• Journal of Information Technology Services
• /
• v.16 no.2
• /
• pp.97-110
• /
• 2017

Due to development of IT, various Internet services via the non-face-to-face are increasing rapidly. In the past, the resident registration numbers (RRN) was used a mean of personal identification, but the use of RRN is prohibited by the relevant laws, and the personal identification services using alternative means are activated. According to the prohibition policy of RRN, i-PIN service appeared as an alternative means to identify a person. However, the user's knowledge-based i-PIN service continues to cause fraudulent issuance, account hijacking, and fraud attempts due to hacking accidents. Due to these problems, the usage rate of i-PIN service which performs a nationwide free personal identification service, is rapidly decreasing. Therefore, this paper proposes a technical safety enhancement method for security enhancement in the i-PIN-based personal identification service. In order to strengthen the security of i-PIN, this paper analyzes the encryption key exposure, key exchange and i-PIN authentication model problems of i-PIN and suggests countermeasures. Through the proposed paper, the i-PIN can be expected to be used more effectively as a substitution of RRN by suggesting measures to enhance the safety of personal identification information. Secured personal identification services will enable safer online non-face-to-face transactions. By securing the technical, institutional, and administrative safety of the i-PIN service, the usage rate will gradually increase.

• Journal of the Society of Disaster Information
• /
• v.1 no.1
• /
• pp.43-71
• /
• 2005

Terrorism is the use of violence, especially murder and bombing, in order to achieve political aim or to force a government to do something. Nowadays, instrument of mass destruction are smaller, cheaper, and more readily available. Cellular phones were used as timers in the attacks in Madrid last March. Hijacking an airplane is relatively inexpensive. Finally, the information revolution provides inexpensive means of communication and organization that allow groups once restricted to local and national police jurisdictions to become global. Al Qaeda is said to have established a network in fifty or more countries. These technological and ideological trends increased both the lethality and the difficulty of managing terrorism. Because of the unprecedented scale of Al Qaeda's attacks, the focus is properly on Islamic extremists. But it would be a mistake to limit our concern solely to Islamic terrorists, for that would ignore the way that technology is putting into the hands of deviant groups and individuals' destructive capabilities that were once limited primarily to governments and armies.

• The Korean Journal of Air & Space Law and Policy
• /
• v.15
• /
• pp.40-66
• /
• 2002

The purpose of this paper is to investigate the legal controㅣ, by using the International Criminal Court(ICC) that will enter into force to the most serious crimes of concern to the international community as a whole, and regulates the jurisdiction with respect to the following crimes: (a) The crime of genocide; (b) Crimes against humanity; (c) War crimes; Cd) The crime of aggression. However, the existing ICC Statute excludes (e) Crimes, established under or pursuant to the treaty, which was regulated by the ICC draft statute that the International Law Commission(ILC) examined and submitted to the UN General Assembly in 1994, and which contained aircraft terrorism such as hijacking in the Hague Convention of 1970 or sabotage in the Montreal Convention of 1971 in Annex of ILC draft. Therefore, this paper examines the legal character of aircraft terrorism as one of the most serious crimes of concern to the international community as a whole, and suggests two kinds of legislative comments for the amendment of the ICC Statute including aircraft terrorism as an object of the jurisdiction of the Court, for suppressing aircraft terrorism in advance and ensuring equitable penalty by ICC system.

• The Journal of the Korea Contents Association
• /
• v.13 no.4
• /
• pp.17-22
• /
• 2013

Impersonation attack, based on vulnerable security of SIP, facilitate a intruder to take malicious actions such as toll fraud and session hijacking. This paper suggests a new technique for a countermeasure. When receiving a register request message, registrar checks whether the value of Form header or the value of Call-ID header is stored in location server or not. If the record containing either of them are stored and periodically updated, we regard that message as impersonation attack and discard it. Since this technique uses the information stored in server instead of adding encryption mechanism for user authentication, it can easily build securer SIP environment.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.12 no.1
• /
• pp.83-89
• /
• 2012

Recently, due to widespread use of smartphones, the number of applications of the QR code is increased rapidly. QR codes, a kind of 2-dimensional barcode, is used to encode information such as simple URLs or namecards, especially for corporates' advertisement. Users can get some information easily by taking picture of the target QR code, however, fake or altered QR codes can cause serious problems, e.g., URL hijacking or infringement of private information because no one can identify the buried information in the QR code by his naked eye. In this paper, I summarize threats to the QR code and present how to tackle these threats.

• Journal of IKEEE
• /
• v.19 no.4
• /
• pp.610-616
• /
• 2015

In this paper, an electronic ID system satisfying security requirements of authentication certificate was designed using fingerprint recognition. The proposed electronic ID system generates a digital signature with forgery prevention, confidentiality, content integrity, and personal identification (=non-repudiation) using fingerprint information, and also encrypts, sends, and verify it. The proposed electronic ID system exploits fingerprint instead of user password, so it avoids leakage and hijacking. And it provides same legal force as conventional authentication certificate. The proposed electronic ID consists of 4 modules, i.e. HSM device, verification server, CA server, and RA client. Prototypes of all modules are designed and verified to have correct operation.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.1
• /
• pp.57-66
• /
• 2019

Drones, which are used in various fields, are vulnerable to various security threats such as physical deodorization attacks and information leakage attacks because they operate in an unmanned environment and use wireless communication with weak security. In particular, research is needed to prevent damages such as leakage of stored information and unauthorized use due to illegal drone deodorization. In this paper, we propose a context - aware drone control mechanism that protects stored internal information and prevents unauthorized use when the drones are illegally deactivated. We also demonstrated the feasibility of the proposed mechanism as a prototype implementation and experiment.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.13 no.2
• /
• pp.107-114
• /
• 2003

In this paper, we propose an efficient mutual authentication and key distribution protocol for cdma2000 packet data service which uses Mobile U access method with DIAMETER AAA(Authentication, Authorization and Accounting) infrastructure. The proposed scheme provides an efficient mutual authentication between MN(Mobile Node) and AAAH(home AAA server), and a secure session-key distribution among Mobile If entities. The proposed protocol improves the efficiency of DIAMETER AAA and satisfies the security requirements for authentication and key distribution protocol. Also, the key distributed by the proposed scheme can be used to generate keys for packet data security over 1xEV-DO wireless interface, in order to avoid a session hijacking attack for 1xEV-DO packet data service.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.13 no.11
• /
• pp.5496-5505
• /
• 2012

As the IT industry develops, the smart-phone technology and functions which are actively being studied at the moment greatly influence the entire living environment. With the smart-phone technology and functions, people's interest for the wireless LAN which can be used to get access to the Internet anytime anywhere is gradually increasing. However, since the malicious attacker can easily carry out hacking or approach the contents due to the characteristics of the wireless radio wave, the personal information with a high level of importance for data security is easily exposed due to Spoofing, Denial of Service attack and Man in the Middle attack. Therefore, the demand for security is gradually increasing. In this paper, the safe wireless network service environment is provided by supplementing the vulnerability in regard to Spoofing, Session Hijacking and Man in the Middle attack after executing the client's authentication process, the AP authentication process and the Mobile Agency authentication process with the client's information in the USIM, the AP information and the Mobile Agency information when the client uses the wireless Internet through the Mobile Agency AP access in the smart phone environment.

• Journal of the Korea Convergence Society
• /
• v.9 no.8
• /
• pp.41-46
• /
• 2018

As the industry related to drones has been activated, the public interest in drones has increased explosively, and many cases of drone-using are increasing. In the case of military drones, the security problem is the level of defense of the aircraft or cruise missiles, but commercial small and low cost drones are often released and utilized without security count-measure. This makes it possible for an attacker to easily gain access to the root of the drones, access internal files, or send fake packets. However, this droning problem can lead to another dangerous attack. In this regard, this paper has identified the vulnerabilities inherent in the commercial drones by analyzing the attack cases in the communication process of the specific drones. In this paper, we analyze and test the vulnerability in terms of scanning attack, meson attack, authentication revocation attack, packet stop command attack, packet retransmission attack, signal manipulation and de-compile attack. This study is useful for the analysis of drones attack and vulnerability.