• Journal of Convergence for Information Technology
• /
• v.11 no.11
• /
• pp.66-74
• /
• 2021

With the development of the Internet, user authentication technology that proves me online is improving. Existing ID methods pose a threat of personal information leakage if the service provider manages personal information and security is weak, and the information subject is to the service provider. In this study, as online identification technology develops, we propose a DID-based self-authentication model to prevent the threat of leakage of personal information from a centralized format and strengthen sovereignty. The proposed model allows users to directly manage personal information and strengthen their sovereignty over information topics through VC issued by the issuing agency. As a research method, a self-authentication model that guarantees security and integrity is presented using a decentralized identifier method based on distributed ledger technology, and the security of the attack method is analyzed. Because it authenticates through DID Auth using public key encryption algorithms, it is safe from sniffing, man in the middle attack, and the proposed model can replace real identity card.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2004.05a
• /
• pp.1083-1086
• /
• 2004

Switched Network는 Shared Network 에 비해서 스니핑에 안전하다. 하지만 비교우위일뿐 절대적으로 스니핑에 안전한 것은 아니다. 이미 Switched Network 상에서 스니핑을 할 수 있는 공격툴들이 많이 소개되어 있다. 본 논문에서는 Switched Network 상에서 ARP(Address Resolution Protocol) 스푸핑을 통한 ARP 캐시 오염을 통하여 스니핑이 가능한 시나리오를 기술한다. 이러한 시나리오를 탐지하기 위한 기존의 방법은 DHCP와 같은 동적인 환경이 포함된 경우 False Positive 를 자주 발생시키기 때문에 문제가 된다. 여기에서는 이러한 False Positive를 줄인 탐지 방법을 제시하고자 한다.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.37C no.9
• /
• pp.841-850
• /
• 2012

Most of banks in Korea provide smartphone banking services. To use the banking service, public key certificates with private keys, which are stored in personal computers, should be installed in smartphones. Many banks provides intermediate servers that relay certificates to smartphones over the Internet, because the transferring certificates via USB cable is inconvenient. In this paper, we analyze the certificate transfer protocol between personal computer and smartphone, and consider a possible attack based on the results of the analysis. We were successfully able to extract a public key certificate and password-protected private key from encrypted data packets. In addition, we discuss several solutions to transfer public key certificates from personal computers to smartphones safely.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.11 no.10
• /
• pp.3958-3963
• /
• 2010

Internet messenger applications are utilized not only by individuals but also in corporate environments since it provides many convenient functions such as email, chatting and SMS services. However convenient they may be, current messenger applications have revealed a great deal of security problems. For instance, the existing Nate-on messenger is exposed to internal threats since it stores sensitive information in the database of its server and transmits communication data through the network without any safety measures intact. In order to solve such problematic issues of existing messenger applications, we propose the following protocol.

• KIISE Transactions on Computing Practices
• /
• v.23 no.4
• /
• pp.232-237
• /
• 2017

The Maritime Cloud is a technology that enables the seamless exchange of information between several communication links in the maritime domain. Although research on The Maritime Cloud security is still at an early stage, furthering this knowledge is vital to securing the marine environment. In this paper, we propose a method for secure data transmission through The Maritime Cloud domain. The proposed technique, based on the "secret sharing" scheme, is delivered through specifically-dedicated geocasting software. Thus, only authorized vessels can restore the original information. The proposed method is safe from so-called "sniffing" and "man-in-the-middle" attacks.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.2
• /
• pp.259-266
• /
• 2012

Malicious rogue AP has been used for variety attacks such as packet sniffing and Man-In-The-Middle Attack. It is used for the purpose of data leakage via 3G network within companies, and the unauthorized AP could be a reason of security incidents even though it is not intended. In this paper, we propose the method for detecting unauthorized access point over 3G networks throughout the RTT (Round Trip Time) value for classification. Through the experiments, we show that the method can classify the AP which is installed by normal way and the AP over 3G networks successfully.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.4
• /
• pp.871-883
• /
• 2016

It has been steadily increasing to use a wireless keyboard via Radio Frequency which is the input device. Especially, wireless keyboards that use 2.4 GHz frequency band are the most common items and their vulnerabilities have been reported since 2010. In this paper, we propose a 2.4 GHz wireless keyboard keystroke analysis and injection system based on the existing vulnerability researches of the Microsoft 2.4 GHz wireless keyboards. This system is possible to control on the remote. We also show that, via experiments using our proposed system, sensitive information of user can be revealed in the real world when using a 2.4 GHz wireless keyboard.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.3
• /
• pp.383-393
• /
• 2013

Data stream mining is a technique to obtain the useful information by analyzing the data generated in real time. In data stream mining technology, frequent itemset mining is a method to find the frequent itemset while data is transmitting, and these itemsets are used for the purpose of pattern analyze and marketing in various fields. Existing techniques of finding frequent itemset mining are having problems when a malicious attacker sniffing the data, it reveals data provider's real-time information. These problems can be solved by using a method of inserting dummy data. By using this method, a attacker cannot distinguish the original data from the transmitting data. In this paper, we propose a method for privacy preserving frequent itemset mining by using the technique of inserting dummy data. In addition, the proposed method is effective in terms of calculation because it does not require encryption technology or other mathematical operations.

• Journal of Advanced Navigation Technology
• /
• v.15 no.3
• /
• pp.378-385
• /
• 2011

This paper introduces technical aspects of the privacy exposure problem of the video and the audio information on the personal computer and proposes a countermeasure to them. According to the increased number of peripherals for computers, especially including the cameras and the mikes, it is required to be careful on the privacy exposure. Currently, some incorporated or standalone cameras have a pilot lamp to indicate their usage. However, many other cameras and all mikes have not equipped with the pilot lamp or other dedicated indicator. Even though this problem doesn't obstruct their assigned functionalities, it should make the devices susceptible to be exposed with the information they are gathering without any notice to the owners. As a countermeasure to the problem, this paper proposes a reasonable solution that alarms the access trials to the devices and implements programs for the practical sniffing and its counterpart.

• Journal of Digital Contents Society
• /
• v.18 no.7
• /
• pp.1403-1409
• /
• 2017

As the Internet evolves, security becomes more important. Especially, e-mail has become one of the most important services that companies and ordinary users use on the Internet. However, security vulnerabilities such as sniffing attacks, IDs, and password spoofs are causing many problems. This paper introduces an example of implementation of encrypted mailing program with which the secured mail is encrypted by symmetric key methode and the encrypted message can not be read without proper decryption. In order to use the current mailing systems, we keep the rules related to SMTP and POP3, and only the encrypted message is stored in the mail server system and the message can be decrypted only at the terminals of the senders and the receivers with the key which is shared in advanced by independent route between them. This implementation scheme can provide an efficiency that it does not request any change of current mailing system, which can be an additional security protection.