• Title/Summary/Keyword: Browser Security

Search Result 97, Processing Time 0.036 seconds

전자금융거래에서의 문서변조 취약점 분석 및 대응방법 고찰

  • Maeng, Young-Jae;Shin, Dong-Oh;Kim, Sung-Ho;Nyang, Dae-Hun
    • Review of KIISC
    • /
    • v.20 no.6
    • /
    • pp.17-27
    • /
    • 2010
  • 전자금융거래는 사용자의 컴퓨터에 악성 프로그램이 설치될 수 있다는 환경에서도 신뢰성 있는 서비스가 요구된다. 하지만 국내의 전자금융거래는 아직까지 MITB(Man-In-The-Browser)공격에 취약한 상태이다. 이 논문에서는 MITB 공격의 동작원리와 그 대응방법에 대해 논의하며, 이를 바탕으로 QR코드를 활용한 승인방법을 제안한다.

Technique of Information Security for Users against Phishing Attacks (피싱 공격에 대한 사용자 정보보호 방안)

  • Kim, Jung-Tae
    • Proceedings of the Korean Institute of Information and Commucation Sciences Conference
    • /
    • 2008.10a
    • /
    • pp.736-739
    • /
    • 2008
  • Phishing is a form of online identity theft that aims to steal sensitive information such as online banking passwords and credit card information from users. This paper presents a novel browser extension, AntiPhish, that aims to protect users against spoofed web site-based phishing attacks. To this end, AntiPhish tracks the sensitive information of a user and generates warnings whenever the user attempts to give away this information to a web site today requires only the server to be hat is considered untrusted.

  • PDF

Analyses of Security Design for Home Gateway in Ubiquitous Surroundings (유비쿼터스 환경하에서의 홈게이트웨어를 위한 보안 설계 분석)

  • Kim Jung-Tae
    • Proceedings of the Korean Institute of Information and Commucation Sciences Conference
    • /
    • 2006.05a
    • /
    • pp.761-764
    • /
    • 2006
  • We have developed a new remote-configurable firewall system that provides secure and easy-to-use access to home-network appliances such as network cameras, PVRs, and home file servers, through the internet. With a simple web browser operation, remote users can dynamically open and close the firewall of the home gateway. The firewall rule creation is based on an authentication of the remote client, and thus only packets from the authorized client can pass through the firewall, we analyses the sorority design for home gateway in ubiquitous surroundings.

  • PDF

Cloud Security and Privacy: SAAS, PAAS, and IAAS

  • Bokhari Nabil;Jose Javier Martinez Herraiz
    • International Journal of Computer Science & Network Security
    • /
    • v.24 no.3
    • /
    • pp.23-28
    • /
    • 2024
  • The multi-tenancy and high scalability of the cloud have inspired businesses and organizations across various sectors to adopt and deploy cloud computing. Cloud computing provides cost-effective, reliable, and convenient access to pooled resources, including storage, servers, and networking. Cloud service models, SaaS, PaaS, and IaaS, enable organizations, developers, and end users to access resources, develop and deploy applications, and provide access to pooled computing infrastructure. Despite the benefits, cloud service models are vulnerable to multiple security and privacy attacks and threats. The SaaS layer is on top of the PaaS, and the IaaS is the bottom layer of the model. The software is hosted by a platform offered as a service through an infrastructure provided by a cloud computing provider. The Hypertext Transfer Protocol (HTTP) delivers cloud-based apps through a web browser. The stateless nature of HTTP facilitates session hijacking and related attacks. The Open Web Applications Security Project identifies web apps' most critical security risks as SQL injections, cross-site scripting, sensitive data leakage, lack of functional access control, and broken authentication. The systematic literature review reveals that data security, application-level security, and authentication are the primary security threats in the SaaS model. The recommended solutions to enhance security in SaaS include Elliptic-curve cryptography and Identity-based encryption. Integration and security challenges in PaaS and IaaS can be effectively addressed using well-defined APIs, implementing Service Level Agreements (SLAs), and standard syntax for cloud provisioning.

Research for the Element to Analyze the Performance of Modern-Web-Browser Based Applications (모던 웹 브라우저(Modern-Web-Browser) 기반 애플리케이션 성능분석을 위한 요소 연구)

  • Park, Jin-tae;Kim, Hyun-gook;Moon, Il-young
    • Proceedings of the Korean Institute of Information and Commucation Sciences Conference
    • /
    • 2018.10a
    • /
    • pp.278-281
    • /
    • 2018
  • The early Web technology was to show text information through a browser. However, as web technology advances, it is possible to show large amounts of multimedia data through browsers. Web technologies are being applied in a variety of fields such as sensor network, hardware control, and data collection and analysis for big data and AI services. As a result, the standard has been prepared for the Internet of Things, which typically controls a sensor via HTTP communication and provides information to users, by installing a web browser on the interface of the Internet of Things. In addition, the recent development of web-assembly enabled 3D objects, virtual/enhancing real-world content that could not be run in web browsers through a native language of C-class. Factors that evaluate the performance of existing Web applications include performance, network resources, and security. However, since there are many areas in which web applications are applied, it is time to revisit and review these factors. In this thesis, we will conduct an analysis of the factors that assess the performance of a web application. We intend to establish an indicator of the development of web-based applications by reviewing the analysis of each element, its main points, and its needs to be supplemented.

  • PDF

Study on Anti-Phishing Solutions, Related Researches and Future Directions (피싱 대응 솔루션 연구 및 개발 현황 그리고 앞으로의 방향)

  • Shin, Ji Sun
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.23 no.6
    • /
    • pp.1037-1047
    • /
    • 2013
  • As damages from phishing have been increased, many anti-phishing solutions and related researches have been studied. Anti-phishing solutions are often built in web-browsers or provided as security toolbars. Other types of solutions are also developed such as email-filtering and solutions strengthening server authentication via secret image sharing. At the same time, researchers have tried to see the reasons why phishing works and how effective anti-phishing solutions are. In this paper, we review relevant anti-phishing solutions, their techniques and other phishing-related researches. Based on these, we summarize recommended ways to improve anti-phishing solutions and suggest the future directions to study to protect users from phishing attacks.

Design of Face Recognition based Embedded Home Security System

  • Sahani, Mrutyunjanya;Subudhi, Subhashree;Mohanty, Mihir Narayan
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.10 no.4
    • /
    • pp.1751-1767
    • /
    • 2016
  • Home security has become the prime concern for everyone in present scenario. In this work an attempt has been made to develop a home security system which is accessible, affordable and yet effective.The proposed system is based on 'Remote Embedded Control System' (RECS) which works both on the web and gsm platform for authentication and monitoring. This system is therefore cost effective as it relies on existing network infrastructure. As PCA is most popular and efficient algorithm for face recognition, it has been usedin this work. Next to it an interface has been developed for communication purpose in the embedded security system through the ZigBee module. Based on this embedded system, automated control of door movement has been implemented through electromagnetic door lock technology. This helps the users to monitor the real-time activities through web services/SMS. The web service consists of either web browser command or e-mail provision. The system establishes the communication between the system and authenticated user. The e-mail received by the system from the authorized person will monitor and control the real-time operation and door lock. The entire control system is reinforced using ARM1176JZF-S microcontroller and tested for actual use in the home environment. The result shows the experimental verification of the proposed system.

Sera Web-Viewer : a Convenience-Featured Web Browser (SERA Web-Viewer : 사용자 편의성을 향상시킨 웹 브라우저 설계 및 구현)

  • Cho, Young-Suk;Kim, Jae-Hoon;Jang, Ik-Hyeon
    • Convergence Security Journal
    • /
    • v.7 no.4
    • /
    • pp.61-72
    • /
    • 2007
  • We developed a convenience-featured Web browser which is intended to enhance Web users' convenience. The integrated convenience functions are VPV(Visited Page Viewer), APV(Aligned Page Viewer), USC(User Specified Capture), and VAC(Video and Audio Converter) which is the most important feature of FLV(FLash Video file) in UCC (User Created Contents). The four functions are considered ad the most needed functions to the Web users and we referred to the opinion of frequent and advanced Web users. We addressed important algorithms and techniques in terms of the implementation of the above four functions. The implementation methods based on the MDI application using rendering technique same as in Internet Explorer 6.0 are shown with codes. The results of implementation is compared with the survey conducted on 134 Computer Science and Multimedia Engineering major students. All four integrated functions are considered to be useful.

  • PDF

Interoperability Strategy Performance Evaluation of the Event Service of CORBA (CORBA 이벤트 서비스의 연동 방법 및 성능 평가)

  • Na, Gil-Seong;Lee, Sang-Ho
    • Journal of KIISE:Databases
    • /
    • v.27 no.1
    • /
    • pp.33-41
    • /
    • 2000
  • Since simple and convenient user interface, the Web is diffused widely. For integrating Web as a view of user interface and CORBA, CORBA object is made in applet, which is sent to Web browser in Client and executes by Web browser. To use CORBA Event Service in Web without violating a security constrains of applet, we need a interoperability of Event Service. This paper investigates interoperability of event channels of the event service of CORBA. We present three different methods that make one event channel. Pros and cons of each method are described. All mentioned approaches have been implemented in Java. An experimental performance evaluation has been carried out and evaluation results are also given.

  • PDF

Challenge-Response Authentication with a Smartphone (스마트폰을 이용한 Challenge-Response 인증)

  • Thiranant, Non;Hui, Yvonne Tan Ying;Kim, TaeYong;Lee, HoonJae
    • Proceedings of the Korean Society of Computer Information Conference
    • /
    • 2012.07a
    • /
    • pp.187-190
    • /
    • 2012
  • This paper proposes an one-time authentication system for web applications by making use of the quick-response code, which is widely used nowadays. The process is not time-consuming. It does not require any browser extensions or specific hardware to complete a task. The system uses QR code which is basically a two-dimensional black and white image encoding a piece of digital information. When a user logs into a site, the web server will generate a challenge encoded to form a QR code. The user captures a picture of QR code with a mobile camera which results in decoding the QR code. The challenge shall be sent back to the server; the web server then logs the PC browser in. The authentication using Challenge-Response is easy to understand and the process is fast. The system proposes the improvement of usability and security of online authentication.

  • PDF