• Title/Summary/Keyword: Cyber Protection Function

Search Result 15, Processing Time 0.022 seconds

A Study on Command and Control Through Cyber Protection Function Analysis (사이버 방호기능 분석을 통한 지휘통제에 관한 연구)

  • Choi, Seho;Oh, Haengrok;Yun, Joobeom
    • Journal of the Korea Institute of Military Science and Technology
    • /
    • v.24 no.5
    • /
    • pp.537-544
    • /
    • 2021
  • Cyber threats can bypass existing cyber-protection systems and are rapidly developing by exploiting new technologies such as artificial intelligence. In order to respond to such cyber threats, it is important to improve the ability to detect unknown cyber threats by correlating heterogeneous cyber protection systems. In this paper, to enhance cyber-attack response capabilities, we proposed command and control that enables rapid decision-making and response before the attack objectives are achieved, using Lockheed Martin's cyber kill chain and MITRE ATT&CK to analyze the purpose and intention of the attacker.

A Study on The Cyber Threat Centered Defense Cyber Protection Level Analysis (사이버 위협 중심의 국방 사이버 방호수준 분석에 관한 연구)

  • Seho Choi;Haengrok Oh;Joobeom Yun
    • Convergence Security Journal
    • /
    • v.21 no.4
    • /
    • pp.77-85
    • /
    • 2021
  • Cyber protection is an activity that protects the information systems we operate from cyber attacks and threats. To know the level of protection of the currently operating cyber protection system, it is necessary to update the current state of attack technology by reflecting the constantly evolving cyber threats and to analyze whether it is possible to respond with the protection function. Therefore, in this paper, we analyze the relationship between the attack procedures and defense types of the cyber kill chain with the defense technology(Mitigation ID) of MITRE and present the cyber protection level for each military unit type with a focus on defensive cyber activities. In the future, it is expected that the level of cyber protection will be improved through real-time analysis of the response capabilities of cyber protection systems operating in the defense sector to visualize the level of protection for each unit, investigate unknown cyber threats, and actively complement vulnerabilities.

Authentication Template Protection Using Function Encryption (함수암호를 이용한 인증정보 Template 보호 기술)

  • Park, Dong Hee;Park, Young-Ho
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.29 no.6
    • /
    • pp.1319-1326
    • /
    • 2019
  • Recently, biometrics and location information are being used for authentication in many devices. However, these information are stored as plaintext in safe device or, stored as ciphertext in authentication server it is used for authentication in plaintext by decrypting. Therefore, the leakage of authentication information as well as hacking can cause fatal privacy problems. In this paper, we propose a technique that can be authenticated without exposing authentication information to ciphertext using function encryption.

A Study on the Function of The Elder Protection Agency for the Protection of Elderly Human Rights (종사자들이 인식하는 노인보호전문기관의 기능에 대한 질적연구)

  • Park, Tae-jeong;Lee, Seo-young;Park, Hyung-won
    • 한국노년학
    • /
    • v.40 no.4
    • /
    • pp.761-779
    • /
    • 2020
  • This study is a qualitative study applied with in-depth interviews and phenomenological analysis. The objective of this study was finding out the function of the elder protection agency by interpreting the meaning developed from the experience of the workers about the role of the elder protective service agency. As a result of the analysis, the essential themes were 'Struggling and working hard', 'Obstacles that cannot be lifted', and 'Reaching the time to be reborn as an organization for the elderly human rights.' The common essence of these themes is 'The road to human rights orientation: a destination that must be reached, though not easy to go.' In order for the meanings to be settled and to fit in to the community, it was suggested it is a situation in which both internal and external renewal of the institution for the protection of the elderly is most needed. In addition, much as it turned out that legal and institutional support must be provided so that the elder protection agency can be reborn as human rights organizations with more professionalism, it was proposed to follow the institutional improvement plan derived from this study.

A Study on the Criminal Threat and Privacy Protection with a Proxy Service (프록시 서비스를 통한 범죄 위협과 프라이버시 보호에 관한 연구)

  • Kang, Shin-Beom;Lee, Sang-Jin;Lim, Jong-In
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.22 no.2
    • /
    • pp.317-326
    • /
    • 2012
  • Internet service provider is able to collect personal information to prevent the violations of the rights of service providers and customers using internet. But there are still many debates going on between a personal privacy and a regulation. Proxy servers are used in various technical purposes include bypass access. Although the proxy server users are increasing but there are not any proper institutional mechanisms and regulations to protect users. In this study, we discuss the two sides of a proxy service includes its privacy protection function and the cyber-crime threat and propose supplementary measures to mediate between the interests of public and private.

A CYBER SECURITY RISK ASSESSMENT FOR THE DESIGN OF I&C SYSTEMS IN NUCLEAR POWER PLANTS

  • Song, Jae-Gu;Lee, Jung-Woon;Lee, Cheol-Kwon;Kwon, Kee-Choon;Lee, Dong-Young
    • Nuclear Engineering and Technology
    • /
    • v.44 no.8
    • /
    • pp.919-928
    • /
    • 2012
  • The applications of computers and communication system and network technologies in nuclear power plants have expanded recently. This application of digital technologies to the instrumentation and control systems of nuclear power plants brings with it the cyber security concerns similar to other critical infrastructures. Cyber security risk assessments for digital instrumentation and control systems have become more crucial in the development of new systems and in the operation of existing systems. Although the instrumentation and control systems of nuclear power plants are similar to industrial control systems, the former have specifications that differ from the latter in terms of architecture and function, in order to satisfy nuclear safety requirements, which need different methods for the application of cyber security risk assessment. In this paper, the characteristics of nuclear power plant instrumentation and control systems are described, and the considerations needed when conducting cyber security risk assessments in accordance with the lifecycle process of instrumentation and control systems are discussed. For cyber security risk assessments of instrumentation and control systems, the activities and considerations necessary for assessments during the system design phase or component design and equipment supply phase are presented in the following 6 steps: 1) System Identification and Cyber Security Modeling, 2) Asset and Impact Analysis, 3) Threat Analysis, 4) Vulnerability Analysis, 5) Security Control Design, and 6) Penetration test. The results from an application of the method to a digital reactor protection system are described.

Implementation Plan and Requirements Analysis of Access Control for Cyber Security of Nuclear Power Plants (원전 사이버보안을 위한 접근제어 요건분석 및 구현방안)

  • Kim, Do-Yeon
    • The Journal of the Korea institute of electronic communication sciences
    • /
    • v.11 no.1
    • /
    • pp.1-8
    • /
    • 2016
  • The Nuclear Power Plants(: NPP) are being protected as national infrastructure, and instrumentation and control(: I&C) systems are one of the principle facilities of the NPP, which perform the protection, control, and monitoring function. The I&C systems are being evolved into digitalization based on computer and network technology from analog system. In addition, the I&C systems are mostly employ the specialized logic controllers which are dedicated for the NPP, but the usage of generalized IT resources are steadily increased. The cyber security issues for the NPP are being emerged due to cyber incidents by Stuxnet and various accidents in the NPP. In this paper, hybrid access control model is proposed which are applicable to I&C system by analyzing the access control requirements specified in regulatory guides. The safety of in-service and under construction of NPP are effectively increased by applying proposed hybrid model.

Secure OTP Smart Card Authentication Protocol for Denial of Service (서비스거부공격에 안전한 OTP 스마트카드 인증 프로토콜)

  • Shin, Kwang-Cheul
    • Journal of the Korea Society of Computer and Information
    • /
    • v.12 no.6
    • /
    • pp.201-206
    • /
    • 2007
  • Development of Information and Communication technology coming to activity of internet banking and electronic business, and smart card of medium is generalized prevailing for user authentication of electronic signature certificate management center with cyber cash, traffic card, exit and entrance card. In field that using public network, security of smart cart and privacy of card possessor's is very important. Point of smart card security is use safety for smart card by user authentication. Anonymous establishment for privacy protection and denial of service attack for availability is need to provision. In this paper, after analyze for Hwang-Li, Sun's, L-H-Y scheme, password identify element is a change of safety using one time password hash function. We proposed an efficient new smart card authentication protocol against anonymity and denial of service.

  • PDF

Zero-knowledge proof algorithm for Data Privacy

  • Min, Youn-A
    • International Journal of Internet, Broadcasting and Communication
    • /
    • v.13 no.2
    • /
    • pp.67-75
    • /
    • 2021
  • As pass the three revised bills, the Personal Information Protection Act was revised to have a larger application for personal information. For an industrial development through an efficient and secure usage of personal information, there is a need to revise the existing anonymity processing method. This paper modifies the Zero Knowledge Proofs algorithm among the anonymity processing methods to modify the anonymity process calculations by taking into account the reliability of the used service company. More detail, the formula of ZKP (Zero Knowledge Proof) used by ZK-SNAKE is used to modify the personal information for pseudonymization processing. The core function of the proposed algorithm is the addition of user variables and adjustment of the difficulty level according to the reliability of the data user organization and the scope of use. Through Setup_p, the additional variable γ can be selectively applied according to the reliability of the user institution, and the degree of agreement of Witness is adjusted according to the reliability of the institution entered through Prove_p. The difficulty of the verification process is adjusted by considering the reliability of the institution entered through Verify_p. SimProve, a simulator, also refers to the scope of use and the reliability of the input authority. With this suggestion, it is possible to increase reliability and security of anonymity processing and distribution of personal information.

The Intelligent Blockchain for the Protection of Smart Automobile Hacking

  • Kim, Seong-Kyu;Jang, Eun-Sill
    • Journal of Multimedia Information System
    • /
    • v.9 no.1
    • /
    • pp.33-42
    • /
    • 2022
  • In this paper, we have recently created self-driving cars and self-parking systems in human-friendly cars that can provide high safety and high convenience functions by recognizing the internal and external situations of automobiles in real time by incorporating next-generation electronics, information communication, and function control technologies. And with the development of connected cars, the ITS (Intelligent Transportation Systems) market is expected to grow rapidly. Intelligent Transportation System (ITS) is an intelligent transportation system that incorporates technologies such as electronics, information, communication, and control into the transportation system, and aims to implement a next-generation transportation system suitable for the information society. By combining the technologies of connected cars and Internet of Things with software features and operating systems, future cars will serve as a service platform to connect the surrounding infrastructure on their own. This study creates a research methodology based on the Enhanced Security Model in Self-Driving Cars model. As for the types of attacks, Availability Attack, Man in the Middle Attack, Imperial Password Use, and Use Inclusive Access Control attack defense methodology are used. Along with the commercialization of 5G, various service models using advanced technologies such as autonomous vehicles, traffic information sharing systems using IoT, and AI-based mobility services are also appearing, and the growth of smart transportation is accelerating. Therefore, research was conducted to defend against hacking based on vulnerabilities of smart cars based on artificial intelligence blockchain.