• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.21 no.5
• /
• pp.167-180
• /
• 2021

Due to the development of IT technology and the spread of infectious diseases, online non-face-to-face services are rapidly expanding. In particular, the information delivery process is also changing from the past postal branch-based to an information delivery system using mobile devices. This change is due to the change from the information delivery using the telephone line to the information delivery system using the Internet. Mobile notification service is a service that sends electronic notices to mobile devices held by users to deliver information and is validated for delivery, which has the advantage of reducing the benefits of unnecessary mail production, exposure to personal information, and misdelivery. However, user identification information must be provided to operators that provide mobile electronic notification services. In this paper, the current state of use of the mobile electronic notice service, which has been in effect since 2019, is investigated and analyzed, and the current mobile electronic notice service is to be safely provided and to take appropriate protection measures for personal information. In providing the mobile electronic notification service to users, it is possible to identify the service standards required by the sending agency, and based on this, prepare the technical standards for the mobile electronic notification service that the sending agency must comply with in advance and use it for the mobile electronic notification service.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.27 no.8C
• /
• pp.748-757
• /
• 2002

Cyber-terror trials are increased in nowadays and these attacks are commonly using security vulnerability and information gathering method by variable services grew by the continuous development of Internet Technology. IDS's application environment is affected by this increasing Cyber Terror. General Network based IDS detects intrusion by signature based Intrusion Detection module about inflowing packet through network devices. Up to now security in network is commonly secure host, an regional issue adopted in special security system but these system is vulnerable intrusion about the attack in globally connected Internet systems. Security mechanism should be produced to expand the security in whole networks. In this paper, we analyzer the DARPA's program and study Infusion Detection related Technology. We design policy security framework for policy enforcing in whole network and look at the modules's function. Enforcement of security policy is acted by Intrusion Detection system on gateway system which is located in network packet's inflow point. Additional security policy is operated on-line. We can design and execute central security policy in managed domain in this method.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.5
• /
• pp.1279-1294
• /
• 2016

Information security to use information technology(IT) in safety and reliability environment is becoming of great importance. In advanced countries including United States and United Kingdom are consistently expanding budget for information security. Korea also has been a growing interest in information security and Korea government announced plan to develop information security into next-generation growth engine. However, information security budget has increased slightly in recent years, so many national institutions and state governments have budget shortfall to perform information security work. Moreover budget items do not include generic contents about information security and there are confined to some security SW, HW and services. It is necessary to expand information security budget for enhancement national capabilities of information security. In this paper, we analyze the IT and information security budget situation for Korea and United States and propose effective budget expansion and improvement approaches for Korea.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.1
• /
• pp.187-198
• /
• 2018

Recently, financial transactions and electronic commerce in cyberspace are being performed more quickly and conveniently, with the development in diverse types of fintech and biometric authentication. But user authentication using passwords still occupies a big proportion even in these new services. therefore, safe creation and management of passwords is fundamental and indispensable to protect personal information and asset. This study examined the patterns of password usage by conducting a survey and analyzed factors influencing password security behavior intentions using the heath belief model. As a result, perceived susceptibility, perceived severity, perceived benefits, and perceived barriers significantly affected security behavior intentions, and especially, perceived severity had a moderating effect in other factors.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.6
• /
• pp.1467-1482
• /
• 2017

Recently, Interests on The Fourth Industrial Revolution has been increased. In the manufacturing sector, the introduction of Smart Factory, which automates and intelligent all stages of manufacturing based on Cyber Physical System (CPS) technology, is spreading. The complexity and uncertainty of smart factories are likely to cause unexpected problems, which can lead to manufacturing process interruptions, malfunctions, and leakage of important information to the enterprise. It is emphasized that there is a need to perform systematic management by analyzing the threats to the Smart Factory. Therefore, this paper systematically identifies the threats using the STRIDE threat modeling technique using the data flow diagram of the overall production process procedure of Smart Factory. Then, using the Attack Tree, we analyze the risks and ultimately derive a checklist. The checklist provides quantitative data that can be used for future safety verification and security guideline production of Smart Factory.

• Proceedings of the Korea Water Resources Association Conference
• /
• 2012.05a
• /
• pp.479-483
• /
• 2012

최근 국내외에서 기상이변에 따른 물 부족에 대응하고 먹는 물의 생산과 공급 효율성 향상을 위하여 스마트워터그리드에 대한 연구가 활발히 진행되고 있는 경향으로 이는 상수도 인프라시설의 운영오류, 자연재해, 사이버를 통한 의도적 공격 등에 대해 안전하고 신뢰성이 높은 시스템을 구축하기 위한 것이다. 또한 상수도 분야에서는 스마트 미터링 개념을 도입하여 상수관망에서 발생되는 각종 사고나 물 손실을 저감하기 위한 노력이 시도되고 있는 실정이다. 일반적으로 누수량이 많을 경우에는 누수의 징후가 지표면에서 확인이 가능하나 미세한 경우 탐사장비의 운영이나 인력의 투입을 통해 가능하다. 물 공급계통인 상수관망에서 물 손실을 저감시키기 위한 방법중 하나로서 수도미터로부터 기록되는 물 사용량 데이터를 이용하여 누수패턴을 추출함으로써 누수감시가 가능하도록 하는 모형을 개발하고자 하였다. 이는 탐사장비에 의한 누수감지와 상호 보완적을 활용할 수 있는 것으로서 사용량 자료를 분석하여 사전에 처리된 자료의 노이즈와 결함 있는 계측값을 필터링시키는 기법이 도입된 것이며 신속한 감지를 통해 누수 지속시간을 감소시킴으로서 누수량의 저감을 목표로 한다. 물 공급 네트워크를 보다 더 효율적 만들 수 있는 누수 감시모형은 상수관망의 운영에 필요한 정보를 도출하기 위하여 보다 정확하고 다양한 수학적 및 통계적 분석을 기반으로 구성되어 누수 외에도 각종 결함을 찾아내는 역할을 수행할 수 있다. 향후 다양한 지역을 이러한 수용가의 물 사용량 미터링 결과를 토대로 실제 사용량과 누수량을 분리하여 분석함으로써 국내 실정에 적합한 누수감시 기술배발 토대를 마련할 수 있을 것으로 판단되며, 누수저감을 위한 실질적인 상수관망의 운영관리 효율향상의 정보로서 활용이 가능할 것으로 판단된다.

• Journal of the Korea Convergence Society
• /
• v.12 no.1
• /
• pp.1-9
• /
• 2021

Recently, new types of security crimes have been steadily occurring in Korea due to environmental changes such as the development of IT technology, and responding to these threats has become a key national task for the establishment of a safe society as well as individuals and businesses. Meanwhile, as the Zero-Contact Era has arrived since the COVID-19 Pandemics, a new convergence security threat that combines the characteristics of the Zero-Contact Era with the existing IT development is threatening our society. Research to prevent and correct these new levels of threats is continuously required in this study. Chapter 1 examined the causes of new convergence security threats and Chapter 2 discussed cybersecurity, fake news, remote voting·work and video security threats as five major threats.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.22 no.5
• /
• pp.17-22
• /
• 2022

In this paper, we design a lightweight embedded device that can support intelligent edge computing, and show that the device quickly detects an object in an image input from a camera device in real time. The proposed system can be applied to environments without pre-installed infrastructure, such as an intelligent video control system for industrial sites or military areas, or video security systems mounted on autonomous vehicles such as drones. The On-Device AI(Artificial intelligence) technology is increasingly required for the widespread application of intelligent vision recognition systems. Computing offloading from an image data acquisition device to a nearby edge device enables fast service with less network and system resources than AI services performed in the cloud. In addition, it is expected to be safely applied to various industries as it can reduce the attack surface vulnerable to various hacking attacks and minimize the disclosure of sensitive data.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.34 no.1
• /
• pp.53-60
• /
• 2024

Security assessment is an indispensable process for a secure network, and appropriate performance indicators must be present to manage risks. The most widely used quantitative indicator is CVSS. CVSS has a problem that it cannot consider context in terms of subjectivity, complexity of interpretation, and security risks. To compensate for these problems, we propose indicators that itemize and quantify four things: attackers, threats, responses, and assets, taking into account the security context of ISO/IEC 15408 documents. Vulnerabilities discovered through network scanning can be mapped to MITREATT&CK's technology by the connection between weaknesses and attack patterns (CAPEC). We use MITREATT&CK's Groups, Tactic, and Mitigations to produce consistent and intuitive scores. Accordingly, it is expected that security evaluation managers will have a positive impact on strengthening security such as corporate networks by expanding the range of choices among security indicators from various perspectives.

• Journal of Platform Technology
• /
• v.12 no.3
• /
• pp.55-61
• /
• 2024

As the digital environment becomes more complex and cyber attacks become more sophisticated, the importance of data protection is emerging. As various security threats such as data leakage, system intrusion, and authentication bypass increase, secure key management is emerging. Key Management System (KMS) manages the entire encryption key life cycle procedure and is used in various industries. There is a need for a key management system that considers requirements suitable for the environment of various industries including public and finance. The purpose of this paper is to derive the characteristics of the key management system for each industry by comparing and analyzing key management systems used in representative industries. As for the research method, information was collected through literature and technical document analysis and case analysis, and comparative analysis was conducted by industry sector. The results of this paper will be able to provide a practical guide when introducing or developing a key management system suitable for the industrial environment. The limitations are that the analyzed industrial field was insufficient and experimental verification was insufficient. Therefore, in future studies, we intend to conduct specific performance tests through experiments, including key management systems in various fields.