• Journal of KIISE
• /
• v.42 no.8
• /
• pp.979-989
• /
• 2015

Machine to Machine (M2M) technology has gained attention due to the fast diffusion of Internet of Things (IoT) technologies and smart devices. Most wireless network experts believe that Bluetooth Low Energy (BLE) Communications technology in an iBeacon network has amazing advantages in terms of providing communication services at a low cost in smartphone applications. Specifically, BLE does not require any pairing process during its communication phases, so it is possible to send a message to any node without incurring additional transmissions costs if they are within the BLE communication range. However, BLE does not require any security verification during communication, so it has weak security. Therefore, a security authorization process would be necessary to obtain customer confidence. To provide security functions for iBeacon, we think that the iBeacon Message Encryption process and a Decryption (Authorization) process should be designed and implemented. We therefore propose the BLE message Authorization Mechanism based on a One Time Password Algorithm (BLE-OTP). The effectiveness of our mechanism is evaluated by conducting a performance test on an attendance system based on BLE-OTP.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.3
• /
• pp.353-363
• /
• 2021

As the Untact era is rapidly changing, collaboration tools are increasing their utilization and value as digital technologies for non-face-to-face work. While instant messenger-based collaboration tools support a variety of functions, crime and accident concerns are also increasing in proportion to their convenience, such as information leakage and security incidents. Meanwhile, the digital forensics perspective on collaborative tools is not enough, so forensics research is needed. This study analyzes significant artifacts in the two operating environments through Windows and Android forensics research on Microsoft Teams, the collaboration tool with the highest share in the world. Also, based on differences in artifacts and data attributes according to the operating environment, by applying 'differential forensic', we proved that the usefulness of evidence can be improved by presenting a complementary analysis method and timeline configuration through information linkage.

• Journal of Internet Computing and Services
• /
• v.18 no.1
• /
• pp.105-119
• /
• 2017

Smartphone users hit over eighty-five percentage of Korean populations and personal private items and various information are stored in each user's smartphone. There are so many cases to propagate malicious codes or spywares for the purpose of catching illegally these kinds of information and earning pecuniary gains. Thus, need of information security is outstanding for using smartphone but also user's security perception is important. In this paper, we investigate about how information security affects smartphone operating system choices by users. For statistical analysis, the online survey with questionnaires for users of smartphones is conducted and effective 218 subjects are collected. We test hypotheses via communalities analysis using factor analysis, reliability analysis, independent sample t-test, and linear regression analysis by IBM SPSS statistical package. As a result, it is found that hardware environment influences on perceived ease of use. Brand power affects both perceived usefulness and perceived ease of use and degree of personal risk-accepting influences on perception of smartphone spy-ware risk. In addition, it is found that perceived usefulness, perceived ease of use, degree of personal risk-accepting, and spy-ware risk of smartphone influence significantly on intention to purchase smartphone. However, results of independent sample t-test for each operating system users of Android or iOS do not present statistically significant differences among two OS user groups. In addition, each result of OS user group testing for hypotheses is different from the results of total sample testing. These results can give important suggestions to organizations and managers related to smartphone ecology and contribute to the sphere of information systems (IS) study through a new perspective.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2021.10a
• /
• pp.458-460
• /
• 2021

The provision and application of public safety network in Korea is still insufficient for security response to the mobile app of public safety network in the stages of development, initial construction, demonstration, and initial service. The available terminals on the Disaster Safety Network (PS-LTE) are open, Android-based, dedicated terminals that potentially have vulnerabilities that can be used for a variety of mobile malware, requiring preemptive responses similar to FirstNet Certified in U.S and Google's Google Play Protect. In this paper, before listing the application service app on the public safety network mobile app store, we construct a data set for malicious and normal apps, extract features, select the most effective AI model, perform static and dynamic analysis, and analyze Based on the result, if it is not a malicious app, it is suggested to list it in the App Store. As it becomes essential to provide a service that blocks malicious behavior app listing in advance, it is essential to provide authorized authentication to minimize the security blind spot of the public safety network, and to provide certified apps for disaster safety and application service support. The safety of the public safety network can be secured.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.5
• /
• pp.1233-1246
• /
• 2018

With the proliferation of smart mobiles, disassembly techniques for position-independent code (PIC) composed of ARM architecture instructions in computer security are becoming more important. However, existing techniques have been studied on x86 architecture and are focused on solving problems of non-PIC and generality. Therefore, the accuracy of the collected address information is low to apply to advanced security technologies such as binary measurement. In this paper, we propose a disassembly technique that reflects the characteristics of PIC composed of ARM instructions. For accuratly collecting traceable addresses, we designed value-set analysis having symbol-form domain. To solve the main problem of disassembly, we devised a heuristic using the characteristics of the code generated by the compiler. To verify the accuracy and effectiveness of our technique, we tested 669 shared libraries and executables in the Android 8.1 build, resulting in a total disassembly rate of 91.47%.

• Journal of Convergence for Information Technology
• /
• v.7 no.4
• /
• pp.91-96
• /
• 2017

In this paper, we aim to respond efficiently to crime by using Arduino and smartphone apps in response to increasing number of house-breaking crimes. It receives the signal of the sensor installed in the house and connects it with the app of the smartphone. To use the app, you can download the app from the user's smartphone, launch the app, and operate the operation outside the home, not only inside the house, by linking the executed app. Among the sensors installed in the house, the movement detection sensor is used to enhance the security, and the gas leakage sensor and the flame detection sensor can be used to easily detect the risk of fire and to prevent the fire early. Security is further enhanced by the ability to remotely control the front door with a smartphone. After that, various sensors can be added and it can be developed as a WiFi module in addition to the Bluetooth module.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.7 no.5
• /
• pp.1145-1151
• /
• 2012

Recently, the demand for mobile system is growing owing to the spread of smart phones to enable the real-time business process. This paper proposes the real-time facility maintenance management system using an android-based mobile application to apply to the facility defect/maintenance field for the apartment building complex. The proposed system model aims to develop the comprehensive management system to integrate the web and mobile system to lead to the realization of mobile office. The security measures required in the mobile system are technically analyzed and implemented on the system.

• Proceedings of the Korean Society of Computer Information Conference
• /
• 2015.01a
• /
• pp.73-76
• /
• 2015

최근 스마트 단말을 통한 유해 콘텐츠의 보급이 확산되면서 스마트 단말에서 유해 콘텐츠를 차단하기 위한 소프트웨어의 필요성이 증가하고 있다. 이에 본 논문에서는 안드로이드 기반 스마트 단말에서 실행 이벤트의 분석을 통하여 유해 콘텐츠를 탐지 할 수 있는 방법을 제안한다. 본 논문에서는 안드로이드기반 스마트 단말에서 스트리밍 서비스가 실행되는 구조 및 관련 실행 이벤트들의 연관성을 분석하였으며, 분석 결과를 토대로 스마트 단말에서 유해 콘텐츠의 실행 여부를 판단할 수 있는 소프트웨어를 개발하였다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.6
• /
• pp.1505-1511
• /
• 2016

Live streaming is a method to provide media service by sending recoded media to a user's video player. In order to provide video and audio contents in real-time for a large number of users simultaneously, live streaming compatible protocols such as RTMP (Real Time Messaging Protocol), HLS (Http Live Streaming), are required. In this paper, we analyzed vulnerability of paid live streaming services with the captured packets from the applications used by six major OTT (over-the-top) companies in Korea supporting live streaming services. We found that streaming channels were not encrypted and access control mechanisms were not properly used. Thus, guest users can freely use paid live streaming services.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.21 no.2
• /
• pp.139-147
• /
• 2011

More convenient and value-added application services can be provided to user in case of using location-based service on Smart phone. However, privacy problem will be happen when an application disclosures the personal location information. Therefore, each user should securely control and manage his own personal location information by specifying access control list and profiles. In this study, we implemented personal location information self-control protocol and developed secure personal location management system with OTP based authentication procedure.