• Journal of the Korea Society of Computer and Information
• /
• v.23 no.12
• /
• pp.95-105
• /
• 2018

As the IT industry developed, the information held by the company soon became a corporate asset. As this information has value as an asset, the number and scale of various cyber attacks which targeting enterprises and institutions is increasing day by day. Therefore, research are being carried out to protect the assets from cyber attacks by using the attack graph to identify the possibility and risk of various attacks in advance and prepare countermeasures against the attacks. In the attack graph, security metric is used as a measure for determining the importance of each asset or the risk of an attack. This is a key element of the attack graph used as a criterion for determining which assets should be protected first or which attack path should be removed first. In this survey, we research trends of various security metrics used in attack graphs and classify the research according to application viewpoints, use of CVSS(Common Vulnerability Scoring System), and detail metrics. Furthermore, we discussed how to graft the latest security technologies, such as MTD(Moving Target Defense) or SDN(Software Defined Network), onto the attack graphs.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.4
• /
• pp.905-917
• /
• 2018

The sovereign state has the right to engage in self-defense or war with the approval of the Security Council when it receives an invasion of territory from a foreign country. War is conducted under the principle of the necessity and proportionality of self-defense. In case of cyber attack, proportional countermeasure must be made through attack means and effect analysis, and cyber weapons need to be classified for this purpose. Therefore, this study aims to provide a rational and legitimate response according to the necessity and proportionality of the self - defense right by suggesting definition and classification criteria of cyber weapons. In this study, cyber weapons were defined as "means of collecting, attacking, and protecting information using cyber technology in the cyber space according to military objectives. Based on existing weapon systems and public cyber weapons cases, cyber weapons were classified as (1) cyber weapons for information gathering, (2) cyber weapons for attack, and (3) cyber weapons for protection. We suggest the considerations for applying the proportional response according to this functional classification. In order to guarantee the principle of proportionality to cyber attacks in the future, the classification study based on the cyber weapon effect should be conducted. This study has conducted an exploratory study on the classification of cyber clusters which constitutes one axis of the proportionality principle.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.3
• /
• pp.707-716
• /
• 2018

Recently, instead of technical cyber operations that directly attack the target information system by using cyber attack techniques, social engineering techniques that indirectly invade the system by exploiting the vulnerabilities of persons who manage the system are being watched. Despite this trend, there is a lot of confusion because there is no clear concept about the relationship between cyber operations and social engineering techniques. Therefore, this paper aims at establishing a clear concept of a social engineering cyber operation, helping future researchers in this literature.

• Convergence Security Journal
• /
• v.20 no.4
• /
• pp.35-45
• /
• 2020

Cyber attacks on the aviation weapon system, a state-of-the-art asset, have become a reality and are approaching as a constant threat. However, due to the characteristics of embedded software of the current aviation weapon system, it is managed and operated without connection to the network in peacetime, so the response management to cyber attacks is relatively weak. Therefore, when a cyber attack becomes a reality, it is urgent to prepare and evaluate measures for the adverse effects that such attack will have on the execution of the Air Tasking Order(ATO). In this paper, we propose a framework for operational impact assessment in order to avoid confusion in ATO execution and systematic response to cyber attacks on aviation weapons systems. The proposed framework is designed to minimize the negative impact on operations against cyber attacks that may occur under no warning by analyzing the impact on air operations for each aviation weapon system and standardizing countermeasures for this. In addition, it supports the operational commander to make a quick decision to command for the execution of the operation even in a situation where a cyber attack occurs.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2017.10a
• /
• pp.302-305
• /
• 2017

With the development of new ICT technology, new technologies are being applied to automobiles. The smart key for vehicles is also a device to which ICT new technology is applied. Therefore, a cyber-hacking attack against a smart key of a vehicle is possible. The cyber attack on the smart key can cause an abnormal control of the vehicle. Vehicle control can lead to vehicle hijacking and vehicle control risks. In this paper, we analyze the vulnerability of smart key for vehicle. Analyze cyber attacks against smart keys in vehicles. Then, we conduct real hacking attacks on smart keys for vehicles and propose countermeasures. We conduct a hacking attack against the smart key for vehicle that has devised countermeasures and analyze countermeasures against cyber attack security. This paper will contribute to the prevention of vehicle deodorization and to the safety of the people.

• Convergence Security Journal
• /
• v.11 no.6
• /
• pp.53-58
• /
• 2011

There is increasing use of common commercial operation system and standard PCs to control industrial production systems, and cyber security threat for industrial facilities have emerged as a serious problem. Now these network connected ICS(Industrial Control Systems) stand vulnerable to the same threats that the enterprise information systems have faced and they are exposed to malicious attacks. In particular Stuxnet is a computer worm targeting a specific industrial control system, such as a gas pipeline or power plant and in theory, being able to cause physical damage. In this paper we present an overview of the general configuration and cyber security threats of a SCADA and investigate the attack tree analysis to identify and assess security vulnerabilities in SCADA for the purpose of response to cyber attacks in advance.

• Journal of KIISE:Computing Practices and Letters
• /
• v.8 no.4
• /
• pp.457-467
• /
• 2002

In order to simulate cyber attacks and predict network behavior by attacks, we should represent attributes of network components in the simulation model, and should express characteristics of systems that carry out various cyber attacks and defend from these attacks. To simulate how network load may change under the cyber attacks, we extended SSF[9, 10] that is process-based event-oriented simulation system. We added a firewall class and a packet manipulator into the SSFNet that is a component of SSF. The firewall class, which is related to the security, is to simulate cyber attacks, and the packet manipulator is a set of functions to write attack programs for the simulation. The extended SSFNet enables to simulate a network with the security systems and provides advantages that make easy to port already exsiting attack programs and apply them to the simulation evironment. We made a vitual network model to verify operations of the added classes, and simulated a smurf attack that is a representative denial of sevive attack, and observed the network behavior under the smurf attack. The results showed that the firewall class and packet manipulator developed in this paper worked normaly.

• Journal of Information Technology Services
• /
• v.20 no.5
• /
• pp.119-136
• /
• 2021

Since the global spread of COVID-19, social distancing and untact service implementation have spread rapidly. With the transition to a non-face-to-face environment such as telework and remote classes, cyber security threats have increased, and a lot of cyber compromises have also occurred. In this study, cyber-attacks and response cases related to COVID-19 are summarized in four aspects: cyber fraud, cyber-attacks on companies related to COVID-19 and healthcare sector, cyber-attacks on untact services such as telework, and preparation of untact services security for post-covid 19. After the outbreak of the COVID-19 pandemic, related events such as vaccination information and payment of national disaster aid continued to be used as bait for smishing and phishing. In the aspect of cyber-attacks on companies related to COVID-19 and healthcare sector, we can see that the damage was rapidly increasing as state-supported hackers attack those companies to obtain research results related to the COVID-19, and hackers chose medical institutions as targets with an efficient ransomware attack approach by changing 'spray and pray' strategy to 'big-game hunting'. Companies using untact services such as telework are experiencing cyber breaches due to insufficient security settings, non-installation of security patches, and vulnerabilities in systems constituting untact services such as VPN. In response to these cyber incidents, as a case of cyber fraud countermeasures, security notices to preventing cyber fraud damage to the public was announced, and security guidelines and ransomware countermeasures were provided to organizations related to COVID-19 and medical institutions. In addition, for companies that use and provide untact services, security vulnerability finding and system development environment security inspection service were provided by Government funding programs. We also looked at the differences in the role of the government and the target of security notices between domestic and overseas response cases. Lastly, considering the development of untact services by industry in preparation for post-COVID-19, supply chain security, cloud security, development security, and IoT security were suggested as common security reinforcement measures.

• Convergence Security Journal
• /
• v.18 no.3
• /
• pp.123-132
• /
• 2018

North Korea's cyber warfare capability is becoming a serious security threat to Korea because most of the operational systems of social infrastructure and advanced weapons system are all networked. Therefore, the purpose of this article is to examine what the Korean government should do to strengthen cyber security capabilities toward North Korea. For this purpose, this article analyzed North Korea's cyber attack cases against Korea by categorizing according to threat type and purpose. The research findings are as follows. It is necessary first, to have aggressive cyber protection and attack capabilities; second, to establish an integrated cyber security control tower that can be overseen by the national government; third, to need to legislate domestic cyber- related laws; fourth, to build a multilateral & regional cyber cooperation system. The implication of these findings are that it needs to be strengthened the cyber security capability from the cyber threats of North Korea by minimizing the damage during the peacetime period and for the complete warfare in case of emergency.

• Journal of the Korean Institute of Illuminating and Electrical Installation Engineers
• /
• v.25 no.6
• /
• pp.90-99
• /
• 2011

As power industry evolves into Smart Grid scheme, previously closed power systems are being integrated into public communication networks. It increases the controllability and efficiency of the system, but also accompanies many cyber threats having existed in the Internet to the SCADA system. Therefore it is required to apply security countermeasures to the Smart Grid, which brings about investment costs. There have been few approaches to assess risks from cyber attack especially in electric power industry. So this paper proposes a methodology to assess quantitative impacts of various types of cyber attacks to a power system, and also shows the feasibility of the method through a case study.