• Proceedings of the IEEK Conference
• /
• 2008.06a
• /
• pp.63-64
• /
• 2008

The mobile RFID (Radio Frequency Identification) is a new application to use mobile phone as RFID reader with a wireless technology and provides new valuable services to user by integrating RFID and ubiquitous sensor network infrastructure with mobile communication and wireless internet. However, there are an increasing number of concerns, and even some resistances, related to consumer tracking and profiling using RFID technology. Therefore, in this paper, we describe the security analysis and implementation leveraging globally networked mobile RFID services which complies with the Korea's mobile RFID forum standard.

• Journal of Korea Multimedia Society
• /
• v.20 no.5
• /
• pp.782-790
• /
• 2017

As most of the recent smart devices have NFC function the NFC mobile coupon will become one of the pervasive NFC applications. We need the secure NFC coupon protocols to issue and use NFC mobile coupon. In this paper, we analyze the security of the previous protocols and point out the problems of security. As the result of analysis, Premium M-coupon Protocol proposed by A. Alshehri and S. Schneider is the most secure but has unnecessary operations. We propose the Modified Premium M-coupon Protocol-1 with the unnecessary operations removed and show this protocol is secure by security analysis. Most of NFC mobile coupon protocols use the cryptography with the shared secret keys. We propose the Modified Premium M-coupon Protocol-2 without the shared secret keys and show this protocol is secure by security analysis.

• Journal of Internet Computing and Services
• /
• v.24 no.4
• /
• pp.15-24
• /
• 2023

Digital therapeutics (DTx) are utilized to replace or supplement drug therapy to treat patients. DTx are developed as a mobile application for portability and convenience. The government requires security verification to be performed on digital medical devices that manage sensitive information during the transmission and storage of patient data. Although safety verification is included in the approval process for DTx, the cybersecurity checklist used as a reference does not reflect the characteristics of mobile applications. This poses the risk of potentially overlooking vulnerabilities during security verification. This study aims to address this issue by comparing and analyzing existing items based on the mobile tactics, techniques, and procedures of MITRE ATT&CK, which manages globally known and occurring vulnerabilities through regular updates. We identify 16 items that require improvement and expand the checklist to 29 items to propose improvement measures. The findings of this study may contribute to the safe development and advancement of DTx for managing sensitive patient information.

• Journal of the Korea Society of Computer and Information
• /
• v.9 no.3
• /
• pp.183-188
• /
• 2004

In the course of Internet proliferation. many network-related technologies are examined for possible growth and evolution. The use of Internet-based technologies in private networks has further fuelled the demand for network-based applications. The most Promising among the new paradigms is use of mobile agents. It also however, suffers from a major drawback, namely the potential for malicious attacks, abuse of resources pilfering of information, and other security issues. These issues are significantly hampering the acceptance of the mobile-agent paradigm. This paper proposed the design of strong and safe mobile agent gateway that split and merge the agent code with security policy database. This mechanism will promote the security in mobile agent systems and mobile agent itself.

• KIPS Transactions on Computer and Communication Systems
• /
• v.2 no.10
• /
• pp.445-460
• /
• 2013

Mobile applications today are being offered as various services depending on the mobile device and mobile environment of users. This increase in mobile applications has shifted the spotlight to their vulnerability. As an effective method of security verification, this paper proposes "phase-wise security verification for the implementation of mobile applications". This method allows additional security verification by covering specific items across a wider range compared to existing methods. Based on the identified weaknesses, it detects the cause of vulnerability and monitors the related settings.

• Convergence Security Journal
• /
• v.11 no.3
• /
• pp.75-84
• /
• 2011

With the rapid development of mobile technology the use of smartphone is spreading. In order to activate mobile banking and market in the future, the most important key is a secure financial transactoin. However, because many apps are developed without security check in proportional to the spread of smartphone, security threat is inevitably high. Current smartphone banking is processed as the way of the existing public certificate or OTP technique in the mobile environment, but many security hole about current technology is pointed out steadily. Therefore, in this paper we are to improve a existing security hole by reinforcing the security through multi-factor authentication and providing a physical non-repudiation.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.6
• /
• pp.1361-1376
• /
• 2015

Recently, the size of the mobile game market and the number of mobile game users are growing. Also, as the mobile game's life cycle is increasing at the same time, auto program issue reappears which has been appeared in PC online games. Gamers usually tend to ignore warning messages from antivirus programs and even worse they delete antivirus program to execute auto programs. Therefore, mobile game users are easily compromised if the auto program performs malicious behaviors not only for the original features. In this paper, we analyze whether seven auto programs of "clash of clans" which has a lot more users for a long time perform malicious behaviors or not. We forecast the possible security threats in near future and proposed countermeasures based on this analysis. By analyzing auto programs of highly popular mobile game of today, we can acquire the knowledge on auto program's recent trend such as their development platform, operating mode, etc. This analysis will help security analysts predict auto program's evolving trends and block potential threats in advance.

• Proceedings of the IEEK Conference
• /
• 1999.06a
• /
• pp.993-996
• /
• 1999

A mobile agent is a program which is capable of migrating autonomously from host to host in the heterogeneous network, to perform some computation on behalf of the user. Mobile agents have many advantages in the distributed computing environment. But they are likely to suffer many attacks on the security due to the mobility. In order to make use of a mobile agent in the real applications, the security issues must be addressed. We deal with the problem which is concerned with protecting a mobile agent in transit and detecting a mobile agent clone. In this paper we propose a trust center based secure mobile agent transfer protocol. This protocol transfers a mobile agent securely from host to host and detects a mobile agent clone. We further show the security of the protocol against many attacks.

• Journal of Institute of Control, Robotics and Systems
• /
• v.13 no.8
• /
• pp.810-816
• /
• 2007

A security robot system named EGIS-SR is a mobile security robot through one of the new growth engine project in robotic industries. It allows home surveillance through an autonomous mobile platform using onboard cameras and wireless security sensors. EGIS-SR has many sensors to allow autonomous navigation, hierarchical control architecture to handle lots of situations in monitoring home surveillance and mighty networks to achieve unmanned security services. EGIS-SR is tightly coupled with a networked security environment, where the information of the robot is remotely connected with the remote cockpit and patrol man. It achieved an intelligent unmanned security service. The robot is a two-wheeled mobile robot and has casters and suspension to overcome a doorsill. The dynamic motion is verified through $ADAMS^{TM}$ simulation. For the main controller, PXA270 based hardware platform based on linux kernel 2.6 is developed. In the linux platform, data handling for various sensors and the localization algorithm are performed. Also, a local path planning algorithm for object avoidance with ultrasonic sensors and localization using $StarGazer^{TM}$ is developed. Finally, for the automatic charging, a docking algorithm with infrared ray system is implemented.

• Journal of The Korean Association of Information Education
• /
• v.2 no.2
• /
• pp.302-308
• /
• 1998

The goal of this study is to survey a mobile agent technology and apply it to security management system. A tool for implementing mobile agent is introduced and a prototype model for sedcrity management system IS proposed. This study suggest the possiblity of security management system using mobile agent.