• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.12 no.3
• /
• pp.23-37
• /
• 2002

As the world-wide use of the Internet increases rapidly due to development of computer network the Electronic Commerce for business by treating it is growing as compared to the traditional one for the information exchange in the academic and research areas. The Electronic Payment System used for EC includes the Payment Broker System and the Electronic Purse System. And usually Electronic Purse System operates with IC cards. Saving the money in IC card has a high portability and security. Therefore, the Electronic purse System based on IC card is recently issued in the EC. In this paper, we design and implement of a IC card security system for Common Electronic Purse Specifications in Internet. CEPS is a Electronic Purse System proposed VISA, and conform EMV(Europay Mastercard VISA) security structure. With our system, users easily use Electronic Purse System with only Web browser and IC card. Original EMV paid no regard to using in the Internet. But our system, conforming to CEPS and EMV, is easily used in the Internet.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.4
• /
• pp.559-572
• /
• 2020

As internet technology advances, users can share content online, and many sharing services exist. According to a recently published digital forensic study, when playing an online streaming service, you can restore the played video by reconstructing the Chrome cache file left on local device such as a PC. This can be seen as evidence that the user watched illegal video content. From a different point of view, copyright infringement occurs when a malicious user restores video stream and share it to another site. In this paper, we selected 23 online streaming services that are widely used both at home and abroad. After streaming videos, we tested whether we can recover original video using cache files stored on the PC or not. As a result, the paper found that in most sites we can restore the original video by reconstructing cache files. Furthermore, this study also discussed methodologies for preventing copyright infringement in online streaming service.

• Journal of Digital Convergence
• /
• v.11 no.12
• /
• pp.327-332
• /
• 2013

XSS is an attacker on the other party of the browser that is allowed to run the script. It is seized session of the users, or web site modulation, malicious content insertion, and phishing attack which is available. XSS attacks are stored XSS and reflected XSS. In that, two branch attacks. The form of XSS attacks are cookie sniffing, script encryption, bypass, the malignant cord diffusion, Key Logger, Mouse Sniffer, and addition of lie information addition. XSS attacks are target of attack by script language. Therefore, the countermeasure of XSS is presented and proposed to improve web security.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.27 no.11C
• /
• pp.1090-1096
• /
• 2002

The HTTP does not support continuity for browser-server interaction between successive visits or a user due to a stateless feature. Cookies were invented to maintain continuity and state on the Web. Because cookies are transmitted in plain and contain text-character strings encoding relevant information about the user, the attacker can easily copy and modify them for his undue profit. In this paper, we design a secure cookies scheme based on X.509 public key certificate for solving these security weakness of typical web cookies. Our secure cookies scheme provides not only mutual authentication between client and server but also confidentiality and integrity of user information. Additionally, we implement our secure cookies scheme and compare it to the performance with SSL(Secure Socket Layer) protocol that is widely used for security of HTTP environment.

• Journal of the Institute of Convergence Signal Processing
• /
• v.1 no.1
• /
• pp.74-81
• /
• 2000

In this paper we have developed an image security system based on Internet Web in order to overcome the problem of existing systems that use the dedicated network. The developed system resolves the safety problem of the centralized control model by adapting the distributed control model based on Web, and has the functions of remote control and automatic monitoring for grouped multiple sites on remote Web browser. And the system can operate various computers or operating system because it' s operating software was designed by the concepts of Java Virtual Machine and Virtual Instrument. Also, our system has not need of additional cost for network construction by using Internet and can greatly improve the managemental efficiency of system because the maintenance and publishing of software updates can be performed through Web Server.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.39B no.3
• /
• pp.162-168
• /
• 2014

Cross-Site Request Forgery is one of the attack techniques occurring in today's Web Applications. It allows an unauthorized attacker to send authorized requests to Web Server through end-users' browsers. These requests are approved by the Web Server as normal requests therefore unexpected results arise. The problem is that the Web Server verifies an end-user using his Cookie information. In this paper, we propose an enhanced CSRF defense scheme which uses Page Identifier and user password's hash value in addition to the Cookie value which is used to verify the normal requests. Our solution is simple to implement and solves the problem of the token disclosure when only a random token is used for normal request verification.

• International Journal of Computer Science & Network Security
• /
• v.21 no.7
• /
• pp.305-316
• /
• 2021

The objective is to recognize the better opportunities from targeted reveal advertising, to show a banner ad to the consumer of online who is most expected to obtain a preferred action like signing up for a newsletter or buying a product. Discovering the most excellent commercial impression, it means the chance to exhibit an advertisement to a consumer needs the capability to calculate the probability that the consumer who perceives the advertisement on the users browser will acquire an accomplishment, that is the consumer will convert. On the other hand, conversion possibility assessment is a demanding process since there is tremendous data growth across different information dimensions and the adaptation event occurs infrequently. Retailers and manufacturers extensively employ the retail services from internet as part of a multichannel distribution and promotion strategy. The rate at which web site visitors transfer to consumers is low for online retail, out coming in high customer acquisition expenses. Approximately 96 percent of web site users concluded exclusive of no shopper purchase[1].This category of conversion rate is collected from the advertising of social media sites and pages that dataset must be estimating and assessing with the concept of big data clustering, which is used to group the particular age group of people along with their behavior. This makes to identify the proper consumer of the production which leads to improve the profitability of the concern.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.4
• /
• pp.869-882
• /
• 2012

With the growth of Web services and the development of web exploit toolkits, web-based malware has increased dramatically. Using Javascript Obfuscation, recent web-based malware hide a malicious URL and the exploit code. Thus, pattern matching for network intrusion detection systems has difficulty of detecting malware. Though various methods have proposed to detect Javascript malware on a users' web browser, the overall detection is needed to counter advanced attacks such as APTs(Advanced Persistent Treats), aimed at penetration into a certain an organization's intranet. To overcome the limitation of previous pattern matching for network intrusion detection systems, a novel deobfuscating method to handle obfuscated Javascript is needed. In this paper, we propose a framework for effective hidden malware detection through an automated deobfuscation regardless of advanced obfuscation techniques with overriding JavaScript functions and a separate JavaScript interpreter through to improve jsunpack-n.

• Proceedings of the Korean Information Science Society Conference
• /
• 1998.10a
• /
• pp.618-620
• /
• 1998

Web보안 기능 중에서 가장 기본적이면서 중요한 보안 기능은 데이터의 암호 및 복호이다. 본 과제는 인터넷 web browser(Netscape Communicator 또는 Navigator)기능에 보안 모듈을 이용한 자료 및 문서 암호 기능을 통해서 안심하고 web page를 사용할 수 있는 시스템을 제공한다. 보안 모듈을 사용하지 않는 일반적인 web데이터 전송환경에는 SSL 프로토콜을 이용하여 web데이터 전송을 수행한다. 서버가 보안 모듈을 가지고 있는 경우는 web을 통해서 주고받는 데이터에 대해서 보안 모듈 내에 존재하는 암호 및 복호하는 알고리즘을 사용한다. 이런 방식을 사용할 경우에 일반적으로 많이 사용하는 DES알고리즘의 사용으로 쉽게 구현이 가능하다. 그러나 이러한 보안 모듈이 상호 연동해서 동작되기 때문에 이 모듈이 없이는 웹 상에 원하는 자료에의 접근이 불가능하다. 또한 이 방식은 기존의 방식이 갖는 보안 기능의 공개성 문제점을 극복하면서 안전한 보안 웹 환경을 제공해준다.

• Proceedings of the Korean Information Science Society Conference
• /
• 1998.10a
• /
• pp.550-552
• /
• 1998

본 논문은 인터넷web browser(Netscape communicator 또는 Netscape Navigator)기능에 문서보안 기능 등을 통해서 안심하고를 사용할 수 있는 클라이언트 환경을 제공한다. 보안 모듈을 사용하여 보안 데이터 전송을 수행한다. 본 보안 데이터 전송을 수행한다. 본 보안 모듈의 특징은 소프트웨어적으로 보안 환경을 사용하든 하드웨어적으로 보안 환경을 사용하든 독점적인 환경에서 웹 보안 기능을 제공할 수 있는 장점을 가진다. 일반적으로 보안이 절실히 요구되는 환경은 인트라넷이 구축된 경우이다. 이런 인트라넷 환경에서는 본 논문에서 제안하는 보안 기능을 사용할 경우 독점적인 보안 기능을 제공할 수 있다. 그리고 일반적인 인터넷 환경에서 보안을 만족하기 위하여 서버, 클라이언트 양쪽에서 모두 보안 모듈을 가져야 한다. 본 논문은 클라이언트 측에서 필요한 보안 모듈의 설계 및 구현 내용에 대해서 언급한다.