• Journal of Korea Society of Digital Industry and Information Management
• /
• v.11 no.3
• /
• pp.53-62
• /
• 2015

Recently, number of tablet or Smartphone users increased significantly in domestic and around the world. But violation of personal information such as leakage, misuse and abuse are constantly occurring by using mobile devices which is very useful in our society. Therefore, in this paper it will talk about the problems in the network environment of the mobile environment such as tablet and Smartphone, Mobile Malware, hacking of the public key certificate, which could be potential threat to mobile environment. This thesis will research for people to use their mobile devices more reliable and safer in mobile environment from invasion and leakage of personal information. In order to use Smartphone safely, users have to use Wi-Fi and Bluetooth carefully in the public area. This paper will research how to use App safely and characteristic of risk of worm and Malware spreading. Because of security vulnerabilities of the public key certificate, it will suggest new type of security certification. In order to prevent from the information leakage and infect from Malware in mobile environment without knowing, this thesis will analyze the improved way to manage and use the mobile device.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.13 no.3
• /
• pp.91-99
• /
• 2003

In this paper, we analyze the current trading systems and suggest two secure electronic trading systems that make a fair exchange for online game items. The system is made up for the weak points in the current item trading system. In the proposed system, a game server issues a certificate each item on the user's request. On the one hand, this certificate is used to recover the item when the system error is occured. On the other hand, the user may exchange it with another item or cyber money. The proposed system supports private and reliable trading. Further, the trading can be completed only by online processing.

• IEIE Transactions on Smart Processing and Computing
• /
• v.2 no.5
• /
• pp.297-301
• /
• 2013

Key agreement protocols allow multi-parties exchanging public information to create a common secret key that is known only to those entities over an insecure network. Since Joux first published the pairing-based one round tripartite key agreement protocol, many authenticated protocols have been proposed. Unfortunately, many of them have been broken while others have been shown to be deficient in some desirable security attributes. In 2004, Cheng et al. presented two protocols aimed at strengthening Shim's certificate-based and Zhang et al.'s tripartite identity-based protocols. This paper reports that 1) In Cheng et al.'s identity-based protocol, an adversary can extract long-term private keys of all the parties involved; and 2) Cheng et al.'s certification-based protocol is weak against key integrity attacks. This paper suggests possible remedies for the security flaws in both protocols and then presents a modified Cheng et al.'s identity-based, one-round tripartite protocol that is more secure than the original protocol.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.20 no.6
• /
• pp.1109-1122
• /
• 2016

Certificateless public key cryptography is a technique that can solve the certificate management problem of a public key cryptosystem and clear the key escrow issue of ID-based cryptography using the public key in user ID. Although the studies were actively in progress, many existing schemes have been designed without taking into account the safety of the secret value with the decryption key exposure attacks. If previous secret values and decryption keys are exposed after replacing public key, a valid private key can be calculated by obtaining the partial private key corresponding to user's ID. In this paper, we propose a new security model which ensures the security against the key exposure attacks and show that several certificateless public key encryption schemes are insecure in the proposed security model. In addition, we design a certificateless public key encryption scheme to be secure in the proposed security model and prove it based on the DBDH(Decisional Bilinear Diffie-Hellman) assumption.

• Korean Security Journal
• /
• no.36
• /
• pp.349-386
• /
• 2013

This research analyzes and evaluates The Korean Security Industry Law(TKSIL) putting the regulation of the present government about the private security industry. It nowadays becomes the important axis of the police services offered in the aspect of 'the national life safety' in connection with 'the materialization of society which is safe from the crime'. TKSIL is one of the national administration strategies which Park Gun-hye government aims on supervision policy. After seeking out the core values of the private security industrial policy which sets up in order to approach the national life safety which Park Gun-hye government aims, we make some assessments of this revised security industry law systematically. Particularly all keynote of policy about the private security of the police tried to be confirmed and the desirable direction of policy tries to be presented as to the security industry law application and real operation. In the site of organized civil complaint, the revised security industry law was revised as the direction which intensifies the administrative regulation as to the partial regulation such as it established the reason of the introduction of the arrangement license system. And grounds for disqualification of security instructor and guard, and rules of punishment is intensified order to intercept previously illegal and violent act of the security company etc. However it has the feature that it accomplishes 'the law principle(principle of statute)' the substantial portion through the effort of them changing a lot the content for the form of the law when being the clauses of the fundamental human rights limit, although it has been prescribed in "the security industry law enforcement ordinance" or "the security industry law enforced regulation". The security industry law revised this time brought from the change of the sharp policy through the revision of 17 clauses or new establishment. It can divide into 4 categorizes. (1) strictness of punishment in the site of organized civil complaint (2) Intensification of throwing out for the violation person in the private security business market time-limitedly (3) Intensification of the legal guide supervision power of police (4) upstream of the capital, name tag attachment under compulsion and the limit about other equipment use etc. Essentially "the security industry law" cannot help regulating the national interference of the private security and regulation with this content. However as to this interference and regulation, the limit has to be possible within reasonable range. As the history proved, excessive regulation by the country is not only due to bring the distortion of the security system of nation but also provoke national social cost. It can't be disregards ever that it premises the harmony which appropriate as well as reasonable in the socio-economic dimension for drawing the best combination that all things which get the compulsory education, it limits the person providing the private security service to the corporation, or it limits to the certificate of qualification holder are the ultimate for 'the safety of the national life'.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.5
• /
• pp.781-793
• /
• 2014

A Public Key Infrastructure (PKI) is security standards to manage and use public key cryptosystem. A PKI is used to provide digital signature, authentication, public key encryption functionality on insecure channel, such as E-banking and E-commerce on Internet. A soft-token private key in PKI is leaked easily because it is stored in a file at standardized location. Also it is vulnerable to a brute-force password attack as is protected by password-based encryption. In this paper, we proposed a new method that detects private key compromise and is probabilistically secure against a brute-force password attack though soft-token private key is leaked. The main idea of the proposed method is to use a genuine signature key pair and (n-1) fake signature key pairs to make an attacker difficult to generate a valid signature with probability 1/n even if the attacker found the correct password. The proposed method provides detection and notification functionality when an attacker make an attempt at authentication, and enhances the security of soft-token private key without the additional cost of construction of infrastructure thereby extending the function of the existing PKI and SSL/TLS.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.10 no.4
• /
• pp.33-46
• /
• 2000

IPsec is a protocol suite to protect the data communication between computers on internet and many VPNs(Virtual Private Networks) use IPsec protocol. IKE protocol is used to exchange keys in IPsec. Formal analysis method is used increasingly in computer science to increase the reliability of a system. In this paper, the IKE protocol is analyzed formally. This paper shows that IKE with Authentication with Signature and Authentication with Pre-Shared Key is safe, but Authentication with Public Key Encryption and A Revised Method of Authentication with Public Key Encryption are safe only with the assumption that a participant has the correct public key of the correspondent. To make sure that a participant has the correct public key of the correspondent, the usage of certificate is recommended.

• Korean Security Journal
• /
• no.46
• /
• pp.63-86
• /
• 2016

The object of this study is to propose a study on the Private Investigator usage for Cyber Crime. The latest trend of cyber crime is being evolve in sophisticated and complex way over the global, like internet fraud, cyber gambling, hacking and etc. Hence national investigative authority mobilize high specialized skills and method of criminal investigation by each nation. But it is hard to respond in rapid and effective way because of propoor, distribution of group and insufficient of related legal system. Already in other countries, not considerable amount of services are given to private investigators in detection and tracking part which is inefficient by nation. So it has significantly meaningful to compensate the defect and study about private investigator usage as companion of cooperation policing for effectively respond to cyber-crime. The way to effectively deal with the cyber-crime is reevaluate meaning of partnership policing and need of private investigator usage. Also it is to analyze the main issue about introduction of a system and suggest the effective way of introduction. First, legislation of private investigator usage which is based upon partnership policing should be made up. Moreover, to establish the range of private investigator's business and enhance the reliability, it is to propose introduction of leading professional global certificate and license system with sufficient education and test. We are expecting introduction of private investigator usage can improve efficiency of investigation and promote effective countermeasures of cyber-crime.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2009.10a
• /
• pp.359-362
• /
• 2009

Qualified certificates in online financial and security transaction area are currently used for authentication of the user. The authorized user's public key certificates are stored in binary; the private key corresponding to the user's public key certificates is encrypted by the user password, and then is stored in a file. But the present management system to access the public certificates in local has some problems. In this study, we propose that the mobile public certificate management application to avoid the exist problems.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.12 no.9
• /
• pp.4576-4598
• /
• 2018

In big data age, flexible and affordable cloud storage service greatly enhances productivity for enterprises and individuals, but spontaneously has their outsourced data susceptible to integrity breaches. Provable Data Possession (PDP) as a critical technology, could enable data owners to efficiently verify cloud data integrity, without downloading entire copy. To address challenging integrity problem on multiple clouds for multiple owners, an identity-based batch PDP scheme was presented in ProvSec 2016, which attempted to eliminate public key certificate management issue and reduce computation overheads in a secure and batch method. In this paper, we firstly demonstrate this scheme is insecure so that any clouds who have outsourced data deleted or modified, could efficiently pass integrity verification, simply by utilizing two arbitrary block-tag pairs of one data owner. Specifically, malicious clouds are able to fabricate integrity proofs by 1) universally forging valid tags and 2) recovering data owners' private keys. Secondly, to enhance the security, we propose an improved scheme to withstand these attacks, and prove its security with CDH assumption under random oracle model. Finally, based on simulations and overheads analysis, our batch scheme demonstrates better efficiency compared to an identity based multi-cloud PDP with single owner effort.