• International Journal of Contents
• /
• v.5 no.3
• /
• pp.50-56
• /
• 2009

Internet is being used for several activities by a great range of users. These activities include communication, e-commerce, education, and entertainment. Users are required to register regarding website in order to enroll web activities. However, registration can be done by automated hacking software. That software make false enrollments which occupy the resources of the website by reducing the performance and efficiency of servers, even stop the entire web service. It is crucial for the websites to have a system which has the capability of differing human users and computer programs in reading images of text. Completely Automated Public Turing Test to Tell Computers and Human Apart (CAPTCHA) is such a defense system against Optical Character Recognition (OCR) software. OCR can be defined as software which work for defeating CAPTCHA images and make countless number of registrations on the websites. This study proposes a new CAPTCHA context that is Korean CAPTCHA by means of the method which is splitting CAPTCHA images into several parts with random rotation values, and drawing random lines on a grid background by using Korean characters only. Lines are in the same color with the CAPTCHA text and they provide a distortion of image with grid background. Experimental results show that Korean CAPTCHA is a more secure and effective CAPTCHA type for Korean users rather than current CAPTCHA types due to the structure of Korean letters and the algorithm we are using: rotation and splitting. In this paper, the algorithm of our method is introduced in detail.

• The Journal of the Convergence on Culture Technology
• /
• v.6 no.1
• /
• pp.455-461
• /
• 2020

Electronic payment system using Internet banking is a very important application for users of e-commerce environment. With rapidly growing use of fintech applications, the risk and damage caused by malicious hacking or identity theft are getting significant. To prevent the damage, fraud detection system (FDS) calculates the risk of the electronic payment transactions using user profiles including types of goods, device status, user location, and so on. In this paper, we propose a new risk calculation method using relative location of users such as SSID of wireless LAN AP and MAC address. Those relative location information are more difficult to imitate or copy compared with conventional physical location information like nation, GPS coordinates, or IP address. The new method using relative location and cumulative user characteristics will enable stronger risk calculation function to FDS and thus give enhanced security to electronic payment systems.

• The Journal of the Convergence on Culture Technology
• /
• v.5 no.3
• /
• pp.55-60
• /
• 2019

It is true that Blockchain has been known as a core technology for cryptocurrency like bitcoin (BTC). It is caused by its rapid value rises. Now, one BTC is trading around 10,000 US dollars while it bought just less than one dollar at its first trading in May, 2010. Blockchain makes on-line transactions possible by the safe cryptocurrency swiftly based on P2P network and distributed public ledger while its on-line traffic is rapidly increasing. However, this technology has bigger potential in the fourth industrial revolution era and its application areas will be varied. The evolving intelligent information society needs to make new added value through utilizing, sharing and processing of useful digital information. Obstacles such as hacking and fraud often exist when transactions of digital properties, right transfers, etc. are done through digital network specialized with anonymity. It is expected that blockchain will be a definite solution in this regard. This paper addresses useful development directions and countermeasures for blokchain in the digital economy by analysis of its current status and issues.

• The Journal of the Convergence on Culture Technology
• /
• v.8 no.4
• /
• pp.121-125
• /
• 2022

As the technologies of the 4th industrial revolution develops, spatial information is becoming digitized. Now, even with a smartphone, we can easily identify the location of national & military critical facilities located in the mega cities. As a result, mega cities' national & military critical facilities were exposed to not only traditional threats, but also non-traditional threats such as terrorism, cyber hacking, and criminal activities. This study suggests a way to protect national & military critical facilities of mega cities from such threats. Considering limitation of time & resources, protecting perfectly all national & military critical facilities is impossible, so we should focus on their critical nodes. Specifically, We suggest ways to protect the critical nodes by converging some measures such as design & arrangement in harmony with the surrounding environment, underground construction & covering, and visual deception. Transparency of digital spatial information will further increase with the advent of urban air mobility and autonomous vehicles in the future. Therefore, in order to prepare for future threats, we should take measures to minimize the exposure of critical nodes.

• Convergence Security Journal
• /
• v.23 no.5
• /
• pp.165-172
• /
• 2023

Nation-state social engineering attacks are steadily being carried out as they are highly effective attacks, primarily to gain an advantage over secret information, diplomatic negotiations or future policy changes. As The Ukraine-Russia war prolongs, the activities of global hacking organizations are steadily increasing, and large-scale cyberattack attempts against major infrastructure or global companies continue, so a countermeasure strategy is needed. To this end, we determined that the social engineering attack cycle excluding physical contact among various social engineering models is the most suitable model, and analyzed the preferred social engineering attack method by comparing it with geopolitical tactics through case analysis. AS a result China favors phishing attacks, which prefer quantity over quality, such as man-made tactics, Russia prefers covert and complex spear phishing reminiscent of espionage warfare, and North Korea uses geopolitical tactics such as spear phishing and watering holes for attacks on the US and South Korea Most of the other countries aimed to secure funds with ransomware. Accordingly, a Clean Pass policy for China, periodic compulsory education in Russia, and international sanctions against North Korea were presented as countermeasure strategies.

• KIPS Transactions on Software and Data Engineering
• /
• v.9 no.12
• /
• pp.387-402
• /
• 2020

Conventional automotive development has mainly focused on ensuring correctness and safety and security has been relatively neglected. However, as the number of automotive hacking cases has increased due to the increased Internet connectivity of automobiles, international organizations such as the United Nations Economic Commission for Europe(UNECE) are preparing cybersecurity regulations to ensure security for automotive development. As with other IT products, automotive cybersecurity regulation also emphasize the concept of "Security by Design", which considers security from the beginning of development. In particular, since automotive development has a long lifecycle and complex supply chain, it is very difficult to change the architecture after development, and thus Security by Design is much more important than existing IT products. The problem, however, is that no specific methodology for Security by Design has been proposed on automotive development process. This paper, therefore, proposes a specific methodology for Security by Design on Automotive development. Through this methodology, automotive manufacturers can simultaneously consider aspects of functional safety, and security in automotive development process, and will also be able to respond to the upcoming certification of UNECE automotive cybersecurity regulations.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.19 no.5
• /
• pp.119-130
• /
• 2009

Korea ranked 2nd in the UN Global e-Participation Index and ranked number one as the leader in e-Government for the third consecutive year. However, Korea ranked 51 in the level of information security published by WEF(World Economic Forum), relatively a low level comparing with its great number of users and excellent environments for the Internet service. A series of critical hacking accidents such as the information leak at Auction and GS Caltex emerged consecutively in 2008 year, resulting in the leak of personal & critical information. This led to a strong interest in the necessity and importance of information security and personal information so that demand for IT security is growing fast. In this paper, we survey to benchmark information security in the perspective of service level, system, investment and policy about major foreign countries. Then we research on an effective way to make the most of the benchmark result to Korea e-Government. In addition, the purpose of this paper is to improve national information security index by developing a policy for ISO 27001 ISMS, an international standard for Information Security Management System, and elevate safety and security of the e-Government serviced by central administrative organizations and local authorities.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.34 no.2
• /
• pp.335-345
• /
• 2024

In the digital era, data security has become an increasingly critical issue, drawing significant attention. Particularly, anti-tampering technology has emerged as a key defense mechanism against indiscriminate hacking and unauthorized access. This paper explores case studies that exemplify the trends in the development and application of TPM (Trusted Platform Module) and software anti-tampering technology in today's digital ecosystem. By analyzing various existing security guides and guidelines, this paper identifies ambiguous areas within them and investigates recent trends in domestic and international research on software anti-tampering. Consequently, while guidelines exist for applying anti-tampering techniques, it was found that there is a lack of methods for evaluating them. Therefore, this paper aims to propose a comprehensive and systematic evaluation framework for assessing both existing and future software anti-tampering techniques. To achieve this, it using various verification methods employed in recent research. The proposed evaluation framework synthesizes these methods, categorizing them into three aspects (functionality, implementation, performance), thereby providing a comprehensive and systematic evaluation approach for assessing software anti-tampering technology in detail.