• Title/Summary/Keyword: Hacking

Search Result 762, Processing Time 0.028 seconds

Extensional End-to-End Encryption Technologies to Enhance User's Financial Information Security and Considerable Security Issues (이용자의 금융거래정보 보호를 위한 확장 종단간(End-to-End) 암호화 기술과 보안고려사항)

  • Seung, Jae-Mo;Lee, Su-Mi;Noh, Bong-Nam;Ahn, Seung-Ho
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.20 no.4
    • /
    • pp.145-154
    • /
    • 2010
  • End-to-End(E2E) encryption is to encrypt private and important financial information such as user's secret access numbers and account numbers from user's terminal to financial institutions. There has been found significant security vulnerabilities by various hacking in early E2E encryption system since early E2E encryption is not satisfied the basic security requirement which is that there does not exist user's financial information on plaintext in user's terminal. Extensional E2E encryption which is to improve early E2E encryption provides confidentiality and integrity to protect user's financial information from vulnerabilities such as alteration, forgery and leakage of confidential information. In this paper, we explain the extensional E2E encryption technology and present considerable security issues when the extensional E2E encryption technology is applied to financial systems.

Analysis of Malicious Behavior Towards Android Storage Vulnerability and Defense Technique Based on Trusted Execution Environment (안드로이드 저장소 취약점을 이용한 악성 행위 분석 및 신뢰실행환경 기반의 방어 기법)

  • Kim, Minkyu;Park, Jungsoo;Shim, Hyunseok;Jung, Souhwan
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.31 no.1
    • /
    • pp.73-81
    • /
    • 2021
  • When downloading files using an app or web-based application on the user's mobile phone, the path is set to be saved in the pre-defined default directory. Many applications requiring access to storage, including file managers, require a write or read permission of storage to provide numerous functions and services. This means that the application will have direct access to the download folder where the numerous files downloaded. In this paper, to prove our feasibility of attack using the security vulnerabilities mentioned above, we developed a file hacking function disguised as an encryption function in the file management application. The file that encrypted will be sent to hackers via E-mail simultaneously on the background. The developed application was evaluated from VirusTotal, a malicious analysis engine, was not detected as a malicious application in all 74 engines. Finally, in this paper, we propose a defense technique and an algorithm based on the Trusted Execution Environment (TEE) to supplement these storage vulnerabilities.

A Message Communication for Secure Data Communication in Smart Home Environment Based Cloud Service (클라우드 서비스 기반 스마트 홈 환경에서 안전한 데이터 통신을 위한 메시지 통신 프로토콜 설계)

  • Park, Jung-Oh
    • Journal of Convergence for Information Technology
    • /
    • v.11 no.7
    • /
    • pp.21-30
    • /
    • 2021
  • With the development of IoT technology, various cloud computing-based services such as smart cars, smart healthcare, smart homes, and smart farms are expanding. With the advent of a new environment, various problems continue to occur, such as the possibility of exposure of important information such as personal information or company secrets, financial damage cases due to hacking, and human casualties due to malicious attack techniques. In this paper, we propose a message communication protocol for smart home-based secure communication and user data protection. As a detailed process, secure device registration, message authentication protocol, and renewal protocol were newly designed in the smart home environment. By referring to the security requirements related to the smart home service, the stability of the representative attack technique was verified, and as a result of performing a comparative analysis of the performance, the efficiency of about 50% in the communication aspect and 25% in the signature verification aspect was confirmed.

Configuration Method of AWS Security Architecture for Cloud Service (클라우드 서비스 보안을 위한 AWS 보안 아키텍처 구성방안)

  • Park, Se-Joon;Lee, Yong-Joon;Park, Yeon-Chool
    • Journal of Convergence for Information Technology
    • /
    • v.11 no.7
    • /
    • pp.7-13
    • /
    • 2021
  • Recently, due to the many features and advantages of cloud computing, cloud service is being introduced to countless industries around the world at an unbelievably rapid pace. With the rapid increase in the introduction of multi-cloud based services, security vulnerabilities are increasing, and the risk of data leakage from cloud computing services are also expected to increase. Therefore, this study will propose an AWS Well-Architected based security architecture configuration method such as AWS standard security architecture, AWS shared security architecture model that can be applied for personal information security including cost effective of cloud services for better security in AWS cloud service. The AWS security architecture proposed in this study are expected to help many businesses and institutions that are hoping to establish a safe and reliable AWS cloud system.

A Survey of Decentralized Finance(DeFi) based on Blockchain

  • Kim, Junsang;Kim, Seyong
    • Journal of the Korea Society of Computer and Information
    • /
    • v.26 no.3
    • /
    • pp.59-67
    • /
    • 2021
  • Blockchain technology began in 2008 when an unidentified person named Satoshi Nakamoto proposed a cryptocurrency called Bitcoin. Satoshi Nakamoto had distrust of the existing financial system and wanted to implement a financial system that is robust against hacking or mannipulation without a middleman such as a bank through blockchain technology. Satoshi proposed a blockchain as a technology to prevent the creation of the bitcoin and forging of transactions, and through this, the functions of issuance, transaction, and verification of currency were implemented. Since then, Ethereum, a cryptocurrency that can implement the smart contract on the blockchain, has been developed, allowing financial products that require complex contracts such as deposits, loans, insurance, and derivatives to be brought into the area of cryptocurrency. In addition, it is expanding the possibility of substituting products provided by financial institutions through combination with real assets. These applications are defined as Decentralized Finance (DeFi). This paper was prepared to understand the overall technical understanding of DeFi and to introduce the services currently in operation. First, the technologies and ecosystems that implement the overall DeFi are explained, and then the representative DeFi services are categorized by feature and described.

A Proposal of Cybersecurity Technical Response Job Competency Framework and its Applicable Model Implementation (사이버보안 기술적 대응 직무 역량 프레임워크 제안 및 적용 모델 구현 사례)

  • Hong, Soonjwa;Park, Hanjin;Choi, Younghan;Kang, Jungmin
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.30 no.6
    • /
    • pp.1167-1187
    • /
    • 2020
  • We are facing the situation where cyber threats such as hacking, malware, data leakage, and theft, become an important issue in the perspective of personal daily life, business, and national security. Although various efforts are being made to response to the cyber threats in the national and industrial sectors, the problems such as the industry-academia skill-gap, shortage of cybersecurity professionals are still serious. Thus, in order to overcome the skill-gap and shortage problems, we propose a Cybersecurity technical response Job Competency(CtrJC) framework by adopting the concept of cybersecurity personnel's job competency. As a sample use-case study, we implement the CtrJC against to personals who are charged in realtime cybersecurity response, which is an important job at the national and organization level, and verify the our framework's effects. We implement a sample model, which is a CtrJC against to realtime cyber threats (We call it as CtrJC-R), and study the verification and validation of the implemented model.

McDoT: Multi-Channel Domain Tracking Technology for Illegal Domains Collection

  • Cho, Ho-Mook;Lee, JeongYoung;Jang, JaeHoon;Choi, Sang-Yong
    • Journal of the Korea Society of Computer and Information
    • /
    • v.25 no.12
    • /
    • pp.127-134
    • /
    • 2020
  • Recently, Harmful sites, including pornographic videos, drugs, personal information and hacking tool distribution sites, have caused serious social problems. However, due to the nature of the Internet environment where anyone can use it freely, it is difficult to control the user effectively. And the site operator operates by changing the domain to bypass the blockage. Therefore, even once identified sites have low persistence. In this paper, we propose multi-channel domain tracking technology, a technique that can effectively track changes in the domain addresses of harmful sites, including the same or similar content, by tracking changes in these harmful sites. Proposed technology is a technology that can continuously track information in a domain using OSINT technology. We tested and verified that the proposed technology was effective for domain tracking with a 90.4% trace rate (sensing 66 changes out of 73 domains).

A study on security threats to drones using open source and military drone attack scenarios using telemetry hijacking (오픈소스 활용 드론에 대한 보안 위협과 Telemetry Hijacking을 이용한 군용 드론 공격 시나리오 연구)

  • Lee, Woojin;Seo, Kyungdeok;Chae, Byeongmin
    • Convergence Security Journal
    • /
    • v.20 no.4
    • /
    • pp.103-112
    • /
    • 2020
  • Recently, the interest in hobby/leisure drones is increasing in the private sector, and the military also uses drones in various countries such as North Korea, the United States, and Iran for military purposes such as reconnaissance and destruction. A variety of drone related research is underway, such as establishing and operating drone units within the Korean military. Inparticular, recently, as the size of drone flight control source code increases and the number of functions increases, drone developers are getting accustomed to using open sources and using them without checking for separate security vulnerabilities. However, since these open sources are actually accessible to attackers, they are inevitably exposed to various vulnerabilities. In this paper, we propose an attack scenario for military drones using open sources in connection with these vulnerabilities using Telemetry Hijacking techniques.

How to Protect Critical Nodes of Megacities in Preparation for the Digitization of Spatial Information (공간정보 디지털화에 대비한 메가시티 핵심노드 방호 대책)

  • Sim, Jun Hak;Cho, Sang Keun;Park, Sung Jun;Park, Sang-Hyuk
    • The Journal of the Convergence on Culture Technology
    • /
    • v.8 no.4
    • /
    • pp.121-125
    • /
    • 2022
  • As the technologies of the 4th industrial revolution develops, spatial information is becoming digitized. Now, even with a smartphone, we can easily identify the location of national & military critical facilities located in the mega cities. As a result, mega cities' national & military critical facilities were exposed to not only traditional threats, but also non-traditional threats such as terrorism, cyber hacking, and criminal activities. This study suggests a way to protect national & military critical facilities of mega cities from such threats. Considering limitation of time & resources, protecting perfectly all national & military critical facilities is impossible, so we should focus on their critical nodes. Specifically, We suggest ways to protect the critical nodes by converging some measures such as design & arrangement in harmony with the surrounding environment, underground construction & covering, and visual deception. Transparency of digital spatial information will further increase with the advent of urban air mobility and autonomous vehicles in the future. Therefore, in order to prepare for future threats, we should take measures to minimize the exposure of critical nodes.

Development of an intelligent edge computing device equipped with on-device AI vision model (온디바이스 AI 비전 모델이 탑재된 지능형 엣지 컴퓨팅 기기 개발)

  • Kang, Namhi
    • The Journal of the Institute of Internet, Broadcasting and Communication
    • /
    • v.22 no.5
    • /
    • pp.17-22
    • /
    • 2022
  • In this paper, we design a lightweight embedded device that can support intelligent edge computing, and show that the device quickly detects an object in an image input from a camera device in real time. The proposed system can be applied to environments without pre-installed infrastructure, such as an intelligent video control system for industrial sites or military areas, or video security systems mounted on autonomous vehicles such as drones. The On-Device AI(Artificial intelligence) technology is increasingly required for the widespread application of intelligent vision recognition systems. Computing offloading from an image data acquisition device to a nearby edge device enables fast service with less network and system resources than AI services performed in the cloud. In addition, it is expected to be safely applied to various industries as it can reduce the attack surface vulnerable to various hacking attacks and minimize the disclosure of sensitive data.