• Journal of the Korea Society of Computer and Information
• /
• v.21 no.8
• /
• pp.29-39
• /
• 2016

Recently, KakaoTalk users seek secure messengers with fears of 'possible' censorship over a mobile messenger. Instead German messenger "Telegram" is gaining popularity in South Korea. Are the known as secure messengers actually secure? In this paper, we evaluate secure mobile messengers in terms of private information protection. We establish the fourteen criteria to evaluate the functionality of messenger apps including communication encryption in transit, the possibility of leakage of decrypted messages via server, an encryption algorithm, a key exchange algorithm, an ephemeral message application, etc. Line, Telegram, Snapchat, WhatsApp, Wickr, Facebook Messenger and KakaoTalk, which have many worldwide and domestic users, are to be targeted. Wickr is ranked at the top of the evaluation, followed by Telegram and Line but KakaoTalk and Snapchat are ranked at the bottom of the evaluation list.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.23 no.6
• /
• pp.27-32
• /
• 2023

Location sharing through apps is increasing, such as finding a friend's location or sharing delivery status on the Internet. However, location information is important personal information, and in some cases can be misused for crimes, and so encryption of location information is essential when developing such apps. This paper develops an app that encrypts and shares location information between friends for purposes such as finding friends and deciding meeting locations. To improve encryption performance, the symmetric key was encrypted and transmitted using an asymmetric key, and for location sharing, only the symmetric key was used to encrypt it. The proposed app was developed on iOS, and performance measurements showed that encryption of location information was at least 5,000 times faster when using a symmetric key than when using an asymmetric key.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.1
• /
• pp.17-30
• /
• 2015

Unlike existing widely used bytecode-centric Android application code obfuscation methodology, our scheme in this paper makes encrypted file i.e. DEX file self-extracted arbitrary Android application. And then suggests a method regarding making the loader app to execute encrypted file's code after saving the file in arbitrary folder. Encrypted DEX file in the loader app includes original code and some of Manifest information to conceal event treatment information. Loader app's Manifest has original app's Manifest information except included information at encrypted DEX. Using our scheme, an attacker can make malicious code including obfuscated code to avoid anti-virus software at first. Secondly, Software developer can make an application with hidden main algorithm to protect copyright using suggestion technology. We implement prototype in Android 4.4.2(Kitkat) and check obfuscation capacity of malicious code at VirusTotal to show effectiveness.

• International Journal of Computer Science & Network Security
• /
• v.22 no.8
• /
• pp.328-342
• /
• 2022

The Internet of Things (IoT) is a technology that offers lucrative services in various industries to facilitate human communities. Important information on people and their surroundings has been gathered to ensure the availability of these services. This data is vulnerable to cybersecurity since it is sent over the internet and kept in third-party databases. Implementation of data encryption is an integral approach for IoT device designers to protect IoT data. For a variety of reasons, IoT device designers have been unable to discover appropriate encryption to use. The static support provided by research and concerned organizations to assist designers in picking appropriate encryption costs a significant amount of time and effort. IoTES is a web app that uses machine language to address a lack of support from researchers and organizations, as ML has been shown to improve data-driven human decision-making. IoTES still has some weaknesses, which are highlighted in this research. To improve the support, these shortcomings must be addressed. This study proposes the "IoTES with Security" model by adding support for the security level provided by the encryption algorithm to the traditional IoTES model. We evaluated our technique for encryption algorithms with available security levels and compared the accuracy of our model with traditional IoTES. Our model improves IoTES by helping users make security-oriented decisions while choosing the appropriate algorithm for their IoT data.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.6
• /
• pp.1457-1465
• /
• 2017

With the growing of smart devices market, malicious behavior has gradually expanded its scope. Accordingly, many studies have been conducted to analyze malicious apps and automated analysis tools have been released. However these tools cause the side effects that the application protection tools such as ProGuard, DexGuard become vulnerable to analyzers or attackers. This paper suggests the protection mechanism to apply to the Android apps using security token, rather than general-purpose protection solutions that can be applied in malicious apps. The main features of this technique are that Android app is not properly loaded in the memory when the security token is abnormal or is not inserted and protected parts using the technique are not exposed.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2017.11a
• /
• pp.363-366
• /
• 2017

최근 컨텐츠 제공 업체와 사용자들로부터 생성되는 미디어 데이터들의 용량이 늘어남에 따라, 사용자들은 자신이 보유한 단말 외에 추가적인 저장공간이 필요하게 되었다. 이에 추가 저장소 및 백업 장치로써 클라우드 스토리지 서비스의 사용률이 늘어나는 추세이다. 클라우드 서비스에 대한 수요가 증가하고 이와 함께 보안적인 이슈가 늘어남에 따라, 서비스 제공자들은 다양한 보안 기술들을 클라우드 시스템에 적용하고 있다. 본 논문에서는 클라우드 스토리지 서비스의 보안성을 위한 업로드, 다운로드간 파일 암 복호화 방법에 대해 제안한다. 제안한 어플리케이션은 보안 문제들을 해결하는 데에 도움이 될 것으로 기대된다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.4
• /
• pp.739-751
• /
• 2014

We are using our smartphone for our business as well as ours lives. Thus, user's privacy data and a company secret are stored at smartphone. By the way, the saved data on smartphone database can be exposed to a malicous attacker when a malicous app is installed in the smartphone or a user lose his/her smartphone because all data are stored as form of plaintext in the database. To prevent this disclosure of personal information, we need a database encryption method. However, if a database is encrypted, it causes of declining the performance. For example, when we search specific data in condition with encrypted database, we should decrypt all data stored in the database or search sequentially the data we want with accompanying overhead[1]. In this paper, we propose an efficient and searchable encryption method using variable length bloom filter under limited resource circumstances(e.g., a smartphone). We compare with existing searchable symmetric encryption. Also, we implemented the proposed method in android smartphone and evaluated the performance the proposed method. As a result through the implementation, We can confirm that our method has over a 50% improvement in the search speed compared to the simple search method about encrypted database and has over a 70% space saving compared to the method of fixed length bloom filter with the same false positive rate.

• Journal of Convergence for Information Technology
• /
• v.8 no.6
• /
• pp.129-134
• /
• 2018

This is about the CCTV hacking which is one of the recently emerging privacy-spilling crime. Recently, the usage of CCTV is being increased, and Black Hat Hackers spill the individual's privacy by hacking it. However, That crime is being increased. However, most users rarely fulfill the security management, and the government's measures are insufficient. Therfore, this research report implies some security technologies including user authentication protocols such as SSH Tunneling and Media Encryption Algorithm. and recently developed technologies including Wookyeong Information Technology's SecuWatcher for CCTV, Norma's CCTV Care App, and MarkAny's Password SAFERTM for CCTV.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2022.05a
• /
• pp.184-186
• /
• 2022

Recently, as interest in personal information protection has increased, various apps for personal information protection have emerged. These apps protect data in various formats, such as photos, videos, and documents containing personal information, using encryption and hide functions. These apps can have a positive effect on personal information protection, but in digital forensics, they act as anti-forensic because they can be difficult to analyze data during the investigation process. In this paper, finds out PIN, an access control function, through reverse engineering on Calculator - photo vault, one of the personal information protection apps, and files such as photos and documents to which encryption and hide were applied. In addition, the vulnerability to this app was analyzed by research decryption for database files where logs for encrypted and hide files are stored.

• International Journal of Computer Science & Network Security
• /
• v.24 no.3
• /
• pp.23-28
• /
• 2024

The multi-tenancy and high scalability of the cloud have inspired businesses and organizations across various sectors to adopt and deploy cloud computing. Cloud computing provides cost-effective, reliable, and convenient access to pooled resources, including storage, servers, and networking. Cloud service models, SaaS, PaaS, and IaaS, enable organizations, developers, and end users to access resources, develop and deploy applications, and provide access to pooled computing infrastructure. Despite the benefits, cloud service models are vulnerable to multiple security and privacy attacks and threats. The SaaS layer is on top of the PaaS, and the IaaS is the bottom layer of the model. The software is hosted by a platform offered as a service through an infrastructure provided by a cloud computing provider. The Hypertext Transfer Protocol (HTTP) delivers cloud-based apps through a web browser. The stateless nature of HTTP facilitates session hijacking and related attacks. The Open Web Applications Security Project identifies web apps' most critical security risks as SQL injections, cross-site scripting, sensitive data leakage, lack of functional access control, and broken authentication. The systematic literature review reveals that data security, application-level security, and authentication are the primary security threats in the SaaS model. The recommended solutions to enhance security in SaaS include Elliptic-curve cryptography and Identity-based encryption. Integration and security challenges in PaaS and IaaS can be effectively addressed using well-defined APIs, implementing Service Level Agreements (SLAs), and standard syntax for cloud provisioning.