• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2015.05a
• /
• pp.277-280
• /
• 2015

Smishing, Phishing personal privacy caused by Incident accidents such as Phishing information security has become a hot topic. Such incidents have privacy in personal information management occurs due to a lack of user awareness. This paper is based on the existing structure of the XML Tag question bank used a different Key-Value Structure-based JSON. JSON is an advantage that does not depend on the language in the text-based interchange format. The proposed system is divided into information security sector High, Middle and Low grade. and Provides service to the user through the free space and the smart device and the PC to the constraints of time. The use of open source Apache Load Balancing technology for reliable service. It also handles the user's web page without any training sessions Require server verification result of the training(training server). The result is sent to the training server using jQuery Ajax. and The resulting data are stored in the database based on the user ID. Also to be used as a training statistical indicators. In this paper, we design a level training system to enhance the user's information security awareness.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.2 no.6
• /
• pp.312-332
• /
• 2008

Password-based authentication key exchange (PAKE) protocols in the literature typically assume a password that is shared between a client and a server. PAKE has been applied in various environments, especially in the “client-server” applications of remotely accessed systems, such as e-banking. With the rapid developments in modern communication environments, such as ad-hoc networks and ubiquitous computing, it is customary to construct a secure peer-to-peer channel, which is quite a different paradigm from existing paradigms. In such a peer-to-peer channel, it would be much more common for users to not share a password with others. In this paper, we consider password-based authentication key exchange in the three-party setting, where two users do not share a password between themselves but only with one server. The users make a session-key by using their different passwords with the help of the server. We propose an efficient password-based authentication key exchange protocol with different passwords that achieves forward secrecy in the standard model. The protocol requires parties to only memorize human-memorable passwords; all other information that is necessary to run the protocol is made public. The protocol is also light-weighted, i.e., it requires only three rounds and four modular exponentiations per user. In fact, this amount of computation and the number of rounds are comparable to the most efficient password-based authentication key exchange protocol in the random-oracle model. The dispensation of random oracles in the protocol does not require the security of any expensive signature schemes or zero-knowlegde proofs.

• Convergence Security Journal
• /
• v.21 no.3
• /
• pp.25-30
• /
• 2021

Due to the current COVID-19 pandemic, companies and institutions are introducing virtual desktop technology, one of the logical network separation technologies, to establish a safe working environment in a situation where remote work is provided. With the introduction of virtual desktop technology, companies and institutions can operate the network separation environment more safely and effectively, and can access the business network quickly and safely to increase work efficiency and productivity. However, when introducing virtual desktop technology, there is a cost problem of high-spec server, storage, and license, and it is necessary to supplement in terms of operation and management. As a countermeasure to this, companies and institutions are shifting to cloud computing-based technology, virtual desktop service (DaaS, Desktop as a Service). However, in the virtual desktop service, which is a cloud computing-based technology, the shared responsibility model is responsible for user access control and data security. In this paper, based on the shared responsibility model in the virtual desktop service environment, we propose a cloud-based hardware security module (Cloud HSM) and edge-DRM proxy as an improvement method for user access control and data security.

• The Journal of Information Technology
• /
• v.4 no.4
• /
• pp.15-24
• /
• 2001

In current role-based systems, security officers handle assignments of users to roles. This may increase management efforts in a distributed environment because of the continuous involvement from security officers. The role-based delegation provides a means for implementing RBAC in a distributed environment. The basic idea of a role-based delegation is that users themselves may delegate role authorities to other users to carry out some functions on behalf of the former. This paper presents a user-level delegation model, which is based on Extended Role-Based Access Control(ERBAC). ERBAC provides finer grained access control on the base of subject and object level than RBAC model.

• Journal of the Korea Society of Computer and Information
• /
• v.17 no.7
• /
• pp.107-115
• /
• 2012

Recently, Li and Hwang scheme proposed a biometrics-based remote user authentication scheme using smart card. It is asserted that this scheme has very excellent benefits by the operation cost efficiency based on the smart card, one-way function and biometrics using random numbers. But this scheme cannot provide the properly authentication, especially, it is analyzed as the vulnerable security scheme for Denial-of-Service(DoS) attacks by impersonate attacks. The attacker controls the insecure channel, they can easily fabricate messages to pass the user's or server's authentication, and the malicious attacker can impersonate the user to cheat the server and can impersonate the server to cheat the user without knowing any secret information. This paper proposes the strong improved scheme which can respond to multiple attacks by supplementing the function of integrity check from the server which applied variable authenticator and OSPA without exposing the user's password information. It is supplemented pregnable of disguise attack and mutual authentication of Li and Hwang scheme.

• Proceedings of the Safety Management and Science Conference
• /
• 2005.05a
• /
• pp.453-459
• /
• 2005

On this research, we show some concrete examples as software design, 2D/3D display, graph display, and gage display to develop a data monitoring system for real time safe fire testing. Developed software which is simulation software for live fire testing, has been designed to display informations about whole test status in a live fire testing, and with this, user can control a live fire testing under the safe environment. Beside, we increase a security by using a authority of user to access on this software. and we develop it based on module designed to apply a requirement of user later on.

• Journal of the Korea Safety Management & Science
• /
• v.7 no.2
• /
• pp.65-72
• /
• 2005

On this research, we show some concrete examples as software design, 2D/3D display, graph display, and gage display to develop a data monitoring system for real time safe fire testing. Developed software which is simulation software for live fire testing, has been designed to display informations about whole test status in a live fire testing, and with this, user can control a live fire testing under the safe environment. Beside, we increase a security by using a authority of user to access on this software. and we develop it based on module designed to apply a requirement of user later on.

• Journal of the Korea Society of Computer and Information
• /
• v.16 no.2
• /
• pp.217-224
• /
• 2011

Existing wire based physical security system solutions show limitations in time and space. In order to solve these deficiencies, a remote physical security system has been implemented using smart phone based on mobile cloud computing technique. The security functions of mobile cloud computing technique include mobile device user authentication, confidentiality of communication, integrity of information, availability of system, and target system access control, authority management and secure hand off etc. Proposed system has been constructed as remote building management system using smart phone, and also has been efficient to reduce energy cost (5~30%), result of system average access and response time 7.082 second. This systems are evaluated to have high efficiency compared to performance.

• Asia pacific journal of information systems
• /
• v.27 no.3
• /
• pp.156-175
• /
• 2017

The proposed conceptual framework is based in the relationships among knowledge of personal information security, trust on the personal information security policies of parcel delivery service companies, privacy concern, trust in and risk of parcel delivery services, and user satisfaction with parcel delivery services. Drawing upon both cognitive theory of emotion and cognitive emotion theory that complement each other, we propose a research model and examine the relationships between cognitive and emotional factors and the usage of parcel delivery services. The proposed model is validated using data from customers who have previously used parcel delivery services. The results show a significant relationship between the cognitive and affective factors and the usage of parcel delivery services. This study enhances our understanding of parcel delivery services based on the consumers' psychological processes and presents useful implications on the importance of privacy and security in these services.

• The KIPS Transactions:PartC
• /
• v.14C no.4
• /
• pp.321-330
• /
• 2007

This paper proposes a two-phase server login authentication system by XML-Signature schema extension to protect server's information resources opened on network which offer various web contents. A proposed system requests and publishes XML-based certificate through on-line, registers certificate extension information provided by CA(Certification Authority) to XCMS(XML Certificate Management Server), and performs prior authentication using user's certificate password. Then, it requests certificate extension information added by user besides user's certificate password and certificate extension information registered in XCMS by using SOAP message, and performs posterior authentication by comparing these certificate extension information. As a result, a proposed system is a security reinforced system compared with existing systems.