• The Journal of the Korea Contents Association
• /
• v.5 no.5
• /
• pp.43-50
• /
• 2005

POS system that become that is supply net administration and computerization fetters of customer management that become point in istribution network constructed database and use XML-Encryption that is certificate techniques of PKI and standard of security for security that is XML's shortcoming and design distributed processing POS system using XML for data integration by introduction of Ubiquitous concept. This POS system has four advantages. First, Because there is no server, need not to attempt authentication and data transmission every time. Second, can integrate data base by XML and improve portability of program itself. Third, XML data in data transmission because transmit data after encryption data safe .Fourth, After encode whenever process data for data breakup anger of POS system client program and elevation of the processing speed, transmit at because gathering data at data transmission.

• Journal of information and communication convergence engineering
• /
• v.8 no.4
• /
• pp.437-442
• /
• 2010

Ubiquitous mobile computing is becoming easier and more attractive in this ambient technological Internet world. However, some portable devices such as Personal Digital Assistant (PDAs) and smart phones are still encountering inherent constraints of limited storages and computing resources. To alleviate this problem, we develop a cost-effective protocol, iATA to transfer ATA commands and data over TCP/IP network between mobile appliances and stationary servers. It provides mobile users a virtual storage platform which is physically resided at remote home or office. As communications are made through insecure Internet connections, security risks of adopting this service become a concern. There are many reported cases in the history where attackers masquerade as legitimate users, illegally access to network-based applications or systems by breaking through the poor authentication gates. In this paper, we propose a mutual authentication and secure session termination scheme as the first and last defense steps to combat identity thief and fraud threat in particular for iATA services. Random validation factors, large prime numbers, current timestamps, one-way hash functions and one-time session key are deployed accordingly in the scheme. Moreover, we employ the concept of hard factorization problem (HFP) in the termination phase to against fraud termination requests. Theoretical security analysis discussed in later section indicates the scheme supports mutual authentication and is robust against several attacks such as verifiers' impersonation, replay attack, denial-of-services (DoS) attack and so on.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2015.10a
• /
• pp.753-756
• /
• 2015

Internet technology is universal, news from the Web browser, shopping, search, etc., various activities have been carried out. Its size becomes large, increasing the scale of information security incidents, as damage to this increases the safety for the use of the Internet is emphasized. IE browser is ASLR, such as Isolated Heap, but has been continually patch a number of vulnerabilities, such as various protection measures, this vulnerability, have come up constantly. And, therefore, in order to prevent security incidents, it is necessary to be removed to find before that is used to exploit this vulnerability. Therefore, in this paper, we introduce the purge is a technique that is used in the discovery of the vulnerability, we describe the automation technology related thereto. And utilizing the known vulnerabilities, and try to show any of the typical procedures for the analysis of the vulnerability.

• Journal of the Korea Society of Computer and Information
• /
• v.15 no.8
• /
• pp.107-115
• /
• 2010

RFID (Radio Frequency IDentification) technology, automatic identification and data capture technologies in ubiquitous computing is an essential skill. Low-cost Radio Frequency Identification tags using memory and no physical contact due to the ease of use and maintenance of excellence are going to use expanded. However, it is possible to the illegal acquisition of the information between RFID tags and readers because RFID uses the RF signal, and the obtained information can be used for the purpose of location tracking and invasion of privacy. In this paper, we proposed the security scheme to protect against the illegal user location tracking and invasion of privacy. The security scheme proposed in this paper, using Gray Code and reduced the capacity of the calculation of the actual tags, However, it is impossible for the malicious attacker to track information because tag information transmitted from the reader is not fixed. Therefore, even if the tags information is obtained by a malicious way, our scheme provides more simple and safe user privacy than any other protection methods to protect user privacy, because not actual information but encrypted information is becoming exposed.

• Journal of Digital Contents Society
• /
• v.19 no.2
• /
• pp.363-370
• /
• 2018

Ransomware detection has become a hot topic in computer security for protecting digital contents. Unfortunately, current signature-based and static detection models are often easily evadable by compress, and encryption. For overcoming the lack of these detection approach, we have proposed the dynamic ransomware detection system using data mining techniques such as RF, SVM, SL and NB algorithms. We monitor the actual behaviors of software to generate API calls flow graphs. Thereafter, data normalization and feature selection were applied to select informative features. We improved this analysis process. Finally, the data mining algorithms were used for building the detection model for judging whether the software is benign software or ransomware. We conduct our experiment using more suitable real ransomware samples. and it's results show that our proposed system can be more effective to improve the performance for ransomware detection.

• Journal of Korean Society of Disaster and Security
• /
• v.11 no.1
• /
• pp.15-22
• /
• 2018

Smart City is a sustainable city that provides a variety of city services to cities that are built with a mix of construction, information and communication technologies, etc. to improve the competitiveness and quality of life of the city. In this paper, we analyze trends of domestic and foreign smart cities and the smart city organization of local governments, and describe the direction of local government's smart city organization system to realize sustainable smart city.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.14 no.8
• /
• pp.1836-1842
• /
• 2010

Sensor network, which is technology to realize the ubiquitous environment, recently, could apply to the field of Mechanic & electronic Security System, Energy management system, Environment monitoring system, Home automation and health care application. However, feature of wireless networking of sensor network is vulnerable to eavesdropping and falsification about message. Presently, PKC(public key cryptography) technique using ECC(elliptic curve cryptography) is used to build up the secure networking over sensor network. ECC is more suitable to sensor having restricted performance than RSA, because it offers equal strength using small size of key. But, for high computation cost, ECC needs to enhance the performance to implement over sensor. In this paper, we propose the optimizing technique for multiplication, core operation in ECC, to accelerate the speed of ECC.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.8 no.1
• /
• pp.41-49
• /
• 2007

RFID in which subminiature IC chip with the indentified information is built a core technique that can recognize, trace and manage various information of an object using radio frequency in the age of Ubiquitous. Several pressing matters about an infringement of Privacy and a security of private information should be settled as soon as possible because an information of specific circumstance can be collected and used without any awareness by others as well as a private information. In addition, various algorithms with high level of security, which is normally used in wire, can be hardly applied to RFID tag because of a lot of restrictions of tag. In this report, designed-RFID tag based on the standard of ISO/IEC 18000-6 and the problems which originated from the technical procedure of that design were analyzed, and the algorithm which could be applied to the designed-tag was also investigated.

• The KIPS Transactions:PartC
• /
• v.19C no.1
• /
• pp.19-28
• /
• 2012

Wireless sensor network provides services anytime and anywhere they are requested. Especially, medical sensor network based on biosensors is applied a lot to biotechnology and medical engineering. In medical sensor network, people can make their health checked at home free from temporal and spatial constraints. In ubiquitous healthcare environment, people can get instant help even in the emergency, and in hospital, patients can be taken care of efficiently. In this environment, health and life related data are delivered, and the privacy and security of personal data are very important. In this paper, we propose user authentication and data communication mechanism in two modes, normal and urgent situation using cellular phone. Through our proposal, data can be transferred in quick and secure manner.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.17 no.4
• /
• pp.11-19
• /
• 2007

A ubiquitous network environment is a system where the user can avail of the network's services anytime, anywhere. To establish such an environment, studies continue being conducted on wireless communication technology and mobile terminals. The company that provides such services should have an established system for authentication, authorization and charging for users. This service is referred to as Authentication, Authorization, Accounting(AAA), and its aspects have been consistently studied. On the other hand, existing studies have been promoted with regard to the authentication and efficiency of the mobile terminal. One of the method is that the mobile terminal contacts to the home authentication server through the external authentication server every time it is required and; another one is to use a medium server to provide authentication in the middle between them. Thus, this study aims to determine the best method to use ticketing, where tickets are provided through a mobile terminal, complete with authentication and authorization features. Also, as it uses ticket, it can efficiently provide mobile verification processing.