• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.3
• /
• pp.501-507
• /
• 2015

The online banking service handles a banking business over the internet, it is necessary to ensure that all financial transactions are processed securely. So, there are various authentication technique for e-banking service : a certificate, a personal identification number(PIN), a security card and a one-time password(OTP). Especially, the security card is most important means including secret information. If the secret information of card is leaked, it means not only loss of security but also easy to attack because security card is a difficult method to get. In this paper, we propose that a multi-channel security card saves an secret information in distributed channel. Proposed multi-channel security card reduces vulnerability of the exposed and has a function to prevent phishing attacks through decreasing the amount of information displayed and generating secret number randomly.

• The KIPS Transactions:PartC
• /
• v.13C no.3 s.106
• /
• pp.359-368
• /
• 2006

AAA(Authentication, Authorization, Accounting) is the service that offers authentication, authorization, and accounting method, and every terminal that accesses the network requires this AAA service. The authentication process of a mobile terminal is as follows: a mobile phone accesses an authentication server in a home network via the authentication service in an external network, which receives the authentication result. And, for the home authentication server to offer secure service, a unique key is distributed for the secure communication between the external agent and the user, the external agent and the home authentication server, and the user and the home authentication server. This paper discusses and proposes the key distribution for secure communication among external authentication servers when a mobile terminal travels to an external network. As the proposed method does not require the home authentication server to reissue another authentication when a user travels to other external networks, it reduces the overload in the home authentication server. It can also distribute a PIN-driven key.

• Journal of Digital Contents Society
• /
• v.19 no.1
• /
• pp.193-198
• /
• 2018

In Korea, the penetration rate of Internet, telephone and smart devices is reaching the highest level in the world. Cyber financial crimes that exploit such infrastructures continue to evolve. Since the first Voice Phishing crime in May 2006, ten years later, there has been a constant occurrence of Voice Phishing crime. Voice Phishing is a crime in which a victim is phoned for false information to figure out the victim's account number and password. This method of Voice Phishing evolves day by day, and it is difficult to investigate. Most of Voice Phishing is a form of international organized crime that is based in Southeast Asia such as China, and it is not easy to eradicate by international cooperation investigation. The purpose of this study is to investigate the actual situation and case analysis of Voice Phishing crime, and to propose the countermeasures against police Voice Phishing counterplan.

• Journal of the Korea Society of Computer and Information
• /
• v.15 no.12
• /
• pp.85-92
• /
• 2010

There is an authentication method for participants with an encrypted ID and password as a symmetric-key in multilateral video conferencing. It is hard to manage when the security-keys makes many while the transportation processing for the encryption and decryption get complicated when the video conferencing involves a number of participants and the third party as an attackers to gain unauthorized symmetric-key to access video conference which makes a problem less secrecy. This study suggests three ways to enhance security in video conference: first, we present PKI-based X.509 certificate for authenticating the participants of multilateral conferencing and we suggest to encode and decode the video conference media data using a secrecy key created by each of the conference participants; second, a more secured multilateral video conferencing can be expected in a group communication by using the participants secrecy key in creating and distributing group keys, where the group key will be renewed whenever there is change in the group member; and finally, we suggest to encode the RTP payload of the media data before transmission.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• v.9 no.1
• /
• pp.902-905
• /
• 2005

In this paper we challenge the mobile node Authentication using Java Card authentication protocol in Ad-hoc network environment. Ad-hoc network is a collection of wireless mobile nodes without the support of a stationary infrastructure. and DSR routing protocol, which is one of famous mobile ad-hoc rooting protocols, has the following network path problem. this paper is the security structure that defined in a mobile network and security and watches all kinds of password related technology related to the existing authentication system. It looks up weakness point on security with a problem on the design that uses Ad-hoc based structure and transmission hierarchical security back of a mobile network, and a server-client holds for user authentication of an application level all and all, and it provides one counterproposal. Java Card Authentication of mobile node can possibly be applied to the area of M-Commerce, Wireless Security, and Ubiquitous Computing and so on.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2011.10a
• /
• pp.299-302
• /
• 2011

Recently, Voice over Internet protocol(VoIP) in IP-based wired and wireless voice, as well as by providing multimedia information transfer. Wired and wireless VoIP is easy on illegal eavesdropping of phone calls and VoIP call control signals on the network. In addition, service misuse attacks, denial of service attacks can be targeted as compared to traditional landline phones, there are several security vulnerabilities. In this paper, VoIP equipment in order to obtain information on the IP Phone is scanning. And check the password of IP Phone, and log in successful from the administrator's page. Then after reaching the page VoIP IP Phone Administrator Settings screen, phone number, port number, certification number, is changed. In addition, IP Phones that are registered in the administrator page of the call records check and personal information is the study of hacking.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2004.05b
• /
• pp.713-716
• /
• 2004

In this paper we challenge the user Authentication using Kerberos V5 authentication protocol in Ad-hoc network environment. Ad-hoc network is a collection of wireless mobile nodes without the support of a stationary infrastructure. and DSR routing protocol, which is one of famous mobile ad-hoc routing protocols, has the following network path problem. this paper is the security structure that defined in a mobile network and security and watches all kinds of password related technology related to the existing authentication system. It looks up weakness point on security with a problem on the design that uses Ad-hoc based structure and transmission hierarchical security back of a mobile network, and a server-client holds for user authentication of an application level all and all, and it provides one counterproposal.

• International Journal of Computer Science & Network Security
• /
• v.21 no.6
• /
• pp.312-318
• /
• 2021

Lack of knowledge and digital skills is a threat to the information security of the state and society, so the formation and development of organizational culture of information security is extremely important to manage this threat. The purpose of the article is to assess the state of information security of the state and society. The research methodology is based on a quantitative statistical analysis of the information security culture according to the EU-27 2019. The theoretical basis of the study is the theory of defense motivation (PMT), which involves predicting the individual negative consequences of certain events and the desire to minimize them, which determines the motive for protection. The results show the passive behavior of EU citizens in ensuring information security, which is confirmed by the low level of participation in trainings for the development of digital skills and mastery of basic or above basic overall digital skills 56% of the EU population with a deviation of 16%. High risks to information security in the context of damage to information assets, including software and databases, have been identified. Passive behavior of the population also involves the use of standard identification procedures when using the Internet (login, password, SMS). At the same time, 69% of EU citizens are aware of methods of tracking Internet activity and access control capabilities (denial of permission to use personal data, access to geographical location, profile or content on social networking sites or shared online storage, site security checks). Phishing and illegal acquisition of personal data are the biggest threats to EU citizens. It have been identified problems related to information security: restrictions on the purchase of products, Internet banking, provision of personal information, communication, etc. The practical value of this research is the possibility of applying the results in the development of programs of education, training and public awareness of security issues.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.13 no.5
• /
• pp.91-104
• /
• 2003

A masquerader is someone who pretends to be another user while invading the target user's accounts, directories, or files. The masquerade attack is the most serious computer misuse. Because, in most cases, after securing the other's password, the masquerader enters the computer system. The system such as IDS could not detect or response to the masquerader. The masquerade detection is the effort to find the masquerader automatically. This system will detect the activities of a masquerader by determining that user's activities violate a profile developed for that user with his audit data. From 1988, there are many efforts on this topic, but the success of the offers was limited and the performance was unsatisfactory. In this report we propose efficient masquerade detection system using SVM which create the user profile.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.18 no.4
• /
• pp.167-174
• /
• 2008

As both a digital camera and a digital camcorder are popularized in recent years, UCC created by general users is also popularized. Unfortunately, according to that, the lack of privacy is also increasing more and more. The UCC is saved on the recordable media(Media) like DVD and deposited personally as well as distributed through Internet portal service. If you use Internet portal service to put up your contents, you can partially prevent the violation of privacy using security technologies such as authentication and illegal copy protection offered by internet portal service providers. Media also has technologies to control illegal copy. However, it is difficult to protect your privacy if your Media having personal contents is stolen or lost. Therefore, it is necessary to develope an additional security mechanism to guarantee privacy protection when you use Media. In this paper, we describe AACS framework for Media Security and propose improved AACS framework to control the access to personal contents saved on Media.