• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.5
• /
• pp.975-985
• /
• 2014

As financial transactions with a smartphone has become increasing, a myriad of security threats have emerged against smartphones. Among the many types of security threats, Smishing has evolved to be more sophisticated and diverse in design. Therefore, financial institutions have recommended that users doesn't install applications with setting of "Unknown sources" in the system settings menu and install application which detects Smishing. Unfortunately, these kind of methods come with their own limitations and they have not been very effective in handling Smishing. In this paper, we propose a systematic method to detect Smishing, in which the RIL(Radio Interface Layer) collects a text message received and then, checks if message databases stores text message in order to determine whether Smishing malware has been installed on the system. If found, a system call (also known as a hook) is used to block the outgoing text message generated by the malware. This scheme was found to be effective in preventing Smishing as found in our implementation.

• International journal of advanced smart convergence
• /
• v.5 no.3
• /
• pp.16-26
• /
• 2016

This proposed project is about a bicycle anti theft devised system which helps people protect the bicycle from theft and helps to track the stolen bicycle's location using a smart phone. Safety bike uses two main devices to keep the bicycle secured, the vibration sensor and GPS sensor. The purpose of this project is to put all these small devices into one well connected system which will help the bicycle owner have more control over the security of his own bicycle. The whole system can be divided into two main parts. The first part is about the hardware development whereby all electronics components are connected via the circuit design using wire wrapping technique. This hardware part includes, a vibrations sensor, a GPS receiver, a toggle switch, LED light, Bluetooth and a buzzer. Wireless Bluetooth signals are used as the means of communication between the smartphone and the microcontroller. The second part is the software part which is being to program and control the whole system. The program is written using MikroBasic, a full-featured Basic compiler for microcontroller based systems. In conclusion, this system is designed to enable user to have control in securing his/her bicycle also being able to find and locate it at any time using GPS receiver and mobile android application.

• KIPS Transactions on Computer and Communication Systems
• /
• v.8 no.1
• /
• pp.9-16
• /
• 2019

Smartphones are becoming a portable computer. As a result, even the most sensitive financial application services are now available anywhere on the smartphone. Compared to general PCs, smartphones communicate with external devices through various channels such as wireless internet, mobile communication network, Bluetooth, and NFC, and a wide variety of applications are provided. Therefore, if vulnerabilities exist, the possibility of attack damage increases. In this paper, we analyze the vulnerabilities of dynamic virtual keyboards used in login of banking apps of smartphones with various physical constraints and propose countermeasures.

• Journal of Internet of Things and Convergence
• /
• v.2 no.3
• /
• pp.25-30
• /
• 2016

The issued problem in the existed NFC authentication system is the security problem caused by the fixed key and the inconvenience occurred by the extra NFC tag. This paper aims to enhance the security level through OTP system added up the key generation mechanism and the convenience level by the integrated Android App. This proposed authentication system on Arduino will be widely applied to IoT security and will be used on diverse applications.

• Journal of the Korea Society of Computer and Information
• /
• v.24 no.8
• /
• pp.59-66
• /
• 2019

As the monetary value of cryptocurrency increases, the security measures for cryptocurrency becomes more important. A limitation of the existing cryptocurrency exchanges is their vulnerability to threats of hacking due to their centralized manner of management. In order to overcome such limitation, blockchain technology is increasingly adopted. The blockchain technology enables decentralization and Peer-to-Peer(P2P) transactions, in which blocks of information are linked in chain topology, and each node participating in the blockchain shares a distributed ledger. In this paper, we propose and implement a mobile electronic wallet that can safely store, send and receive cryptocurrencies. The proposed mobile cryptocurrency wallet connects to the network only when the wallet actively is used. Wallet owner manages his or her private key offline, which is advantageous in terms of security. JavaScript based wallet apps were implemented to respectively run on Android and iOS mobile phones. I demonstrate the process of transferring Ethereum cryptocurrency from an account to another account through Ropsten, a test net for Ethereum. Hardware wallets, such as Ledger Nano S, provide a slightly higher level of security, yet have the disadvantages of added burden of carrying additional physical devices and high costs (about 80$).

• International Journal of Computer Science & Network Security
• /
• v.22 no.7
• /
• pp.389-396
• /
• 2022

Smartphones are growing more susceptible as technology develops because they contain sensitive data that offers a severe security risk if it falls into the wrong hands. The Android OS includes permissions as a crucial component for safeguarding user privacy and confidentiality. On the other hand, mobile malware continues to struggle with permission misuse. Although permission-based detection is frequently utilized, the significant false alarm rates brought on by the permission-based issue are thought to make it inadequate. The present detection method has a high incidence of false alarms, which reduces its ability to identify permission-based attacks. By using permission features with intent, this research attempted to improve permission-based detection. However, it creates an excessive number of features and increases the likelihood of false alarms. In order to generate the optimal number of features created and boost the quality of features chosen, this research developed an intersection feature approach. Performance was assessed using metrics including accuracy, TPR, TNR, and FPR. The most important characteristics were chosen using the Correlation Feature Selection, and the malicious program was categorized using SVM and naive Bayes. The Intersection Feature Technique, according to the findings, reduces characteristics from 486 to 17, has a 97 percent accuracy rate, and produces 0.1 percent false alarms.

• Journal of Digital Convergence
• /
• v.13 no.8
• /
• pp.473-481
• /
• 2015

The flood and environment surveillance network on riverside is a network requiring a way to efficiently manage the information from all kinds of sensors, along with an optical communication device that can deliver high-quality video information at high speed. Since on-site prompt recovery is very important especially for communication problems that occurred due to cut-off or aged network, various researches have been carried out on this. However, because the security against outside hacking or outside intrusion with illegal purposes is very important for environment surveillance network, such as the national backbone network, an efficient network maintenance and repair should be enabled while satisfying security and reliability at the same time. A characteristic of requirement is that when security is improved, the efficiency of maintenance and repair drops as they are conflicting to each other. Therefore, this research proposed a system in order to satisfy the conflicting requirement and improve security, by developing a one-way Bypass TAP and an android-based smartphone app that can enable efficient network maintenance and repair.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.4
• /
• pp.657-667
• /
• 2020

The Android framework allows apps to take full advantage of personal information through granting single permission, and does not determine whether the data being leaked is actual personal information. To solve these problems, we propose a tool with static/dynamic analysis. The tool analyzes the Source and Sink used by the target app, to provide users with information on what personal information it used. To achieve this, we extracted the Source and Sink through Control Flow Graph and make sure that it leaks the user's privacy when there is a Source-to-Sink flow. We also used the sensitive permission information provided by Google to obtain information from the sensitive API corresponding to Source and Sink. Finally, our dynamic analysis tool runs the app and hooks information from each sensitive API. In the hooked data, we got information about whether user's personal information is leaked through this app, and delivered to user. In this process, an automated Source/Sink classification model was applied to collect latest Source/Sink information, and the we categorized latest release version of Android(9.0) with 88.5% accuracy. We evaluated our tool on 2,802 APKs, and found 850 APKs that leak personal information.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.1
• /
• pp.145-154
• /
• 2014

In this paper, we propose a novel anti-malware system based on behavior profiling, called Andro-profiler. Andro-profiler consists of mobile devices and a remote server, and is implemented in Droidbox. Our aim is to detect and classify malware using an automatic classifier based on behavior profiling. First, we propose the representative behavior profiling for each malware family represented by system calls coupled with Droidbox system logs. This is done by executing the malicious application on an emulator and extracting integrated system logs. By comparing the behavior profiling of malicious applications with representative behavior profiling for each malware family, we can detect and classify them into malware families. Andro-profiler shows over 99% of classification accuracy in classifying malware families.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.5
• /
• pp.1107-1115
• /
• 2017

The most commonly used PKZIP format is a ZIP file, as well as a file format used in MS Office files and application files for Android smartphones. PKZIP format files, which are widely used in various areas, require structural analysis from the viewpoint of digital forensics and should be able to recover when files are damaged. However, previous studies have focused only on recovering data or extracting meaningful data using the Deflate compression algorithm used in ZIP files. Although most of the data resides in compressed data in the ZIP file, there is also forensically meaningful data in the rest of the ZIP file, so you need to restore it to a normal ZIP file format. Therefore, this paper presents a technique to recover a damaged ZIP file to a normal ZIP file when given.