• THE INTERNATIONAL COMMERCE & LAW REVIEW
• /
• v.15
• /
• pp.239-261
• /
• 2001

There are many kinds of risk in int'l trade by internet network, such as credit risk, mercantile risk, contingency risk, exchange risk, physical risk and the risk on internet network. Especially, risk management against credit risk and the risk on internet network are very important. The former is conventional but more important these days. The latter is a new risk that has been incurred owing to the int'l trade by internet network. The system of risk management against the former are firstly, to surely research credit of counterpart by internet, secondly, to certify the entity by password or fingerprint, thirdly, to pay the price under a letter of credit, fourthly, to use the system of int'l trade such as bolero, trade card, finally, to use the authority of electronic trade services. The system of risk management against the latter are firstly, to install the firewall on the own computer network, secondly, to entrust the management own computer network to the network security services firm, thirdly, to electronically communicate with counterpart through the certification authority, finally, to insure against the own network risk with the security insurance company.

• IEMEK Journal of Embedded Systems and Applications
• /
• v.8 no.6
• /
• pp.303-309
• /
• 2013

Cloud storage services are used for efficient sharing or synchronizing of user's data across multiple mobile devices. Although cloud storages provide flexibility and scalability in storing data, security issues should be handled. Currently, typical cloud storage services offer data encryption for security purpose but we think such method is not secure enough because managing encryption keys by software and identifying users by simple ID and password are main defectives of current cloud storage services. We propose a secure data access method to cloud storage in mobile environment. Our framework supports hardware-based key management, attestation on the client software integrity, and secure key sharing across the multiple devices. We implemented our prototype using ARM TrustZone and TPM Emulator which is running on secure world of the TrustZone environment.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.5 no.1
• /
• pp.63-70
• /
• 2009

As individuals spend more time doing social and economic life on the web, the importance of protecting privacy against Phishing and Pharming attacks also increases. Until now, there have been researches on the methods of protection against Phishing and Pharming. However, these researches don't provide efficient methods for protecting privacy and don't consider Pharming attacks. In this paper, we propose an authentication protocol that protects user information from Phishing and Pharming attacks. In this protocol, the messages passed between clients and servers are secure because they authenticate each other using a hash function of password and location information which are certificated to clients and servers only. These messages are used only once, so that the protocol is secure from replay attacks and man-in-the-middle attacks. Furthermore, it is also secure from Pharming attacks.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.7 no.2
• /
• pp.39-46
• /
• 2011

Privacy IP hacking problems such as invasion of privacy, password cracking, voice wiretapping and internet over charged occurred, because VoIP internet voice phone service gradually spread. This thesis attempted to attack the VoIP service network by application. First use application to spoof IP address then attempted wiretap the VoIP service and sends a lot of messages to disturb service movement. At this point, we connected VoIP soft terminal, so we can operate real-time filtering operator to block the SIP Flooding offence by monitor the traffic and detect the location where it got attacked. This thesis used experiment to prove it is possible to detect the offence and defend from SIP Flooding offence.

• Management & Information Systems Review
• /
• v.6
• /
• pp.1-19
• /
• 2001

Partial transactions which use computer networks are formed in the cyberspace due to rapid progress of communication and computer technology. Electronic business transactions have security problems according to the special quality of opening networks, while it can be approached easily by anyone without being tied to time and places through Internets. To revitalize the electronic business transactions, security technology which can establish its security and trust is the prior task and both safe information communication and better information security service offer are essential factors. The method to exchange information through Internets must be made after confirming one another's exact connection in the mutual identity certification to prevent a lot of threat which can occur in the use of password techniques. To satisfy these electronic business transactions, we intend to increase understanding of authentication algorithm provided with authentication function of messages and users as well to plan safety and trust of business information and contents in the electronic business transactions.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.15 no.4
• /
• pp.71-84
• /
• 2019

Various researchers conducted the research on two-factor authentication suitable for wireless sensor networks (WSNs) after Das first proposed two-factor authentication combining the smart card and password. After then, To improve the security of user authentication, elliptic curve cryptography(ECC)-based authentication protocols have been proposed. Jiang et al. proposed a privacy-aware two-factor authentication protocol based on ECC for WSM for resolving various problems of ECC-based authentication protocols. However, Jiang et al.'s protocol has the vulnerabilities on a lack of mutual authentication, a risk of SID modification and a lack of sensor anonymity, and user's ID exposed on sensor node Therefore, this paper proposed security enhanced privacy-aware two-factor authentication protocol for wireless sensor networks to solve the problem of Jiang et al.'s protocol, and security analysis was conducted for the proposed protocol.

• Journal of Korea Multimedia Society
• /
• v.22 no.8
• /
• pp.823-831
• /
• 2019

In recent years, there has been developed systems such as a surveillance system and access control using a face recognition function instead of a password or an RFID chip, thereby reducing the risk of falsification. Moreover, deep learning technology has been applied to real-time face recognition technology in video, so it makes possible the development of access control system that improves the accuracy of recognition and efficiency of management. In this paper, we propose a real-time access management system based on face recognition using ResNet. The system is based on web server, which make it possible to manage the access by recognizing the person of the image through the camera and access information stored in the database. It can be accessed by a user application to receive various information. The implemented system identifies a person in real time and allows access control by accurately distinguishing whether they are members or not, and the test results can recognize in 0.2 seconds. The accuracy of recognition rate is up to about 97% depending on the experiment environment. With this system, access can be managed quickly and effectively, even many people rush to it.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.21 no.2
• /
• pp.49-60
• /
• 2011

Instant Messenger is one of the most popular communication service when translating message or data each other through Internet. For digital crime investigation, therefore, it is obviously important to obtain communication trace and contents derived from Instant Messenger. This is because that gathering traditional communication histories also have been important until now. However, extracting communication trace and contents are not easy because they are generally encrypted or obfuscated in local system, futhermore, sometimes they are located at server computer for Instant Messenger. This paper researches on extracting communication histories against NateOn, BuddyBuddy, Yahoo! messenger and Mi3 messenger, and obtaining user password or bypassing authentication system to Instant Messenger Service when a user use auto-login option.

• Journal of Digital Convergence
• /
• v.13 no.8
• /
• pp.315-320
• /
• 2015

User Authentication in Online service is essential for accurate and safe service. For this user authentication, One Time Password(OTP) is frequently used. To satisfy one-time-use characteristic of OTP, Offset information to generate OTP or final OTP value get generated through OTP generator or security card which could be lost. In this study, OTP generation method that bypasses OTP generator or security card by using health information collected from u-Health care system is proposed. Suggestion is that health information collected through wearable devices get utilized to offset information that are applied in OTP generations. OTP generated using suggested methods showed similar results than current OTP generation methods in the collision resistance test which tests how often it generate same authentication numbers, this implies that new proposed method can be applied to various on-line services.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.16 no.4
• /
• pp.41-46
• /
• 2016

Recently, many domestic and foreign corporates are concentrating in investment to wearable devices and users are provided with various service based on wearable devices 26% more than compared to last year. It is widely used in previous healthcare, smart work, smart home environment, and it is now introduced to get connection to fused service environment. However, as products of G company are commercialized, the security issue of personal information is causing dispute in society, and the danger of data management and security regarding telecommunication is increasing. Also, because the password system used in previous wireless environment is still in use, there are possible vulnerability considering the new and mutant security threat. This thesis conducted study about protocols that can exercise safe telecommunication in the basis of wearable devices. In the registration and certification process, the signature value is created based on the code value. The telecommunication method is designed to conduct safe telecommunication based on the signature value. As for the attack method occurring in the wearable device environment, the safety was analyzed and conducted performance evaluation of previous password system and proposal system, and verified about 14% of efficiency.