• Korean Security Journal
• /
• no.53
• /
• pp.11-33
• /
• 2017

Terrorism has existed in the entire human history and has become a significant topic in criminology while prior studies has focused on North Korea as the perpetrator, and this prevents an in-depth discussion of the international trends of terrorism. As soft targets are the main target of new terrorism and because we never ignore the significance of the consequences, there are needs for more studies on the topic. This study conducted a case study of major terrorism attacks and surveyed professionals in the field via an AHP analysis in order to find the characteristics of terrorism and its potential patterns in South Korea. As a result, we found that North Korea or the left-wing may utilize homemade bomb, motor vehicle or drone for the purpose of attacking multi-use facilities in South Korea. For policy implications, we insist developing a better CPTED approach on those facilities, improving professionalism of cyber-watchdog via more training and education, stricter control on drone permit, and operation of counseling centers for preventing radicalization.

• Journal of the Korean Institute of Intelligent Systems
• /
• v.12 no.5
• /
• pp.411-416
• /
• 2002

Recently, the trial and success of malicious cyber attacks has been increased rapidly with spreading of Internet and the activation of a internet shopping mall and the supply of an online internet, so it is expected to make a problem more and more. Currently, the general security system based on Internet couldn't cope with the attack properly, if ever, other regular systems have depended on common softwares to cope with the attack. In this paper, we propose the positive selection mechanism and negative selection mechanism of T-cell, which is the biological distributed autonomous system, to develop the self/non-self recognition algorithm, the anomalous behavior detection algorithm, and AIS (Artificial Immune System) that is easy to be concrete on the artificial system. The proposed algorithm can cope with new intrusion as well as existing one to intrusion detection system in the network environment.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.22 no.1
• /
• pp.190-195
• /
• 2018

Recently, Due to the ongoing increase in cyber attacks and the improved awareness of privacy protection, most Internet services encrypt the traffic by using security protocols. Existing security protocols usually have additional layer between transport layer and application layer, and they incur additional costs because of encrypting all the traffic transmitted. This results in unnecessary performance degradation because it also encrypts data that does not require confidentiality. In this paper, we propose TCP OENC(Optional Encryption) which enables users of the application layer to optionally encrypt only confidential data. TCP OENC operates by TCP option to allow the application layer to encrypt the TCP stream transmitted only on demand. And it ensures transparency between the TCP layer and the application layer. To verify this, we verified that TCP OENC optionally encrypts the stream of TCP session on the embedded board. And then analyzed the performance of the encrypted stream by measuring the elapsed time.

• The Journal of Information Systems
• /
• v.29 no.2
• /
• pp.221-242
• /
• 2020

Purpose This study collects data of the recently activated online black market and analyzes it to present a specific method for preparing for a hacking attack. This study aims to make safe from the cyber attacks, including hacking, from the perspective of individuals and businesses by closely analyzing hacking methods and tools in a situation where they are easily shared. Design/methodology/approach To prepare for the hacking attack through the online black market, this study uses the routine activity theory to identify the opportunity factors of the hacking attack. Based on this, text mining and social network techniques are applied to reveal the most dangerous areas of security. It finds out suitable targets in routine activity theory through text mining techniques and motivated offenders through social network analysis. Lastly, the absence of guardians and the parts required by guardians are extracted using both analysis techniques simultaneously. Findings As a result of text mining, there was a large supply of hacking gift cards, and the demand to attack sites such as Amazon and Netflix was very high. In addition, interest in accounts and combos was in high demand and supply. As a result of social network analysis, users who actively share hacking information and tools can be identified. When these two analyzes were synthesized, it was found that specialized managers are required in the areas of proxy, maker and many managers are required for the buyer network, and skilled managers are required for the seller network.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.5
• /
• pp.1001-1011
• /
• 2014

Smart Grid Devices could have security vulnerabilities that have legacy communication networks because of the fact that Smart Grid employs bi-directional communications and adopted a variety of communication interface. Consequently, it is required to build concrete response processes and to minimize the damage of the cyber attacks including security evaluation and certification methods. DCU is designed to collect meter data from numerous smart meter and send to utility's server so DCU installed between smart meter and utility's server. For this reason, If DCU compromised by attacker then attacker could use DCU to launching point for and attack on other devices. However, DCU's security evaluation and certification techniques do not suffice to be deployed in smart grid infrastructure. This work development DCU protection profile based on CC, it is expected that provide some assistance to DCU manufacturer for development of DCU security target and to DCU operator for help safety management of DCU.

• Journal of Broadcast Engineering
• /
• v.13 no.1
• /
• pp.62-68
• /
• 2008

Remote user authentication scheme is a cryptographic tool which permits a server to identify a remote user. In 2007, Wang et al. pointed out that Ku's remote user authentication scheme is vulnerable to a dictionary attack by obtaining some secret information in a smart card using side channel attacks. They also proposed a remote user authentication scheme which is secure against dictionary attack. In this paper, we analyze the protocol proposed by Wang et al. In the paper, it is claimed that the protocol is secure even though some values, which is stored in a smart card, are revealed to an adversary, However, we show that their protocol is insecure if the values are disclosed to an adversary.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.1
• /
• pp.167-177
• /
• 2018

As the number of attacks on vehicles has increased, studies on CAN-based security technologies are actively being carried out. However, since the upper layer protocol of CAN differs for each vehicle manufacturer and model, there is a great difficulty in researches such as developing anomaly detection for CAN or finding vulnerabilities of ECUs. In this paper, we propose a method to infer the detailed structure of the data field of CAN frame by analyzing CAN trace to mitigate this problem. In the existing Internet environment, many researches for reverse engineering proprietary protocols have already been carried out. However, CAN bus has a structure difficult to apply the existing protocol reverse engineering technology as it is. In this paper, we propose new field classification methods with low computation-cost based on the characteristics of data in CAN frame and existing field classification method. The proposed methods are verified through implementation that analyze CAN traces generated by simulations of CAN communication and actual vehicles. They show higher accuracy of field classification with lower computational cost compared to the existing method.

• Journal of Advanced Navigation Technology
• /
• v.17 no.6
• /
• pp.816-822
• /
• 2013

In modern networks, data rate is getting faster and transferred data is extremely increased. At this point, the malicious codes are evolving to various types very fast, and the frequency of occurring new malicious code is very short. So, it is hard to collect/analyze data using general networks with the techniques like traditional intrusion detection or anormaly detection. In this paper, we collect and analyze the data more effectively with cloud environment than general simple networks. Also we analyze the malicious code which is similar to real network's malware, using botnet server/client includes DNS Spoofing attack.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.5
• /
• pp.973-985
• /
• 2021

South Korea has been guaranteed the efficiency and the convenience of administrative work based on long-term experience and well-established ICT infrastructure. Vice versa, South Korea is always exposed to various scale cyber-attacks. It is an important element of national competitiveness to secure cybersecurity resilience and response in the public sector. For this, the well-trained cybersecurity professionals' retention and support for their capacity development through retraining are critical. As the Special Act on Balanced National Development, most public agencies moved to provincial areas, but the provincial areas are not ready for this, thus the workforce can't get enough retaining courses. We study to analyze whether there is a gap in cybersecurity educational opportunities or needs in the public sector depending on regions, institution type, and personal traits. This paper aims to suggest solutions for the cybersecurity education gap in the public sector based on the empirical analysis results.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.4
• /
• pp.847-857
• /
• 2019

Recently, various cyber threats such as Ransomware and APT attack are increasing by e-mail. The characteristic of such an attack is that it is important to take administrative measures by improving personal perception of security because it bypasses technological measures such as past pattern-based detection The purpose of this study is to investigate the human factors of employees who are vulnerable to spam mail attacks through field experiments and to establish future improvement plans. As a result of sending 7times spam mails to employees of a company and analyzing training report, It was confirmed that factors such as the number of training and the recipient 's gender, age, and workplace were related to the reading rate. Based on the results of this analysis, we suggest ways to improve the training and to improve the ability of each organization to carry out effective simulation training and improve the ability to respond to spam mail by awareness improvement.