• Journal of Information Processing Systems
• /
• v.8 no.3
• /
• pp.495-520
• /
• 2012

A secure Electronic Payment System (EPS) is essential for the booming online shopping market. A successful EPS supports the transfer of electronic money and sensitive information with security, accuracy, and integrity between the seller and buyer over the Internet. SET, CyberCash, Paypal, and iKP are the most popular Credit Card-Based EPSs (CCBEPSs). Some CCBEPSs only use SSL to provide a secure communication channel. Hence, they only prevent "Man in the Middle" fraud but do not protect the sensitive cardholder information such as the credit card number from being passed onto the merchant, who may be unscrupulous. Other CCBEPSs use complex mechanisms such as cryptography, certificate authorities, etc. to fulfill the security schemes. However, factors such as ease of use for the cardholder and the implementation costs for each party are frequently overlooked. In this paper, we propose a Web service based new payment system, based on ANSI X9.59-2006 with extra features added on top of this standard. X9.59 is an Account Based Digital Signature (ABDS) and consumer-oriented payment system. It utilizes the existing financial network and financial messages to complete the payment process. However, there are a number of limitations in this standard. This research provides a solution to solve the limitations of X9.59 by adding a merchant authentication feature during the payment cycle without any addenda records to be added in the existing financial messages. We have conducted performance testing on the proposed system via a comparison with SET and X9.59 using simulation to analyze their levels of performance and security.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.1
• /
• pp.205-214
• /
• 2019

Android uses app cache files to improve app execution performance. However, this optimization technique may raise security issues that need to be examined. In this paper, we present a practical design of "Android app cache manipulation attack" to intentionally modify the cache files of a target app, which can be misused for stealing personal information and performing malicious activities on target apps. Even though the Android framework uses a checksum-based integrity check to protect app cache files, we found that attackers can effectively bypass such checks via the modification of checksum of the target cache files. To demonstrate the feasibility of our attack design, we implemented an attack tool, and performed experiments with real-world Android apps. The experiment results show that 25 apps (86.2%) out of 29 are vulnerable to our attacks. To mitigate app cache manipulation attacks, we suggest two possible defense mechanisms: (1) checking the integrity of app cache files; and (2) applying anti-decompilation techniques.

• International Journal of Computer Science & Network Security
• /
• v.21 no.9
• /
• pp.267-274
• /
• 2021

The article deals with problems of innovation development on a network basis, which require effective mechanisms of innovation communications. In research the organizational aspects of ICT infrastructure development for innovation networks sustainable development based on cooperative marketing principles is considered. The proposed research idea is based on the idea that ICT implementation is based not only on the operational approach for innovation management as a factor of efficiency of internal communications, but also on knowledge economy and post-industrial economy trends. Therefore, the purpose of study is to develop an ICT model of innovation infrastructure to improve its effectiveness (strategic character) and efficiency (operative character) through increasing the efficiency of network communication interactions. Creation of information space and communication tools to support innovation network sustainable development and cooperation activities in research is proposed to be solved with the help of specialized ICT platform. It is shown, that ICT platform of innovation cooperation innovation network is important tool for common work of participants. ICT platform is considered as an integrated information system designed to automate business processes related to the sustainable development of innovation network, segment management and integration with HEI information systems and industrial cooperation. The main factors that determine the need to use a special ICT platform for innovation network cooperation were considered. The main issues of concurrent engineering (C-technology) application in high-technology industries and innovation cooperation for integrated product development were studied.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.16 no.3
• /
• pp.3-16
• /
• 2006

Encipherment in existing OS(Operating Systems) has typically used the techniques which encrypt and decrypt entirely a secret file at the application level with keys chosen by user In this mechanism it causes much overhead on the performance. However when a security-classified user-process writes a secret file, our proposed mechanism encrypts and stores automatically and efficiently the file by providing transparency to the user at the kernel level of Linux. Also when the user modifies the encrypted secret file, this mechanism decrypts partially the file and encrypts partially the file for restoring. When user reads only the part of the encrypted file, this mechanism decrypts automatically and partially the file. Therefore our proposed mechanism provides user much faster enciphering speed than that of the existing techniques at the application level.

• International Journal of Computer Science & Network Security
• /
• v.22 no.2
• /
• pp.406-412
• /
• 2022

Storing large amounts of data has always been a big problem from the beginning of computing history. Big Data has made huge advancements in improving business processes by finding the customers' needs using prediction models based on web and social media search. The main purpose of big data stream processing frameworks is to allow programmers to directly query the continuous stream without dealing with the lower-level mechanisms. In other words, programmers write the code to process streams using these runtime libraries (also called Stream Processing Engines). This is achieved by taking large volumes of data and analyzing them using Big Data frameworks. Streaming platforms are an emerging technology that deals with continuous streams of data. There are several streaming platforms of Big Data freely available on the Internet. However, selecting the most appropriate one is not easy for programmers. In this paper, we present a detailed description of two of the state-of-the-art and most popular streaming frameworks: Apache Ignite and Hazelcast. In addition, the performance of these frameworks is compared using selected attributes. Different types of databases are used in common to store the data. To process the data in real-time continuously, data streaming technologies are developed. With the development of today's large-scale distributed applications handling tons of data, these databases are not viable. Consequently, Big Data is introduced to store, process, and analyze data at a fast speed and also to deal with big users and data growth day by day.

• International Journal of Computer Science & Network Security
• /
• v.23 no.2
• /
• pp.203-209
• /
• 2023

The paper brings across data that is utilized in the Bring Your Own Device (BYOD) status collected between February and April of 2021 across Saudi Arabia. The data set was collected using questionnaires established through online mechanisms for the respondents. In the questionnaire, personal details included five questions while seven questions addressed the working model of personal mobile devices. Six questions addressed the awareness of employees bring your own device awareness for employees comprised seven questions and two questions addressed the benefits of business achievements. In the identification of suitable respondents for the research, two approaches were applied. The research demanded that the respondents be Saudi Arabian nationals and have attained 18 years. Snowball and purposive techniques were applied in the collection of information from a wide area of Saudi Arabia while employing social media approaches that include the use of WhatsApp and emails in the collection of data. The approach ensured the collection of data from 857 respondents used in the identification of the status as well as issues across the BYOD environment and accompanying solutions. The data was also used in the provision of awareness in the community through short-term courses, cyber security training and awareness programs. The results of the research are therefore applicable to the context of the Saudi Arabian country that is currently facing issues in dealing with the application of personal devices in the work environment.

• Proceedings of the Korean Information Science Society Conference
• /
• 2005.11a
• /
• pp.214-216
• /
• 2005

We consider Wireless Sensor Network Security (WSN) and focus our attention to tolerate damage caused by an adversary who has compromised deployed sensor node to modify, block, or inject packets. We adopt a probabilistic secret sharing protocol where secrets shared between two sensor nodes are not exposed to any other nodes. Adapting to WSN characteristics, we incorporate these secrets to establish new pairwise key for node to node authentication and design multipath routing to multiple base stations to defend against HELLO flood attacks. We then analytically show that our defense mechanisms against HELLO flood attack can tolerate damage caused by an intruder.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2006.05a
• /
• pp.1117-1120
• /
• 2006

Wide applications because of their flexibilities and conveniences of Wireless Mobile Ad-hoc Networks (MANETs) also make them more interesting to adversaries. Currently, there is no applied architecture efficient enough to protect them against many types of attacks. Some preventive mechanisms are deployed to protect MANETs but they are not enough. Thus, MANETs need an Intrusion Detection System (IDS) as the second layer to detect intrusion of adversaries to response and diminish the damage. In this paper, we propose an algorithm for detecting bogus nodes when they attempt to intrude into network by attack routing protocol. In addition, we propose a procedure to find the most optimize path between two nodes when they want to communicate with each other. We also show that our algorithm is very easy to implement in current proposed architectures.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.5 no.2
• /
• pp.123-131
• /
• 2009

Process Control Systems (PCSs) or Supervisory Control and Data Acquisition (SCADA) systems have recently been added to the already wide collection of wireless sensor networks applications. The PCS/SCADA environment is somewhat more amenable to the use of heavy cryptographic mechanisms such as public key cryptography than other sensor application environments. The sensor nodes in the environment, however, are still open to devastating attacks such as node capture, which makes designing a secure key management challenging. Recently, Nilsson et al. proposed a key management scheme for PCS/SCADA, which was claimed to provide forward and backward secrecies. In this paper, we define four different types of adversaries or attackers in wireless sensor network environments in order to facilitate the evaluation of protocol strength. We then analyze Nilsson et al. 's protocol and show that it does not provide forward and backward secrecies against any type of adversary model.

• Journal of Microbiology and Biotechnology
• /
• v.25 no.11
• /
• pp.1773-1781
• /
• 2015

Environmental security is one of the major concerns for the safety of living organisms from a number of harmful pollutants in the atmosphere. Different initiatives, legislative actions, as well as scientific and social concerns have been discussed and adopted to control and regulate the threats of environmental pollution, but it still remains a worldwide challenge. Therefore, there is a need for developing certain sensitive, rapid, and selective techniques that can detect and screen the pollutants for effective bioremediation processes. In this perspective, isolated enzymes or biological systems producing enzymes, as whole cells or in immobilized state, can be used as a source for detection, quantification, and degradation or transformation of pollutants to non-polluting compounds to restore the ecological balance. Biosensors are ideal for the detection and measurement of environmental pollution in a reliable, specific, and sensitive way. In this review, the current status of different types of microbial biosensors and mechanisms of detection of various environmental toxicants are discussed.