• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.5
• /
• pp.909-928
• /
• 2020

From the early 1970s, the US government began to recognize that penetration testing could not assure the security quality of products. Results of penetration testing such as identified vulnerabilities and faults can be varied depending on the capabilities of the team. In other words none of penetration team can assure that "vulnerabilities are not found" is not equal to "product does not have any vulnerabilities". So the U.S. government realized that in order to improve the security quality of products, the development process itself should be managed systematically and strictly. Therefore, the US government began to publish various standards related to the development methodology and evaluation procurement system embedding "security-by-design" concept from the 1980s. Security-by-design means reducing product's complexity by considering security from the initial phase of development lifecycle such as the product requirements analysis and design phase to achieve trustworthiness of product ultimately. Since then, the security-by-design concept has been spread to the private sector since 2002 in the name of Secure SDLC by Microsoft and IBM, and is currently being used in various fields such as automotive and advanced weapon systems. However, the problem is that it is not easy to implement in the actual field because the standard or guidelines related to Secure SDLC contain only abstract and declarative contents. Therefore, in this paper, we present the new framework in order to specify the level of Secure SDLC desired by enterprises. Our proposed CIA (functional Correctness, safety Integrity, security Assurance)-level-based security-by-design framework combines the evidence-based security approach with the existing Secure SDLC. Using our methodology, first we can quantitatively show gap of Secure SDLC process level between competitor and the company. Second, it is very useful when you want to build Secure SDLC in the actual field because you can easily derive detailed activities and documents to build the desired level of Secure SDLC.

• Convergence Security Journal
• /
• v.10 no.3
• /
• pp.43-49
• /
• 2010

With the development of information and communications technology(ICT), the concept of ubiquitous that we can communicate regardless of time and place appears. Due to the development of the technology delivering information, current society is called intellectualization society developed from informatization society. The intellectualization society is based on knowledge accumulated by processing information. The education methods are also developed into a concept of u-Learning applying the concept of ubiquitous from the concept of e-Learning using a computer. The military also points out education as a key policy. The aspect of war is changing to NCW(Network Centric Warfare) from platform centric warfare. Therefore, collecting and managing the war situations in real time is a key to controlling command. To this end, it needs to maximize individuals and groups' ability to cultivate the military with cutting-edge knowledge. Therefore, this study aims to look into methods to apply u-learning system in training and military actions according to changes in war environments and ICT.

• Convergence Security Journal
• /
• v.15 no.1
• /
• pp.59-68
• /
• 2015

Recently, the rapid development of science and technology is a new challenge and opportunity in the policing environment. In the major industrialized countries of the West presents a strategy called SMART Policing the police to strengthen police capacity in accordance with this social change and actively utilize the science and technology in policing field. In this study, we attempted to discuss our country for the establishment of security technology research and development organization. First, I propose that installed the R&D planning department at the Office of Planning and Coordination in the National Police Agency. Secondly, it is need to establish the (provisional) Police Science and Technology Center, that integrate the functions of each organization's R&D-related work. Finally, it should integrate Police Science Institute and the National Forensic Service in (provisional) Policing Technology Research Institute.

• Convergence Security Journal
• /
• v.13 no.2
• /
• pp.195-202
• /
• 2013

Defense reform our military for the globalization of information. Scientific command structure, troop structure, unit structure, step-by-step into the power structure while promoting a history of quantitative-oriented structure, and structure of the quality of state-of-the-art technology-driven transition in the middle of the bottle numberplans about the current 3.3-fold increase in reducing the cadre(officers and NCOs). NCO groups in the executive, especially expanding the current level of 100% increase in the rate of long-serving, while ensuring a stable job and to superior resources to secure a stable policy through science. Military alliance is now underway. In the midst of this group, and urged the group at the University of the leading military and specialized resources to ensure each agreement required by subjects to reflect. Thus effectively improve the quality of education and the demands of the job analysis, DACUM curriculum development methods and procedures can be applied at the time of urgent need for foster an excellent resource for the discharge of curriculum development at the University of Selected as a core job, career, and job classification configuration inside of Duty according to KST derived from the group reflect on the training courses to meet the requirements in the curriculum through the development of curriculum, job definition, job model set to propose.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.22 no.1
• /
• pp.202-210
• /
• 2018

The modern battlefield is being developed as a network-centric warfare where priority is given to rapid status grasp and power deployment through scientification and modernization. Therefore, tactical data link has been continuously improving the network speed, and recently, security technology is required for wireless communication with the UAV and various devices for reconnaissance. In addition, the future information warfare will utilize advanced IT technology positively. Efforts are needed to integrate various systems and networks. However, these efforts are meaningful only when they can assume sufficient security in a newly changing information and communication environment. In this paper, we propose a new cryptographic synchronization for link encryption suitable for tactical data links. The proposed cryptographic synchronization is useful for T4 UAV link encryption, and it is also adaptable for lower BER, then we analyze the performances analysis of that.

• Convergence Security Journal
• /
• v.14 no.1
• /
• pp.11-21
• /
• 2014

South Korea should not be in subordinate position in international relationships like the past. As the status of middle power. South Korea achieves peaceful unification through overcoming North Korea's nuclear and conventional threats, and builds military power in Northeast Asia as a 'balancer'. This can firstly be achieved by constructing "attack systems triad". 'attack systems triad' can be established through integrating the C41SR as a common strategy for the purposes of preemptive deterrence and retaliatory deterrence against the dangers of the present and the future. Second, denial deterrence can be achieved by establishing "defense system triad" by combining common military power and defensive weapon system. Finally, development of independent advanced technological strategies can be achieved by building defense industry and combination of research and development through constructing "Infra triad". As for constructing and reinforcing the future of the ROK military, a unilateral principle and policy efforts to achieve the aforementioned force construction models are needed. This can only be achieved through the government's national vision to take on the role of mediator and a basis founded upon the consensus of the public.

• Convergence Security Journal
• /
• v.17 no.2
• /
• pp.153-158
• /
• 2017

The robot imitates humans and recognizes the external environment and judges the situation. The robot is a machine that operates autonomously. Robots are divided into manufacturing robots and service robots. Service robots are classified as professional service robots and personal service robots. Because of the intensified competition of productivity in manufacturing industries, rising safety issues, low birth rate and aging, the robots industry is emerging. Recently, the robot industry is a complex of advanced technology fields, and it is attracting attention as a new industry where innovation potential and growth potential are promising. IT, BT, and NT related elements are fused and implemented, and the ripple effect is very large. Due to changes in social structure and life patterns, social interest in life extension and health is increasing. There is much interest in the medical field. Now the artificial intelligence (AI) industry is growing rapidly. It is necessary to secure global competitiveness through strengthening cooperation between large and small companies. We must combine R&D investment capability and marketing capability, which are advantages of large corporations, and robotic technology. We need to establish a cooperative model and secure global competitiveness through M&A.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.6
• /
• pp.1463-1475
• /
• 2019

Unlike the past, modern high-tech weapons systems are complex and many components are combined to form a weapons system. In addition, unlike the past, where hardware was the main component, the proportion of software is increasing every year, making the security assurance activities of weapon systems more difficult than in the past. The United States has been working to ensure the security of the weapons systems they develop since the 1960s. The findings were made to US internal standards, updated regularly, and are now being applied as RMF. In Korea, research activities have been conducted since 2010 based on the RMF of the United States. However, actual RMF application cases in the United States cannot be classified and obtained, and there are no official cases in Korea. In this paper, we apply Korean RMF research that has been studied so far to apply to the recently developed real weapon system. Thus, detailed guidelines for applying the RMF are presented.

• Convergence Security Journal
• /
• v.18 no.3
• /
• pp.123-132
• /
• 2018

North Korea's cyber warfare capability is becoming a serious security threat to Korea because most of the operational systems of social infrastructure and advanced weapons system are all networked. Therefore, the purpose of this article is to examine what the Korean government should do to strengthen cyber security capabilities toward North Korea. For this purpose, this article analyzed North Korea's cyber attack cases against Korea by categorizing according to threat type and purpose. The research findings are as follows. It is necessary first, to have aggressive cyber protection and attack capabilities; second, to establish an integrated cyber security control tower that can be overseen by the national government; third, to need to legislate domestic cyber- related laws; fourth, to build a multilateral & regional cyber cooperation system. The implication of these findings are that it needs to be strengthened the cyber security capability from the cyber threats of North Korea by minimizing the damage during the peacetime period and for the complete warfare in case of emergency.

• Convergence Security Journal
• /
• v.22 no.4
• /
• pp.75-84
• /
• 2022

In the 4th industry, drones are being used while having a close relationship with our lives. The development and use of various drones suggests a new paradigm for the domestic industry in the future, and is expected to become more advanced and scientific. Meanwhile, in the field of defense, efforts are being made in various ways to overcome the social phenomenon of reduced service resources. It is concentrating its efforts on strengthening the national defense power by preparing an exit strategy to supplement the shortage of service resources and to maintain and improve combat power, and by combining various science and technology related to the 4th industry. The military is planning to reinforce its combat power in connection with future industries to effectively respond and perform missions in preparation for the future combat aspects that have been researched and planned, and is planning an unmanned combat system for the science and technology army by investing a separate budget. Therefore, we systematically introduce and utilize drones, which are the core of the unmanned combat system, to create more active combat power and seek countermeasures for the battle vacuum, It is expected to provide a new paradigm for the battlefield when using advanced technology developed in the private sector and grafting it to the military sector.