• KIPS Transactions on Computer and Communication Systems
• /
• v.7 no.2
• /
• pp.59-66
• /
• 2018

Android Things is an Android-based platform running in Google's IoT environment. Android smartphones require permissions from application users to use certain features, but in the case of Android Things, there is no display to send request notifications to users. Therefore Does not make a request to use the permissions and automatically accepts the permissions from the system. If the privilege is used indiscriminately, malicious behavior such as system failure or leakage of personal information can be performed by a function which is not related to the function originally. Therefore, By monitoring the privileges that a device uses in an Android-based IoT system, users can proactively respond to security threats that can arise through unauthorized use of the IoT system. This paper proposes a system that manages the rights currently being used by IoT devices in the Android Things based IoT environment, so that Android-based IoT devices can cope with irrelevant use of rights.

• Journal of Korea Multimedia Society
• /
• v.11 no.8
• /
• pp.1101-1110
• /
• 2008

Nespot provides a convenient wireless internet connection service. The existing IEEE 802.1X EAP-MD5 authentication mechanism can be achieved based on ID/password information for a wireless connection. The Nespot system offers an advanced accounting and authorization procedure for providing wireless user authentication mechanism. However, many problems were found on the existing Nespot EAP-MD5 mechanism such as a ill value exposure, a leakage of personal information on wireless authentication procedure and a weakness on Nespot mutual authentication mechanism. Therefore, we analyzed the limitation of the existing IEEE 802.1X EAP-MD5 certification system, and suggested a one-time session key based authentication mechanism. And then we offered a simplified encryption function on the Nespot certification process for providing secure mutual authentication process.

• Korean Security Journal
• /
• no.56
• /
• pp.145-163
• /
• 2018

Recently, security behavior of members of organizations has been recognized as a critical part of information security at the corporate level. Leakage of customers' information brings more attention to information security behavior of organizations and the importance of a task force. Research on information breach and information security is actively conducted of personal behavior toward security threats or members of organizations who use security technology. This study aims to identify factors of influence on information security behavior of members of organizations and to empirically find out how these factors affect information security behavior through behavior toward attitude, subjective norm and perceived behavior control. On the basis of the research, this study will present effective and efficient ways to foster information security activities of members of organizations. To this end, the study presented a research model that applied significant variables based on integration of Theory of Planned Behavior (TPB) and Theory of Protection Motivation (TPM). To empirically verify this research model, the study conducted a survey of members of organizations who had security-related work experience at companies. So, it is critical for members of organizations to encourage positive word of mouth (WOM) about information security behavior. Results show that based on the integration of TPM and TPB, perceived vulnerability, perceived severity, perceived efficiency and perceived barriers of information security behavior of members of organizations had significant influences on mediating variables such as behavior toward attitude, subjective norm, perceived behavior control and intention. They also had significant influences on organization information security behavior which is a dependent variable. This study indicates companies should introduce various security solutions so that members of the organizations can prevent and respond to potential internal and external security risks. In addition, they will have to take actions to inspect vulnerability of information system and to meet security requirements such as security patches.

• The Journal of the Korea Contents Association
• /
• v.20 no.4
• /
• pp.202-211
• /
• 2020

This study examined the effects of online search service users' experiences on search satisfaction by the types of main search results. As a result of the survey, the negative experience of using the search result in the specific service area among the integrated search results is the most irrelevant regardless of the type of search result with the lowest usage rate. In particular, users are often exposed to advertising information and valuable or low useful information, and information inaccuracy, bias, and personal information leakage experience are relatively higher than other search results. Satisfaction by type of search result of online search service showed only difference in interest of search result, and no other satisfaction factor was found by type of search result. Looking at the experience factors that affect the satisfaction of each type of search results, in the case of general integrated search results except search websites such as search ads and search ads, the more accurate information is provided, the more satisfied the search results are. In the case of, the provision of high value and useful information has a positive effect on satisfaction. After all, it is implied that online search service providers should consider the highest priority for improving the service, improving the accuracy of information and the value and usefulness of information.

• Journal of the Korea Convergence Society
• /
• v.9 no.1
• /
• pp.291-301
• /
• 2018

The purpose of this study is to investigate the factors that affect the perceived awareness and the intention of continuous use by FinTech users and system characteristics. Data collection was carried out by targeting and surveying 600 people living in Gwangju, and office workers using smartphones. As a result, first, self-efficacy, innovation, and fitness for Fin-Tech services were found to influence the degree of perceptual awareness and intent to use of Fin-tech service users. Second, the system characteristics have a positive effect on perceived awareness and intention of using FinTech service. Third, the hypothesis about the dangers in the user attributes and system properties were dismissed. It seems that the priority concern was regarding the leakage of personal information and security as privacy and the increasing damage cases of financial fraud by electronic financial transactions spill. Therefore, in order to spread FinTech services, it would be effective if a Fin-Tech service strategy could eliminate inconveniences such as the risk of hindering convenience and intention to use by the marketing strategy established by the company.

• Convergence Security Journal
• /
• v.15 no.4
• /
• pp.73-82
• /
• 2015

Thanks to popularization of smart phone, mobile payment market is growing rapidly. As the obligatory use of digital certificate is abolished, easy-to-use payment that can settle with only password is being launched one after another. But its spreading speed is not fast highly. Because of concern about personal information leakage and security, unchangeability of payment habit, insufficiency of consumer protection, inadequacy of payment infrastructure and all sorts of regulations, easy-to-use payment is not activated. Recently global IT companys are entering mobile payment market competitively. It is because the sense of crisis that their survival can be dangerous from now on if they get left behind Fintech innovation and the mentality that they try to take the leadership of mobile payment market process. In this situation, the thorough preparation and a lot of effort are required to promote our autonomous easy-to-use payment growth without dependance on foreign country's. In this paper, the problems of local mobile easy-to-use payment are addressed in depth and the activation measures such as flexible and discriminative security, construction of customer protection system, law system maintenance, service differentiation are proposed.

• Journal of Industrial Convergence
• /
• v.21 no.3
• /
• pp.181-188
• /
• 2023

The e-Government standard framework provides overall technologies such as reuse of common components for web environment development such as domestic government/public institutions, connection of standard modules, and resolution of dependencies. However, in a standardized development environment, there is a possibility of updating old versions according to core versions and leakage of personal and confidential information due to hacking or computer viruses. This study directly analyzes security vulnerabilities focusing on websites that operate eGovFrame in Korea. As a result of analyzing/classifying vulnerabilities at the internal programming language source code level, five items associated with representative security vulnerabilities could be extracted again. As a countermeasure against this, the security settings and functions through the 2 steps (1st and 2nd steps) and security policy will be explained. This study aims to improve the security function of the e-government framework and contribute to the vitalization of the service.

• The Journal of Society for e-Business Studies
• /
• v.22 no.1
• /
• pp.89-106
• /
• 2017

In advanced mobile devices environment, the market share of mobile application has been increased. Among various mobile services, Location-based Service (LBS) is an important feature to increase user motivation related to purchase intention on mobile. However, individual privacy has also increased as an important problem for invasion of privacy and information leakage while too many LBS based applications (App) rapidly launched in the App market. In this study, we focused on perceived values of LBS App users who use Apps related to recommending best restaurants in China and South Korea. The purpose of this study is to identify important factors for perceived value when users provide personal information for LBS service provider. The result of this study is follows: perceived value can increase while LBS customers can more control self-information and information useability. Also information ability of users affected perceived values for LBS Apps. Also users' app user ability and perceived value were effects on privacy revenue. In addtion, perceived weakness of users and perceived value increased privacy threat.

• Korean Security Journal
• /
• no.46
• /
• pp.189-216
• /
• 2016

In March 2015, the North Korean UAVs (Unmanned Aerial Vehicles) were found and countries around the world have actively developed UAVs. UAVs or Drone have become commercialized and more civilians use UAVs for leisure. The positive possibilities of UAV use expand. However, there could be the negative sides of UAV use. The UAVs could be used for the purpose of various crime, cybercrime, and terrorism. For instance, hacking devices attached drone could be infiltrated into the sensitive networks to steal personal informations and public data. This could be a new dimension of cybercrime. As the number of internet users and cyberspace rapidly expands, problems of crimes could be worsened both quantitatively and qualitatively. By contrast, defensive measures against such threats are limited. Especially, the Korean society is vulnerable despite its well-advanced internet and computer network technology. This article investigates the current UAV types and its developments, discusses various possibilites of UAV-related crime, cybercrime, and terrorism, and proposes responses.

• The Journal of the Korea Contents Association
• /
• v.21 no.6
• /
• pp.51-61
• /
• 2021

In the era of the 4th industrial revolution symbolized by the Internet of Things, big data and artificial intelligence, various embedded devices are increasing exponentially. These devices have communication functions despite their low specifications, so the possibility of personal information leakage is increasing, and security threats are also increasing. Embedded devices can have security issues at most levels, from hardware to services over the network. In addition, it is difficult to apply general security techniques because it has characteristics of resource constraints such as low specifications and low power, and the related technology has not been standardized. In this study, we present vulnerabilities and possible problems and considerations in applying SDN to embedded devices in consideration of structural characteristics and real-world discovered cases. This study presents vulnerabilities and possible problems and considerations when applying SDN to embedded devices. From a hardware perspective, we consider the problems of Wi-Fi chips and Bluetooth, the problems of open flow implementation, SDN controllers, and examples of structural properties. SDN separates the data plane and the control plane, and provides a standardized interface between the two, enabling efficient communication control. It can respond to the security limitations of existing network technologies that are difficult to respond to rapid changes.