• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.9 no.4
• /
• pp.936-944
• /
• 2008

DRM system is a technology that protects and manages copyright holder's privilege by using a copyright protection technology. This paper contributes to improvement of the secret key transmission and encryption/decryption processing time base on DRM system. In this paper, we will suggest that as follow: First, we will propose the algorithm to transmit the encryption key which use Multidimensional Method more safe than the existing One-path XOR method. Second, we will provide the high quality algorithm of security than the existing system because the Multidimensional which generated from the algorithm does not saved to the server side. Third, we will support the client decryption system which can decrypt the Multidimensional with OPT in decryption with client side. Fourth, we will adopt the more safr method of transmission with the compound of Multidimensional Method and OPT.

• Journal of Convergence Society for SMB
• /
• v.4 no.3
• /
• pp.27-31
• /
• 2014

According to increasing of payment and settlements like smart banking, internet shopping and contactless transaction in smart device, the security issues are on the rise, such as the vulnerability of the mobile OS and certificates abuse problem, we need a secure user authentication. We apply the OTP using biometrics and PKI as user authentication way for dealing with this situation. Biometrics is less risk of loss and steal than other authentication that, in addition, the security can be enhanced more when using the biometric with OTP. In this paper, we propose a user authentication using biometrics and OTP in the mobile device.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.13 no.3
• /
• pp.151-156
• /
• 2013

Android that was made by Google and Open Handset Alliance is the open source software toolkit for mobile phone. In a few years, Android will be used by millions of Android mobile phones and other mobile devices, and become the main platform for application developers. In this paper, the integrated login application based on Google's Android platform is developed. The main features of the mobile combination login application content based on Android are as follows. First, the application has more convenient login functionality than the functionality of general web browser as the web browser of the mobile-based applications(web browser style applications) as well as security features and faster screen(view) capability by reducing the amount of data transfer. Second, the application is so useful for management of ID and Password, and it can easily manage multiple ID information such as message, mail, profile. The results of performance evaluation of the developed application show the functionality that can login many kinds of portal sites simultaneously as well as the ability that can maintain login continuously. Currently, we are trying to develope a couple of the technologies that can insert multiple accounts into one ID and check all information on one screen.

• Convergence Security Journal
• /
• v.12 no.1
• /
• pp.17-25
• /
• 2012

SQL Injection techniques disclosed web hacking years passed, but these are classified the most dangerous attac ks. Recent web programming data for efficient storage and retrieval using a DBMS is essential. Mainly PHP, JSP, A SP, and scripting language used to interact with the DBMS. In this web environments application does not validate the client's invalid entry may cause abnormal SQL query. These unusual queries to bypass user authentication or da ta that is stored in the database can be exposed. SQL Injection vulnerability environment, an attacker can pass the web-based authentication using username and password and data stored in the database. Measures against SQL Inj ection on has been announced as a number of methods. But if you rely on any one method of many security hole ca n occur. The proposal of four levels leverage is composed with the source code, operational phases, database, server management side and the user input validation. This is a way to apply the measures in terms of why the accident preventive steps for creating a phased step-by-step response nodel, through the process of management measures, if applied, there is the possibility of SQL Injection attacks can be.

• The Journal of the Korea Contents Association
• /
• v.18 no.4
• /
• pp.10-17
• /
• 2018

Most of the privacy officers of organizations are hard to think of the corrective action about deficiencies of the PIMS(Personal Information Management Systems) certification. Because, it is difficult to define the priority of the complementary measures due to the unique characteristics and procedures of personal information protection for each organization. The purpose of this study is to evaluate the priority of the complementary measures using the Analytic Hierarchy Process(AHP). According to the results, it is important to comply with the legal requirements in the first tier. The second tier, PIMS experts answered that dedicated organization, password management, and agreement of the subject are important. Above all, agreement of the subject was found the highest priority for complementary measures about PIMS's deficiencies.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.5
• /
• pp.769-780
• /
• 2014

In general, internet users need to remember several IDs and passwords when they use diverse web sites. From an effective management perspective, SSO system was suggested to reduce user inconvenience. Kerberos authentication, which uses centralized system management, is a typical example of a broker-based SSO authentication model. However, further research is required, because the existing Kerberos authentication system has security vulnerability problems of password and replay attacks. In SSO authentication systems, a major security vulnerability is the replay attack. When user credentials are seized by attackers, an authorized session can be obtained through a replay attack. In this paper, an improved SSO authentication model based on the broker-based model and a secure lightweight SSO mechanism against credential replay attack is proposed.

• Journal of Internet Computing and Services
• /
• v.15 no.3
• /
• pp.79-90
• /
• 2014

User authentication based on ID and PW has been widely used. As the Internet has become a growing part of people' lives, input times of ID/PW have been increased for a variety of services. People have already learned enough to perform the authentication procedure and have entered ID/PW while ones are unconscious. This is referred to as the adaptive unconscious, a set of mental processes incoming information and producing judgements and behaviors without our conscious awareness and within a second. Most people have joined up for various websites with a small number of IDs/PWs, because they relied on their memory for managing IDs/PWs. Human memory decays with the passing of time and knowledges in human memory tend to interfere with each other. For that reason, there is the potential for people to enter an invalid ID/PW. Therefore, these characteristics above mentioned regarding of user authentication with ID/PW can lead to human vulnerabilities: people use a few PWs for various websites, manage IDs/PWs depending on their memory, and enter ID/PW unconsciously. Based on the vulnerability of human factors, a variety of information leakage attacks such as phishing and pharming attacks have been increasing exponentially. In the past, information leakage attacks exploited vulnerabilities of hardware, operating system, software and so on. However, most of current attacks tend to exploit the vulnerabilities of the human factors. These attacks based on the vulnerability of the human factor are called social-engineering attacks. Recently, malicious social-engineering technique such as phishing and pharming attacks is one of the biggest security problems. Phishing is an attack of attempting to obtain valuable information such as ID/PW and pharming is an attack intended to steal personal data by redirecting a website's traffic to a fraudulent copy of a legitimate website. Screens of fraudulent copies used for both phishing and pharming attacks are almost identical to those of legitimate websites, and even the pharming can include the deceptive URL address. Therefore, without the supports of prevention and detection techniques such as vaccines and reputation system, it is difficult for users to determine intuitively whether the site is the phishing and pharming sites or legitimate site. The previous researches in terms of phishing and pharming attacks have mainly studied on technical solutions. In this paper, we focus on human behaviour when users are confronted by phishing and pharming attacks without knowing them. We conducted an attack experiment in order to find out how many IDs/PWs are leaked from pharming and phishing attack. We firstly configured the experimental settings in the same condition of phishing and pharming attacks and build a phishing site for the experiment. We then recruited 64 voluntary participants and asked them to log in our experimental site. For each participant, we conducted a questionnaire survey with regard to the experiment. Through the attack experiment and survey, we observed whether their password are leaked out when logging in the experimental phishing site, and how many different passwords are leaked among the total number of passwords of each participant. Consequently, we found out that most participants unconsciously logged in the site and the ID/PW management dependent on human memory caused the leakage of multiple passwords. The user should actively utilize repudiation systems and the service provider with online site should support prevention techniques that the user can intuitively determined whether the site is phishing.

• Smart Media Journal
• /
• v.12 no.11
• /
• pp.27-35
• /
• 2023

Fourth Industrial Revolution and COVID-19 pandemic have boosted the use of Government 24 app for public service complaints in the era of non-face-to-face interactions. there has been a growing influx of complaints and improvement demands from users of public apps. Furthermore, systematic management of public apps is deemed necessary. The aim of this study is to analyze the grievances of Government 24 app users, understand the current dissatisfaction among citizens, and propose potential improvements. Data were collected from the Google Play Store from May 2, 2013, to June 30, 2023, comprising a total of 6,344 records. Among these, 1,199 records with a rating of 1 and at least one 'thumbs-up' were used for topic modeling analysis. The analysis revealed seven topics: 'Issues with certificate issuance,' 'Website functionality and UI problems,' 'User ID-related issues,' 'Update problems,' 'Government employee app management issues,' 'Budget wastage concerns ((It's not worth even a single star) or (It's a waste of taxpayers' money)),' and 'Password-related problems.' Furthermore, the overall trend of these topics showed an increase until 2021, a slight decrease in 2022, but a resurgence in 2023, underscoring the urgency of updates and management. We hope that the results of this study will contribute to the development and management of public apps that satisfy citizens in the future.

• Journal of Digital Convergence
• /
• v.10 no.5
• /
• pp.215-222
• /
• 2012

A smart phone has functions of both telephone and computer. The wide spread use of smart phones has sharply increased the demand for mobile commerce. The smart phone based mobile services are available anytime, anywhere. In commercial transactions, a digital signature scheme is used to make legally binding signature to prove both integrity of commercial document and verification of the signer. Smart phones are more risky compared with personal computers on the problems of how to protect privacy information. It's also easy to let proxy user to authenticate instead of the smart phone owner. In existing password or token based schemes, the ID is not physically bound to the owner. Thus, those schemes can not solve the problem of proxy authentication. To utilize the smart phone as the platform of mobile commerce, a study on the new type of authentication scheme is needed where the scheme should provide protocol to get legally binding signature and not to authenticate proxy user. In this paper, we create the mobile ID by using both the USIM and voice template of the smart phone owner. We also design and implement the user authentication scheme based on the mobile ID.

• Journal of the Institute of Electronics Engineers of Korea CI
• /
• v.45 no.3
• /
• pp.22-30
• /
• 2008

Recently, protection of personal information is getting more important. Many countries have legislated about the protection of personal information. Now, the protection of relevant personal information is required not for a simple image of enterprises but law obligation. Most databases in enterprises used to store customers' names, addresses and credit card numbers with no exceptions. The personal information about a person is sensitive, and this asset is strategic. Therefore, most enterprises make an effort to preserve personal information safely. If someone, however, hacks password information of DBMS manager, no one can trust this system. Therefore, encryption is required based in order to protect data in the database. Because of database encryption, however, it is the problem of database performance in terms of computation time and the limited SQL query. Thus, we proposed an efficient query method to solve the problem of encrypted data in this paper.