• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.1
• /
• pp.73-81
• /
• 2021

When downloading files using an app or web-based application on the user's mobile phone, the path is set to be saved in the pre-defined default directory. Many applications requiring access to storage, including file managers, require a write or read permission of storage to provide numerous functions and services. This means that the application will have direct access to the download folder where the numerous files downloaded. In this paper, to prove our feasibility of attack using the security vulnerabilities mentioned above, we developed a file hacking function disguised as an encryption function in the file management application. The file that encrypted will be sent to hackers via E-mail simultaneously on the background. The developed application was evaluated from VirusTotal, a malicious analysis engine, was not detected as a malicious application in all 74 engines. Finally, in this paper, we propose a defense technique and an algorithm based on the Trusted Execution Environment (TEE) to supplement these storage vulnerabilities.

• The KIPS Transactions:PartC
• /
• v.9C no.3
• /
• pp.359-366
• /
• 2002

Nowadays, the hacking techniques are developed increasingly with wide use of internet. The recent type of scanning attack is appeared in against with multiple target systems on the large scaled domain rather than single network of an organization. The development of scan detection management system which can detect and analyze scan activities is necessary to prevent effectively those attacking at the central system. The scan detection management system is useful for effective utilization of various detection information that received from scan detection agents. Real time scan detection management system that can do the integrated analysis of high lever more that having suitable construction in environment of large scale network is developed.

• Convergence Security Journal
• /
• v.6 no.4
• /
• pp.171-177
• /
• 2006

The hacking aspect of recent times is changing, the phishing attack which uses a social engineering technique is becoming the threat which is serious in Information Security. It cheats the user and it acquires a password or financial information of the individual and organization. The phishing attack uses the home page which is fabrication and E-mail and acquires personal information which is sensitive and financial information. This study proposes the establishment of National Fishing Response Center, complement of relation legal system Critical intelligence distribution channel of individual and enterprise.

• International Journal of Computer Science & Network Security
• /
• v.21 no.12
• /
• pp.183-188
• /
• 2021

The study aimed to assess the state of electronic security for the website of the Deanship of Library Affairs at Northern Border University, as one of the university's electronic portals, which provides distinguished knowledge services to faculty members, through the Saudi Digital Library, and the integrated automated system for libraries (Symphony) with the definition of cyber security of the university, and the most important threats The study sought to analyze the opinions of a wide sample of faculty members, towards evaluating the state of electronic security for the Deanship of Library Affairs portal, through the use of both the analytical method, as well as the survey, using the questionnaire tool, and the study sample consisted of 95 A faculty member of all academic categories and degrees, and university faculties, and the study concluded that it is necessary to work to overcome the relative slowness of the university's Internet, with the faculty members notifying the information security services through e-mail and SMS service, with the continuous updating of operating systems, Apply and use the latest anti-spyware, hacking, and antivirus software at the university, while conducting extensive research studies towards information security services, and contracting It aims to introduce information security risks, and ways to combat and overcome them, and spread the culture of information security among faculty members.

• Journal of Convergence for Information Technology
• /
• v.11 no.6
• /
• pp.24-32
• /
• 2021

Recently, ransomware attacks have been infected through various channels such as e-mail, phishing, and device hacking, and the extent of the damage is increasing rapidly. However, existing known malware (static/dynamic) analysis engines are very difficult to detect/block against novel ransomware that has evolved like Advanced Persistent Threat (APT) attacks. This work proposes a method for modeling ransomware malicious behavior based on graph databases and detecting novel multi-complex malicious behavior for ransomware. Studies confirm that pattern detection of ransomware is possible in novel graph database environments that differ from existing relational databases. Furthermore, we prove that the associative analysis technique of graph theory is significantly efficient for ransomware analysis performance.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.18 no.1
• /
• pp.37-45
• /
• 2022

With the development of the 4th industry, big data using AI is being used in many areas of our lives, and the importance of data is increasing accordingly. In particular, as various services using personal information appear and hacking attacks that exploit them appear in various ways, the importance of personal information management is increasing. Personal information must be managed safely even when collecting, retaining, using, providing, and destroying personal information, and the rights of information subjects must be protected. In this paper, an analysis was performed on the notification of usage history during the protection of the rights of information subjects using the MyData model. According to the Personal Information Protection Act, users must be periodically notified of the use of personal information, so we notify each individual of the use of personal information through e-mail or SNS once a year. It is difficult to understand and manage which company use my personal information. Therefore, in this paper, a personal information usage history notification system model was proposed, and as a result of performance analysis, it is possible to provide the controllability, availability, integrity, source authentication, and personal information self-determination rights.

• Journal of Advanced Navigation Technology
• /
• v.15 no.3
• /
• pp.462-470
• /
• 2011

Since, Davis(1991) has proposed the TAM(Technology Acceptance Model) through a literature review of informatization promotion, which insists that a user conveniency is judged by the degree of effectiveness caused by IT, the advancement of IT such as the Internet, e-mail, electronic data exchange, and groupware have brought into various changes in ordinary corporations and public institutions. However, with the right function, the advancement of IT has provided various benefits including additional reverse functions. Based on an integrated environment of business process, unauthorized user could access to information and a management of information becomes more difficult than before due to informatization of critical information. Furthermore, external hacking or information leakage by insider becomes easier owing to advancement in communication technology. This study has tried to develop a specified management procedure and implementation method for confidential documents.

• The Journal of the Korea Contents Association
• /
• v.9 no.3
• /
• pp.28-38
• /
• 2009

Login process uses both ID and password information to authenticate someone and to permit its access privilege on system. However, an attacker can get those ID and password information by using existing packet sniffing or key logger programs. It cause privacy problem as those information can be used as a hacking and network attack on web server and web e-mail system. Therefore, a more secure and advanced authentication mechanism should be required to enhance the authentication process on existing system. In this paper, we propose a multi-factor authentication process by using software form of secure card system combined with existing ID/Password based login system. Proposed mechanism uses a random number generated from the his/her own handset with biometric information. Therefore, we can provide a one-time password function on web login system to authenticate the user using multi-factor form. Proposed scheme provide enhanced authentication function and security because it is a 'multi-factor authentication mechanism' combined with handset and biometric information on web login system.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2001.05a
• /
• pp.667-671
• /
• 2001

The Instant Messenger(IM) is the most popular personal communication tool today. IM is a tool that can substitute E-mail for a person, and can secure the user for a company. Further, it is claimed as it has a limitless potential. However, there has been several reports on security issues. It has known that the transmitting message is not secured for the attacks, and hacking tools has been developed. In addition, several reports has been made regards to the vulnerability. In other words, anyone can been through and manipulate the messages that are sent or received via IM. This is a barrier for the IM to be developed as a corporate's strategic tool, and furthermore, it will create serious personal privacy issue. IETF IMPP Working Group is preparing a standard mutual relationship between IM. However, it is complicated due to the American On-Lines's absence, whom has ensured the most number of IM users. There was a discussion only about the form of the transmitting data, but it is insufficient state to discuss the security service for general. In this paper, I design and implement the Secure Instant Messaging System, to solve the IM's vulnerability and the security issue presented above.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.21 no.3
• /
• pp.24-31
• /
• 2020

Centralized systems in computing environments have various problems, such as privacy infringement due to hacking, and the possibility of privacy violations in case of system failure. Blockchain, one of the core technologies for the next generation of converged information, is expected to be an alternative to the existing centralized system, which has had various problems. This paper proposes a blockchain-based user authentication system that can identify users using EID in an online environment. Existing identification (ID)/password (PW) authentication methods require users to store personal information in multiple sites, and receive and use their respective IDs. However, the proposed system can be used without users signing up at various sites after the issuing of an EID. The proposed system issues an EID with a minimum of information, such as an e-mail address and a telephone number. By comparing the stability and efficiency of a centralized system, the proposed integrated authentication system proved to be excellent. In order to compare stability against existing systems, we chose attack methods and encroachments on the computing environment. To verify efficiency, the total throughput between the user's app, the issuance and certification-authority's servers, and the service provider's servers was compared and analyzed based on processing time per transaction.