• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.4
• /
• pp.941-950
• /
• 2015

Internet banking is widely used in our life with the development of the internet. At the same time, phishing attacks to internet banking have been increased by using malicious object to make unfair profit. People using internet banking service in Korea is required to install security modules such as anti-virus and keyboard protection. However phishing attack technique has been progressed and the advanced technique such as memory hacking defeats the security module of internet banking service. In this paper, we describe internet banking security modules provided by Korean internet banks and analyze how keyboard encryption module works. And we propose an attack to manipulate account transfer information using javascript. Although keyboard protection module provides two functions that protect leakage and manipulation of account transfer information submitted by users against the malicious program of hackers. Our proposed technique can manipulate the account transfer information and result html pages.

• Transactions of the Korean Society for Noise and Vibration Engineering
• /
• v.21 no.3
• /
• pp.212-219
• /
• 2011

In this paper, intrusion detection technique based on the sound field variation of audio frequency in the security space is proposed. The sound field formed by sound source can be detected with the microphone when the obstacle or intruder is positioned. The sound field variation due to the intruder is mainly caused by the interference of audio wave. With the help of numerical simulation of sound field formations, the increase or decrease of sound pressure level is analyzed not only by the obstacle, but also by the intruder. Even the microphone is positioned behind the source, sound pressure level can be increased or decreased due to the interference of sound wave. Frequency response test is performed with Gaussian white noise signal to get the whole frequency response from 0 to half of sampling frequency. There are three security cases. Case 1 is the situation of empty space with and without intruder, case 2 is the situation of blocking obstacle with and without intruder, and case 3 is the situation of side blocking obstacle with and without intruder. At each case, the frequency response is obtained first at the security space without intruder, and second with intruder. From the experiment, intruder size of diameter of 50 cm pillar can be successfully detected with the proposed technique. Moreover, the case 2 and case 3 bring about bigger sound field variation. It means that the proposed technique have the potential of more credible security guarantee in real situation.

• Convergence Security Journal
• /
• v.15 no.6_2
• /
• pp.151-160
• /
• 2015

According to the document from the National Industrial Security Center in 2015, from 2003 to 2014 the disclosure number of industrial spy in South Korea was 438, and the damages due to the industrial technology leakages amounted 50 trillion won annually. Because the industrial technology leakage exercises great influence on the enterprises and the country. countermeasures against industrial technology leakages should be established. Therefore, the purpose of this research is to suggest measures preventing industrial technology leakages and related crimes in enterprises by applying the Crime Prevention Through Environmental Design(CPTED) technique. This research analyzed the recent technology leakage cases and used an analysis of literature research. From the result of this research, we suggested 1) Access Control, 2) Surveillance Enhancement, 3) Territoriality of Reinforcement, and 4) Activity Support by applying the CPTED technique for preventing industrial technology leakages. The limitations of this research and the recommendations for future research were discussed at the last part of this research.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.6
• /
• pp.1079-1090
• /
• 2014

Data mining is a technique to get the useful information that can be utilized for marketing and pattern analysis by processing the data that we have. However, when we use this technique, data provider's personal data can be leaked by accident. To protect these data from leakage, there were several techniques have been studied to preserve privacy. Vertically partitioned data is a state called that the data is separately provided to various number of user. On these vertically partitioned data, there was some methods developed to distinguishing kth element and (k+1) th element by using score. However, in previous method, we can only use on two-party case, so in this paper, we propose the extended technique by using paillier cryptosystem which can use on multi-party case.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.15 no.6
• /
• pp.3-12
• /
• 2005

To provide visitors with the various services, Many web sites distribute many ActiveX controls to them because ActiveX controls can overcome limits of HTML documents and script languages. However, PC can become dangerous if it has unsecure ActiveX controls, because they can be executed in HTML documents. Nevertheless, many web sites provide visitors with ActiveX controls whose security are not verified. Therefore, the verification is needed by third party to remove vulnerabilities in ActiveX controls. In this paper, we introduce the process and the technique to fad vulnerabilities. The existing proof codes are not valid because ActiveX controls are different from normal application and domestic environments are different from foreign environments. In this paper, we introduce the technique to prove vulnerabilities in ActiveX control.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.4
• /
• pp.831-841
• /
• 2017

This paper presents a secure and DoS-resistant fragment authentication technique for Content-Centric Networking (CCN). Our approach not only guarantees the authenticity of each fragment, but also provides a high resistance to DoS attacks through the immediate verification of fragment authenticity at interim nodes on the routing path. Our experimental results demonstrate that the proposed approach provides much stronger security than the existing approach, without imposing a significant overhead.

• The Journal of the Acoustical Society of Korea
• /
• v.22 no.4E
• /
• pp.176-182
• /
• 2003

As the needs for wireless Internet service is increasing, the needs for secure m-commerce is also increasing. Conventional security techniques are reinforced by biometric security technique. This paper utilized the voice as biometric security techniques. We developed speaker verification system for m-commerce (mobile commerce) via wireless internet and wireless application protocol (WAP). We named this system the mVprotek. We implemented the system as client-server architecture. The clients are mobile phone simulator and personal digital assistant (PDA). The verification results are obtained by integrating the mVprotek system with SK Telecom's code dimension multiple access (CDMA) system. Utilizing f-ratio weighting and virtual cohort model normalization showed much better performance than conventional background model normalization technique.

• International Journal of Computer Science & Network Security
• /
• v.23 no.7
• /
• pp.23-31
• /
• 2023

This article discusses the sabotage of loops of intruder alarm systems. Although loop alarm systems are now gradually being replaced by digital alarm systems, they are still significantly present in practice. This paper describes two experimentally verified techniques for sabotaging balanced loops. The first technique is based on the jump replacement of the balancing resistor by a fake resistor. The second technique is based on inserting a series-parallel combination of two rheostats into the loop. By alternately changing the resistance of these rheostats, a state is reached where the balancing resistor is shorted by the parallel rheostat and replaced by the series rheostat. Sabotage devices for both attacks are technically simple and inexpensive, so they can be made and used by an amateur. Owners of loop alarm systems should become find out about this threat.

• Convergence Security Journal
• /
• v.13 no.6
• /
• pp.17-24
• /
• 2013

Recently, the cloud computing technology is emerging as an important issue in the world, and In the technology and services has attracted much attention. However, the positive aspects of cloud computing unlike the includes several vulnerabilities. For this reason, the hacking techniques according to the evolution of a variety of attacks and damages is expected. Therefore, this paper will be analyzed through case studies and experiments to the security technology trends of the cloud computing. and In the future, this is expected to be utilized as a basis for the security system design and corresponding technology development.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.12 no.3
• /
• pp.75-85
• /
• 2016

MANET is a network composed only mobile network having limited resources and has dynamic topology characteristics. Therefore, every mobile node acts as a route and delivers data by using multi-hop method. In particular, group communication such as multicast is desperately needed because of characteristics such as battery life of limited wireless bandwidth and mobile nodes. However, the multicast technique can have different efficient of data transmission according to configuring method of a virtual topology by the movement of the nodes and the performance of a multicast can be significantly degraded. In this paper, the region based security multicast technique is proposed in order to increase the efficiency of data transmission by maintaining an optimal path and enhance the security features in data transmission. The group management node that manages the state information of the member nodes after the whole network is separated to area for efficient management of multicast member nodes is used. Member node encrypts using member key for secure data transmission and the security features are strengthened by sending the data after encrypted using group key in group management node. The superiority of the proposed technique in this paper was confirmed through experiments.