• The Journal of the Korea Contents Association
• /
• v.18 no.9
• /
• pp.141-148
• /
• 2018

Currently, the user authentication technology used by users to access multiple applications within an organization is being applied with ID/PW-based SSO technology. These user authentication methods have the fundamental disadvantages of ID/PW and SSO. This means that security vulnerabilities in ID/PW can lead to periodic changes in PWs and limits on the number of incorrect PW inputs, and SSO adds high cost of the SSO server, which centrally stores the authentication information, etc. There is also a fundamental vulnerability that allows others to freely use other people's applications when they leave the portal application screen with SSO. In this paper, we proposed an app-based 2-channel authentication scheme to fundamentally eliminate problems with existing ID/PW-based SSO user authentication technologies. To this end, it distributed centralized user authentication information that is stored on SSO server to each individual's smartphone. In addition, when users access a particular application, they are required to be authenticated through their own smartphone apps.

• Journal of Korea Multimedia Society
• /
• v.14 no.10
• /
• pp.1335-1347
• /
• 2011

The dissemination and use of mobile applications have been rapidly expanding these days. And in such a situation, the security of mobile applications has emerged as a new issue. Although the safety of general software such as desktop and enterprise software is systematically achieved from the development phase to the verification phase through secure coding, there have been not sufficient studies on the safety of mobile applications yet. This paper deals with deriving weakness enumeration specialized in mobile applications and implementing a tool that can automatically analyze the derived weakness. Deriving the weakness enumeration can be achieved based on CWE(Common Weakness Enumeration) and CERT(Computer Emergency Response Team) relating to the event-driven method that is generally used in developing mobile applications. The analysis tool uses the dynamic tests to check whether there are specified vulnerabilities in the source code of mobile applications. Moreover, the derived vulnerability could be used as a guidebook for programmers to develop mobile applications.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.36 no.11B
• /
• pp.1297-1304
• /
• 2011

SIP(Session Initiation Protocol) has some security vulnerability because it works on the Internet. Therefore, the proxy server can be affected by the flooding attack such as DoS and service interruption. However, traditional schemes to corresponding Denial of Service attacks have some limitation. These schemes have high complexity and cannot protect to the variety of Denial of Service attack. In this paper, we newly define the normal user who makes a normal session observed by verifier module. Our method provides continuous service to the normal users in the various situations of Denial of Service attack as constructing a whitelist using normal user information. Various types of attack/normal traffic are modeled by using OPNET simulator to verify our scheme. The simulation results show that our proposed scheme can prevent DoS attack and achieve a low false rate and fast searching time.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.18 no.5
• /
• pp.55-62
• /
• 2018

The MTD-based approach changes various operating parameters dynamically so that the vulnerability of the system can be protected from the malicious attack. In this paper, random/serial scanning/jamming attack success probabilities have been mathematically analyzed and verified through simulation to improve the security of the wireless communication systems in which the MTD-SDR technologies are applied. As a result, for random scanning attacks, attack success probability increases as the change period of transmission channel increases, while for random jamming attacks there is no change. The attack success probability patterns for serial attacks are similar to those of random attacks, but when the change period of transmission channel approaches to the total number of transmission channels, the success probability of serial attack is getting greater than that of random attack, up to twice in jamming attacks and up to 36% in scanning attacks.

• The Journal of Society for e-Business Studies
• /
• v.18 no.2
• /
• pp.81-93
• /
• 2013

Remote user authentication is a method, in which remote server verifies the legitimacy of a user over an common communication channel. Currently, smart card based remote user authentication schemes have been widely adopted due to their low computational cost and convenient portability for the mutual authentication. 2009 years, Wang et al.'s proposed a dynamic ID-based remote user authentication schemes using smart cards. They presented that their scheme preserves anonymity of user, has the feature of storing password chosen by the server, and protected from several attacks. However, in this paper, I point out that Wang et al.'s scheme has practical vulnerability. I found that their scheme does not provide anonymity of a user during authentication. In addition, the user does not have the right to choose a password. And his scheme is vulnerable to limited replay attacks. In particular, the parameter y to be delivered to the user is ambiguous. To overcome these security faults, I propose an enhanced authentication scheme, which covers all the identified weakness of Wang et al.'s scheme and an efficient user authentication scheme that preserve perfect anonymity to both the outsider and remote server.

• Journal of the Korea Institute of Building Construction
• /
• v.16 no.5
• /
• pp.437-445
• /
• 2016

Since typhoon is a critical meteorological disaster, some advanced countries have developed typhoon damage prediction models. However, although South Korea is vulnerable to typhoons, there is still shortage of study in typhoon damage prediction model reflecting the vulnerability of domestic building and features of disaster. Moreover, many studies have been only focused on the characteristics and typhoon and regional characteristics without various influencing factors. Therefore, the objective of this study is to analyze typhoon damage by path and develop to prediction model for building damage ratio by using multiple regression analysis. This study classifies the building damages by typhoon paths to identify influencing factors then the correlation analysis is conducted between building damage ratio and their factors. In addition, a multiple regression analysis is applied to develop a typhoon damage prediction model. Four categories; typhoon information, geography, construction environment, and socio-economy, are used as the independent variables. The results of this study will be used as fundamental material for the typhoon damage prediction model development of South Korea.

• Journal of KIISE
• /
• v.42 no.4
• /
• pp.487-495
• /
• 2015

Since most of information is computerized nowadays, it is extremely important to promote the security of the computerized information. However, the software itself can threaten the safety of information through many abusive methods enabled by coding mistakes. Even though the Secure Coding Guide has been proposed to promote the safety of information by fundamentally blocking the hacking methods, it is still hard to apply the techniques on other programming languages because the proposed coding guide is mainly written for C and Java programmers. In this paper, we reclassified the coding rules of the Secure Coding Guide to extend its applicability to programming languages in general. The specific coding guide adopted in this paper is the C Secure Coding Guide, announced by the Ministry of Government Administration and Home Affairs of Korea. According to the classification, we applied the rules of programming in Sprout, which is a newly proposed Korean programming language. The number of vulnerability rules that should be checked was decreased in Sprout by 52% compared to C.

• Journal of Korea Society of Industrial Information Systems
• /
• v.17 no.6
• /
• pp.11-17
• /
• 2012

The HC-128 stram cipher which selected for the final eSTREAM portfolio is suitable for mobile Ad-Hoc network environments because of the ability of high-speed encryption in restricted memory space. In this paper, we analyzed the vulnerability of side channel analysis attack on HC-128 stream cipher. At the first, we explain a flaw of previous theoretical analysis result which defined the complexity of side-channel attack of HC-128 stream cipher as 'low' and then re-evaluate the security against side-channel attack by estimating the concrete complexity for recovering the secret key. As a result, HC-128 stream cipher is relatively secure against side-channel attack since recovering the secret key have $2^{65}$ computation complexity which is higher than other stream cipher's one.

• Journal of Convergence Society for SMB
• /
• v.5 no.2
• /
• pp.1-6
• /
• 2015

Small and medium-sized companies lack countermeasures to secure the safety of a information system. In this circumstance, they have difficulties regarding the damage to their images and legal losses, when the information is leaked. This paper examines the information leakage of the system and hacking methods including APT attacks. Especially, APT attack, Advanced Persistent Threats, means that a hacker sneaks into a target and has a latency period of time and skims all the information related to the target, and acts in the backstage and neutralize the security services without leaving traces. Because he attacks the target covering up his traces not to reveal them, the victim remains unnoticed, which increases the damage. This study examines attack methods and the process of them and seeks a countermeasure.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.17 no.2
• /
• pp.51-56
• /
• 2017

With the rapid increase in the number of mobile terminals, demand for wireless technologies has sharply increased these days. While wireless communication provides advantages such as ease of deployment, mobility of terminals, continuity of session, and almost comparable transmission bandwidth to the wired communication, it has vulnerability to malicious radio attacks such as eavesdropping, denial of service, session hijacking, and jamming. Among a variety of methods of preventing wireless attacks, the MTD(Moving Target Defense) is the technique for improving the security capability of the defense system by constantly changing the ability of the system to be attacked. In this paper, in order to develop a resilient software defined radio communication testbed system, we present a novel MTD approach to change dynamically and randomly the radio parameters such as modulation scheme, operating frequency, packet size. The probability of successful attack on the developed MTD-based SDR communication system has been analysed in a mathematical way and verified through simulation.