• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.2
• /
• pp.437-447
• /
• 2018

Virtual Reality (VR) is becoming a new standard in the game industry. PokeMon GO is a representative example of VR technology. The day after the launch of PokeMon Go in the U.S, It has achieved the highest number of iOS App Store downloads. This is an example of the power of VR. VR comprises gyroscopes, acceleration, tactile sensors, and so on. This allow users could be immersed in the game. As new technologies emerge, new and different threats are created. So we need to research the security of VR technology and game system. In this paper, we conduct a threat analysis for information assurance of VR device (Oculus Rift) and game system (Quake). We systematically analyze the threats (STRIDE, attack library, and attack tree). We propose security measures through DREAD. In addition, we use Visual Code Grepper (VCG) tool to find out logic errors and vulnerable functions in source code, and propose a method to solve them.

• Journal of Convergence Society for SMB
• /
• v.6 no.2
• /
• pp.37-43
• /
• 2016

Due to the remarkable improvement of ICT, with the popularization of mobile devices and every sector of society connected by networks, an era, in which peer to peer, peer to thing, thing to thing can be connected to one another everywhere, has begun. As all the electronic devices are connected to Internet, they have become more intellectualized and automated, making convergence and process of information through the connection of the devices possible to provide a lot better services. However, those devices communicate mutually to send information and they are exposed to various security threats. Therefore, this study analyzes ZigBee, CoAP, MQTT, XMPP, which are communication-related technology of IoT, draws security threats they have, and suggests requirements that components of IoT should have. Plus, it examines real cases about security threats in IoT, and suggests a countermeasure so as to contribute to establishment of a basis for IoT to be used much more safely in the future.

• Journal of the Korea Society for Simulation
• /
• v.24 no.3
• /
• pp.9-16
• /
• 2015

This research focuses on analysis of the flight trajectory characteristics of SLBM (Submarine Launched Ballistic Missile) of North Korea. Recently, North Korea tested launching of SLBM which is threatening international security. Also it is known that North Korea had possessed the technologies about SLBM since they disassembled submarines out of commission of the former Soviet Union. If the development of the SLBM of North Korea is completed, it should be affected as asymmetric threat to South Korea. Therefore, for active respondence to these threat, it is essential to analyze the SLBM systematically. In this point of view, this work made a SLBM flight model and simulated. In addition, we controled flight trajectories according to adjusting loft angle and described their characteristics. The sea-based ballistic missile defense system is required for an effective response to the flight trajectory of the SLBM from mid-course to terminal phase.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.20 no.7
• /
• pp.211-217
• /
• 2019

In an complicated battlefield environment, information from enemy's camp is an important factor in carrying out military operations. For obtaining this information, the number of UAVs that can be deployed to the mission without our forces' loss and at low cost is increasing. Because the mission environment has anti-aircraft weapons, mission space is needed for UAV to guarantee survivability without being killed. The concept of Configuration Space is used to define the mission space considering with range of weapons and detect range of UAV. UAV must visit whole given area to obtain the information and perform Coverage Path Planning for this. Based on threats to UAV and importance of information that will be obtained, area that UAV should visit first is defined. Grid Map is generated and mapping threat information to each grid for UAV path planning. On this study, coverage conditions and path planning procedures are presented based on the threat information on Grid Map, and mission space is expanded to improve detection efficiency. Finally, simulations are performed, and results are presented using the suggested UAV path planning method in this study.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.5
• /
• pp.721-736
• /
• 2023

The Command and Control Framework was developed for penetration testing and education purposes, but threat actors such as cybercrime groups are abusing it. From a cyber threat hunting perspective, identifying Command and Control Framework servers as well as proactive responding such as blocking the server can contribute to risk management. Therefore, this paper proposes a methodology for tracking the Command and Control Framework in advance. The methodology consists of four steps: collecting a list of Command and Control Framework-related server, emulating staged delivery, extracting botnet configurations, and collecting certificates that feature is going to be extracted. Additionally, experiments are conducted by applying the proposed methodology to Cobalt Strike, a commercial Command and Control Framework. Collected beacons and certificate from the experiments are shared to establish a cyber threat response basis that could be caused from the Command and Control Framework.

• Journal of the Korea Society of Computer and Information
• /
• v.12 no.4
• /
• pp.239-248
• /
• 2007

There's been a difficulty for general corporate to adopt recent incident response study because those studies focus on nation wide CERT Coordination Center or large organization aspect. This study is focus on study and design on security ticket based CERT system through analysis Security management's threat element, attack element, response element and it also help general corporate establish incident response process that is adjusted on IT operation. Confirmed CERT model's effectiveness and effect of quantitative Security incident management way that propose executing Security incident response experiment on the basis of this way. This study which provides general corporate oriented CERT model can be used to improve corporate's capability of responding incident by quantified management technique and select incident response SLA indicator. Already, formation which operate CERT can heighten corporation's information protection level by measure Security incident response result as metrical and analyze and improve problem continuously.

• KSCI Review
• /
• v.15 no.1
• /
• pp.141-150
• /
• 2007

There's been a difficulty for general corporate to adopt recent incident response study because those studies focus on nation wide CERT Coordination Center or large organization aspect. This study is focus on study and design on security ticket based CERT system through analysis Security management's threat element, attack element. response element and it also help general corporate establish incident response process that is adjusted on IT operation. Confirmed CERT model's effectiveness and effect of quantitative Security incident management wav that propose executing Security incident response experiment on the basis of this way. This study which Provides general corporate oriented CERT model can be used to improve corporate's capability of responding incident by quantified management technique and select incident response SLA indicator. Already, formation which operate CERT can heighten corporation's information protection level by measure Security incident response result as metrical and analyze and improve problem continuously.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.4
• /
• pp.801-816
• /
• 2021

This study analyzes the political and legislative progress that although basic acts to establish an integrated system of cybersecurity are steadily being proposed, they have not been passed as legislative deadlocks under the two major parties. It shall be analyzed through Korea's legislative system, including differences in contents and interests of the disposal act, the timing and cycle of election ect. The study analyzes why the basic cybersecurity law was previously scrapped and faced political gridlock situation by analyzing the differences in the contents and interests of the two major parties, and the timing and cycle of the proposed legislation.

• Journal of Internet of Things and Convergence
• /
• v.8 no.5
• /
• pp.1-9
• /
• 2022

As various services are linked to IoT(Internet of Things) and portable communication terminals, cyber attacks that exploit security vulnerabilities of the devices are rapidly increasing. In particular, cyber attacks targeting heterogeneous devices in large-scale network environments through advanced persistent threat (APT) attacks are on the rise. Therefore, in order to improve the effectiveness of the response system in the event of a breach, it is necessary to apply a data enrichment mechanism for the collected artifact data to improve threat analysis and detection performance. Therefore, in this study, by analyzing the data supplementation common elements performed in the existing incident management framework for the artifacts collected for the analysis of intrusion accidents, characteristic elements applicable to the actual system were derived, and based on this, an improved accident analysis framework The prototype structure was presented and the suitability of the derived data supplementary extension elements was verified. Through this, it is expected to improve the detection performance when analyzing cyber incidents targeting artifacts collected from heterogeneous devices.

• Proceedings of the Korea Water Resources Association Conference
• /
• 2017.05a
• /
• pp.452-452
• /
• 2017

지속가능한 물관리는 필요한 용수(생활 공업 농업 유지)를 안정적으로 공급하기 위한 이수측면과 홍수피해를 최소화하기 위한 치수측면을 포함한 수량관리와 맑은 물 공급, 친수환경 조성, 생태계 보존을 위한 수질환경관리로 구분된다. 지속가능한 물관리를 실현하기 위해서 필수적으로 분석되어야 할 과학적 요소는 물순환과 관련된 각종 인자들의 변동성이며, 물순환은 크게 인간의 할동으로 인한 변화요소와 기후적인 변화요소에 의해 급진적으로 또는 점진적으로 변화된다. 본 연구에서는 청미천 유역을 대상으로 하여 홍수에 관한 잠재적 위협요인의 분석을 위한 RCP 4.5 및 8.5 시나리오 극한강우 사상의 통계적 특성 분석, 기후변화 시나리오에 대한 가뭄예측을 위한 수문순환 모형을 구축 및 수문학적 가뭄의 분석, 미래 수질을 모델링을 위한 기초자료 수집 및 매개변수 보정과 같은 연구를 수행하였다. 특히 본 연구에서는 극한강우사상을 이용하여 청미천 유역에서 발생될 수 있는 확률홍수량을 정상성 및 비정상성 빈도분석을 이용하여 파악하였으며, 이를 활용하여 기후변화 시나리오가 고려된 청미천 유역에서의 홍수량을 분석하여 그 결과를 비교 분석하였다.