• Journal of Internet Computing and Services
• /
• v.15 no.5
• /
• pp.133-139
• /
• 2014

Recently the Microsoft Windows OS(operating system) is widely used for the internet banking, games etc. The kernel functions provided by the Windows OS can perform memory accesses, keyboard input/output inspection, and graphics output of any processes. Thus, many hacking programs utilizes those for memory hacking, keyboard hacking, and making illegal automation tools for game programs. Existing protection mechanisms make decisions for existence of hacking programs by inspecting some kernel data structures and the initial parts of kernel functions. In this paper, we point out drawbacks of existing methods and propose a new solution. Our method can remedy those by modifying the system service dispatcher code. If the dispatcher code is utilized by a hacking program, existing protection methods cannot detect illegal operations. Thus, we suggest that protection methods should investigate the modification of the dispatcher code as well as kernel data structures and the initial parts of kernel functions.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.38B no.5
• /
• pp.377-384
• /
• 2013

In order to improve the security strength in the password based user authentication, in which the security vulnerability is increased while the same password is repeatedly used, the OTP(One-Time Password) system has been introduced. In the OTP systems, however, the user account information and OTP value may be hacked if the user PC is infected by the malicious codes, because the user types the OTP value, which is generated by the mobile device synchronized with the server, directly onto the user PC. In this paper, we propose a new method, called DTOTP(Dual Transmission OTP), to solve this security problem. The DTOTP system is an improved two-factor authentication method by using the dual transmission, in which the user performs the server authentication by typing the user account and password information onto the PC, and then for the OTP authentication the mobile device scans the QR code displayed on the PC and the OTP value is sent to the server directly. The proposed system provides more improved security strength than that of the existing OTP system, and also can adopt the existing OTP algorithm without any modification. As a result, the proposed system can be safely applied to various security services such like banking, portal, and game services.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.14 no.6
• /
• pp.267-272
• /
• 2014

Customers who register at mobile banking service through startphone has 40Mil in first quarter of 2014, which was increased 8.5%(3.6Mil) compare to figure from end of year 2013. Average 1 trillion 627.6billion won is dealing through smartphone banking in daily and three for increased psychological bullying caused by malignant code which change normality to malignant. The results of the analysis current state of affairs of personal information collection management authority required in finance smartphone app service and also recommend solution for protecting finance consumers plans to minimized collecting personal information in smartphone finance app service.

• The KIPS Transactions:PartD
• /
• v.11D no.4
• /
• pp.855-864
• /
• 2004

Programmers can be got the test-related information for implementation without interference of source code complexity by use of the formal specification. Especially the external inputs and system responses can be represented precisely by formal specification in testing phase of web-based software systems. This paper suggests a method of extracting test cases by use of formal specification. Object-Z formal specification represents various test-related information for complex functions of web-based applications. State Transition Models could be built from the formal specification so that test scenarios were extracted from STDs from the highest level to detail levels. The target system for verification of this method is a web-based banking system which is necessary to be secured and critical on errors. This method would be an important factor in automatizing test procedure for web-based application software systems combining the user-base test technique.

• KIPS Transactions on Computer and Communication Systems
• /
• v.7 no.2
• /
• pp.49-58
• /
• 2018

A certificate is a means to certify users by conducting the identification of the users, the prevention of forgery and alteration, and non-repudiation. Most people use an accredited certificate when they perform a task using online banking, and it is often used for the purpose of proving one's identity in issuing various certificates and making electronic payments in addition to online banking. At this time, the issued certificate exists in a file form on the disk, and it is possible to use the certificate issued in an existing device in a new device only if one copies it from the existing device. However, most certificate duplication methods are a method of duplication, entering an 8-16 digit verification code. This is inconvenient because one should enter the verification code and has a weakness that it is vulnerable to security issues. To solve this weakness, this study proposes a method for enhancing security certificate duplication in a multi-channel using TCP and BLE. The proposed method: 1) shares data can be mutually authenticated, using BLE Advertising data; and 2) encrypts the certificate with a symmetric key algorithm and delivers it after the certification of the device through an ECC-based electronic signature algorithm. As a result of the implementation of the proposed method in a mobile environment, it could defend against sniffing attacks, the area of security vulnerabilities in the existing methods and it was proven that it could increase security strength about $10^{41}$ times in an attempt of decoding through the method of substitution of brute force attack existing method.

• Journal of the Korea Convergence Society
• /
• v.11 no.11
• /
• pp.1-7
• /
• 2020

Android apps are mostly distributed as an apk files, and when the apk file is uncompressed, resource files such as xml files, images, and sounds related to app design can be extracted. If the resources of banking or finance-related apps are stolen and fake apps are distributed, personal information could be stolen or financial fraud may occur. Therefore, it is necessary to make it difficult to steal the design as well as the code when distributing the app. In this paper, we implemented a tool to convert the xml file into Java code and obfuscate using the Proguard, and evaluated the execution performance. If the layout obfuscation technique proposed in this paper is used, it is expected that the app operation performance can be improved and the illegal copying damage caused by the theft of the screen design can be prevented.

• Journal of computational fluids engineering
• /
• v.20 no.2
• /
• pp.81-87
• /
• 2015

For Underwater vehicles, Unwanted roll excursions are inevitable as they are caused by induced propeller torque, disturbances, and banking motion during turns. To estimate the manoeuvring performance of underwater vehicle, it is necessary to obtain the roll coefficient of body. This paper was covered estimation of roll coefficient of underwater vehicle using STAR-CCM+, commercial CFD(Computational Fluid Dynamics) code. The RANS equations for incompressible fluid flows was solved numerically by using a finite volume method. An MRF(Moving Reference Frame) Method was Also adopted for rotations of body. For the validation, the flow around a DARPA SUBOFF bare hull model was simulated and good agreement with experiments was obtained. And Pure roll coefficients were calculated and campared with the experimental data which were presented by Seoul National University. Finally, an underwater vehicle model with propeller was simulated and analyzed for estimation of roll coefficient variation caused by induced propeller torque.

• THE INTERNATIONAL COMMERCE & LAW REVIEW
• /
• v.49
• /
• pp.139-164
• /
• 2011

Traditionally courts have been adopted over the years two standards of dealing with compliance of documents such as strict compliance and substantial compliance and the substantial compliance, which was somewhat less demanding than the strict compliance. However the new guidelines of ICC's international standard banking practice for the examination of documents under documentary credits set up how the UCP is to be applied in practice. The payment obligations of an issuing bank to a beneficiary are independence of the performance or the nonperformance of any contract underlying the letter of credit. However, strictly applying the principle of independence and abstraction could produce unfair results by operating unjustly enrich an unscrupulous beneficiary in case of fraud. Accordingly, when a beneficiary presents complying documents, the issuing bank is bound to honour the presentation unless the fraud rule applies on the facts of the case such as forged or material fraud. If it does, the issuing bank(issuer) needs not pay despite the complying presentation of documents by the beneficiary under the Uniform Commercial Code Article 5-109 and case law in America. However the fraud rule was not addressed in UCP 600. In conclusion, view in terms of legal principle and the court cases is variable and difficult to honour or dishonour the presentation in case of application of the independence principle and fraud rule such as the problems on burden of proof timely, possibility of granting injunction in order to protect against victim for bona fide applicant.

• Proceedings of the Korean Geotechical Society Conference
• /
• 1987.06a
• /
• pp.51-80
• /
• 1987

In this studys a numerical analysis on the defomation of foundation layer was carried out by indroducing joint element. The method using the joust element between adj assent different materials has been originally developed for rock behavior(Goodman, et al. 1968) . The application of this method to the interface between the footing and soil layer proved satisfactory(Ghaboussi p et at. 1973). Authors tried to obtain the deformation of rrcompound foundation layerg", which vertically or horizontally or both consists of the natural(or intact) soft clay layer and the layer improved artificially in order to get high stiff-fness with replacement or chemical treatment to reduce the excessively detrimental settlemellt or lateral displacement in case of banking or building the civil structure on the soft layer. The joint conditions were classified into three categories : contacts sliding and separation. By coupling "JOINT" as a subroutine into multi-purpose code for the finite element method of the foundatlion daveloped by authors on the assumption that shearing and normal displacement can not be coupledl which terms pinon-dilatant" and by selecting modified Cam-clay modeIP the deformation analysis was performmed. The results using joint element were compared with those secured without introduction of joint element Nain results analized are as follows : 1. For the prediction of settlement and lateral desplacement, the result due to joint element was evaluated larger, which was regarded safe. 2. For the determination of ultimate bearing capacetyi the value using joint element appeared smaller by 20%, which was also safe.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.5 no.10
• /
• pp.1783-1798
• /
• 2011

Recently, a cryptographic construct, called fuzzy vault, has been proposed for crypto-biometric systems, and some implementations for fingerprint have been reported to protect the stored fingerprint template by hiding the fingerprint features. In this paper, we implement the fuzzy fingerprint vault, combining fingerprint verification and fuzzy vault scheme to protect fingerprint templates. To implement the fuzzy fingerprint vault as a complete system, we have to consider several practical issues such as automatic fingerprint alignment, verification accuracy, execution time, error correcting code, etc. In addition, to protect the fuzzy fingerprint vault from the correlation attack, we propose an approach to insert chaffs in a structured way such that distinguishing the fingerprint minutiae and the chaff points obtained from two applications is computationally hard. Based on the experimental results, we confirm that the proposed approach provides higher security than inserting chaffs randomly without a significant degradation of the verification accuracy, and our implementation can be used for real applications.