pp.213-230
• /
• 2020

As smart TVs have recently emerged as the center of the IoT ecosystem, their importance is increasing. If a vulnerability occurs within a smart TV, there is a possibility that it will cause financial damage, not just in terms of privacy invasion and personal information leakage due to sniffing and theft. Therefore, in this paper, to enhance the completeness of smart TV vulnerability analysis, STRIDE threat classification are used to systematically identify threats. In addition, through the manufacture of the Attack Tree and the actual vulnerability analysis, the effectiveness of the checklist was verified and security requirements were derived for the safe smart TV use environment.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.27 no.8C
• /
• pp.748-757
• /
• 2002

Cyber-terror trials are increased in nowadays and these attacks are commonly using security vulnerability and information gathering method by variable services grew by the continuous development of Internet Technology. IDS's application environment is affected by this increasing Cyber Terror. General Network based IDS detects intrusion by signature based Intrusion Detection module about inflowing packet through network devices. Up to now security in network is commonly secure host, an regional issue adopted in special security system but these system is vulnerable intrusion about the attack in globally connected Internet systems. Security mechanism should be produced to expand the security in whole networks. In this paper, we analyzer the DARPA's program and study Infusion Detection related Technology. We design policy security framework for policy enforcing in whole network and look at the modules's function. Enforcement of security policy is acted by Intrusion Detection system on gateway system which is located in network packet's inflow point. Additional security policy is operated on-line. We can design and execute central security policy in managed domain in this method.

• Journal of the Institute of Electronics Engineers of Korea CI
• /
• v.46 no.1
• /
• pp.96-102
• /
• 2009

Due to the rapid growth of the Internet, it is possible to distribute the digital content efficiently. However, the need for image data protection and secret communication technique is also on the rise because of an infringement of the copyright by malicious attackers. Shamir and Lin-Tsai proposed simple secret image encryption algorithms based on the principle of secret sharing, respectively. However, their secret sharing schemes have a serious problem which can be declined the image quality and it is possible for third party to know embed information. In this paper, we propose a new secret sharing scheme using gray code that can be increased the image quality and security. As a result of our experiment, the proposed scheme is not only shown of good image quality and but also provide enhanced security compare with Shamir and Lin-Tasi's schemes.

• The Journal of Society for e-Business Studies
• /
• v.15 no.3
• /
• pp.85-98
• /
• 2010

The prevailing infrastructure of ubiquitous computing paradigm on the one hand making significant development for integrating technology in the daily life but on the other hand raising concerns for privacy and confidentiality. This research presents a new privacy-preserving spatio-temporal query processing technique, in which location based services (LBS) can be serviced without revealing specific locations of private users. Existing location cloaking techniques are based on a grid-based structures such as a Quad-tree and a multi-layered grid. Grid-based approaches can suffer a deterioration of the quality in query results since they are based on pre-defined size of grids which cannot be adapted for variations of data distributions. Instead of using a grid, we propose a location-cloaking algorithm which uses the R-tree, a widely adopted spatio-temporal index structure. The proposed algorithm uses the MBRs of leaf nodes as the cloaked locations of users, since each leaf node guarantees having not less than a certain number of objects. Experimental results show the superiority of the proposed method.

• Journal of the Korea Society of Computer and Information
• /
• v.17 no.9
• /
• pp.65-73
• /
• 2012

The traditional text-based password is vulnerable guessing, dictionary attacks, keyloggers, social engineering, stole view, etc. these vulnerability effect more serious problem in a mobile environment. In this study, By using the pattern number to enter the password of an existing four-digit numeric password, User easily use to new password system. The technology on pattern based numerical password authorization proposed in this paper would intensify the security of password which holds existing 10 numbers of cases by authorizing a user and would not invade convenience of use by providing high security and making users memorize only four numbers like old method. Making users not have inconvenience and raising complexity, it would have a strength to an shoulder surfing attack of an attacker. So I study password system that represents the shape-based of number. I propose the new password system to prevent peeking attacks and Brute-force attack, and this proposal is to review the security and usability.

• The Journal of the Korea Contents Association
• /
• v.6 no.11
• /
• pp.25-37
• /
• 2006

The purpose of this study examines the interrelationships among antecedents and consequences of privacy concern on the online-shopping mall. Based on relevant literature review, a customer's attitude toward direct marketing, a customer's desire to information control, and a customer's prediction of negative effect as antecedents that affect the privacy concern. Also, consequences are a firm's reputation and a customer's purchase experience. Then related hypotheses were tested using data from 165 online shopping mall customer. The results for empirical analysis are as follows; 1) a customer's attitude toward direct marketing affected negatively the privacy concern, 2) a customer's desire to information control and a customer's prediction of negative effect affected positively the privacy concern, 3) a firm's reputation negatively related to the privacy concern, 4) a customer's purchase experience positively related to a firm's reputation.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.3
• /
• pp.701-712
• /
• 2016

The number of subscriber of digital pay TV service such as Digital Cable TV and IPTV is increasing from various kind of service provider world widely. These services require personal information of users to provide VOD(Video on Demand) and customized contents. Therefore, massive amount of personal information collected by service provider can cause social confusion such as leakage of privacy and property damage. This paper investigates whether broadcasting stations are providing enough notification for privacy policy and methodology of collecting private information in proper way. Furthermore, we analyze actual network traffic of IPTV service between user and service provider to suggest solution of privacy protection along with current status analysis.