• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.5
• /
• pp.1179-1195
• /
• 2018

Recently, a variety of attacks on web services have been occurring through a multiple access environment such as PC, tablet, and smartphone. These attacks are causing various subsequent damages such as online fraud transactions, takeovers and theft of accounts, fraudulent logins, and information leakage through web service vulnerabilities. Creating a new fake account for Fraud attacks, hijacking accounts, and bypassing IP while using other usernames or email addresses is a relatively easy attack method, but it is not easy to detect and block these attacks. In this paper, we have studied a method to detect online fraud transaction and obsession by identifying and managing devices accessing web service using web-based device fingerprinting. In particular, it has been proposed to identify devices and to manage them by scoring process. In order to secure the validity of the proposed scheme, we analyzed the application cases and proved that they can effectively defend against various attacks because they actively cope with online fraud and obtain visibility of user accounts.

• Journal of Intelligence and Information Systems
• /
• v.18 no.4
• /
• pp.79-95
• /
• 2012

As credit loan products significantly increase in most financial institutions, the number of fraudulent transactions is also growing rapidly. Therefore, to manage the financial risks successfully, the financial institutions should reinforce the qualifications for a loan and augment the ability to detect a credit loan fraud proactively. In the process of building a classification model to detect credit loan frauds, utility from classification results (i.e., benefits from correct prediction and costs from incorrect prediction) is more important than the accuracy rate of classification. The objective of this paper is to propose a new approach to building a classification model for detecting credit loan fraud based on an individual-level utility. Experimental results show that the model comes up with higher utility than the fraud detection models which do not take into account the individual-level utility concept. Also, it is shown that the individual-level utility computed by the model is more accurate than the mean-level utility computed by other models, in both opportunity utility and cash flow perspectives. We provide diverse views on the experimental results from both perspectives.

• Journal of Korean Society of Industrial and Systems Engineering
• /
• v.40 no.4
• /
• pp.183-190
• /
• 2017

This paper proposes a dynamic magnetic field emulator (DMFE), which can electrically emulate information for the magnetic stripes of most widely used credit cards. Payment transactions with most common credit cards are performed by reading the card's information, encoded in magnetic stripes, using the reader head of a point-of-sale (POS) system. A stripe-type permanent magnet is attached to the back side of the credit card, and information for payments or value-added service is reorganized by exposing it to strong magnetic field. The process of data recording and retrieving as stated above has been pointed out as a major cause of illegal credit card use, because the information on the magnetic stripe is always exposed, and is thus vulnerable to forgery or alteration. A dynamic magnetic field emulator displays card information only when necessary by using the principle of solenoidal magnets. The DMFE proposed in this paper can prevent fraudulent use if it is operated with a device, like a smart phone, or a separate user-authentication procedure. In addition, because it is possible to display various information as needed, it can be utilized for a smart multi-card application, in which information for multiple cards is stored in one card, and can be selected and used as needed. This paper introduces the necessity of the DMFE and its manufacturing principles. As a result, this study will be helpful for making various application cases in payment, which is a core area of the Fintech (a newly-coined word of finance and technology) industry.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.19 no.12
• /
• pp.854-862
• /
• 2018

The Government R&D budget for 2019 exceeded 20 trillion won in order to develop future growth market such as basic research investment and creation of growth engine. As such, the importance of R&D investment is increasing, and various schemes for enforcing efficient and transparent business expenses are being expanded. However, research expenses (Charge ratio) such as fraudulent execution of funds are continuously being generated, and a system of imposition of sanctions is being introduced. In this paper, the legal grounds of sanctions, comparative review of laws and regulations between the ministries, and the criteria of imposition (imputation) were analyzed. In addition, since the amendment of the standard for imposing the intergovernmental surcharges, a single standard has been applied, and the transition process of the surcharging system has been reviewed. As a result of the data analysis, it was found that they focused on micro - utility activities and suggested new policy measures corresponding to them. The Korea Academia-Industrial cooperation Society. The Korea Academia-Industrial cooperation Society.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.1
• /
• pp.99-109
• /
• 2021

With the recent development of ICT, information exchange through data communication network is increasing. Cryptography is widely used as the base technology to protect it. The initial cryptography technology was developed for military use and authorized only by the nation in the past. However, nowadays, much of the authority was unwillingly transferred to the private due to the pervasive use of ICT. As a result, there have been conflicts between the private demand to use cryptography and the nation's authority. In this paper, we survey the conflicts between nations and the private in the process of formulating the cryptography policy. Morever, we investigate the reality of the cryptography policy in Korea. Our investigations are expected to help the government apply cryptographic control policy in a balanced manner and plan development of cryptography industries. Lastly, we propose a need to establish a cryptanalysis organization and to legislate a legal sanction against fraudulent use of cryptography.

• Journal of Internet of Things and Convergence
• /
• v.8 no.1
• /
• pp.11-16
• /
• 2022

Efforts to incorporate blockchain into various fields are continuing as cryptocurrency transactions become more active. Blockchain has the characteristic that once recorded facts cannot be modified or deleted. Due to these characteristics, the use in the field of recording and proving certain facts, such as voting or proof of ownership, is attracting attention. In this paper, users who want to participate in the transaction process using private blockchain, one of the types of blockchain, are divided into real estate brokers, building owners, and purchasers (lessors), and roles are assigned to each user. In addition, we would like to propose a system to increase reliability through the participation of institutions. Through this, we intend to not only present a real estate transaction system that prevents damage from real estate fraud related to false sales and fraudulent contracts, but also enhances reliability and contributes to finding ways to utilize blockchain in the future.

• The Korean Society of Law and Medicine
• /
• v.23 no.3
• /
• pp.3-44
• /
• 2022

As a result of a close review focusing on the case of obstruction of epidemiological investigation by a religious group A in Daegu, which was a problem when the pandemic of Covid-19 infection began in Korea around February 2, 2020, when an epidemiological investigator requested a specific group to submit a list, While there have been cases where an act of not responding or submitting an edited omission list was sentenced to the effect that the act did not fall under an epidemiological investigation, in the case of non-submission of the visitor list for the B Center, even though a 'list of visitors' was requested. Regarding the fact of refusal without a justifiable reason, 'providing a list of persons entering the building is a key factual act that forms a link between epidemiological investigations accompanying an epidemiological investigation, and refusing to do so is also an act of refusal and obstruction of an epidemiological investigation. There are cases where it is possible to demand criminal punishment. Regardless of whether the request for submission of the membership list falls under the epidemiological investigation, there are cases in which the someones' actions correspond to the refusal or obstruction of the epidemiological investigation. A lower court ruling that if an epidemiological investigation is rejected or obstructed as a result of interfering with factual acts accompanying an epidemiological investigation, comprehensively considering whether or not the list has been diverted for purposes other than epidemiological investigation, the logic is persuasive. Epidemiological investigations such as surveys and human specimen collection and testing are conducted for each infectious disease patient or contact confirmed as a result of the epidemiological investigation, but epidemiological investigations conducted on individual individuals cannot exist independently of each other, and the This is because the process of identification and tracking is essential to an epidemiological investigation, and if someone intentionally interferes with or rejects the process of confirming this link, it will result in direct, realistic, and widespread interference with the epidemiological investigation. In this article, ① there are differences between an epidemiological investigation and a request for information provision under the Infectious Disease Control and Prevention Act, but there are areas that fall under the epidemiological investigation even in the case of a request for information, ② Considering the medical characteristics of COVID-19 and the continuity of the epidemiological investigation, the epidemiological investigator the fact that the act of requesting a list may fall under the epidemiological investigation, ③ that the offense of obstructing the epidemiological investigation in certain cases may constitute 'obstruction of Performance of Official Duties by Fraudulent Means', and ④ rejecting the request for information provision under the Infectious Disease Control and Prevention Act from September 29, 2020 In this case, it is intended to be helpful in the application of the Infectious Disease control and Prevention Act and the practical operation of epidemiological investigations in the future by pointing out the fact that a new punishment regulation of imprisonment or fine is being implemented.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.4
• /
• pp.743-755
• /
• 2013

In recent years, the malicious apps with malicious code in normal apps are increasingly redistributed in Android market, which may incur various problems such as the leakage of authentication information and transaction information and fraudulent transactions when banking apps to process the financial transactions are exposed to such attacks. Thus the financial authorities established the laws and regulations as an countermeasures against those problems and domestic banks provide the integrity verification functions in their banking apps, yet its reliability has not been verified because the studies of the safety of the corresponding functions have seldom been conducted. Thus this study suggests the vulnerabilities of the integrity verification functions of banking apps by using Android reverse engineering analysis techniques. In case the suggested vulnerabilities are exploited, the integrity verification functions of banking apps are likely to be bypassed, which will facilitate malicious code inserting attacks through repackaging and its risk is very high as proved in a test of this study. Furthermore this study suggests the specific solutions to those vulnerabilities, which will contribute to improving the security level of smartphone financial transaction environment against the application forgery attacks.

• Journal of the Korean Society of Marine Environment & Safety
• /
• v.27 no.7
• /
• pp.1038-1043
• /
• 2021

Guaranteed seafarer wage payment is essential to ensure a stable supply of seafarers. However, disputes over non-payment of wages to seafarers often occur. In this study, an automatic wage payment system was designed using a blockchain-based smart contract to resolve the problem of seafarers' wage arrears. The designed system consists of an information register, a matching processing unit, a review rating management unit, and wage remittance before deploying smart contracts. The matching process was designed to send an automatic notification to seafarers and shipowners if the sum of the weight of the four variables, namely wages, ship type/fishery, position, and license, exceeded a pre-defined threshold. In addition, a review rating management system, based on a combination of mean and median, was presented to serve as a medium to mutually fulfill the normal working conditions. The smart contract automatically fulfills the labor contract between the parties without an intermediary. This system will naturally resolve problems such as fraudulent advance payment to seafarers, embezzlement by unregistered employment agencies, overdue wages, and forgery of seafarers' books. If this system design is commercialized and institutionally activated, it is expected that stable wages will be guaranteed to seafarers, and in turn, the difficulties in human resources supply will be solved. We plan to test it in a local environment for further developing this system.