• Title/Summary/Keyword: Attack scenario

Search Result 89, Processing Time 0.023 seconds

Authentication Mechanism for Secure Fast Handover in HMIPv6 (HMIPv6 환경에서의 안전한 Fast Handover를 위한 인증 메커니즘)

  • Kim, Min-Kyoung;Kang, Hyun-Sun;Park, Chang-Seop
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.17 no.3
    • /
    • pp.91-100
    • /
    • 2007
  • In this paper, We design and propose a protocol for supporting secure and efficient mobility in integrating fast handover and HMIPv6. In the proposed protocol which is AAA-based HMIPv6, if the MN enters the MAP domain for the first time, then it performs an Initial Local Binding Update for authentication. We propose a secure Fast Handover method using the ticket provided by MAP, which includes the secret key for authentication. Also, we analyze and compare security properties of our proposed scheme with those of other scheme using various attack scenario.

The Security Problem Analysis for Reversibility of Transformed Biometric Information Data on Eigenvector-based face Authentication (특성 벡터를 이용한 얼굴 인증 시스템에서 변환된 생체 정보 데이터의 가역성에 대한 보안 문제 분석)

  • Kim, Koon-Soon;Kang, Jeon-Il;Nyang, Dae-Hun;Lee, Kyung-Hee
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.18 no.3
    • /
    • pp.51-59
    • /
    • 2008
  • The biometrics has been researched as a means for authenticating user's identity. Among the biometrics schemes for face recognition, the eigenvector-based schemes, which use eigenvector made from training data for transforming test data to abstracted data, are widely adopted. From those schemes, however, it is hard to expect cancelable feature, which is a general concept for security in the biometrics. In this paper, we point out the security problem that is the recovery of valuable face information from the abstracted face data and consider a possible attack scenario by showing our experiment results.

Development of the framework for quantitative cyber risk assessment in nuclear facilities

  • Kwang-Seop Son;Jae-Gu Song;Jung-Woon Lee
    • Nuclear Engineering and Technology
    • /
    • v.55 no.6
    • /
    • pp.2034-2046
    • /
    • 2023
  • Industrial control systems in nuclear facilities are facing increasing cyber threats due to the widespread use of information and communication equipment. To implement cyber security programs effectively through the RG 5.71, it is necessary to quantitatively assess cyber risks. However, this can be challenging due to limited historical data on threats and customized Critical Digital Assets (CDAs) in nuclear facilities. Previous works have focused on identifying data flows, the assets where the data is stored and processed, which means that the methods are heavily biased towards information security concerns. Additionally, in nuclear facilities, cyber threats need to be analyzed from a safety perspective. In this study, we use the system theoretic process analysis to identify system-level threat scenarios that could violate safety constraints. Instead of quantifying the likelihood of exploiting vulnerabilities, we quantify Security Control Measures (SCMs) against the identified threat scenarios. We classify the system and CDAs into four consequence-based classes, as presented in NEI 13-10, to analyze the adversary impact on CDAs. This allows for the ranking of identified threat scenarios according to the quantified SCMs. The proposed framework enables stakeholders to more effectively and accurately rank cyber risks, as well as establish security and response strategies.

Digital Healthcare Attack Scenario based on DeFi Security Vulnerability (DeFi 보안 취약점 기반 디지털 헬스케어 공격 시나리오)

  • Sang-Hyeon Park;Yu-Rae Song;Jin Kwak
    • Proceedings of the Korea Information Processing Society Conference
    • /
    • 2023.11a
    • /
    • pp.208-209
    • /
    • 2023
  • IT(Information Technology) 기술이 고도화됨에 따라 금융 분야에서는 스마트 컨트랙트에 기반하여 자산을 거래할 수 있는 DeFi(Decentralized Finance)가 발전하고 있다. 또한, 다양한 IoT(Internet of Things) 기기들로 구성된 융합환경이 상호 연결되며 IoBE(Internet of Blended Environment)가 조성되고 있다. IoBE의 구성요소 중 의료융합환경인 디지털 헬스케어는 스마트 의료 기기를 통해 진료서비스를 제공한다. 최근에는 디지털 헬스케어 내 자산 거래 수단으로 DeFi를 활용하기 위한 연구가 진행되고 있다. 그러나, 디지털 헬스케어 서비스에 DeFi가 활용될 수 있음에 따라 DeFi 내 보안 위협이 전파될 수 있다. 전파된 보안 위협은 DeFi에서의 디지털 화폐 탈취뿐만 아니라, 디지털 헬스케어 내민감 정보 탈취, 서비스 거부 공격 등 복합 위협으로 이어질 수 있다. 따라서, 본 논문에서는 DeFi의 취약점을 분석하고 이를 기반으로 디지털 헬스케어에서 발생 가능한 공격 시나리오를 도출한다.

Experimental Evaluation of Bi-directionally Unbonded Prestressed Concrete Panel Blast Resistance Behavior under Blast Loading Scenario (폭발하중 시나리오에 따른 2방향 비부착 프리스트레스트 콘크리트 패널부재의 폭발저항성능에 대한 실험적 거동 평가)

  • Choi, Ji-Hun;Choi, Seung-Jai;Cho, Chul-Min;Kim, Tae-Kyun;Kim, Jang-Ho Jay
    • Journal of the Korea Concrete Institute
    • /
    • v.28 no.6
    • /
    • pp.673-683
    • /
    • 2016
  • In recent years, frequent terror or military attack by explosion, impact, fire accidents have occurred. Particularly, World Trade Center collapse and US Department of Defense Pentagon attack on Sept. 11 of 2001. Also, nuclear power plant incident on Mar. 11 of 2011. These attacks and incidents were raised public concerns and anxiety of potential terrorist attacks on major infrastructures and structures. Therefore, the extreme loading researches were performed of prestressed concrete (PSC) member, which widely used for nuclear containment vessel and gas tank. In this paper, to evaluate the blast resistance capacity and its protective performance of bi-directional unbonded prestressed concrete member, blast tests were carried out on $1,400{\times}1,000{\times}300mm$ for reinforced concrete (RC), prestressed concrete without rebar (PSC), prestressed concrete with rebar (PSRC) specimens. The applied blast load was generated by the detonation of 55 lbs ANFO explosive charge at 1.0 m standoff distance. The data acquisitions not only included blast waves of incident pressure, reflected pressure, and impulse, but also included displacement, acceleration, and strains at steel, concrete, PS tendon. The results can be used as basic research references for related research areas, which include protective design and blast simulation under blast loading.

Spamtester using Spam Categorization in SIP-based VoIP Networks (VoIP 환경에서 스팸 유형 분석 및 Spamtester 구현)

  • Choi, Jae-Sic;Choi, Jae-Duck;Jung, Sou-Hwan
    • Journal of the Institute of Electronics Engineers of Korea TC
    • /
    • v.45 no.10
    • /
    • pp.99-107
    • /
    • 2008
  • In this paper, we analyse the vulnerability of spam attacks and develop the Spamtester to confirm these spam attacks in SIP-based VoIP networks. Although there are several spam attacks on VoIP networks, the detail information for the SPIT is not enough to confirm the procedure and the result of spam attacks on VoIP networks. Specially, the spam attacks through abnormal process are difficult to trace the sender of spam. Also, it is not easy to impose the legal restriction to the spammer because of lack of information for the spam attack. Therefore, on VoIP networks, the possible scenario and detail procedure for VoIP spam is needed to be confirmed. This paper designes and implementes the spamtester, which is helpful to protect VoIP networks from the spam attacks.

FAIR-Based BIA for Ransomware Attacks in Financial Industry (금융 산업에서 발생하는 랜섬웨어 공격에 대한 FAIR 기반의 손실 측정 모델 분석)

  • Yoon, Hyun-sik;Song, Kyung-hwan;Lee, Kyung-Ho
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.27 no.4
    • /
    • pp.873-883
    • /
    • 2017
  • As Ransomware spreads, the target of the attack shifted from a single personal to organizations which lead attackers to be more intelligent and systematic. Thus, Ransomware's threats to domestic infrastructure, including the financial industry, have grown to a level that cannot be ignored. As a measure against these security issues, organizations use ISMS, which is an information protection management system. However, it is difficult for management to make decisions on the loss done by the security issues since amount of the damage done can not be calculated with just ISMS. In this paper, through FAIR-based loss measurement model based on scenario's to identify the extent of damage and calculate the reasonable damages which has been considered to be the problem of the ISMS, we identified losses and risks of Ransomeware on the financial industry and method to reduce the loss by applying the current ISMS and ISO 27001 control items rather than modifying the ISMS.

A Trends Analysis on Safety for CNG/HCNG Complex Fueling Station (CNG/HCNG 복합충전소의 안전에 관한 동향분석)

  • Lee, Seung-Hyun;Kang, Seung-Kyu;Sung, Jong-Gyu;Lee, Young-Soon
    • Journal of the Korean Institute of Gas
    • /
    • v.15 no.2
    • /
    • pp.1-8
    • /
    • 2011
  • In this research, the safety trends and technologies of HCNG, a mixture of hydrogen and natural gas, are analyzed. This is an attracting alternative fuels to meet the strengthened automotive exhaust gas emission standards. HCNG is very important opportunities and challenges in that it is available the existing CNG infrastructures, meets the strengthened emission standards, and the technical, social bridge of the coming era of hydrogen. It is essential for the commercialization of HCNG that hydrogen - compressed natural gas blended fuel for use in preparation of various safety considerations included accidents scenario, safety distance, hydrogen attack, ignition sources and fire detectors are examined. Risk assessments also are suggested as one of permission procedure for HCNG filling station.

Malicious Code Injection Vulnerability Analysis in the Deflate Algorithm (Deflate 압축 알고리즘에서 악성코드 주입 취약점 분석)

  • Kim, Jung-hoon
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.32 no.5
    • /
    • pp.869-879
    • /
    • 2022
  • Through this study, we discovered that among three types of compressed data blocks generated through the Deflate algorithm, No-Payload Non-Compressed Block type (NPNCB) which has no literal data can be randomly generated and inserted between normal compressed blocks. In the header of the non-compressed block, there is a data area that exists only for byte alignment, and we called this area as DBA (Disposed Bit Area), where an attacker can hide various malicious codes and data. Finally we found the vulnerability that hides malicious codes or arbitrary data through inserting NPNCBs with infected DBA between normal compressed blocks according to a pre-designed attack scenario. Experiments show that even though contaminated NPNCB blocks were inserted between normal compressed blocks, commercial programs decoded normally contaminated zip file without any warning, and malicious code could be executed by the malicious decoder.

A Study on Appropriate Military Strength of Unified Korea (Focused on relative balance strategy and conflict scenario) (통일 한국의 적정 군사력에 관한 연구 - 분쟁 시나리오와 상대적 균형전략을 중심으로 -)

  • Hong, Bong-Gi
    • Journal of National Security and Military Science
    • /
    • s.13
    • /
    • pp.687-738
    • /
    • 2016
  • To prepare for the complicated international relationship regarding Korean Peninsula after reunification, this thesis started off with the awareness that Unified Korea should build its international posture and national security at an early stage by determining its appropriate military strength for independent defense and military strategies that Unified Korea should aim. The main theme of this thesis is 'The research on appropriate military strength of the Unified Korean military'. To derive appropriate military strength of Unified Korea, this research focuses on conflict scenario and relative balance strategy based on potential threats posed by neighboring countries, and this is the part that differentiates this research from other researches. First of all, the main objective of the research is to decide appropriate military strength for Unified Korea to secure defense sufficiency. For this, this research will decide efficient military strategy that Unified Korea should aim. Than by presuming the most possible military conflict scenario, this research will judge the most appropriate military strength for Unified Korea to overcome the dispute. Second, after deciding appropriate military strength, this research will suggest how to operate presumed military strength in each armed force. The result of this thesis is as in the following. First, Unified Korea should aim 'relative balance strategy'. 'Relative balance strategy' is a military strategy which Unified Korea can independently secure defense sufficiency by maintaining relative balance when conflicts occur between neighboring countries. This strategy deters conflicts in advance by relative balance of power in certain time and place. Even if conflict occurs inevitably, this strategy secures initiative. Second, when analyzing neighboring countries interest and strategic environment after unification, the possibility of all-out war will be low in the Korean Peninsula because no other nation wants the Korean Peninsula to be subordinated to one single country. Therefore appropriate military strength of the Unified Korean military would be enough when Unified Korea can achieve relative balance in regional war or limited war. Third, Northeast Asia is a region where economic power and military strength is concentrated. Despite increasing mutual cooperation in the region, conflicts and competition to expand each countries influence is inherent. Japan is constantly enhancing their military strength as they aim for normal statehood. China is modernizing their military strength as they aspire to become global central nation. Russia is also enhancing their military strength in order to hold on to their past glory of Soviet Union as a world power. As a result, both in quality and quantity, the gap between military strength of Unified Korea and each neighboring countries is enlarged at an alarming rate. Especially in the field of air-sea power, arms race is occurring between each nation. Therefore Unified Korea should be equipped with appropriate military strength in order to achieve relative balance with each threats posed by neighboring countries. Fourth, the most possible conflicts between Unified Korea and neighboring countries could be summarized into four, which are Dokdo territorial dispute with Japan, Leodo jurisdictional dispute with China, territorial dispute concerning northern part of the Korea Peninsula with China and disputes regarding marine resources and sea routes with Russia. Based on those conflict scenarios, appropriate military strength for Unified Korea is as in the following. When conflict occurs with Japan regarding Dokdo, Japan is expected to put JMSDF Escort Flotilla 3, one out of four of its Japan Maritime Self-Defense Force Escort Fleet, which is based in Maizuru and JMSDF Maizuru District. To counterbalance this military strength, Unified Korea needs one task fleet, comprised with three task flotilla. In case of jurisdictional conflict with China concerning Leodo, China is expected to dispatch its North Sea fleet, one out of three of its naval fleet, which is in charge of the Yellow Sea. To response to this military action, Unified Korea needs one task fleet, comprised with three task flotilla. In case of territorial dispute concerning northern part of the Korean Peninsula with China, it is estimated that out of seven Military Region troops, China will dispatch two Military Region troops, including three Army Groups from Shenyang Military Region, where it faces boarder with the Korean Peninsula. To handle with this military strength, Unified Korea needs six corps size ground force strength, including three corps of ground forces, two operational reserve corps(maneuver corps), and one strategic reserve corps(maneuver corps). When conflict occurs with Russia regarding marine resources and sea routes, Russia is expected to send a warfare group of a size that includes two destroyers, which is part of the Pacific Fleet. In order to balance this strength, Unified Korea naval power requires one warfare group including two destroyers. Fifth, management direction for the Unified Korean military is as in the following. Regarding the ground force management, it would be most efficient to deploy troops in the border area with china for regional and counter-amphibious defense. For the defense except the border line with china, the most efficient form of force management would be maintaining strategic reserve corps. The naval force should achieve relative balance with neighboring countries when there is maritime dispute and build 'task fleet' which can independently handle long-range maritime mission. Of the three 'task fleet', one task fleet should be deployed at Jeju base to prepare for Dokdo territorial dispute and Leodo jurisdictional dispute. Also in case of regional conflict with china, one task fleet should be positioned at Yellow Sea and for regional conflict with Japan and Russia, one task fleet should be deployed at East Sea. Realistically, Unified Korea cannot possess an air force equal to neither Japan nor China in quantity. Therefore, although Unified Korea's air force might be inferior in quantity, they should possess the systematic level which Japan or China has. For this Unified Korea should build air base in island areas like Jeju Island or Ullenong Island to increase combat radius. Also to block off infiltration of enemy attack plane, air force needs to build and manage air bases near coastal areas. For landing operation forces, Marine Corps should be managed in the size of two divisions. For island defense force, which is in charge of Jeju Island, Ulleung Island, Dokdo Island and five northwestern boarder island defenses, it should be in the size of one brigade. Also for standing international peace keeping operation, it requires one brigade. Therefore Marine Corps should be organized into three divisions. The result of the research yields a few policy implications when building appropriate military strength for Unified Korea. First, Unified Korea requires lower number of ground troops compared to that of current ROK(Republic of Korea) force. Second, air-sea forces should be drastically reinforced. Third, appropriate military strength of the Unified Korean military should be based on current ROK military system. Forth, building appropriate military strength for Unified Korea should start from today, not after reunification. Because of this, South Korea should build a military power that can simultaneously prepare for current North Korea's provocations and future threats from neighboring countries after reunification. The core of this research is to decide appropriate military strength for Unified Korea to realize relative balance that will ensure defense sufficiency from neighboring countries threats. In other words, this research should precisely be aware of threats posed by neighboring countries and decide minimum level of military strength that could realize relative balance in conflict situation. Moreover this research will show the path for building appropriate military strength in each armed force.

  • PDF