• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2010.10a
• /
• pp.229-232
• /
• 2010

Smart Phone is the increasing use. Smart Phone can be run on that New or videos you want to connect to the Internet for downloading and viewing applications. But the wireless Internet have been found that Due to the vulnerability of the Internet, Smart Phone security vulnerabilities. This paper analyzes the vulnerability. Smart Phone droid that occur when connecting to the Internet. For information on Smart Phone to use to analyze network packet analysis and packet capture tools. Analysis is based on information from the Internet when you use Smart Phone Hack will demonstrate the process. Messenger, ID, to confirm the password, the actual internet ID, password access to the personal information that can be seized. In this study, hacking and security of the Smart Phone will contribute to the research process that Internet information and communication powers to strengthen the security of Korea.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.6
• /
• pp.1345-1354
• /
• 2012

The modern society with the wide spread USB memory, witnesses the acceleration in the development of USB products that applied secure technology. Secure USB is protecting the data using the method as device-based access control, encryption of stored files, and etc. In terms of forensic analyst, to access the data is a lot of troubles. In this paper, we studied software-based data en/decryption technology and proposed for analysis mechanism to validation vulnerability that secured on removable storage media. We performed a vulnerability analysis for USB storage device that applied security mechanism. As a result, we found vulnerabilities that extracts a source file without a password.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.10 no.1
• /
• pp.136-141
• /
• 2006

The IEEE 802.1x can be using various user authentication mechanisms: One-Time Password, Certificate-Based TLS, Challenge/Response and Keberos through EAP(Extended Authentication Protocol). But, IEEE 802.1x also has vulnerabilities about the DoS, the session hijacking and the Man in the Middle attack due to the absence of AP authentication. In this paper, we propose a WLAN secure system which can offer a safety secure communication and a user authentications by intensified the vulnerability of spoofing and DoS attacks. The suppose system offers a safe secure communication because it offers sending message of integrity service and also it prevents DoS attack at authentication initial phase.

• Journal of Institute of Control, Robotics and Systems
• /
• v.22 no.9
• /
• pp.766-772
• /
• 2016

Recent advances in networking and computers, especially internet of things (IoT) technologies, have improved the quality of home life and industrial sites. However, the security vulnerability of IoT technologies causes life-threatening issues and information leakage concerns. Studies regarding security algorithms are being conducted. In this paper, we proposed SEED algorithms based on one time passwords (OTPs). The specified server sent time data to the client every 10 seconds. The client changed the security key using time data and generated a ciphertext by combining the changed security key and the matrix. We applied the SEED algorithms with enhanced security to Linux-based embedded boards and android smart phones, then conducted a door lock control experiment (door lock & unlock). In this process, the power consumed for decryption was measured. The power consumption of the OTP-based algorithm was measured as 0.405-0.465W. The OTP-based algorithm didn't show any difference from the existing SEED algorithms, but showed a better performance than the existing algorithms.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.9 no.5
• /
• pp.958-964
• /
• 2005

WLAN user authentication is mostly based on user password resulting in vulnerability to the notorious 'offline dictionary attack'. As a way around this problem. EAP-TTLS and PEAP protocols are increasing finding their way into WLANs, which are a sort of combination of password protocols and the TLS public-key protocol. This leads to the use of the public-key certificate of the WLAM authentication server, and naturally the concern arises about its revocation status. It seems, however, that any proper soulution has not been provided to address this concern. We propose a very efficent and proper solution to check the certificate revocation status.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.21 no.6
• /
• pp.83-99
• /
• 2011

OTP (One Time Password) is widely used for protecting accounts on Internet banking, portal services and online game services in Korea. OTP is very strong method for enforcing account security but there are several ways for exploiting vulnerabilities caused by implementation errors. These attacks can work because of the weakness from OTP enabled system's vulnerabilities, not for OTP's algorithm itself. In this paper, we present the known attack scenarios such as MITM (Man-in-the-Middle) attack and various reverse engineering techniques; also, we show the test result of the attacks and countermeasures for these attacks.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.17 no.6
• /
• pp.99-119
• /
• 2007

The USB flash drive is common used for portable storage. That is able to store large data and transfer data quickly and carry simply. But when you lose your USB flash drive without any security function in use, all stored data will be exposed. So the new USB flash drive supported security function was invented to compensate for the problem. In this paper, we analyze vulnerability of 6 control access program for secure USB flash drives. And we show that exposed password on communication between secure USB flash drive and PC. Also we show the vulnerability of misapplication for initialization. Further we develop a protection profile for secure USB flash drive based on the common criteria version 3.1. Finally, we examine possible threat of 6 secure USB flash drives and supports of security objectives which derived from protection profile.

• Journal of Korea Multimedia Society
• /
• v.20 no.4
• /
• pp.614-628
• /
• 2017

Recently, Due to the rapid development of the internet and IT technology, users can conveniently use various services provided by the server anytime and anywhere. However, these technologies are exposed to various security threat such as tampering, eavesdropping, and exposing of user's identity and location information. In 2016, Nikooghadam et al. proposed a lightweight authentication and key agreement protocol preserving user anonymity. This paper overcomes the vulnerability of Nikooghadam's authentication protocol proposed recently. This paper suggests an enhanced remote user authentication protocol that protects user's password and provides perfect forward secrecy.

• Journal of the Semiconductor & Display Technology
• /
• v.19 no.2
• /
• pp.96-99
• /
• 2020

According to brilliant development of smart devices, many related services are being devised. And, almost every service is designed to provide user-centric services based on personal information. In this situation, to prevent unintentional leakage of personal information is essential. Conventionally, ID and Password system is used for the user authentication. This is a convenient method, but it has a vulnerability that can cause problems due to information leakage. To overcome these problem, many methods related to face recognition is being researched. Through this paper, we investigated the trend of user authentication through biometrics and a representative model for face recognition techniques. One is DeepFace of FaceBook and another is FaceNet of Google. Each model is based on the concept of Deep Learning and Distance Metric Learning, respectively. And also, they are based on Convolutional Neural Network (CNN) model. In the future, further research is needed on the equipment configuration requirements for practical applications and ways to provide actual personalized services.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.16 no.4
• /
• pp.41-46
• /
• 2016

Recently, many domestic and foreign corporates are concentrating in investment to wearable devices and users are provided with various service based on wearable devices 26% more than compared to last year. It is widely used in previous healthcare, smart work, smart home environment, and it is now introduced to get connection to fused service environment. However, as products of G company are commercialized, the security issue of personal information is causing dispute in society, and the danger of data management and security regarding telecommunication is increasing. Also, because the password system used in previous wireless environment is still in use, there are possible vulnerability considering the new and mutant security threat. This thesis conducted study about protocols that can exercise safe telecommunication in the basis of wearable devices. In the registration and certification process, the signature value is created based on the code value. The telecommunication method is designed to conduct safe telecommunication based on the signature value. As for the attack method occurring in the wearable device environment, the safety was analyzed and conducted performance evaluation of previous password system and proposal system, and verified about 14% of efficiency.