• Journal of Korea Society of Digital Industry and Information Management
• /
• v.13 no.1
• /
• pp.87-101
• /
• 2017

As people increasingly rely on mobile networks in modern society, mobile communication security is becoming more and more important. In the Long Term Evolution/System Architecture Evolution (LTE/SAE) architecture, the 3rd Generation Partnership (3GPP) team has also developed the improved Evolved Packet System Authentication and Key Agreement (EPS AKA) protocol based on the 3rd Generation Authentication and Key Agreement (3G AKA) protocol in order to provide mutual authentication and secure communication between the user and the network. Unfortunately, the EPS AKA also has several vulnerabilities such as sending the International Mobile Subscriber Identity (IMSI) in plain text (which leads to disclosure of user identity and further causes location and tracing of the user, Mobility Management Entity (MME) attack), man-in-middle attack, etc. Hence, in this paper, we analyze the EPS AKA protocol and point out its deficiencies and then propose an Efficient and Security Enhanced Authentication and Key agreement (ESE-EPS AKA) protocol based on hybrid of Dynamic Pseudonym Mechanism (DPM) and Public Key Infrastructure (PKI) retaining the original framework and the infrastructure of the LTE network. Then, our evaluation proves that the proposed new ESE-EPS AKA protocol is relatively more efficient, secure and satisfies some of the security requirements such as confidentiality, integrity and authentication.

• Journal of Digital Convergence
• /
• v.14 no.10
• /
• pp.45-51
• /
• 2016

The purpose of this paper is to plan deployment strategy of public key infrastructure for Malawi by considering the information and communication technology status on it. For this, we will review the information communication technology status on developing and least developed countries focused on Malawi and plan deployment strategy of mobile based public key infrastructure. First of all, we extract out security considerations for public key infrastructure, which is efficient for wireless communication, and design a new lightweight public key infrastructure apt to mobile device by considering Malawi's information communication technology status. Especially, the proposed mobile based public key infrastructure uses smartcards for all the processes of certificate. It could guarantee the same security as the wired counter part based on lightweight mobile device.

• Journal of Digital Convergence
• /
• v.17 no.8
• /
• pp.105-113
• /
• 2019

The purpose of this study is to analyze cyber security risk modeling of critical infrastructure, draw out limitations and improvement measures. This paper analyzed cyber security risk modeling of national critical infrastructure like as electricity sector, nuclear power plant, SCADA. This paper analyzed the 26 precedent research cases of risk modeling in electricity sector, nuclear power plant, SCADA. The latest Critical Infrastructure is digitalized and has a windows operating system. Critical Infrastructure should be operated at all times, it is not possible to patch a vulnerability even though find vulnerability. This paper suggest the advanced cyber security modeling characteristic during the life cycle of the critical infrastructure and can be prevented.

• The Journal of Society for e-Business Studies
• /
• v.4 no.2
• /
• pp.197-208
• /
• 1999

With developing computer and communication technologies, the concept of CALS system has been popular not only to military but also to commercial industries. The security problem is one of the most critical issues to construct CALS infrastructure. The CALS system needs some security functions such that data confidentiality, integrity, authenticity, availability, and non-repudiation. This paper proposes a security architecture model in CALS. The security architecture model is composed of 5 submodels such that network security model, authentication and key management model, operation and audit model, integrated database security model, and risk analysis model.

• The Journal of the Convergence on Culture Technology
• /
• v.7 no.1
• /
• pp.674-681
• /
• 2021

Cyber attacks targeting critical infrastructure are on the rise. Critical infrastructure is defined as core infrastructures within a country with a high degree of interdependence between the different structures; therefore, it is difficult to sufficiently protect it using outdated cybersecurity techniques. In particular, the distinction between the physical and logical risks of critical infrastructure is becoming ambiguous; therefore, risk management from a comprehensive perspective must be implemented. Accordingly, as a means of further actively protecting critical infrastructure, major countries have begun to apply their security and cybersecurity systems by design, as a more expanded concept is now being considered. This proactive security approach (CSbD, Cybersecurity by Design) includes not only securing the stability of software (SW) safety design and management, but also physical politics and device (HW) safety, precautionary and blocking measures, and overall resilience. It involves a comprehensive security system. Therefore, this study compares and analyzes security by design measures towards critical infrastructure that are leading the way in the US, Europe, and Singapore. It reflects the results of an analysis of optimal cybersecurity solutions for critical infrastructure. I would like to present a plan for applying by Design.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.21 no.6
• /
• pp.67-81
• /
• 2011

In recently years, there are cyber-weapon aim to national infrastructure such as 'stuxnet'. Security experts of the world are paying attention to this phenomenon. The networks which controls traffic, subway, waterworks of the city are safe from threats such as computer virus, malware, because the networks were built on closed-networks. However, it's about time to develop countermeasure for the cyber-weapon. In this paper, we review status-quo of the control systems for metropolitan infrastructure and analyze the risk of industrial control system in SCADA(Supervisory Control And Data Acquisition) network. Finally, we propose a security model for control systems of metropolitan infrastructure.

• Proceedings of the Safety Management and Science Conference
• /
• 2007.11a
• /
• pp.475-480
• /
• 2007

This paper introduces service quality systems such as furniture removal for households, carriage of parcels, commercial motorcycle carriage service, the service for warehousing, car rental services, exhibition service, security service, and, facility management services. These service quality systems include terminology, process, and, infrastructure.

• Journal of Advanced Navigation Technology
• /
• v.21 no.6
• /
• pp.633-637
• /
• 2017

Cyber attacks on aircraft and aeronautical networks are not much different from cyber attacks commonly found in the ground industry. Air traffic management infrastructure is being transformed into a digital infrastructure to secure air traffic. A wide variety of communication environments, information and communications, navigation, surveillance and inflight entertainment systems are increasingly threatening the threat posed by cyber terrorism threats. The emergence of unmanned aircraft systems also poses an uncontrollable risk with cyber terrorism. We have analyzed cyber security standards and response strategies in developed countries by recognizing the vulnerability of cyber threats to aircraft systems and aviation infrastructure in next generation data network systems. We discussed comprehensive measures for cybersecurity policies to consider in the domestic aviation environment, and discussed the concept of security environment and quick response strategies.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.1
• /
• pp.165-172
• /
• 2015

Recently large amounts of customer information has leaked ranging from public institutions to the large-scale of portals, and similar information leakage incidents owing to the absence of personal information management have subsequently occurred. Therefore, the security infrastructure in which leakage of internal data can be blocked fundamentally is emerging as a key issue. An integrated identity and access management architecture which performs user access and its rights management, authentication and audit of the business systems is more important to improve the efficiency of business. In addition, this approach is emerging as a safe and effective ways for identity and access rights management. In this paper, we analyze how an integrated approach for identity and access management to improve the efficiency of the computational work and to strengthen the security in local government administration should be constructed, and proposed the preferred solution.

• Korean Security Journal
• /
• no.57
• /
• pp.27-55
• /
• 2018

The problem is that even though the cost of apartment buildings and general expenses are the same and similar tasks, there is a significant gap between them in quantity and quality. The apartment security guard needs more professional management in education and various reporting obligations. In particular, the reality of being away from the management and supervision of the National Police Agency, which is in charge of crime prevention and policing resources throughout the nation, is a task that needs to be improved quickly. Although the "security service" is a specialized area for protecting the lives and property of the people, it is managed and operated only in the category of apartment management, just because it is under the jurisdiction of the Ministry of Land, Infrastructure and Transport. This should be integrated into one cost-related law, such as the "Cost Business Act," for management and operation. Although the regulations concerning security guards under the "Joint Housing Management Act" are very limited, they should start discussing the integrated management of apartment security guards and general security guards in view of improvement of their treatment. The most realistic method would be to hire a new general security officer with a security law as a security guard in an apartment building.