• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.17 no.3
• /
• pp.525-532
• /
• 2013

Recently. smartphones have been popularized rapidly and now located deep in our daily life, providing a variety of services from banking, SNS (Social Network Service), and entertainment to smart-work mobile office through apps. Such smartphone apps can be easily downloaded from what is known as app store which, however, bears many security issues as software developers can just as easily upload to it. Military apps will be exposed to a myriad of security threats if distributed through internet-basis commercial app store. In order to mitigate such security concerns, this paper suggests a security guidelines for establishing a military-excusive app store and security verification system which prevent the security hazards that can occur during the process of development and distribution of military-use mobile apps.

• Journal of the Korea Society of Computer and Information
• /
• v.15 no.12
• /
• pp.163-173
• /
• 2010

PKI(Public Key Infrastructure)-based information certification technology has some limitations to be universally applied to mobile banking services, using smart phones, since PKI is dependent on the specific kind of web browser, Internet Explorer. OTP(One Time Password) is considered to be a substitute or complementary service of PKI, but it still shows low acceptance rate. Therefore, in this research, we analyze why OTP has not been very popular, and provide useful implications of making OTP more extensively and frequently used in the mobile environment. Perceived security of OTP was set as a higher-order construct of integrity, confidentiality, authentication, and non-repudiation. Research findings show that security awareness and perceived security of OTP is positively associated, and the relationship between perceived security and trust on OTP is statistically significant. Also, trust is positively related to intention to use OTP continuously.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.16 no.9
• /
• pp.6282-6289
• /
• 2015

Today, there is an increasing number of cases in which certificate information is leak, and accordingly, electronic finance frauds are prevailing. As certificate and private key a file-based medium, are easily accessible and duplicated, they are vulnerable to information leaking crimes by cyber-attack using malignant codes such as pharming, phishing and smishing. Therefore, the use of security token and storage toke' has been encouraged as they are much safer medium, but the actual users are only minimal due to the reasons such as the risk of loss, high costs and so on. This thesis, in an effort to solve above-mentioned problems and to complement the shortcomings, proposes a system in which digital signature for Internet banking can be made with a simply bio-authentication process. In conclusion, it was found that the newly proposed system showed a better capability in handling financial transitions in terms of safety and convenience.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.14 no.6
• /
• pp.267-272
• /
• 2014

Customers who register at mobile banking service through startphone has 40Mil in first quarter of 2014, which was increased 8.5%(3.6Mil) compare to figure from end of year 2013. Average 1 trillion 627.6billion won is dealing through smartphone banking in daily and three for increased psychological bullying caused by malignant code which change normality to malignant. The results of the analysis current state of affairs of personal information collection management authority required in finance smartphone app service and also recommend solution for protecting finance consumers plans to minimized collecting personal information in smartphone finance app service.

• The Journal of the Convergence on Culture Technology
• /
• v.6 no.1
• /
• pp.455-461
• /
• 2020

Electronic payment system using Internet banking is a very important application for users of e-commerce environment. With rapidly growing use of fintech applications, the risk and damage caused by malicious hacking or identity theft are getting significant. To prevent the damage, fraud detection system (FDS) calculates the risk of the electronic payment transactions using user profiles including types of goods, device status, user location, and so on. In this paper, we propose a new risk calculation method using relative location of users such as SSID of wireless LAN AP and MAC address. Those relative location information are more difficult to imitate or copy compared with conventional physical location information like nation, GPS coordinates, or IP address. The new method using relative location and cumulative user characteristics will enable stronger risk calculation function to FDS and thus give enhanced security to electronic payment systems.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.4
• /
• pp.731-742
• /
• 2017

For all the various cryptographic techniques related to security, social technological attacks such as a shoulder surfing are infeasible to block off completely. Especially, the attacks are executed against financial facilities such as automated teller machine(ATM) which are located in public areas. Furthermore, online financial services whose rate of task management is consistently increasing are vulnerable to a shoulder surfing, smudge attacks, and key stroke inference attacks with google glass behind the convenience of ubiquitous business transactions. In this paper, we show that the security of ATM and internet banking can be reinforced against a shoulder surfing by using One-Time Keypad(OTK) and compare the security of OTK with those of ordinary keypad and One-Time Password(OTP).

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.2
• /
• pp.271-278
• /
• 2015

We use various types of cryptographic algorithms for the protection of personal and sensitive informations in the application environments, such as an internet banking and an electronic commerce. However, recent researches were introduced that if we implement modes of operation, padding method and other cryptographic implementations in a wrong way, then the critical information can be leaked even though the underlying cryptographic algorithms are secure. Among these attacking techniques, the padding oracle attack is representative. In this paper, we analyze the possibility of padding oracle attacks of 12 kinds of padding techniques that can be applied to the CBC operation mode of a block cipher. As a result, we discovered that 3 kinds were safe padding techniques and 9 kinds were unsafe padding techniques. We propose 5 considerations when designing a safe padding techniques to have a resistance to the padding oracle attack through the analysis of three kinds of safe padding techniques.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.20 no.2
• /
• pp.45-53
• /
• 2020

Blockchain can control transactions in a decentralized way and is already being considered for manufacturing, finance, banking, logistics, and medical industries due to its advantages such as transparency, security, and flexibility. And it is predicted to have a great economic effect. However, Blockchain has a Trilemma that is difficult to simultaneously improve scalability, decentralization and security characteristics. Among them, the biggest limitation of blockchain is scalability, which is very difficult to cope with the constantly increasing number of transactions and nodes. To make the blockchain scalable, higher performance should be achieved by modifying existing consensus methods or by improving the characteristics and network efficiency that affect many ways of scaling. Therefore, in this paper, we propose a cluster-based scalable PBFT consensus algorithm called CBS-PBFT which reduces the message complexity O(n²) of PBFT to O(n), which is a representative consensus algorithm of blockchain, and the validity is verified through simulation experiments.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.29 no.9C
• /
• pp.1345-1351
• /
• 2004

Due to the overwhelming importance the Internet gained nowadays, more and more sophisticated security services are requested. However many applications such as Internet Banking, Home Trading System, Electronic Medical Recede, electronic commerce, etc. are related to non-repudiation. Non-repudiation services are one of these new security requirements. ill comparison to other security issues, such as privacy or authenticity of communications, non-repudiation has not been studied intensively. Informally, we say that a protocol is fair if at the end of the protocol execution either originator receives a non-repudiation of receipt evidence and recipient receives a non-repudiation of origin evidence or none of them receives any valid evidence. The most non-repudiation protocols rely on a trusted third party(TIP) that has to intervene during each protocols run. the TIP may create a communication bottleneck. ill this paper, we suggest the digital signature recorder that guarantees fairness logically and supplies minimal network bottleneck to be composed verification server physically.

• Journal of Internet Computing and Services
• /
• v.14 no.3
• /
• pp.35-46
• /
• 2013

As mobile terminal environment gets matured, the use of Android platform based mobile terminals has been growing high. Recently, the number of attacks by malicious application is also increasing as Android platform is vulnerable to private information leakage in nature. Most of these malicious applications are easily distributed to general users through open market or internet and an attacker inserts malicious code into malicious app which could be harmful tool to steal private data and banking data such as SMS, contacts list, and public key certificate to a remote server. To cope with these security threats more actively, it is necessary to develop countermeasure system that enables to detect security vulnerability existing in mobile device and take an appropriate action to protect the system against malicious attacks. In this sense, this paper aggregates diverse system events from multiple mobile devices and also implements a system to detect attacks by malicious application.