• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.3
• /
• pp.563-572
• /
• 2016

Recently, a plenty of credit card payment protocols have been proposed in Korea. Several features of proposed protocols include: using passwords for user authentication in stead of official certificate for authenticity, and no need to download additional security module via ActiveX into user's devices. In this paper, we suggest two new credit card payment protocols that use both SSL(Security Socket Layer) as a standardized secure transaction protocol and password authentication to perform online shopping and payment. The first one is for the case where online shopping mall is different from PG(Payment Gateway) and can be compared to PayPal-based payment methods, and the second one is for the case where online shopping mall is the same as PG and thus can be compared to Amazon-like methods. Two proposed protocols do not require users to perform any pre-registration process which is separate from an underlying shopping process, instead users can perform both shopping and payment into a single process in a convenient way. Also, users are asked to input a distinct payment password, which increases the level of security in the payment protocols. We believe that two proposed protocols can help readers to better understand the recent payment protocols that are suggested by various vendors, and to analyze the security of their payment protocols.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.20 no.5
• /
• pp.957-962
• /
• 2016

Current terrestrial Digital Multimedia Broadcasting (T-DMB) is conducting the emergency alert broadcast, or can view a variety of broadcasting. However, propagation shadow area is a situation where the service is limited due to limitations of facilities investment. In addition, there is the problem of T-DMB broadcasting is for viewing only a restricted area and a mobile device because the mobile is also T-DMB viewing device impossible. In this paper, it receives a T-DMB broadcasting as a way to solve the problems of the T-DMB system, which was studied the re transmission to the mobile device. Accordingly, by receiving the broadcast may be watched in the mobile device the T-DMB reception impossible. Also provides a one-way/two-way authentication mechanism using a conditional access function, and the system was configured so that the user can watch only the registered broadcasting.

• Convergence Security Journal
• /
• v.12 no.1
• /
• pp.17-25
• /
• 2012

SQL Injection techniques disclosed web hacking years passed, but these are classified the most dangerous attac ks. Recent web programming data for efficient storage and retrieval using a DBMS is essential. Mainly PHP, JSP, A SP, and scripting language used to interact with the DBMS. In this web environments application does not validate the client's invalid entry may cause abnormal SQL query. These unusual queries to bypass user authentication or da ta that is stored in the database can be exposed. SQL Injection vulnerability environment, an attacker can pass the web-based authentication using username and password and data stored in the database. Measures against SQL Inj ection on has been announced as a number of methods. But if you rely on any one method of many security hole ca n occur. The proposal of four levels leverage is composed with the source code, operational phases, database, server management side and the user input validation. This is a way to apply the measures in terms of why the accident preventive steps for creating a phased step-by-step response nodel, through the process of management measures, if applied, there is the possibility of SQL Injection attacks can be.

• The Journal of Society for e-Business Studies
• /
• v.9 no.1
• /
• pp.285-301
• /
• 2004

Public service provision through internet is one of major parts for e-government implementation. It is essential to link the internal administrative network with internet to provide the services through internet and to support kiosks through internet, which should result in critical issues for security. A relay server, as a front server for the public service processing system and a web server, a control server for kiosks, are placed between the public service processing system and kiosks to solve those security issues. It is the way to solve security issues through protecting direct communication between the public service processing system and a web server and authenticating a relay server and a web server through authentication process. In the implementation of the system this paper provide a design for an architecture model of the public service processing system through internet, which are aiming to develop high level of the quality system effectively, to reduce the risk of initial stage of development, and to reduce the incurring cost due to reworks.

• Journal of the Korean Society for information Management
• /
• v.18 no.3
• /
• pp.87-114
• /
• 2001

A hybrid information environment can be described as one where an appropriate range of heterogeneous information services is presented to the user in a consistent and integrated way via a single interface. The purpose of this study is to suggest a need of hybrid information services through understanding of the hybrid information environment and hybrid library. Additionally, this study deal with basic concepts of design for a hybrid information service model and address a number of hybrid library projects based on these concepts, such as Agora, BUILDER, HealdLine, HyLife, and MALIBU. Finally, this study survey generic a model of hybrid library and suggest basic principles for building of hybrid information service model, such as integration, seamlessness, authentication, interconnectivity, and personalization of information seeking process environment.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2016.05a
• /
• pp.309-312
• /
• 2016

Considering that interkorean relations got worse and worse recently, cyber terror of North Korea has seriously become a possibility. Therefore, DoS(Denial of Service), a typical way of cyber terror, is becoming a big issue. Consequently, people are growing more and more interested in information security. Internal DoS attacks, out of a variety of ways of Dos attacks, include disks and memories and shortages of process resources. PAM(Pluggable Authentication Module) is one of the ways of preventing internal DoS attacks in Linux system. This paper provides with a method to internally respond to dos attacks and efficiently prevent shortages of resources by utilizing PAM.

• Journal of Korea Entertainment Industry Association
• /
• v.15 no.7
• /
• pp.249-257
• /
• 2021

Recently, interest and demand for facial information processing technology that can provide non-face-to-face identity authentication and access management service using smart devices, which is an essential environmental improvement for multi-use facilities, is increasing as a way to prevent the spread of infectious diseases worldwide and to cope with social measures. This study defines a multi-use facility classification system and applied service field to establish a continuous access control system, and measures to improve the usability of the service platform considering scalability through a dual access control system and personal/measurement information type analysis, and accordingly We would like to propose a service roadmap. In addition, it aims to improve the physical access management system service platform, which is a multi-use facility application service that requires one-time and multiple-use authentication according to usage. It is expected that the methodology of this study can be applied as a service platform of a logical access control system type in the future.

• KIPS Transactions on Computer and Communication Systems
• /
• v.12 no.6
• /
• pp.197-208
• /
• 2023

In the coming future, anyone using the Internet will have more than one NFT. Unlike FT, NFT can specify the owner, and tracking management is easier than FT. Even in the 2022 survey, WPA2 is the most widely used wireless protocol worldwide to date. As it is a protocol that came out in 2006, it is a protocol with various vulnerabilities at this time. In order to use WPA2-EAP or WPA3 (2018), which were released to compensate for the vulnerabilities of WPA2, additional equipment upgrades are required for STA (station) and AP (access point, router), which are connected devices. The use of expensive router equipment solves the security part, but it is economically inefficient to be introduced in Small Office Home Office (SOHO). This paper uses NFT as a means of authentication and uses the existing WPA2 as it is without equipment upgrade, defend crack tools of WPA2 that have been widely used so far and compared to the existing WPA2, it was shown that it was not difficult to actually use them in SOHO.

• Convergence Security Journal
• /
• v.23 no.1
• /
• pp.19-25
• /
• 2023

The current network environment provides a real-time interactive service from an initial one-way information prov ision service. Depending on the form of web-based information sharing, it is possible to provide various knowledge a nd services between users. However, in this web-based real-time information sharing environment, cases of damage by illegal attackers who exploit network vulnerabilities are increasing rapidly. In particular, for attackers who attempt a phishing attack, a link to the corresponding web page is induced after actively generating a forged web page to a user who needs a specific web page service. In this paper, we analyze whether users directly and actively forge a sp ecific site rather than a passive server-based detection method. For this purpose, it is possible to prevent leakage of important personal information of general users by detecting a disguised webpage of an attacker who induces illegal webpage access using traceback information

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.15 no.8
• /
• pp.1735-1742
• /
• 2011

Now a days, as a mass-storage USB becomes comfortable to carry, function of USB is being developed fast. However, there is a problem that the personal information which is stored in USB could be exposed being used with negative purpose without other certification process. This paper suggests OTP(One-Time Password)-based certification protocol of USB to securely protect personal information stored in USB without additional certification information. The proposed OTP based certification protocol of USB not only demands low calculations but also prevents physical approach of USB of other network and does not allow unnecessary service access of user because it conducts simple action and uses one-way hash function. Therefore, communication overhead and service delay is improved. In the experiment, the proposed protocol compares and evaluates throughput of certification server according to the numbers of USB and delay time of packet certification with a device(USB driver) which simply save device and a device(USB Token) which can calculate by oneself. As a result, it is improved as the number of 12.5% in the certification delay time on average and is improved as the number of 10.8% in the throughput of certification server according to the numbers of USB.