• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.6
• /
• pp.1159-1174
• /
• 2014

As the use of smartphones and tablet PCs has exploded in recent years, there are many occasions where such devices are used for treating sensitive data such as financial transactions. Naturally, many types of attacks have evolved that target these devices. An attacker can capture a password by direct observation without using any skills in cracking. This is referred to as shoulder surfing and is one of the most effective methods. There has been only a crude definition of shoulder surfing. For example, the Common Evaluation Methodology(CEM) attack potential of Common Criteria (CC), an international standard, does not quantitatively express the strength of an authentication method against shoulder surfing. In this paper, we introduce a shoulder surfing risk calculation method supplements CC. Risk is calculated first by checking vulnerability conditions one by one and the method of the CC attack potential is applied for quantitative expression. We present a case study for security-enhanced QWERTY keyboard and numeric keypad input methods, and the commercially used mobile banking applications are analyzed for shoulder surfing risks.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.21 no.2
• /
• pp.15-26
• /
• 2021

Recently, as the introduction of cloud, mobile, and IoT has become active, there is a growing need for technology development that can supplement the limitations of traditional security solutions based on fixed perimeters such as firewalls and Network Access Control (NAC). In response to this, SDP (Software Defined Perimeter) has recently emerged as a new base technology. Unlike existing security technologies, SDP can sets security boundaries (install Gateway S/W) regardless of the location of the protected resources (servers, IoT gateways, etc.) and neutralize most of the network-based hacking attacks that are becoming increasingly sofiscated. In particular, SDP is regarded as a security technology suitable for the cloud and IoT fields. In this study, a new access control system was proposed by combining SDP and hash tree-based large-scale data high-speed signature technology. Through the process authentication function using large-scale data high-speed signature technology, it prevents the threat of unknown malware intruding into the endpoint in advance, and implements a kernel-level security technology that makes it impossible for user-level attacks during the backup and recovery of major data. As a result, endpoint security, which is a weak part of SDP, has been strengthened. The proposed system was developed as a prototype, and the performance test was completed through a test of an authorized testing agency (TTA V&V Test). The SDP-based access control solution is a technology with high potential that can be used in smart car security.

• Informatization Policy
• /
• v.30 no.3
• /
• pp.3-28
• /
• 2023

This study aims to analyze the usage behavior of e-government service users based on the e-government maturity model and provide suggestions for advancement of the e-government services. The changes in Korea's e-government services were analyzed as follows; 1) Proportion of use of e-government services in Korean public services, 2) E-government service types/stages use, 3) Service use by platform 4) User response to e-government service 5) Users' requests for future e-government service usage methods. For the analysis, this study used data from Korea's 2012-2020 e-government usage behavior survey data. As a result of the analysis, first, the proportion of e-government service has been continuously increasing, and second, the use of the e-participation stage is relatively low compared to the presenting information, interaction, and transaction stages. Third, by platform, e-government service has been expanded to various access platforms such as mobile, kiosk, and SNS centering on the web. Fourth, users' satisfaction with e-government service is very high. However, to vitalize e-government services, users requested improvements such as providing one-stop integrated services and simplifying authentication procedures. Based on the analysis results, this study 1) reflects the user's point of view in the maturity model of e-government, 2) considers access to various platforms according to the development of digital technology, 3) improves the e-government maturity model through data-based analysis such as user usage behavior suggested the need.