• Journal of Digital Convergence
• /
• v.10 no.9
• /
• pp.1-13
• /
• 2012

This study aims to analyze actual conditions of the present national defense information network operation, the structure and management of the system, communication lines, security equipments for the lines, the management of network and software, stored data and transferred data and even general vulnerable factors of our army tactical C4I system. Out of them, by carrying out an extensive analysis of the army tactical C4I system, likely to be the core of future information warfare, this study suggested plans adaptive to better information security, based on the vulnerable factors provided. Firstly, by suggesting various information security factor technologies, such as VPN (virtual private network), IPDS (intrusion prevention & detection system) and firewall system against virus and malicious software as well as security operation systems and validation programs, this study provided plans to improve the network, hardware (computer security), communication lines (communication security). Secondly, to prepare against hacking warfare which has been a social issue recently, this study suggested plans to establish countermeasures to increase the efficiency of the army tactical C4I system by investigating possible threats through an analysis of hacking techniques. Thirdly, to establish a more rational and efficient national defense information security system, this study provided a foundation by suggesting several priority factors, such as information security-related institutions and regulations and organization alignment and supplementation. On the basis of the results above, this study came to the following conclusion. To establish a successful information security system, it is essential to compose and operate an efficient 'Integrated Security System' that can detect and promptly cope with intrusion behaviors in real time through various different-type security systems and sustain the component information properly by analyzing intrusion-related information.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.4
• /
• pp.821-830
• /
• 2017

The internet is an important infra resource that it controls the economy and society of our country. Also, it is providing convenience and efficiency of the everyday life. But, a case of various are occurred through an using vulnerability of an internet infra resource. Recently various attacks of unknown to the user are an increasing trend. Also, currently system of security control is focussing on patterns for detecting attacks. However, internet threats are consistently increasing by intelligent and advanced various attacks. In recent, the darknet is received attention to research for detecting unknown attacks. Since the darknet means a set of unused IP addresses, no real systems connected to the darknet. In this paper, we proposed an algorithm for finding black IPs through collected the darknet traffic based on a statistics data of port information. The proposed method prepared 8,192 darknet space and collected the darknet traffic during 3 months. It collected total 827,254,121 during 3 months of 2016. Applied results of the proposed algorithm, black IPs are June 19, July 21, and August 17. In this paper, results by analysis identify to detect frequency of black IPs and find new black IPs of caused potential cyber threats.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.4
• /
• pp.743-751
• /
• 2017

As smart phones are becoming popular, an operating system is being used at wearable devices, home appliances and smart TVs. A user is able to use various applications on devices with operating system, but there is an increased threat of hacker. Thus, the technology for detecting the forgery of applications is becoming more important on operating system. To detect the forgery of the application, a digital signature technology is used on the filed of application digital signature. According to W3C recommendation, the signing process of application digital signature must be performed at least twice, and the applications which are signed by the application digital signature have to be validated for all signature files when the application is installed in the operating system. Hence, the performance of the application digital signature validation system is closely related to the installer performance on the operating system. Existing validation system has performance degradation due to redundancy of integrity verification among application components. This research was conducted to improve the performance of the application digital signature validation system. The proposal of validation system which is applied proxy system shows a performance improvement compared to the existing verification system.

• The Journal of the Korea Contents Association
• /
• v.16 no.8
• /
• pp.90-96
• /
• 2016

The 3390 million people, around 83% of the adult population in Korea use smartphone. Although the safety problem of the certificate has been occurred continuously, most of these users use the certificate. These safety issues as a solution to 'The owner of a mobile phone using SMS authentication technology', 'Biometric authentication', etc are being proposed. but, a secure and reliable authentication scheme has not been proposed for replace the certificate yet. and there are many attacks to steal the certificate and private key. For these reasons, security experts recommend to store the certificate and private key on usb flash drive, security tokens, smartphone. but smartphones are easily infected malware, an attacker can steal certificate and private key by malicious code. If an attacker snatchs the certificate, the private key file, and the password for the private key password, he can always act as valid user. In this paper, we proposed a safe way to keep the private key on smartphone using smartphone's unique information and user password. If an attacker knows the user password, the certificate and the private key, he can not know the smart phone's unique information, so it is impossible to use the encrypted private key. Therefore smartphone user use IT service safely.

• Journal of the Korea Convergence Society
• /
• v.7 no.4
• /
• pp.39-44
• /
• 2016

Due to the dazzling development of IT in this IT-oriented era, information delivering technology among objects, between objects and humans, and among humans has been actively performed. As information delivery technology has been actively performed, IoT became closely related to our daily lives and ubiquitous at any time and place. Therefore, IoT has become a part of our daily lives. CoAp, a web-based protocol, is mostly used in IoT environment. CoAp protocol is mostly used in the network where transmission speed is low along with the huge loss. Therefore, it is mostly used in IoT environment. However, there is a weakness on IoT that it is weak in security. If security issue occurs in IoT environment, there is a possibility for secret information of individuals or companies to be disclosed. If attackers infect the targeted device, and infected device accesses to the wireless frequently used in public areas, the relevant device sends arp spoofing to other devices in the network. Afterward, infected devices receive the packet sent by other devices in the network after occupying the packet flow in the internal network and send them to the designated hacker's server. This study suggests counter-attacks on this issues and a method of coping with them.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.4
• /
• pp.617-629
• /
• 2020

In order to overcome the limitations of the rule-based intrusion detection system due to changes in Internet computing environments, the emergence of new services, and creativity of attackers, network anomaly detection (NAD) using machine learning and deep learning technologies has received much attention. Most of these existing machine learning and deep learning technologies for NAD use supervised learning methods to learn a set of training data set labeled 'normal' and 'attack'. This paper presents the feasibility of the unsupervised learning AutoEncoder(AE) to NAD from data sets collecting of secured network traffic without labeled responses. To verify the performance of the proposed AE mode, we present the experimental results in terms of accuracy, precision, recall, f1-score, and ROC AUC value on the NSL-KDD training and test data sets. In particular, we model a reference AE through the deep analysis of diverse AEs varying hyper-parameters such as the number of layers as well as considering the regularization and denoising effects. The reference model shows the f1-scores 90.4% and 89% of binary classification on the KDDTest+ and KDDTest-21 test data sets based on the threshold of the 82-th percentile of the AE reconstruction error of the training data set.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.4
• /
• pp.745-756
• /
• 2020

An ICS(industrial control system) is a complex system that safely and efficiently monitors and controls industrial processes such as electric power, water treatment, transportation, automation plants and chemical plants. Because successful cyber attacks targeting ICS can lead to casualties or serious economic losses, it becomes a prime target of hacker groups sponsored by national state. Cyber campaigns such as Stuxnet, Industroyer and TRITON are real examples of successful ICS attacks, and were developed based on the deep knowledge of the target ICS. Therefore, for incident investigation of ICSs, inspectors also need knowledge of control processes and accident investigation techniques specialized for ICSs. Because there is no applicable technology, it is especially necessary to develop techniques and tools for embedded controllers located at cyber and physical boundaries. As the first step in this research, we reviewed logging capability of 4 PLC(Programmable Logic Controller)s widely used in an ICS area, and checked whether selected PLCs generate logs that can be used for digital investigation in the proposed cyber attack scenario.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.2
• /
• pp.231-242
• /
• 2020

In the case of damages caused by personal information infringement accidents caused by information infringer such as hackers, the information subject will usually claim damages to the information controller rather than the information infringer who is the perpetrator, and the information controller who has been claimed will claim damages again to the information security enterprise that has entrusted the information protection business. These series of claims for damages, which are expected to be carried out between the information subject, the information controller and the information security enterprise, are nothing but quarrels for transferring of liability among themselves who are also victims of infringement. So the problem of damage compensation should be discussed from the perspective of multi-faceted rational distribution of the damages among the subjects who make up the information security industry ecosystem rather than the conventional approach. In addition, due to the nature of personal information infringement accidents, if a large amount of personal information infringement occurs, the amount of compensation can be large enough to affect the survival of the company and so this study insist that a concrete and realistic alternatives for society to share damages is needed.

• Journal of Internet Computing and Services
• /
• v.15 no.1
• /
• pp.157-170
• /
• 2014

As the increase of transaction using mobile banking continues, threat to the mobile financial security is also increasing. Mobile banking service performs the financial transaction using the dedicate application which is made by financial corporation. It provides the same services as the internet banking service. Personal information such as credit card number, which is stored in the mobile banking application can be used to the additional attack caused by a malicious attack or the loss of the mobile devices. Therefore, in this paper, to cope with the mobile financial accident caused by personal information exposure, we suggest outlier detection method which can judge whether the transaction is conducted by the appropriate user or not. This detection method utilizes the user's input patterns and transaction patterns when a user uses the banking service on the mobile devices. User's input and transaction pattern data involves the information which can be used to discern a certain user. Thus, if these data are utilized appropriately, they can be the information to distinguish abnormal transaction from the transaction done by the appropriate user. In this paper, we collect the data of user's input patterns on a smart phone for the experiment. And we use the experiment data which domestic financial corporation uses to detect outlier as the data of transaction pattern. We verify that our proposal can detect the abnormal transaction efficiently, as a result of detection experiment based on the collected input and transaction pattern data.

• Journal of Science and Technology Studies
• /
• v.18 no.2
• /
• pp.95-133
• /
• 2018

Since the beginning of the millennium, 'Maker Movement' has been active throughout the world. Today, there is a maker fair every year in major cities of the world including Seoul, and the number of attendees is increasing day by day, so it can be seen as a kind of maker 'phenomenon'. The positive implication of the maker's movement is that it attempts to break down the monopoly of manufacturing and to restore the rights and capabilities of citizens as makers. Today, highly developed industrial capitalism has a tendency to structurally paralyse citizens, to tie their hands and feet, and to degenerate into consuming entities only. Therefore, it can be said that the maker movement has structural tensions in the relationship of neoliberal manufacturing culture. This study is an attempt to actively interpret the maker movement in terms of "critical making". The maker movement can trace its origins to "counterculture" and "new communalism" that emerged in the United States in the 1960s and 1970s. On the other hand, there is criticism that the maker movement can fall into another technology utopianism and function as an area of consumer society, and mobilize it in the direction of activating consumerism. Although the maker's movement is amorphous due to its characteristics and it is currently in progress, it is difficult to make crude definition yet. However, as the citizens who have been defined only as consumers of science and technology, are newly emerging as producers of makers, there have been great changes in the topography of science and technology and civil society. So the scientific implication of the maker movement is great in that it shows the possibility of causing it.