• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.23 no.2
• /
• pp.15-20
• /
• 2023

Recently, digitalization is accelerating in all industries, and the use of information and personal information produced and used in the process of it is very important for the success or failure of a company. However, malicious attempts to steal or leak major information and personal information of a company as an adverse effect continue to increase, and appropriate defense and response are absolutely necessary. However, in the case of small and medium-sized enterprises, the priority of information protection and the possession of professional manpower are very insufficient compared to large enterprises. This paper studies the certification and audit implemented in Korea, and suggests ways to expand the certification of the information protection system suitable for SMEs and improve the effectiveness of the support system through the expansion of the privacy law notification standard and operation of support system.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2008.05a
• /
• pp.607-610
• /
• 2008

Phishing is a form of online identity theft that aims to steal sensitive information such as online banking passwords and credit card information from users. Phishing scams have been receiving extensive press coverage because such attacks have been escalating in number and sophistication. According to a study by Gartner, Many Internet users have identified the receipt of e-mail linked to phishing scams and about 2 million of them are estimated to have been tricked into giving away sensitive information. This paper presents a novel browser extension, AntiPhish, that aims to protect users against spoofed web site-based phishing attack.

• The Journal of the Korea Contents Association
• /
• v.9 no.5
• /
• pp.33-39
• /
• 2009

As the usage of computers and mobile handsets is popularized, the processing and storing of private and business data are increased. Hence we note that these sensitive data should never be transferred out of these personal devices without user's permission. In this paper, we propose a simple method to prevent transferring the sensitive data out of personal computing devices through their networking interfaces. The proposed method determines which processes invoke open system call related to the sensitive data, and then traces them within a specific duration. The proposed scheme has advantage over the existing ones using authentication or encryption because it could be still working well independent upon the new attack technologies or the latest vulnerabilities of hardware and software. In order to verify the proposed algorithm, we test it by implementing the necessary codes at the user and kernel spaces of Linux.

• Journal of Internet of Things and Convergence
• /
• v.9 no.2
• /
• pp.77-82
• /
• 2023

As the method of collecting and utilizing structured and unstructured data develops due to the influence of the Fourth Industrial Revolution, unwanted personal information data is also being collected and utilized, and hackers are attempting various attacks to steal information. As a result, the importance of information protection has increased, and various protection techniques have emerged, among which many studies have been conducted using decentralized techniques of blockchain and various algorithms to strengthen the security of biometric authentication techniques. This paper proposed a public blockchain biometric authentication system that allows users to protect their data in a safer biometric authentication method in the public blockchain and use it in the blockchain through signature with authenticated information.

• Journal of the Institute of Electronics Engineers of Korea TC
• /
• v.46 no.1
• /
• pp.121-132
• /
• 2009

Default password protection used in operating systems have had many advances, but when the attacker has physical access to the server or gets root(administrator) privileges, the attacker can steal the password information(e.g. shadow file in Unix-like systems or SAM file in Windows), and using brute force and dictionary attacks can manage to obtain users' passwords. It is really difficult to obligate users to use complex passwords, so it is really common to find weak accounts to exploit. In this paper, we present a secure authentication scheme based on digital signatures and secure key storage that solves this problem, and explain the possible implementations using Trusted Platform Module(TPM). We also make a performance analysis of hardware and software TPMs inside implementations.

• Journal of the Korean Institute of Intelligent Systems
• /
• v.11 no.4
• /
• pp.320-324
• /
• 2001

According to the rapid growth of computer and internet recently, A hacking to steal infonnations and the computer vinls to destroy the data in computer are now prevailing in the whole world. A study of methods to protect the data of computer is in progress. One of the study is constmction of computer immune system using biological immune system tbat has ability of removal and protection from extemal invasion. In this paper, we make a change detection algorithm which is based on ability of distinction between self and nonself in T-cytotoxic cell that is one of biological immune cell. In algorithm, MHC receptors are composed of a part of self-file that is recognized as itself and those shall distinguish self-file from the changed file. As a result of applying this algorithm to the changed self-files, we prove the efficacy of detection of the self-files changed by computer virus and hacking.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.3
• /
• pp.479-490
• /
• 2013

Recently, the number of attacks by malicious application has significantly increased, targeting Android-platform mobile terminal such as Samsung Galaxy Note and Galaxy Tab 10.1. The malicious application can be distributed to currently used mobile devices through open market masquerading as an normal application. An attacker inserts malicious code into an application, which might threaten privacy by rooting attack. Once the rooting attack is successful, malicious code can collect and steal private data stored in mobile terminal, for example, SMS messages, contacts list, and public key certificate for banking. To protect the private information from the malicious attack, malicious code detection, rooting attack detection and countermeasure method are required. To meet this end, this paper investigates rooting attack mechanism for Android-platform mobile terminal. Based on that, this paper proposes countermeasure system that enables to extract and collect events related to attacks occurring from mobile terminal, which contributes to active protection from malicious attacks.

• Journal of the Korea Convergence Society
• /
• v.11 no.11
• /
• pp.1-7
• /
• 2020

Android apps are mostly distributed as an apk files, and when the apk file is uncompressed, resource files such as xml files, images, and sounds related to app design can be extracted. If the resources of banking or finance-related apps are stolen and fake apps are distributed, personal information could be stolen or financial fraud may occur. Therefore, it is necessary to make it difficult to steal the design as well as the code when distributing the app. In this paper, we implemented a tool to convert the xml file into Java code and obfuscate using the Proguard, and evaluated the execution performance. If the layout obfuscation technique proposed in this paper is used, it is expected that the app operation performance can be improved and the illegal copying damage caused by the theft of the screen design can be prevented.

• Journal of Korea Multimedia Society
• /
• v.8 no.9
• /
• pp.1227-1238
• /
• 2005

Recently, with the advance of network and internet technologies, it is appeared the Problem that the digital contents such as image, voice and video are illegally pirated and distributed. To protect the copyright of the digital contents, the digital watermarking technology of inserting the provider's information into the contents has been widely used. In this paper, we propose the method of applying the digital watermarking into biometric information such as fingerprint and iris in order to prevent the problem caused by steal and misuse. For that, we propose the method of inserting watermark in frequency domain, compare the recognition performance before and aster watermark inserting. Also, we experiment the robustness of proposed method against blurring attack, which is conventionally taken on biometrics data. Experimental results show that our proposed method can be used for protecting iris and fingerprint data, efficiently.

• Convergence Security Journal
• /
• v.14 no.7
• /
• pp.3-8
• /
• 2014

Recently, A utilization request of the U-Healthcare services are increasing rapidly. This is because the increase in smartphone users and ubiquitous computing technology was developed. Furthermore, the demand for access to and use of medical information systems is growing rapidly with a smartphone. This system have the advantage such as they can access from anywhere and anytime in the healthcare information system using their smartphone quickly and easily. But this system have various problems that are a privacy issue, the location disclosure issue, and the potential infringement of personal information. this problems are arise very explosive. Therefore, we propose a secure information security system that can solve the security problems in healthcare information systems for healthcare workers using smartphone. Our proposed system, doctors record, store, modify and manage patient medical information and this system would be safer than the existing healthcare information systems. The proposed system allows the doctor to perform further authentication by transmitting using SMS to GOTP message when they accessing medical information systems. So our proposed system can support to more secure system that can protect user individual information stealing and modify attack by two-factor authentication scheme. And this system can support confidentiality, integrity, location information blocking, personal information steal prevent using cryptography algorithm that is easy and fast.