• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.4
• /
• pp.743-755
• /
• 2013

In recent years, the malicious apps with malicious code in normal apps are increasingly redistributed in Android market, which may incur various problems such as the leakage of authentication information and transaction information and fraudulent transactions when banking apps to process the financial transactions are exposed to such attacks. Thus the financial authorities established the laws and regulations as an countermeasures against those problems and domestic banks provide the integrity verification functions in their banking apps, yet its reliability has not been verified because the studies of the safety of the corresponding functions have seldom been conducted. Thus this study suggests the vulnerabilities of the integrity verification functions of banking apps by using Android reverse engineering analysis techniques. In case the suggested vulnerabilities are exploited, the integrity verification functions of banking apps are likely to be bypassed, which will facilitate malicious code inserting attacks through repackaging and its risk is very high as proved in a test of this study. Furthermore this study suggests the specific solutions to those vulnerabilities, which will contribute to improving the security level of smartphone financial transaction environment against the application forgery attacks.

• The Journal of the Korea Contents Association
• /
• v.10 no.7
• /
• pp.317-325
• /
• 2010

This study aims to deduct the extensive improvement types of leisure activities of private security agents using PPA technique and to examine the influence of leisure constraint on the index of participation. Through this process, this study consequently will draw the priority list of investment on the policy for improving the welfare status of private security agents. In this study, judgement sampling was applied to 6 security agencies located in Seoul, 2010, and 267 cases were used in the final analysis. Collected data went through factor analysis, reliability analysis, paired t test, PPA analysis, and regression analysis by using SPSSWIN 17.0. The conclusions were drawn as follows. In regard to the reliability, Cronbach's $\alpha$ was over .768. First, there was a difference between the preference rate and the participation rate which are the participation index of the private security agents' leisure activities. concentrate here in leisure types turned out to be fitness activities, walking/jogging, tourism, a day-long travel, and keep up the cood work in leisure types are movies, domestic tourist attractions, dating, eating out, personal relationship, watching sports, reading, karaoke, TV video watching, drinking etc. low priority in leisure types are water sports, hiking, biking, soccer, photography, ball games, sky sports, playing go/janggi, inline skates, and cooking. Second, the leisure constraint affects the participation index of leisure activities. As the personal constraint, and surrounding conscious constraint which are the subordinate factors of the leisure constraint get bigger, the participation index of favored leisure activities become lower. In contrast, when the difficulties such as structural constraint, time and economical constraint are overcome, participation index of leisure activities go on the rise.

• Korean Security Journal
• /
• no.49
• /
• pp.97-129
• /
• 2016

This study is empirically intended to look into the effects of security martial arts leader's leadership behaviors on their role perception and coaching confidence, and the mediating effects of their role perception in the relationship between their leadership behaviors and their coaching confidence. To achieve this, a survey was carried out to incumbent security martial arts leaders. The questionnaires were used for data analysis. The correlation analysis prior to a test of research hypothesis showed that there was a significant positive relationship between all potential factors(< p.01). Especially, there was a high relationship between psychological coaching confidence, human relational coaching confidence, exercise coaching, exercise prescription, and volunteer activities. The detailed results of hypothesis verification were as follows: First, hypothesis 1 showed that leadership behaviors had a significant positive effect on role perception, supporting hypothesis 1. Second, hypothesis 2 showed that role perception had a significant positive effect on coaching confidence, supporting hypothesis 2. Third, hypothesis 3 showed that leadership behaviors had a significant positive effect on coaching confidence, supporting hypothesis 3. Fourth, hypothesis 4 showed that role perception was partially mediated in the effects of leadership behaviors on coaching confidence, supporting hypothesis 4. The findings suggest that the effects of security martial arts leader's leadership behaviors on their coaching confidence can be maximized in combination with their role perception.

• The KIPS Transactions:PartA
• /
• v.18A no.5
• /
• pp.193-204
• /
• 2011

Since web applications are accessed by anonymous users via web, more security risks are imposed on those applications. In particular, because security vulnerabilities caused by insecure source codes cannot be properly handled by the system-level security system such as the intrusion detection system, it is necessary to eliminate such problems in advance. In this paper, to enhance the security of web applications, we develop a static analyzer for detecting the well-known security vulnerability of PHP file inclusion vulnerability. Using a semantic based static analysis, our vulnerability analyzer guarantees the soundness of the vulnerability detection and imposes no runtime overhead, differently from the other approaches such as the penetration test method and the application firewall method. For this end, our analyzer adopts abstract interpretation framework and uses an abstract analysis domain designed for the detection of the target vulnerability in PHP programs. Thus, our analyzer can efficiently analyze complicated data-flow relations in PHP programs caused by extensive usage of string data. The analysis results can be browsed using a JAVA GUI tool and the memory states and variable values at vulnerable program points can also be checked. To show the correctness and practicability of our analyzer, we analyzed the source codes of open PHP applications using the analyzer. Our experimental results show that our analyzer has practical performance in analysis capability and execution time.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.2
• /
• pp.263-277
• /
• 2021

Taint analysis techniques are popularly used to detect web vulnerabilities originating from unverified user input data, such as Cross-Site Scripting (XSS) and SQL Injection, in web applications written in JavaScript. To detect such vulnerabilities, it would be necessary to trace variables affected by user-submitted inputs. However, because of the dynamic nature of JavaScript, it has been a challenging issue to identify those variables without running the web application code. Therefore, most existing taint analysis tools have been developed based on dynamic taint analysis, which requires the overhead of running the target application. In this paper, we propose a novel static taint analysis technique using symbol information obtained from the TypeScript (a superset of JavaScript) compiler to accurately track data flow and detect security vulnerabilities in TypeScript code. Our proposed technique allows developers to annotate variables that can contain unverified user input data, and uses the annotation information to trace variables and data affected by user input data. Since our proposed technique can seamlessly be incorporated into the TypeScript compiler, developers can find vulnerabilities during the development process, unlike existing analysis tools performed as a separate tool. To show the feasibility of the proposed method, we implemented a prototype and evaluated its performance with 8 web applications with known security vulnerabilities. We found that our prototype implementation could detect all known security vulnerabilities correctly.

• Convergence Security Journal
• /
• v.18 no.1
• /
• pp.117-128
• /
• 2018

The purpose of this paper is to analyze the behavior of North Korea's cyber attack against South Korea since 2009 based on major international security theories and suggest South Korea's policy option. For this purpose, this paper applied the behavioral domain and characteristics of 'cyber power' and 'coercion dynamics' model, which are attracting attention in international security studies. The types of cyber attacks from North Korea are classified into the following categories: power-based incarceration, leadership attacks and intrusions, military operations interference, and social anxiety and confusion. In terms of types and means of cyber power, North Korean GPS disturbance, the Ministry of Defense server hacking and EMP are hard power with high retaliation and threat and cyber money cashing and ransomware are analyzed by force in the act of persuasion and incentive in the point of robbing or asking for a large amount of money with software pawns. North Korea 's cyber attack has the character of escape from realistic sanctions based on the second nuclear test. It is important for South Korea to clearly recognize that the aggressive cyberpower of North Korea is changing in its methods and capabilities, and to ensure that North Korea's actions result in far greater losses than can be achieved. To do this, it is necessary to strengthen the cyber security and competence to simultaneously attack and defend through institutional supplement and new establishment such as cyber psychological warfare, EMP attack preparation, and enhancement of security expertise against hacking.

• Journal of Navigation and Port Research
• /
• v.43 no.1
• /
• pp.49-56
• /
• 2019

The purpose of this study was to extract the evaluation factors and assess the relative importance between the factors. For this purpose, the evaluation factors were extracted through literature review and the process of brainstorming with experts, who are related to port security. The evaluation factors were then classified into four higher factors and twelve sub- factors through the use of the AHP method. A survey on the classified factors was conducted by experts composed of public officials, port authority employees and education institutions officials. We also carried out statistical tests to determine the perception gap of weights between the groups. As a result of a relative importance analysis of strength, the security operating system factor was highest, followed by improvement of hardware facilities and increase of security personnel. There was a difference in perception among the groups in policy support, facility support and personnel resources budget support. The results of the analysis show that the strength operating system through the establishment of an integrated monitoring system is a priority. It is necessary to understand the difference of perception between groups and build a systematic cooperation system. The evaluation factors extracted from this study can be used for the measurement of port security efficiency in further work.

• Proceedings of the Korean Society for Emotion and Sensibility Conference
• /
• 2003.11a
• /
• pp.1221-1222
• /
• 2003

본 연구는 Usability 중심의 웹사이트 평가를 위한 프레임워크 모델의 구축을 목표로 한다. 이를 위해 기존에 구축된 웹사이트 평가 방법론을 분석하여 평가 요소 별 중요도를 설정하였다. 비교 분석을 통해 나온 문제점들을 기초로 웹사이트평가를 위한 평가요인(Critical Factor)을 선정하여 새로운 프레임워크 모델 $C^3$ISP(Contents, Community, Commerce, Interface, Security, Performance)를 제시하였다. 향후 연구과제로는 프레임워크의 유용성을 분석하기 위한 Running Test를 실시한다.

• Proceedings of the Korea Multimedia Society Conference
• /
• 1998.04a
• /
• pp.222-227
• /
• 1998

본 논문에서는 이진난수발생기들의 안전성 평가를 위한 새로운 통계적 검정을 소개한다. 검정에서 구현된 기본개념은 이진난수열이 랜덤하지 않다면 다음 발생 비트를 예측할 확률이 편향된다는 다음 비트 검정이론에 바탕을 둔다. 본 검정은 이진난수열이 아닌 임의의 d진 난수열의 안전성 검정에도 유용하게 적용될 수 있으므로 난수발생기를 이용하여 설계된 스트림 암호 시스템의 안전성 평가에 평가 측도로서 사용될 수 있다. 또한 컴퓨터 시뮬레이션을 통해 몇몇 난수발생기에 검정을 적용함으로써 검정법이 타당함을 보인다.

• Proceedings of the IEEK Conference
• /
• 2003.07a
• /
• pp.186-189
• /
• 2003

This paper discussed whole concept of bluetooth baseband and studied its detail algorithm. Important blocks, access code, security and clock management, are implemented and verified to hardware and firmware according to Specification ver.1.1. Then implementation results are compared and examined. Finally, this paper suggested the efficient system implementation method. By using test board, it could confirm that suggested implementation communicated smoothly.