• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.8 no.4
• /
• pp.952-960
• /
• 2007

Most Websites perform login process for authentication. But simple features like ID and Password have no trust because most people worry about appropriation. So the youth can easily access illegal media sites using other's ID and Password. Therefore this paper examine features be adaptable to authentication system, and propose a design of authentication system using multiple features. A proposed authentication system has two categories, such as low-level and high-level method. Low-level method consists of grant of authentication number through mobile phone from server and certificate from authority. High-level method combines ID/Password and features of fingerprint, character, voice, face recognition systems. For this, this paper surveys six recognition systems such as fingerprint, face, iris, character, vein, voice recognition system. Among these, fingerprint, character, voice, face recognition systems can be easily implemented in personal computer with low cost accessories. Usage of multiple features can improve reliability of authentication.

• KIPS Transactions on Computer and Communication Systems
• /
• v.3 no.11
• /
• pp.427-432
• /
• 2014

The Purpose of local system attacks is to acquire administrator's(root) privilege shell through the execution of the malicious program or change the flow of the program. This acquiring shell through attack is still valid approach method and it is difficult to cope with improving each of vulnerability because the attacker can select various forms of attack. Linux allocate a set of credentials when login, in order to manage user permissions. Credentials were issued and managed by the kernel directly, and also the kernel ensures that any change cannot be occurred outside of kernel. But, user's credentials that acquired root privilege through system attacks occurs a phenomenon that does not remain consistent. In this paper we propose a security module to detect a security threats that may cause to users and tasks by analysis user task execution and inconsistency credentials.

• Journal of Digital Convergence
• /
• v.19 no.10
• /
• pp.1-13
• /
• 2021

This study postulates that Government as a Platform(GaaP) could be a next generation government model, drawing activation strategy from success factors of webtoon platform by NAVER. It suggests success factors of Naver webtoon case based on three main components of platform strategy. First, in the aspect of platform infrastructure, Naver webtoon was established based on powerful portal site by parent company Naver and improved platform accessibility through using webtoon without login. Second, in the aspect of stakeholder engagement, Naver webtoon has offed webtoon at no cost and it has taken an intermediary role for supporting the stakeholders with PPS. Third, in the aspect of outputs production, Naver webtoon offered real time feedback from webtoon users that could affect webtoon production and established incubating system that allow users to create their webtoon. And due to PPS, it makes possible to various create second outputs based on webtoon, which can contribute to activating webtoon ecosystem.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.6
• /
• pp.1343-1354
• /
• 2018

OAuth 2.0 bearer token and JWT(JSON web token), current standard technologies for authentication and authorization, use the approach of sending fixed token repeatedly to server for authentication that they are subject to eavesdropping attack, thus they should be used in secure communication environment such as HTTPS. In OAuth 2.0 MAC token which was devised as an authentication scheme that can be used in non-secure communication environment, server issues shared secret key to authenticated client and the client uses it to compute MAC to prove the authenticity of request, but in this case server has to store and use the shared secret key to verify user's request. Therefore, it's hard to provide stateless authentication service. In this paper we present a randomized token authentication scheme which can provide stateless MAC token authentication without storing shared secret key in server side. To remove the use of HTTPS, we utilize secure communication using server certificate and simple signature-based login using client certificate together with the proposed randomized token authentication to achieve the fully stateless authentication service and we provide an implementation example.

• Journal of Digital Convergence
• /
• v.17 no.5
• /
• pp.41-49
• /
• 2019

This study aims to investigate the awareness and status of smart attendance systems in the professors and college students who directly use an electronic smart system, a learning management system utilizing IT and to propose a plan for improvement to increase the efficiency of the smart attendance system. As for the research method, this study conducted an online survey with 264 students at S. University to investigate the status of their use and awareness of the smart attendance system. As a result, first, the professors mostly were satisfied with the smart attendance system, and it would be necessary to improve learning ability and the function of self-management in connection with the learning management system. Second, the college students were dissatisfied with the user interface and speed of the smart attendance system, and it would be necessary to improve the delay time, login, update, and false attendance.

• International Journal of Computer Science & Network Security
• /
• v.21 no.6
• /
• pp.312-318
• /
• 2021

Lack of knowledge and digital skills is a threat to the information security of the state and society, so the formation and development of organizational culture of information security is extremely important to manage this threat. The purpose of the article is to assess the state of information security of the state and society. The research methodology is based on a quantitative statistical analysis of the information security culture according to the EU-27 2019. The theoretical basis of the study is the theory of defense motivation (PMT), which involves predicting the individual negative consequences of certain events and the desire to minimize them, which determines the motive for protection. The results show the passive behavior of EU citizens in ensuring information security, which is confirmed by the low level of participation in trainings for the development of digital skills and mastery of basic or above basic overall digital skills 56% of the EU population with a deviation of 16%. High risks to information security in the context of damage to information assets, including software and databases, have been identified. Passive behavior of the population also involves the use of standard identification procedures when using the Internet (login, password, SMS). At the same time, 69% of EU citizens are aware of methods of tracking Internet activity and access control capabilities (denial of permission to use personal data, access to geographical location, profile or content on social networking sites or shared online storage, site security checks). Phishing and illegal acquisition of personal data are the biggest threats to EU citizens. It have been identified problems related to information security: restrictions on the purchase of products, Internet banking, provision of personal information, communication, etc. The practical value of this research is the possibility of applying the results in the development of programs of education, training and public awareness of security issues.

• Smart Media Journal
• /
• v.10 no.3
• /
• pp.48-53
• /
• 2021

The authentication process is a key step that should be used to verify that a user is legitimate, and it should be used to verify that a user is a legitimate user and grant access only to that user. Recently, two-factor authentication and OTP schemes are used by most applications to add a layer of security to the login process and to address the vulnerability of using only one factor for authentication, but this method also allows access to user accounts without permission. This is a known security vulnerability. In this paper, we propose a Zero Knowledge Proofs (ZKP) personal information authentication scheme based on a Smart Contract of a block chain that authenticates users with minimal personal information exposure conditions. This has the advantage of providing many security technologies to the authentication process based on blockchain technology, and that personal information authentication can be performed more safely than the existing authentication method.

• Journal of Convergence for Information Technology
• /
• v.9 no.10
• /
• pp.9-15
• /
• 2019

Recently, in the field of next-generation e-commerce and finance, interest in blockchain-based technologies such as Bitcoin and Ethereum is great. Although the security of blockchain technology is known to be secure, hacking incidents / accidents related to cryptocurrencies are being issued. The main causes were vulnerabilities in the external environment, such as taking over login sessions on cryptocurrency wallets, exposing private keys due to malware infection, and using simple passwords. However, private key management recommends general methods such as utilizing a dedicated application or local backup and physical archiving through document printing. In this paper, we propose a white box password-based private key protection scheme. As a result of safety and performance analysis, we strengthened the security against vulnerability of private key exposure and proved the processing efficiency of existing protocol.

• International Journal of Computer Science & Network Security
• /
• v.22 no.2
• /
• pp.15-22
• /
• 2022

Modern technology drives the world, increasing performance while reducing labor and time expenses. Tanzania Atomic Energy Commission (TAEC) tracks employee's levels of exposure to radiation sources using dosimeters. According to legal compliance, workers wear dosimeters for three months and one month at the workplace. However, TAEC has problems in tracking, issuing and returning dosimeters because the existing tracking is done manually. The study intended to develop a Personal Dose Management System (PDMS) that processes and manages the data collected by dosimeters for easy and accurate records. During the requirements elicitation process, the study looked at the existing system. PDMS' requirement gathering included document reviews, user interviews, and focused group discussions. Development and testing of the system were implemented by applying the evolutionary prototyping technique. The system provides a login interface for system administrators, radiation officers, and Occupational Exposed Workers. The PDMS grants TAEC Staff access to monitor individual exposed workers, prints individual and institutional reports and manages workers' information. The system reminds the users when to return dosimeters to TAEC, generate reports, and facilitates dispatching and receiving dosimeters effectively. PDMS increases efficiency and effectiveness while minimizing workload, paperwork, and inaccurate records. Therefore, based on the results obtained from the system, it is recommended to use the system to improve dosimeter data management at the institution.

• Journal of Korea Society of Industrial Information Systems
• /
• v.27 no.6
• /
• pp.115-126
• /
• 2022

The purpose of this study is to try to IPA(Importance-Performance Analysis) by applying text mining approaches to user review data for korea mobile banking applications, and to derive priorities for improvement. User review data on mobile banking applications of korea commercial banks (Kookmin Bank, Shinhan Bank, Woori Bank, Hana Bank), local banks (Gyeongnam Bank, Busan Bank), and Internet banks (Kakao Bank, K-Bank, Toss) that gained from Google playstore were used. And LDA topic modeling, frequency analysis, and sentiment analysis were used to derive key attributes and measure the importance and satisfaction of each attribute. Result, although 'Authorizing service', 'Improvement of Function', 'Login', 'Speed/Connectivity', 'System/Update' and 'Banking Service' are relatively important attributes when users use mobile banking applications, their satisfaction is not at the average level, indicating that improvement is urgent.