Journal of Korea Society of Digital Industry and Information Management (디지털산업정보학회논문지)

Korea Society of Digital Industry and Information Management (디지털산업정보학회)
권호 표지
DOI QR코드

DOI QR Code

A Study on Security Consideration and Utilization of Domestic Encryption Algorithm for Developing Secure Smartphone Applications

안전한 스마트폰 애플리케이션 개발을 위한 보안 고려사항 및 국산암호알고리즘 적용 방안 연구

  • 김지연 (KISA ISMS, PIMS) ;
  • 전웅렬 (성균관대 전기전자및컴퓨터공학과) ;
  • 이영숙 (호원대학교 사이버수사경찰학부) ;
  • 김미주 (한국인터넷진흥원 연구개발팀) ;
  • 정현철 (한국인터넷진흥원 연구개발팀) ;
  • 원동호 (성균관대 정보통신공학부)
  • Received : 2011.01.31
  • Accepted : 2011.03.05
  • Published : 2011.03.30
Download PDF
⟨ Previous Next ⟩

Abstract

A smartphone is a mobile phone that offers more advanced computing ability and connectivity than a contemporary basic feature phone. Unlike feature phone, a smartphone allows the user to install and run more advanced applications based on a specific platform. Smartphones run complete operating system software providing a platform for application developers. A smartphone will become the default computing method for many point activities in the not-too-distant future, such as e-mail, online shopping, gaming, and even video entertainment. For smartphone that contains sensitive information and access the Internet, security is a major issue. In the 1980s, security issues were hardly noticed; however, security is a major issue for users today, which includes smart phones. Because security is much more difficult to address once deployment and implementation are underway, it should be considered from the beginning. Recently our government recognized the importance of smartphone security and published several safety tips for using the smartphone. However, theses tips are user-oriented measures. Maintaining the security of a smartphone involves the active participation of the user. Although it is a important users understand and take full advantage of the facilities afforded by smarphone, it is more important developers distribute the secure smartphone application through the market. In this paper we describe some scenarios in which user is invaded his/her privacy by smartphone stolen, lost, misplaced or infected with virus. Then we suggest the security considerations for securing smartphone applications in respect with developers. We also suggest the methods applying domestic encryption algorithms such as SEED, HIGHT and ARIA in developing secure applications. This suggested security considerations may be used by developers as well as users (especially organizations) interested in enhancing security to related security incidents for current and future use of smartphones.

Keywords

References

  1. 이영숙, 김지연, "스마트폰 보안 기술 분석", 디지털산업정보학회 논문지, 제6권, 제2호, 2010, pp. 91-105.
  2. 강동호, 김기영, "개방형 모바일 환경에서 스마트폰 보안기술", 한국정보보호학회지, 제19권, 5호, 2009, pp. 21-28.
  3. 이정우, 박대우, "휴대폰과 스마트폰의 모바일 포렌식 추출방법 연구", 디지털산업정보학회 논문지, 제6권, 제3호, 2010, pp. 79-89.
  4. 방송통신위원회, "스마트폰 정보보호 이용자 10대 안전 수칙", http://www.kisa.or.kr. 2010. 2.
  5. 금융감독원, "스마트폰 전자금융서비스 안전대책", http://www.fss.or.kr/. 2010. 1.
  6. 금융감독원, "스마트폰 금융거래 10계명", http://www.fss.or.kr/. 2011. 2.
  7. 아이폰 앱스토어, www.apple.com/iphone/apps-for-iphone/
  8. 안드로이드 마켓, www.android.com/market/
  9. 허재두, 성정식, 손종무, 이현정, 정영식, 백의현, "모바일 앱스토어 기술동향", 전자통신동향분석, 제25권, 제3호, 2010.
  10. 한컴뷰어, www.haansoft.com
  11. Quickoffice, www.quickoffice.com/quickoffice_connect_suite_jphone/
  12. INIpay Mobile, www.inicis.com/
  13. Secret SMS, handheld.softpedia.com/
  14. NIST, "Guidelines on Cell Phone and PDA Security(SP 800-124)," http://csrc.nist.gov/publications/nistpubs/800-124/SP800-124.pdf, 2008. 10.
  15. MS, "A Practical Guide to the Smartphone Application Security and Code Signing Model for Developers," http://msdn.microsoft.com/en-us /library/ms839377.aspx, 2003. 2.
  16. 한국인터넷진흥원, "암호이용안내서", http://www.kisa.or.kr, 2008. 7.