• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.38B no.6
• /
• pp.473-484
• /
• 2013

Shorten URL service is the method of using short URL instead of long URL, it redirect short url to long URL. While the users of microblog increased rapidly, as the creating and usage of shorten URL is convenient, shorten url became common under the limited length of writing on microblog. E-mail, SMS and books use shorten URL well, because of its simplicity. But, there is no relativeness between the most of shorten URLs and their target URLs, user can not expect the target URL. To cover this problem, there is attempts such as changing the shorten URL service name, inserting the information of website into shorten URL, and the usage of shortcode of physical address. However, each ones has the limits, so these are the trouble of automation, relatively long address, and the narrowness of applicable targets. SHRT is complementary to the attempts, as getting the idea from the writing system of Arabic. Though the writing system of Arabic has no vowel alphabet, Arabs have no difficult to understand their writing. This paper proposes SHRT, new method of URL Shortening. SHRT makes user guess the target URL using Relative word of the lowest domain of target URL without vowels.

• Convergence Security Journal
• /
• v.16 no.3_2
• /
• pp.3-12
• /
• 2016

The purpose of this study is to analyse Modus Operandi of smishing. For the study, 87 cases of smishing crime reports and smishing experiences of victims were analysed and 10 police officers who investigates smishing crime were interviewed. The results indicated that smishing crime can be divided into the preparation stage and the implementation stage. In the preparation stage, two modus operandi patterns, collection of personal information and text message script composition, were identified. In the implementation stage, seven modus operandi patterns were identified: sending smishing text messages and installation of malicious mobile applications, leak personal information, sending personal information to smishing crime organization through online server, payment attempt using collected personal information, intercept authorization code, completion of payment using intercepted authorization code, and payment amount was delivered to victims. Further implications were discussed.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.3
• /
• pp.501-507
• /
• 2015

The online banking service handles a banking business over the internet, it is necessary to ensure that all financial transactions are processed securely. So, there are various authentication technique for e-banking service : a certificate, a personal identification number(PIN), a security card and a one-time password(OTP). Especially, the security card is most important means including secret information. If the secret information of card is leaked, it means not only loss of security but also easy to attack because security card is a difficult method to get. In this paper, we propose that a multi-channel security card saves an secret information in distributed channel. Proposed multi-channel security card reduces vulnerability of the exposed and has a function to prevent phishing attacks through decreasing the amount of information displayed and generating secret number randomly.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2013.10a
• /
• pp.790-793
• /
• 2013

Lastest Smishing is one of the hacking techniques target on the Android smartphone. Smishing using the SMS message is a new hacking techniques. smishing sends a message to the user included trojan address. It collects personal information and to control smartphones. In particular, without the user's knowledge of the retail payment service provider uses the service. It caused damage worth up to 300,000 won. It damage to users through different types of text messages. This paper Smishing typical methods and types are described in damages. This paper are described in damages and type by Smishing. This paper propose preventive and fundamental solution. We designed and implemented a anti-smishing system for android.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.22 no.1
• /
• pp.69-74
• /
• 2018

Recently, personal information leakage has caused phishing and spam. Previously developed systems focus on preventing personal information leakage. Therefore, there is a problem that the leakage of personal information can not be discriminated if there is already leaked personal information. In this paper, we propose a personal information hazard classification system based on web document analysis that calculates the hazard. The system collects web documents from the Twitter server and checks whether there are any user-entered search terms in the web documents. And we calculate the hazard classification weighting of the personal information leaked in the web documents and confirm the authority of the Twitter account that distributed the personal information. Based on this, the hazard can be derived and the user can be informed of the leakage of personal information of the web document.

• Journal of Digital Convergence
• /
• v.11 no.7
• /
• pp.215-223
• /
• 2013

As cloud computing is activated, a variety of cloud services are being distributed. However, to use each different cloud service, you must perform a individual user authentication process to service. Therefore, not only the procedure is cumbersome but also due to repeated authentication process performance, it can cause password exposure or database overload that needs to have user's authentication information each cloud server. Moreover, there is high probability of security problem that being occurred by phishing attacks that result from different authentication schemes and input scheme for each service. Thus, when you want to use a variety of cloud service, we proposed OpenID based user authentication scheme that can be applied to a multi-cloud environment by the trusted user's verify ID provider.

• Journal of Digital Convergence
• /
• v.16 no.7
• /
• pp.9-17
• /
• 2018

Recently, much attention in electronic financial fraud has been dramatically increased. In particular, the electronic financial fraud has been transforming to social engineering. Despite the growing interest in electronic financial fraud, few guidelines exist how to effectively avoid the serious damage from electronic financial fraud. Moreover, it is rarely investigated cases of victims from financial fraud. Therefore, the purpose of this study is to investigate why financial fraud crime victims occurs. To enhance mundane realism, we conducted Focus Group Interview(FGI) with actual victims from financial fraud crime. Drawing analysis of FGI with actual victims, we found that there are certain damage patterns. Further, we found that the reason why financial fraud crime victims occurs is optimistic biases of humans rooted in behavioral economics. Therefore, this study provides the valuable guidelines and directions to prevent electronic financial fraud based on risk and crisis management perspective. Ultimately, this study is able to help the establishment and implementation of a comprehensive electronic financial fraud prevention policy.

• Journal of Digital Contents Society
• /
• v.16 no.5
• /
• pp.815-822
• /
• 2015

By the growing of SMS phishing victims, applications for processing spam messages are being released in succession. However most spam messages that cleverly modified the content like separating the consonants and vowels are fail to be filtered. In this paper, we implemented an application 'AntiSpam' which is able to identify spam strings in the text message to solve this problem. 'AntiSpam' searches spam strings in the text message by using set-based POI search algorithm, and then calculate the possibility of whether it is spam or not in accordance with the search results. In addition, it catches skillfully disguised spam messages in order to avoid missing the spam filtering. Users, who received a message, can check the result in spam message possibility decision result and the contents of the message and they can choose how to handling the message.

• The KIPS Transactions:PartC
• /
• v.16C no.3
• /
• pp.335-346
• /
• 2009

Mobile environments are evolving the main communication environment as a develops of communication technology. In mobile environments, sensitive information can be compromised on-line, so demand for security has increased. Also, mobile devices that provide various services are in danger from malware and illegal devices, phishing and sniffing etc, and the privacy. Therefore, MTM(Mobile Trusted Module) is developed and promoted by TCG(Trusted Computing Group), which is an industry standard body to enhance the security level in the mobile computing environment. MTM protects user privacy and platform integrity, because it is embedded in the platform, and it is physically secure. However, a security approach is required when secret data is migrated elsewhere, because MTM provides strong security functions. In this paper, we analyze the TCG standard and migration method for cryptographic key, then we propose a secure migration scheme for cryptographic key using key Backup/Recovery method.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.16 no.9
• /
• pp.6282-6289
• /
• 2015

Today, there is an increasing number of cases in which certificate information is leak, and accordingly, electronic finance frauds are prevailing. As certificate and private key a file-based medium, are easily accessible and duplicated, they are vulnerable to information leaking crimes by cyber-attack using malignant codes such as pharming, phishing and smishing. Therefore, the use of security token and storage toke' has been encouraged as they are much safer medium, but the actual users are only minimal due to the reasons such as the risk of loss, high costs and so on. This thesis, in an effort to solve above-mentioned problems and to complement the shortcomings, proposes a system in which digital signature for Internet banking can be made with a simply bio-authentication process. In conclusion, it was found that the newly proposed system showed a better capability in handling financial transitions in terms of safety and convenience.