• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.1
• /
• pp.195-203
• /
• 2019

Mobile applications stores such as Google Play Store and Apple App Store, are widely used to distribute a variety of applications including finance, shopping, and entertainment. Recently, however, vulnerabilities of the mobile applications are likely to violate users' privacy such as personal information leakage. In this paper, we classify mobile applications that can be download from mobile stores, and analyze the personal information that could be leaked when users are using the mobile applications. As a result of analysis, we found that personal information are leaked in some widely used mobile applications in practice. On the basis of our experiment results, we propose some mitigations to enhance security of the mobile applications and prevent leakage of personal information.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.11 no.6
• /
• pp.151-156
• /
• 2011

The Korean domestic cloud market will reach a value of 2 trillion Korean won by 2014. The domestic market is expected to grow rapidly in size despite the fact that there exist activation barriers in mobile cloud services, concerns about the reliability of service, and concerns about security and confidentiality of data. Under these circumstances, existing IT security technologies may be be utilized to provide sufficient response characteristics. Despite this, they must be optimized for mobile cloud computing and enhanced to mitigate inherent security flaws. In this study, mobile cloud security is covered along with use cases that cover the cases where mobile devices are particularly vulnerable and suggest ways to mitigate security vulnerabilities.

• Proceedings of the IEEK Conference
• /
• 2004.08c
• /
• pp.581-584
• /
• 2004

Currently, there are many subscriber access networks: PSTN, ADSL, Cellular Network, IMT200 and so on. To these service providers that provide above network service, it is important that they authenticate and authorize legal subscribers and account for their usage. At present, There exist the several protocols that Support AAA(Authentication, Authorization and Accounting) service : RADIUS, Diameter, TACACS+. Nowadays, RADIUS has used for AAA service widely. It has been extended to support other access network environment. So, we extend RADIUS to support environment of Mobile IPv6. Mobile IPv6 uses IPsec as a security mechanism, basically. But, IPsec is a heavy security technology for small, portable, mobile device. Especially, it is serious at IKE, the subset of IPsec. IKE is a key distribution protocol that distributes the key to the endpoints of IPsec. In t:lis paper, we extend RADIUS to support environment of Mobile IPv6 and simplify the IKE phase of IPsec by AAA system distributing the keys by using its security communication channel. Namely, we propose the key distribution method for IPsec SA establishment between mobile node and home agent. The suggested method was anticipated to be effective at low-power, low computing deyice. Finally, end users feel the faster authentication.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.19 no.5
• /
• pp.1117-1124
• /
• 2015

This paper explains a web session management system for mobile web environment with BYOD(Bring Your Own Device). This system operates by enhanced secure session token. This system consists of an unique identifier, time stamp, and encryption algorithm. The Unique identifier in this system classifies each mobile device for web security based on mobile environment with BYOD. And the Time stamp in this system that determine session effectiveness for web security. Also the Cipher algorithm in this system that protects session token information for web security. This paper analysis a security of session management system running on mobile web environment using the simulation techniques. The proposed method is more suitable than the other methods under enviroment mobile web environment with BYOD.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.32 no.4C
• /
• pp.454-461
• /
• 2007

The next-generation computer is the ultra-lightweight mobile computer that communicates with peripheral handhold devices and provides dynamically the services appropriate to user. To provide the dynamic services on the ultra-lightweight mobile computer, security problem for user or computer system information should be solved and security mechanism is necessary for the ultra-lightweight mobile computing environment that has battery limit and low performance. In this paper, the security mechanism on the component based middleware for the ultra-lightweight mobile computer was implemented using RC-5 cipher algorithm and SHA-1 authentication algorithm. The security components are dynamically loaded and executed into the component based middleware on the ultra-lightweight mobile computer.

• Journal of information and communication convergence engineering
• /
• v.6 no.3
• /
• pp.348-352
• /
• 2008

In distributed computing paradigm, mobile surrogate systems migrates from on host in a network to another. However, Mobile surrogate system have not gained wide acceptance because of security concerns that have not been suitably addressed yet. In this paper, we propose a security framework based on Grid Proxy Gateway for mobile Grid service. The current Grid Security Infrastructure is extended to mobile computing environments. The surrogate host system designed for mobile Personal Digital Assistant (PDA) users can access the certified host and get his proxy credential to launch remote job submission securely.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2003.05a
• /
• pp.241-244
• /
• 2003

Recently, IETF Mobile IP WG focus on security problem issues in Mobile IPv6 and provide appropriate protocol to solve them. These include the protections of Binding Updates both to home agents and correspondent nodes, prefix discovery messages and transporting data packets. In Mobile IPv6, control traffics between home agents and mobile nodes uses IPsec to avoid that mobile nodes and correspondent nodes may be vulnerable to attacks. It is used, however, Return Routability procedure for correspondent node to assure that the right mobile node is sending the messages. In this paper, we propose method of IPser processing to protect messages between home agents and mobile nodes.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.15 no.6
• /
• pp.1-9
• /
• 2015

Recently, with smart device proliferation and providing the various services using this, they have interested in mobile and Smart TV security. Smartphone users are enjoying various service, such as cloud, game, banking. But today's mobile security solutions and Study of Smart TV Security simply stays at the level of malicious code detection, mobile device management, security system itself. Accordingly, there is a need for technology for preventing hacking and leakage of sensitive information, such as certificates, legal documents, individual credit card number. To solve this problem, a variety of security technologies(mobile virtualization, ARM TrustZone, GlobalPlatform, MDM) in mobile devices have been studied. In this paper, we propose an efficient method to implement security technology based on TYPE-I virtualization using ARM TrustZone technology.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.20 no.6
• /
• pp.83-96
• /
• 2010

The rapid spread of smart phone in recent years changes not only personal life but also work environment of organizations. Moreover, smart phone provoke service combination between industries and transit the digital paradigm in our society because of the character that anyone can develop or use the application of smart phone. Under these circumstances, the government hastens the construction of mobile-government in order to improve national services and communication with people. However, since security threats on smart phone become more critical recently, we should hurry the counter measures against mobile threats or we will face obstacles to the activation of mobile-government. On this article, we suggest the methods of information security and the Mobile-government Information Security Management System(M-ISMS) on the smart phone use environment for building up the secure and convenient mobile system in the national institution.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.3
• /
• pp.549-562
• /
• 2017

In recent years, as the proportion of mobile banking has become bigger with daily usage of mobile banking, security threats are also increasing according to the feeling. Accordingly, the domestic banking system introduces security solution programs in the banking application and sets security check points to ensure the stability of the application in order to check whether it is always executed. This study presents a vulnerability of inactivity bypassing mobile vaccine program operation checkpoints using the intermediate language statically and dynamically analysis when decompiling the android banking applications of major banks in Korea. Also, through the results, it identifies possible attacks that can be exploited and suggest countermeasures.