• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.6
• /
• pp.1355-1369
• /
• 2018

As smart bands make life more convenient and provide a positive lifestyle, many people are now using them. Since smart bands deal with private information, security design and implementation for smart band system become necessary. To make a trustworthy smart band, we must derive the security requirements of the system first, and then design the system satisfying the security requirements. In this paper, we apply threat modeling techniques such as Data Flow Diagram, STRIDE, and Attack Tree to the smart band system to identify threats and derive security requirements accordingly. Through threat modeling, we found the vulnerabilities of the smart band system and successfully exploited smart bands with them. To defend against these threats, we propose security measures and verify that they are secure by using Scyther which is a tool for automatic verification of security protocol.

• ETRI Journal
• /
• v.42 no.2
• /
• pp.205-216
• /
• 2020

An arbiter physical unclonable function (APUF) has exponential challenge-response pairs and is easy to implement on field-programmable gate arrays (FPGAs). However, modeling attacks based on machine learning have become a serious threat to APUFs. Although the modeling-attack resistance of an MA-APUF has been improved considerably by architecture modifications, the response generation method of an MA-APUF results in low uniqueness. In this study, we demonstrate three design problems regarding the low uniqueness that APUF-based strong PUFs may exhibit, and we present several foundational principles to improve the uniqueness of APUF-based strong PUFs. In particular, an improved MA-APUF design is implemented in an FPGA and evaluated using a well-established experimental setup. Two types of evaluation metrics are used for evaluation and comparison. Furthermore, evolution strategies, logistic regression, and K-junta functions are used to evaluate the security of our design. The experiment results reveal that the uniqueness of our improved MA-APUF is 81.29% (compared with that of the MA-APUF, 13.12%), and the prediction rate is approximately 56% (compared with that of the MA-APUF (60%-80%).

• Journal of the Korea Concrete Institute
• /
• v.15 no.6
• /
• pp.902-912
• /
• 2003

The most common deteriorating processes of concrete structures are carbonation and chloride ion ingress. Many concrete structures have been suffered from chloride ions diffusion or carbonation induced reinforcement corrosion damage and many studies have been done on it. However, those studies were confined mostly to the single deterioration of carbonation or chloride attack only, although actual environment is rather of combined conditions. In case of many in-situ concrete structures, deterioration happened more for the case of combined attack than the single case of carbonation or chloride attack. In this paper, chloride profiles of carbonated concrete is predicted by considering two layer composite model, which is based on Fick's 2nd law. From the experimental result on combined deterioration of chloride and carbonation, it was examined that high chloride concentration was built up to 3∼5 mm over depth from carbonation depth. The analytical modeling of chloride diffusion was suggested to depict the relative influence of the carbonation depth. The diffusion coefficients of carbonation concrete and uncarbonated concrete with elapsed time were considered in this modeling.

• Journal of KIISE
• /
• v.41 no.12
• /
• pp.1035-1049
• /
• 2014

This paper presents a new method to detect attack patterns in security-critical systems, based on a new notion of Behavior Ontology. Generally security-critical systems are large and complex, and they are subject to be attacked in every possible way. Therefore it is very complicated to detect various attacks through a semantic structure designed to detect such attacks. This paper handles the complication with Behavior Ontology, where patterns of attacks in the systems are defined as a sequences of actions on the class ontology of the systems. We define the patterns of attacks as sequences of actions, and the attack patterns can then be abstracted in a hierarchical order, forming a lattice, based on the inclusion relations. Once the behavior ontology for the attack patterns is defined, the attacks in the target systems can be detected both semantically and hierarchically in the ontology structure. When compared to other attack models, the behavior ontology analysis proposed in this paper is found to be very effective and efficient in terms of time and space.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.3 no.1
• /
• pp.96-107
• /
• 2009

Worm attacks can greatly distort network performance, and countering infections can exact a heavy toll on economic and technical resources. Worm modeling helps us to better understand the spread and propagation of worms through a network, and combining effective types of mitigation techniques helps prevent and mitigate the effects of worm attacks. In this paper, we propose a mathematical model which combines both dynamic quarantine and passive benign worms. This Passive Worm Dynamic Quarantine (PWDQ) model departs from previous models in that infected hosts will be recovered either by passive benign worms or quarantine measure. Computer simulation shows that the performance of our proposed model is significantly better than existing models, in terms of decreasing the number of infectious hosts and reducing the worm propagation speed.

• The Transactions of the Korean Institute of Electrical Engineers P
• /
• v.66 no.2
• /
• pp.76-81
• /
• 2017

In this paper, the risk analysis of smart home services was implemented by applying threat modeling. Identified possible threats for safe deployment of smart home services and identified threats through the STRIDE model. Through the creation of the Attack Tree, the attackable risk was analyzed and the risk was measured by applying the DREAD model. The derived results can be used to protect assets and mitigate risk by preventing security vulnerabilities from compromising and identifying threats from adversely affecting services. In addition, the modeled result of the derived threat can be utilized as a basis for performing the security check of the smart home service.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.14 no.2
• /
• pp.19-25
• /
• 2018

With the development of IT technology, various services such as artificial intelligence and autonomous vehicles are being introduced, and many changes are taking place in our lives. However, if secure security is not provided, it will cause many risks, so the information security becomes more important. In this paper, we analyzed the research trends of main themes of information security over time. In order to conduct the research, 'Information Security' was searched in the Web of Science database. Using the abstracts of theses published from 1991 to 2016, we derived main research topics through topic modeling and time series regression analysis. The topic modeling results showed that the research topics were Information technology, system access, attack, threat, risk management, network type, security management, security awareness, certification level, information protection organization, security policy, access control, personal information, security investment, computing environment, investment cost, system structure, authentication method, user behavior, encryption. The time series regression results indicated that all the topics were hot topics.

• Journal of the Korea Institute of Military Science and Technology
• /
• v.22 no.3
• /
• pp.360-368
• /
• 2019

A study on aerodynamic modeling was performed to predict the hinge moments required for initial design of missile. Fin aerodynamic coefficients were modeled using the equivalent angle of attack method based on the wind tunnel test. In addition, CFD analysis was performed to calculate the dynamic pressure around the body and improve the accuracy of aerodynamic coefficients. The aerodynamic coefficient accuracy was verified by comparisons of the coefficient acquired from wind tunnel test and prediction of flow conditions, not involved in the model built-up. It was confirmed that fin aerodynamic coefficients can be predicted effectively by using the proposed method.

• International Journal of Computer Science & Network Security
• /
• v.23 no.7
• /
• pp.131-140
• /
• 2023

Network security situational awareness systems helps in better managing the security concerns of a network, by monitoring for any anomalies in the network connections and recommending remedial actions upon detecting an attack. An Intrusion Detection System helps in identifying the security concerns of a network, by monitoring for any anomalies in the network connections. We have proposed a CRF based IDS system using genetic search feature selection algorithm for network security situational awareness to detect any anomalies in the network. The conditional random fields being discriminative models are capable of directly modeling the conditional probabilities rather than joint probabilities there by achieving better classification accuracy. The genetic search feature selection algorithm is capable of identifying the optimal subset among the features based on the best population of features associated with the target class. The proposed system, when trained and tested on the bench mark NSL-KDD dataset exhibited higher accuracy in identifying an attack and also classifying the attack category.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.6
• /
• pp.1467-1482
• /
• 2017

Recently, Interests on The Fourth Industrial Revolution has been increased. In the manufacturing sector, the introduction of Smart Factory, which automates and intelligent all stages of manufacturing based on Cyber Physical System (CPS) technology, is spreading. The complexity and uncertainty of smart factories are likely to cause unexpected problems, which can lead to manufacturing process interruptions, malfunctions, and leakage of important information to the enterprise. It is emphasized that there is a need to perform systematic management by analyzing the threats to the Smart Factory. Therefore, this paper systematically identifies the threats using the STRIDE threat modeling technique using the data flow diagram of the overall production process procedure of Smart Factory. Then, using the Attack Tree, we analyze the risks and ultimately derive a checklist. The checklist provides quantitative data that can be used for future safety verification and security guideline production of Smart Factory.