• Information and Communications Magazine
• /
• v.33 no.12
• /
• pp.28-34
• /
• 2016

최근 IoT 시장이 크게 확대되고 있으며, 이에 따라 IoT 보안의 중요성에 대한 인식도 커지고 있다. 그러나 아직까지 IoT 보안에 대한 정책적 대응은 진행중에 있다. IoT 환경은 실생활과 밀접하게 관련되어 있는 바, 보안 사고가 발생하면 큰 피해가 예상되므로 시급한 보안 대책 수립이 필요한 상황이다. 본 고에서는 IoT 제품의 보안성 관리를 위한 고려사항 및 관리방안을 살펴본다.

• Convergence Security Journal
• /
• v.14 no.5
• /
• pp.65-74
• /
• 2014

Phishing scans through wired telephones have been evolving into smissing and pharming. While we use wire or wireless telephones, text messages, e-mails, and online-banking conveniently, the ways of hacking and phishing attacks are getting developed and various. This paper investigates the various aspects of attacks depending on the kinds of phishing and suggests general prevention measures. In addition, the user-oriented practical preventive measures and government-driven long term measures are proposed in this paper. Technological developments, short or long term preventive measures proposed by the government, and continuous public relations could be solutions since in a short time, it could be difficult to eradicate phishing scams evolving continuously. Besides, the internet media as well as SNS are great helps in promoting the preventives against phishing and smissing. Finally this paper asserts that the newly developed service technology should be made carefully without security problems.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.19 no.11
• /
• pp.2615-2622
• /
• 2015

Using the mobile device, such as Smartphones tablet PC, online banking and e-commerce, as well as process and to their work. While going to high availability and convenience of mobile devices castle, SNS, letters, using an email Smishing financial fraud and leakage of personal information such as crime has occurred many. Smishing smartphone accidents increased sharply from 2013, MERS infection cases, landmine provocative events, such as the delivery of Thanksgiving has occurred cleverly using social engineering techniques. In this paper, i analyze the trends in Smishing hacking attacks on mobile devices since 2014. With regard to social issues, it analyzes the process of hacking attacks Smishing leading to financial fraud to mobile users. And, in this paper, i propose a secure way and measures of financial damage for mobile Smishing hacking.

• Journal of the Korea Society of Computer and Information
• /
• v.25 no.9
• /
• pp.81-90
• /
• 2020

In order to operate multi drone efficiently, existing control methods must be improved, and drones must be able to construct communication networks autonomously. FANET(Flying Ad-Hoc Network), which is being considered as an alternative to solving these problems, is based on ad hoc network technology and can be exposed to a variety of security vulnerabilities. However, due to the limited computational power and memory of FANET nodes, and rapid and frequent changes in network topology, it is not easy to apply the existing security measures to FANET without modification. Thus, this paper proposes lightweight security measures applicable to FANET, which have distinct characteristics from existing ad hoc networks by utilizing PUF technology. The proposed security measures utilize unique values generated by non-replicable PUFs to increase the safety of AODV, FANET's reactive routing protocol, and are resistant to various attacks.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.16 no.4
• /
• pp.737-744
• /
• 2012

Recently VoIP has provided voice(both wired and wireless from IP-based) as well as the transmission of multimedia information. VoIP used All-IP type, Gateway type, mVoIP etc. Wired and wireless VoIP has security vulnerabilities that VoIP call control signals, illegal eavesdropping, service misuse attacks, denial of service attack, as well as wireless vulnerabilities etc. from WiFi Zone. Therefore, the analysis of security vulnerabilities in wired and wireless VoIP and hacking incidents on security measures for research and study is needed. In this paper, VoIP (All-IP type, and for Gateway type) for system and network scanning, and, IP Phone to get the information and analysis of the vulnerability. All-IP type and Gateway type discovered about the vulnerability of VoIP hacking attacks (Denial of Service attacks, VoIP spam attacks) is carried out. And that is a real VoIP system installed and operated in the field of security measures through research and analysis is proposed.

• The Journal of the Korea Contents Association
• /
• v.13 no.4
• /
• pp.389-398
• /
• 2013

This study aims to support rational security investment decision making through prioritizing on operational level of management measures strategically, in carrying out industrial security activities. For this, AHP survey is conducted against industrial security professionals and analyzed. Thereafter, the importance and the priority of industrial security management measures are determined. As a result, in a comparison evaluation among the criteria, 'ICT service management' represents the highest weight (0.54). And the sub-criteria could be divided into three groups (Group I, II, III), depending on their importance. The sensitivity analysis results show that if the weight of the criterion, 'ICT systems/networks access control' is doubled, the sub-criteria, 'O/S access control', 'application access control', and 'wired/wireless network access control' are enter into top rank group. In case of the criterion, 'physical/environmental security' is doubled, the sub-criteria, 'protection zoning/access control' and 'disaster prevention on business equipment/counter-terrorism' are enter into the top rank group, 'securing utilities' is enter into the mid rank group.

• Convergence Security Journal
• /
• v.13 no.6
• /
• pp.83-89
• /
• 2013

When applying web hacking techniques and methods it needs to configure the integrated step-by-step and run an information security. Web hackings rely upon only one way to respond to any security holes that can cause a lot. In this study the diagnostic process of cross-site scripting attacks and web hacking response procedures are designed. Response system is a framework for configuring and running a step-by-step information security. Step response model of the structure of the system design phase, measures, operational step, the steps in the method used. It is designed to secure efficiency of design phase of the system development life cycle, and combines the way in secure coding. In the use user's step, the security implementation tasks to organize the details. The methodology to be applied to the practice field if necessary, a comprehensive approach in the field can be used as a model methodology.

• Convergence Security Journal
• /
• v.10 no.3
• /
• pp.1-7
• /
• 2010

One of celebrities using Social media caught public's eye and interest in Korea. Thereby the number of the user has grown rapidly and by last year it had reached to about 770 million. But at the same time, it has brought us social issues such as invasion of privacy, spreading of malicious code, and stealing of ID. To solve these problems, first the government need to establish adequate law and policy. Second, Service provider should remove vulnerability in the security system and filter illegal information. Third, individual user should put more effort to protect their own privacy. This paper will suggest a solution of using the Social media more sound and secure.

• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 1994.11a
• /
• pp.288-302
• /
• 1994

A security risk analysis provides all information system with the capability to investigate and estimate the status of its security, and gives a guideline for establishing a safeguard against any means of security threats. The information system needs tile judicious and accurate why for performing a risk analysis since security policy and risk analysis of tile information system are based on risk analysis, The risk analysis is composed of two methods. mathematical approach and diagramming technique. Mathematical approach cannot yield a precise description of the real world. However, diagramming technique is more pragmatic since it overcomes this limitation. In this paper, we studied tile security risk analysis methods proposed in overseas such as INFOSEC [4], SRAG [5], FIPS65[6], and JRAM[7].

• Convergence Security Journal
• /
• v.10 no.3
• /
• pp.15-22
• /
• 2010

Information security is a critical issue for network centric warfare(NCW). This paper provides defense information security guidelines for NCW, especially for ubiquitous network computing environment. For this purpose, this paper identified changes of battle aspect of tactical level and characteristics of information threats, and finally, the research suggested several information security guidelines for NCW. This paper is to intended to help military organization's planners determine practical and implemental plans in the near future.