Financial Security Agency

Seoul, South Korea

Financial Security Agency

Seoul, South Korea
Time filter
Source Type

Lee S.W.,Financial Security Agency | Lee J.I.,Financial Security Agency | Han D.-G.,Kookmin University
Proceedings - International Carnahan Conference on Security Technology | Year: 2014

Many online certificate-issuing services are being made available, and the use of those services has increased due to their convenience and diversification. However, development of new hacking techniques has introduced new threats to online certificate issuing services. In this study, we show that the data transmitted from an online certificate issuing server to output devices (such as a PC or printer) can be accessed by a hacker and modified into a false certificate and that the falsified document or certificates can be printed. In addition, we show that hackers can bypass forgery prevention software. Our findings show that the data located in the memory of an Internet browser that conducts the issuing of certificates can be accessed and manipulated, and that the forged certificate can be printed. We also determined that a forged certificate can be printed using the data located in the spool file. © 2013 IEEE.

Lim H.-J.,Financial Security Agency | Kim M.,Information and Communications Examination Bureau | Lee J.-H.,French Institute for Research in Computer Science and Automation | Seo D.-H.,Electronics and Telecommunications Research Institute | Chung T.M.,Sungkyunkwan University
IEEE Transactions on Vehicular Technology | Year: 2011

In this paper, we present a practical public key certificate structure that is combined with an authentication protocol for roaming across different wireless Internet service providers (ISPs). The design rationale is to enable the mutual authentication between the roaming mobile device (MD) and the visited network to be locally performed without invoking the MD's home ISP. The mutual authentication ensures that the visited network has authenticity as well as a mechanism for establishing the appropriate revenue stream for the roaming MD. The proposed scheme guarantees that the overhead associated with the authentication time is significantly reduced and that the impact of this overhead on the roaming MD is also minimized, although the nested depth of the network mobility is increased. In this paper, we use analytical comparisons to show that the proposed scheme creates less overhead than that of the previous approaches in terms of security and communication performance. © 2010 IEEE.

Kim M.,Korean Intellectual Property Office | Choo H.,Sungkyunkwan University | Mutka M.W.,Michigan State University | Lim H.-J.,Financial Security Agency | Park K.,Wonkwang University
Information Sciences | Year: 2013

In this paper, we study how to obtain Steiner trees appropriately for efficient multicast routing. We first introduce a scheme for generating a new weighted multicast parameter by efficiently combining two independent measures: cost and delay. We call our proposal the Weighted Parameter for Multicast Trees (WPMT) algorithm. The WPMT can be adjusted by the weight ω ε [0, 1]. For instance, if ω approaches 0, then the delay of the multicast tree may be relatively lower than the delay of other trees that are obtained as ω approaches 1. Otherwise, as the weight approaches 1 then the cost of the obtained tree may be relatively lower compared with other trees. A case study shows how to find an appropriate Steiner tree for each ω. The simulation results show that the use of the proposed WPMT produces results similar to the k-minimum Steiner tree algorithm. The WPMT can be applied to several existing multicast problems as we describe. We also propose several multicast algorithms using the WPMT in order to solve well-known multicast problems, and compare the proposed algorithms-based the WPMT with representative algorithms for the well-known problems. © 2013 Elsevier Inc. All rights reserved.

Jo H.,Financial Security Agency | Kim S.,Korea University | Won D.,Sungkyunkwan University
ACM International Conference Proceeding Series | Year: 2012

In mobile communication environment, mutual authentication is very important. Lu et al. proposed an anonymous mutual authentication protocol with provable link-layer location privacy. In this paper, we identify a flaw in their design and demonstrate that the Lu et al. protocol is vulnerable to the QoS (Quality of Service) of a packet's sending/receiving state and to DoS (Denial of Service) attack. We then propose a method for improving the protocol. We hope that through this analysis of flaws in the protocol, similar structural mistakes can be avoided in future designs, similar structural mistakes can be avoided in future designs. Copyright 2012 ACM.

Jo H.,Financial Security Agency | Kim S.,Korea University | Won D.,Sungkyunkwan University
KSII Transactions on Internet and Information Systems | Year: 2011

Information security management systems (ISMSs) are used to manage information about their customers and themselves by governments or business organizations following advances in e-commerce, open networks, mobile networks, and Internet banking. This paper explains the existing ISMSs and presents a comparative analysis. The discussion deals with different types of ISMSs. We addressed issues within the existing ISMSs via analysis. Based on these analyses, then we proposes the development of an information security management evaluation system (ISMES). The method can be applied by a self-evaluation of the organization and an evaluation of the organization by the evaluation committee. The contribution of this study enables an organization to refer to and improve its information security levels. The case study can also provide a business organization with an easy method to build ISMS and the reduce cost of information security evaluation. © 2011 KSII.

Kim T.K.,Seoul Theological University | Lim H.J.,Financial Security Agency | Nah J.H.,Electronics and Telecommunications Research Institute
International Journal of Security and its Applications | Year: 2013

In this paper, we proposed the model which can support fraud detection in ICT application service. Fraud detection service monitors and analyzes user activity and behavior at the application level (rather than at the system, database or network level) and watches what transpires inside and across accounts, using any channel available to a user. It also analyzes behavior among related users, accounts or other entities, looking for organized criminal activity, corruption or misuse. This model can be used in e-banking, e-payment, e-government and enterprise remote access, etc. © 2013 SERSC.

Kim S.-H.,Electronics and Telecommunications Research Institute | Jin S.-H.,Electronics and Telecommunications Research Institute | Lim H.-J.,Financial Security Agency
International Conference on Advanced Communication Technology, ICACT | Year: 2010

The Identity Management (IdM) is a technology for systematically managing an entity's identity. There exist several kinds of IdM technology and are complicated to present a method for intersection and integration among them. It is also difficult to provide a consistent level of security because of mutually different certification mechanisms and strengths even in case of using a same IdM technology. Although authentication technologies manage the important role in the security, the IdM technologies describe a correlation with the authentication technologies in the abstract and general level. They do not well present how to request the necessary authentication technique and how to be offered as any kind of authentication type. This paper presents a method that provides an integration of the IdM technologies through the common authentication framework. The framework is able to configure dynamic CoT (Circle of Trust) according to each authentication technology. It also offers a consistent experience to the users not limited to a specific CoT. If a user passes a specific authentication level, the user can be offered an important service from non-trusted CoT which has a different IdM technology. Namely, the proposed framework provides the CoTs to integrate with dynamic relationship in the Internet level.

Kim A.C.,Korea University | Lee S.M.,Financial Security Agency | Lee D.H.,Korea University
International Journal of Security and its Applications | Year: 2012

In this paper, we analyze relationships between EFT (Electronic Financial Transaction) Act of Korea and risk assessment standards and propose the map that helps financial institutions determine the priority of security control areas. It is a new method for financial information security risk identification and assessment through correlation analysis between the variety security standards and requirements. We attempt to integrate different information security standards and propose risk assessment measures specializing in financial companies based on the mixed methods of quantitative and qualitative methods to determine the priority through the calculation of weights. From the results of correlation analysis, three main security control areas are found to be more important than other areas and it can be utilized as a risk management measure about security countermeasures. In addition, financial companies should improve three main security control areas in an interval of at least 10 months. We expect that our result can be provided to security manager and IT auditor for establishment of risk mitigation strategies as basic data.

Loading Financial Security Agency collaborators
Loading Financial Security Agency collaborators