• The Journal of Society for e-Business Studies
• /
• v.24 no.2
• /
• pp.15-27
• /
• 2019

In the past, the control system was a closed network that was not connected to the external network. However, in recent years, many cases have been opened to the outside for the convenience of management. Are connected to the Internet, and the number of operating control systems is increasing. As a result, it is obvious that hackers are able to make various attack attempts targeting the control system due to external open, and they are exposed to various security threats and are targeted for attack. Industrial control systems that are open to the outside have most of the remote management ports for web services or remote management, and the expansion of web services through web programs inherits the common web vulnerability as the control system is no exception. In this study, we classify and compare existing web vulnerability items in order to derive the most commonly tried web hacking attacks against control system from the attacker's point of view. I tried to confirm.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.4
• /
• pp.637-659
• /
• 2021

Since the creation of the first Bitcoin blockchain in 2009, the number of cryptocurrency users has steadily increased. However, the number of hacking attacks targeting assets stored in these users' cryptocurrency wallets is also increasing. Therefore, we evaluate the security of the wallets currently on the market to ensure that they are safe. We first conduct threat modeling to identify threats to cryptocurrency wallets and identify the security requirements. Second, based on the derived security requirements, we utilize attack trees and Bayesian network analysis to quantitatively measure the risks inherent in each wallet and compare them. According to the results, the average total risk in software wallets is 1.22 times greater than that in hardware wallets. In the comparison of different hardware wallets, we found that the total risk inherent to the Trezor One wallet, which has a general-purpose MCU, is 1.11 times greater than that of the Ledger Nano S wallet, which has a secure element. However, use of a secure element in a cryptocurrency wallet has been shown to be less effective at reducing risks.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.23 no.10
• /
• pp.1311-1319
• /
• 2019

Currently, the web environment is a commonly used area for sharing information and conducting business. It is becoming an attack point for external hacking targeting on personal information leakage or system failure. Conventional signature-based detection is used in cyber threat but signature-based detection has a limitation that it is difficult to detect the pattern when it is changed like polymorphism. In particular, injection attack is known to the most critical security risks based on web vulnerabilities and various variants are possible at any time. In this paper, we propose a novelty detection technique to detect abnormal state that deviates from the normal state on web-server log dataset(WSLD). The proposed method is a machine learning-based technique to detect a minor anomalous data that tends to be different from a large number of normal data after replacing strings in web-server log dataset with vectors using machine learning-based embedding algorithm.

• Journal of Convergence for Information Technology
• /
• v.11 no.7
• /
• pp.21-30
• /
• 2021

With the development of IoT technology, various cloud computing-based services such as smart cars, smart healthcare, smart homes, and smart farms are expanding. With the advent of a new environment, various problems continue to occur, such as the possibility of exposure of important information such as personal information or company secrets, financial damage cases due to hacking, and human casualties due to malicious attack techniques. In this paper, we propose a message communication protocol for smart home-based secure communication and user data protection. As a detailed process, secure device registration, message authentication protocol, and renewal protocol were newly designed in the smart home environment. By referring to the security requirements related to the smart home service, the stability of the representative attack technique was verified, and as a result of performing a comparative analysis of the performance, the efficiency of about 50% in the communication aspect and 25% in the signature verification aspect was confirmed.

• Convergence Security Journal
• /
• v.20 no.4
• /
• pp.103-112
• /
• 2020

Recently, the interest in hobby/leisure drones is increasing in the private sector, and the military also uses drones in various countries such as North Korea, the United States, and Iran for military purposes such as reconnaissance and destruction. A variety of drone related research is underway, such as establishing and operating drone units within the Korean military. Inparticular, recently, as the size of drone flight control source code increases and the number of functions increases, drone developers are getting accustomed to using open sources and using them without checking for separate security vulnerabilities. However, since these open sources are actually accessible to attackers, they are inevitably exposed to various vulnerabilities. In this paper, we propose an attack scenario for military drones using open sources in connection with these vulnerabilities using Telemetry Hijacking techniques.

• Journal of Distribution Science
• /
• v.16 no.5
• /
• pp.61-70
• /
• 2018

Purpose - These days, an individual user, private entity, hears everyday news of hacking and personal information leakage in the era of a most-connected society. This study investigates cyber attack, cyber insurance and distribution channels for insurance goods in South Korea by analyzing various cases of cyber attacks in domestic and overseas case. Research design, data and methodology - This study adopted various study cases instead of the one large case for deep quality analysis, and focused on various cases of domestic and overseas cyber attacks with insurance. Result - As a result of analyzing the cases that were hacked, types of massive losses and damages arising out of internet blackout due to cyber risks are paralyzation of public and private website and portal, electronic administrative system, public infrastructure, and consequently a normal operation of nation is impossible. These losses and damages however can be coverable under cyber insurance. Conclusions - This paper suggests insurance carriers, as suppliers, should provide multiple channels to sell to the customer and should expand the strategy of advertisement and promotion in order for them to change their mind and compare the price and value of the information of individual users and private entity in view of cost savings.

• 제어로봇시스템학회:학술대회논문집
• /
• 2005.06a
• /
• pp.1594-1597
• /
• 2005

A rapid development and a wide use of the Internet have expanded a network environment. Further, the network environment has become more complex due to a simple and convenient network connection and various services of the Internet. However, the Internet has been constantly exposed to the danger of various network attacks such as a virus, a hacking, a system intrusion, a system manager authority acquisition, an intrusion cover-up and the like. As a result, a network security technology such as a virus vaccine, a firewall, an integrated security management, an intrusion detection system, and the like are required in order to handle the security problems of Internet. Accordingly, a router, which is a key component of the Internet, controls a data packet flow in a network and determines an optimal path thereof so as to reach an appropriate destination. An error of the router or an attack against the router can damage an entire network. This paper relates to a method for RSMS (router security management system) for secure networking based on a security policy. Security router provides functions of a packet filtering, an authentication, an access control, an intrusion analysis and an audit trail in a kernel region. Security policy has the definition of security function against a network intrusion.

• THE INTERNATIONAL COMMERCE & LAW REVIEW
• /
• v.27
• /
• pp.129-161
• /
• 2005

Todays, computers in business world are potent facilitators that most companies could not without them, while they are only tools. They offer extremely efficient means of communication, particularly when connected to Internet. What I stress in this article is the risks accompanied by e-commerce rather than the advantages of Internet or e-commerce. The management of e-commerce companies, therefore, should keep in mind that the benefit of e-commerce through the Internet are accompanied by enhanced and new risks, cyber risks or e-commerce risks. For example, companies are exposed to computer system breakdown and business interruption risks owing to traditional and physical risks such as theft and fire etc, computer programming errors and defect softwares and outsider's attack such as hacking and virus. E-commerce companies are also exposed to tort liabilities owing to defamation, the infringement of intellectual property such as copyright, trademark and patent right, negligent misrepresent and breach of confidential information or privacy infringement. In this article, I would like to suggest e-commerce insurance or cyber liability insurance as a means of risk management rather than some technical devices, because there is not technically perfect defence against cyber risks. But e-commerce insurance has some gaps between risks confronted by companies and coverage needed by them, because it is at most 6 or 7 years since it has been introduced to market. Nevertheless, in my opinion, e-commerce insurance has offered the most perfect defence against cyber risks to e-commerce companies up to now.

• International Commerce and Information Review
• /
• v.7 no.3
• /
• pp.27-51
• /
• 2005

Todays, computers in business world are potent facilitators that most companies could not without them, while they are only tools. They offer extremely efficient means of communication, particularly when connected to Internet. What I stress in this article is the risks accompanied by e-commerce rather than the advantages of Internet or e-commerce. The management of e-commerce companies, therefore, should keep in mind that the benefit of e-commerce through the Internet are accompanied by enhanced and new risks, cyber risks or e-commerce risks. For example, companies are exposed to computer system breakdown and business interruption risks owing to traditional and physical risks such as theft and fire etc, computer programming errors and defect softwares and outsider's attack such as hacking and virus. E-commerce companies are also exposed to tort liabilities owing to defamation, the infringement of intellectual property such as copyright, trademark and patent right, negligent misrepresent and breach of confidential information or privacy infringement. In this article, I would like to suggest e-commerce insurance or cyber liability insurance as a means of risk management rather than some technical devices, because there is not technically perfect defence against cyber risks. But e-commerce insurance has some gaps between risks confronted by companies and coverage needed by them, because it is at most 6 or 7 years since it has been introduced to market. Nevertheless, in my opinion, e-commerce insurance has offered the most perfect defence against cyber risks to e-commerce companies up to now.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.13 no.3
• /
• pp.1-9
• /
• 2017

Recently, Bitcoin which is digital currency and cryptocurrency is getting worldwide attention since Bitcoin has an ability to replace legal tender unlike other existing cyber currency. Especially, most Bitcoin trading is done between two traders such as P2P method and it does not require a third-party to make sure reliability and it records every transaction details, so it is more transparent then traditional financial trade, so the number of users is increasing. However, Bitcoin, which has been recognized for transparency, confidentiality and stability among traders has recently been threatened by illegal transactions such as money laundering and the attack on the exchange. These threats to Bitcoin are becoming social problems. At first, it seems that most of the digital currency is difficult to get hacked due to the Blockchain technology. However, threats such as digital money leaks by user account hacking and paralyzing the servers are increasing. In this paper, it will examine the features of the Bitcoin and the threatening elements to secure marketability of digital currency such as Bitcoin and receive more interest from public in domestic. The paper will examine the problems of Blockchain technology on speculative transactions and fraudulent behavior by analyzing the problems of Bitcoin transaction. Lastly, it will propose ways to make transparent and secure digital currency transactions.