• Journal of Korea Society of Digital Industry and Information Management
• /
• v.7 no.1
• /
• pp.51-61
• /
• 2011

A smartphone is a mobile phone that offers more advanced computing ability and connectivity than a contemporary basic feature phone. Unlike feature phone, a smartphone allows the user to install and run more advanced applications based on a specific platform. Smartphones run complete operating system software providing a platform for application developers. A smartphone will become the default computing method for many point activities in the not-too-distant future, such as e-mail, online shopping, gaming, and even video entertainment. For smartphone that contains sensitive information and access the Internet, security is a major issue. In the 1980s, security issues were hardly noticed; however, security is a major issue for users today, which includes smart phones. Because security is much more difficult to address once deployment and implementation are underway, it should be considered from the beginning. Recently our government recognized the importance of smartphone security and published several safety tips for using the smartphone. However, theses tips are user-oriented measures. Maintaining the security of a smartphone involves the active participation of the user. Although it is a important users understand and take full advantage of the facilities afforded by smarphone, it is more important developers distribute the secure smartphone application through the market. In this paper we describe some scenarios in which user is invaded his/her privacy by smartphone stolen, lost, misplaced or infected with virus. Then we suggest the security considerations for securing smartphone applications in respect with developers. We also suggest the methods applying domestic encryption algorithms such as SEED, HIGHT and ARIA in developing secure applications. This suggested security considerations may be used by developers as well as users (especially organizations) interested in enhancing security to related security incidents for current and future use of smartphones.

• Journal of Internet Computing and Services
• /
• v.17 no.6
• /
• pp.81-91
• /
• 2016

VANET is one of the most developed technologies many people have considered a technology for the next generation. It basically utilizes the wireless technology and it can be used for measuring the speed of the vehicle, the location and even traffic control. With sharing those information, VANET can offer Cooperative ITS which can make a solution for a variety of traffic issues. In this way, safety for drivers, efficiency and mobility can be increased with VANET but data between vehicles or between vehicle and infrastructure are included with private information. Therefore alternatives are necessary to secure privacy. If there is no alternative for privacy, it can not only cause some problems about identification information but also it allows attackers to get location tracking and makes a target. Besides, people's lives or property can be dangerous because of sending wrong information or forgery. In addition to this, it is possible to be information stealing by attacker's impersonation or private information exposure through eavesdropping in communication environment. Therefore, in this paper we propose Privacy Assurance Architecture for VANET to ensure privacy from these threats.

• Smart Media Journal
• /
• v.6 no.3
• /
• pp.21-28
• /
• 2017

There is growing interest in the use of cloud services these days because the amount of sensitive physical information related to u-fitness-based exercise management increase in explosive. However, it is possible to illegally access information stored in a cloud server, and to find out who owns the information, even, to illegally deduce an association among the information stored in its memory. The cloud server may also intentionally pass over the owner's legitimate operation requests such as modification and deletion of stored information, and may lose or damage information due to its malfunction. So, it is strongly required to solve the above problems because we can not trust the cloud server entirely. In this paper, we propose a protocol to preserve the privacy of the owner for u-Fitness-based exercise management in a cloud computing environment. And we show that our proposed architecture is applicable in real environment through security analysis and performance analysis.

• Journal of Korea Multimedia Society
• /
• v.21 no.8
• /
• pp.909-916
• /
• 2018

Cloud storage services have many advantages. As a result, the amount of data stored in the storage of the cloud service provider is increasing rapidly. This increase in demand forces cloud storage providers to apply deduplication technology for efficient use of storages. However, deduplication technology has inherent security and privacy concerns. Several schemes have been proposed to solve these problems, but there are still some vulnerabilities to well-known attacks on deduplication techniques. In this paper, we examine some of the existing schemes and analyze their security weaknesses.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.5 no.9
• /
• pp.1684-1697
• /
• 2011

We show that two protocols for RFID mutual authentication in pervasive computing environments, recently proposed by Kang et al, are vulnerable to several attacks. First, we show these protocols do not preserve the privacy of users' location. Once a tag is authenticated successfully, we show several scenarios where legitimate or illegitimate readers can trace the location of that tag without any further information about the tag's identifier or initial private key. Second, since the communication between readers and the database takes place over an insecure communication channel and in the plaintext form, we show scenarios where a compromised tag can gain access to confidential information that the tag is not supposed get access to. Finally, we show that these protocols are also vulnerable to the replay and denial-of-service attacks. While some of these attacks are due to simple flaws and can be easily fixed, others are more fundamental and are due to relaxing widely accepted assumptions in the literature. We examine this issue, apply countermeasures, and re-evaluate the protocols overhead after taking these countermeasures into account and compare them to other work in the literature.

• Journal of KIISE:Computing Practices and Letters
• /
• v.14 no.8
• /
• pp.773-777
• /
• 2008

Today's mobile devices have characteristic of random mobility in the heterogeneous networks. Thus they should have various kinds of security requirements. To satisfy these requirements, there are many researches on security and authentication for mobile devices. TCG(Trusted Computing Group) designed TPM(Trusted Platform Module) for providing privacy and authentication to users. Also TCG suggest a protocol, called DAA(Direct Anonymous Attestation) which uses zero knowledge proof theory. In this paper, we will implement DAA protocol using Java and show the efficiency and the problems in the DAA protocol. Finally, we will suggest an efficient mobile DAA model through Java test module for the DAA protocol.

• Journal of Computing Science and Engineering
• /
• v.7 no.3
• /
• pp.187-197
• /
• 2013

Security has long been a challenging problem in wireless networks, mainly due to its broadcast nature of communication. This opens up simple yet effective measures to thwart useful communications between legitimate radios. Spread spectrum technologies, such as direct sequence spread spectrum (DSSS), have been developed as effective countermeasures against, for example, jamming attacks. This paper surveys previous research on securing a DSSS channel even further, using physical layer attributes-keyless DSSS mechanisms, and watermarked DSSS (WDSSS) schemes. The former has been motivated by the fact that it is still an open question to establish and share the secret spread sequence between the transmitter and the receiver without being noticed by adversaries. The basic idea of the latter is to exploit the redundancy inherent in DSSS's spreading process to embed watermark information. It can be considered a counter measure (authentication) for an intelligent attacker who obtains the spread sequence to generate fake messages. This paper also presents and evaluates an adaptive DSSS scheme that takes both jam resistance and communication efficiency into account.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.11 no.11
• /
• pp.5671-5693
• /
• 2017

With the rapid development of cloud computing, more and more data owners are motivated to outsource their data to cloud for various benefits. Due to serious privacy concerns, sensitive data should be encrypted before being outsourced to the cloud. However, this results that effective data utilization becomes a very challenging task, such as keyword search over ciphertexts. Although many searchable encryption methods have been proposed, they only support exact keyword search. Thus, misspelled keywords in the query will result in wrong or no matching. Very recently, a few methods extends the search capability to fuzzy keyword search. Some of them may result in inaccurate search results. The other methods need very large indexes which inevitably lead to low search efficiency. Additionally, the above fuzzy keyword search methods do not support access control. In our paper, we propose a searchable encryption method which achieves fuzzy search and access control through algorithm design and Ciphertext-Policy Attribute-based Encryption (CP-ABE). In our method, the index is small and the search results are accurate. We present word pattern which can be used to balance the search efficiency and privacy. Finally, we conduct extensive experiments and analyze the security of the proposed method.

• Journal of Internet Computing and Services
• /
• v.24 no.5
• /
• pp.85-96
• /
• 2023

With advance of cloud computing technology, Blockchain as a Service of Cloud Service Provider has been utilized in various areas such as e-Commerce and financial companies to manage customer history and distribution history. However, if users' search history, purchase history, etc. are to be utilized in a BaaS in areas such as recommendation algorithms and search engine development, the users' search queries will be exposed to the company operating the BaaS, and privacy issues will be occured. Z. Guan et al. ensure the unlinkability between users' search query and search result using searchable encryption, and based on the inner product similarity, they select Top-k results that are highly relevant to the users' search query. However, there is a problem that the Top-k results selection may be not possible due to ties of inner product similarity, and BaaS over cloud is not considered. Therefore, this paper solve the problem of Z. Guan et al. using cosine similarity, so we improve accuracy of search result. And based on this, we design a BaaS with secure Top-k search that improved accuracy. Furthermore, we design a smart contracts that preserve privacy of users' search and obtain Top-k search results that are highly relevant to the users' search.

• Journal of the Korea Society of Computer and Information
• /
• v.12 no.6
• /
• pp.193-200
• /
• 2007

There is an advantage that RFID system is better than previous bar code system in storage ability and noncontact property. But, everyone can easily receive the transmitting information by using RF signal. So, there is a problem that system security and personal privacy are threatened. In this paper, I propose RFID system that is secure against attacks like eavesdropping, replay, spoofing and location tracking and can efficiently provide mutual authentication services between reader and tag. The proposed RFID system can be used in various sections of ubiquitous computing environment.