• Review of KIISC
• /
• v.11 no.3
• /
• pp.65-74
• /
• 2001

SC27의 WG2는 정보기술보안 그 자체에 대한 표준을 만드는 Working Group이다. SC27 소개는 한국통신정보보호학회지 제3권 제2호 (1993년 6월)를 참고하기 바라며, 본 고에서 소개하는 오슬로 회의(2001. 4) 이전에 개최된 21차 동경 회의(2000. 10)는 동 학회지 제11권 1호(2001년 2월)을 참고하면 본 고를 이해함에 있어 많은 도움이 될 것으로 사료된 다. 본 고에서는 지난 2001 4. 23(월)∼27(금) 노르웨이 오슬로에서 개최된 22차 회의에 다녀와서 보안기술 표준화에 관한 최신 정보를 이 분야의 관심이 있는 전문가들에게 전파하고자 각 과제별로 진행사항과 회의결과 및 회의 중 특기할 사항들을 정리하였다.

• Review of KIISC
• /
• v.30 no.6
• /
• pp.23-30
• /
• 2020

2G에서부터 5G 이동 통신 시대까지 허위 기지국 공격의 위협은 이어져 왔다. 허위 기지국은 정상 기지국으로 위장하여 사용자의 정보를 수집하거나 서비스 거부 공격 등을 수행하는 기지국을 말한다. 바로 이전 세대인 LTE에서는 가짜 재난 문자, 멀웨어 전파, Device Bidding Down 공격 등의 사례가 발표 또는 보고되었다. 5G에서도 LTE의 공격 사례와 같은 공격들이 발생할 수 있어 이에 대한 보안 대책이 연구될 필요가 있다. 현재 3GPP TR 33.809 문서에서 5G에서의 허위 기지국 관련 주요 이슈와 솔루션들이 논의되고 있다. 본 논문에서는 TR 33.809 문서를 바탕으로 5G의 보안을 위한 허위 기지국 대응에 대한 주요 이슈들을 중심으로 분석한다.

• Convergence Security Journal
• /
• v.11 no.1
• /
• pp.57-69
• /
• 2011

Many heterogeneous Intrusion Detection Systems(IDSs) based in misuse detection technique including the self-developed IDS are now operating in Defense-ESM(Enterprise Security Management System). IDS based on misuse detection may have different capability in the intrusion detection process according to the frequency and quality of its signature update. This makes the integration and collaboration with other IDSs more difficult. In this paper, with the purpose of creating the proper foundation for integration and collaboration between heterogeneous IDSs being operated in Defense-ESM, we propose an effective mechanism that can enable one IDS to propagate its new detection rules to other IDSs and receive updated rules from others. We also prove the performance of rule exchange and application possibility to defense environment through the implementation and experiment.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.4
• /
• pp.617-635
• /
• 2021

Internet of Things (IoT) devices connected to the network without appropriate security solutions have become a serious security threat to ICT infrastructure. Moreover, due to the nature of IoT devices, it is difficult to apply currently existing security solutions. As a result, IoT devices have easily become targets for cyber attackers, and malware attacks on IoT devices are actually increasing every year. Even though several security solutions are being developed to protect IoT infrastructure, there is a great risk to apply unverified security solutions to real-world environments. Therefore, verification tools to verify the functionality and performance of the developed security solutions are also needed. Furthermore, just as security threats vary, there are several security solution s that defend against them, requiring suitable verification tools based on the characteristics of each security solution. In this paper, we propose an high-speed malware propagation tool that spreads malware at high speed in the IoT infrastructure. Also, we can verify the functionality of the security solution that detect and quickly block attacks spreading in IoT infrastructure by using the high-speed malware propagation tool.

• Convergence Security Journal
• /
• v.18 no.5_1
• /
• pp.53-58
• /
• 2018

MANET transmits data by hop-by-hop method because it is composed of mobile nodes without support of any infrastructure. Its structure is very similar to a block chain. However, it is exposed to various threats such as data tampering or destruction by malicious nodes because of transmission method. So, ensuring the integrity of transmitted data is an important complement to MANET. In this paper, we propose a method to apply the block chain technique in order to protect the reliability value of the nodes consisting the network from malicious nodes. For this, hierarchical structure of a cluster type is used. Only cluster head stores the reliability information of the nodes in a block and then, this can be spread. In addition, we applied block generation difficulty automatic setting technique using the number of nodes selecting cluster head and the reliability of cluster head to prevent the spread of wrong blocks. This can prevent block generation and spread by malicious nodes. The superior performance of the proposed technique can be verified by comparing experiments with the SAODV technique.

• Journal of the Korea Society of Computer and Information
• /
• v.14 no.1
• /
• pp.25-33
• /
• 2009

In various fields, ISO/IEC 11179-based MDR (Metadata Registry) systems have been developed. However, the current systems do not observe the standard, so inconsistency issue between metadata arises. Most of all, there exist several problems because ISO/IEC 11179 provides no standardized access method. SQL/MDR has been suggested to resolve those problems. SQL/MDR supports search operations, but it does not provide operations for vaild building and safe access for MDR. This paper, in the aforementioned issues, suggests MCL(Metadata Control Language) to guarantee safe and easy access control. MCL offers predefined roles and authority of user groups defined in ISO/IEC 11179 Part 6, and users are assigned to a proper user group. With such a way, MCL increases usability and security.

• Convergence Security Journal
• /
• v.19 no.4
• /
• pp.97-105
• /
• 2019

With the possibility of wireless control of the aircraft by Nicola Tesla, Unmanned Aerial Vehicle(UAV) was mainly used for military and defense purposes with the rapid development through World War I and II. As civilian applications of unmanned aerial vehicles have expanded, they have been used with various services, and attempts have been made to control various environmental changes and risk factors of unmanned aerial vehicles. However, GPS spoofing, Jamming attack and security accidents are occurring due to the communication in the unmaned aerial vehicle system or the security vulnerability of the unmanned aerial vehicle itself. In order to secure introduction of Unmanned aerial vehicle, South Korea has established Unmanned Aerial Vehicle verification system called Airworthiness Certification. However, the existing cerfication system is more focused on test flight, design and structure's safety and reliability. In this paper, we propose a unmanned aerial vehicle system model and propose security functional requirements on unmanned aerial vehicle system in the corresponding system model for secure-introduction of Unmanned Aerial Vehicle. We suggest the development direction of verification technology. From this proposal, future development directions of evaluation and verification technology of Unmanned Aerial Vehicle will be presented.

• KIPS Transactions on Computer and Communication Systems
• /
• v.7 no.10
• /
• pp.251-258
• /
• 2018

Ransomware, a malicious software that requires a ransom by encrypting a file, is becoming more threatening with its rapid propagation and intelligence. Rapid detection and risk analysis are required, but real-time analysis and reporting are lacking. In this paper, we propose a ransomware infection detection system using social big data mining technology to enable real-time analysis. The system analyzes the twitter stream in real time and crawls tweets with keywords related to ransomware. It also extracts keywords related to ransomware by crawling the news server through the news feed parser and extracts news or statistical data on the servers of the security company or search engine. The collected data is analyzed by data mining algorithms. By comparing the number of related tweets, google trends (statistical information), and articles related wannacry and locky ransomware infection spreading in 2017, we show that our system has the possibility of ransomware infection detection using tweets. Moreover, the performance of proposed system is shown through entropy and chi-square analysis.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2017.10a
• /
• pp.360-361
• /
• 2017

The infrastructure of the country and society is connected to cyberspace. Malicious codes that steal financial information from websites such as plastic surgeons, dentists, and hospitals that are confirmed as IP in Daegu South Korea area are spreading In particular, financial information is an important privacy target. Takeover of financial information leads to personal financial loss. In this paper, we analyze the recent pharming malicious code that takes financial information. Attack files with social engineering methods are spread as executables in the banner, disguised as downloaders. When the user selects the banner, the attack file infects the PC with malicious code to the user. The infected PC takes users to the farming site and seizes financial information and personal security card information. The fraudulent financial information causes a financial loss to the user. The research in this paper will contribute to secure financial security.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.21 no.3
• /
• pp.183-188
• /
• 2011

According to increased multimedia data(i.e., MPEG video stream) in mobile application, protecting data becomes an important problem in the multimedia data delivery. SECMPEG is a selective encryption approach for protecting multimedia data. However, the computational overhead of SECMPEG's security level 3 is quite large because it encrypts the whole I-frames whose size is relatively larger than P/B-frames. Therefore, we need to analyze the characteristics of MPEG2 standard and derive an effective encryption of the I-frames. In this paper, we propose a slice-level, selective encryption approach by using the error-propagation characteristics of I-frames by a receiver. Our experimental results show that the proposed approach can reduce the execution time of SECMPEG's security level 3 by a factor of 30 without degradation of the security.