• Journal of Korea Society of Digital Industry and Information Management
• /
• v.15 no.2
• /
• pp.11-17
• /
• 2019

As interest in the efficiency use of energy has been recently rising, studies have been performed in utilizing various types of eco-friendly green energy and natural energy. Especially there has been rapidly increase in the fields using ESS (Energy Storage System), which is the technology for storing the energy from nature. The application fields of ESS is continuously growing and expanding to various types of technologies. However, in recent years there have been continuing problems with the safety of ESS. And related researches are going on. In this paper, we has proposed a system structure to utilize more secure ESS and has monitored the system status of ESS in real time by using smart phone app. This paper has also proposed a new method to configure secure ESS by implementing GUI (Graphical User Interface) to control the system. And then explain experimental results to investigate the efficiency of the proposed ESS.

• KIPS Transactions on Computer and Communication Systems
• /
• v.6 no.3
• /
• pp.121-134
• /
• 2017

With rapid increasing the development and use of IoT Devices, requirements for safe IoT devices and services such as reliability, security are also increasing. In Security engineering, SDLC (Secure Development Life Cycle) is applied to make the trustworthy system. Secure Development Life Cycle has 4 big steps, Security requirements, Design, Implementation and Operation and each step has own goals and activities. Deriving security requirements, the first step of SDLC, must be accurate and objective because it affect the rest of the SDLC. For accurate and objective security requirements, Threat modeling is used. And the results of the threat modeling can satisfy the completeness of scope of analysis and the traceability of threats. In many countries, academic and IT company, a lot of researches about drawing security requirements systematically are being done. But in domestic, awareness and researches about deriving security requirements systematically are lacking. So in this paper, I described about method and process to drawing security requirements systematically by using threat modeling including DFD, STRIDE, Attack Library and Attack Tree. And also security requirements are described via Common Criteria for delivering objective meaning and broad use of them.

• Proceedings of the Korean Society of Computer Information Conference
• /
• 2013.01a
• /
• pp.249-250
• /
• 2013

우리가 일반적으로 인터넷을 많이 사용하는 디바이스는 컴퓨터가 대표적이었지만 최근에는 스마트 폰을 비롯해서 센서, 자동차, 카메라 등 각종 디바이스를 비롯한 다양한 사물들이 인터넷에 연결되고 있다. 각 구성요소 간의 보안 메커니즘 차이, 시스템의 다양성 문제로 새로운 프로토콜의 필요성이 대두되는 가운데 본 논문은 새로운 IoT환경에서 적용 가능한 통신 프로토콜을 제안한다.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.12 no.2
• /
• pp.892-905
• /
• 2018

In smart home environment, certificate based signature technology is being studied by communication with Internet of Things(IoT) device. However, block - chain technology has attracted much attention because of the problems such as single - point error and management overhead of the trust server. Among them, Keyless Signature Infrastructure(KSI) provides integrity by configuring user authentication and global timestamp of distributed server into block chain by using hash-based one-time key. In this paper, we provide confidentiality by applying group key and key management based on multi - solution chain. In addition, we propose a smart home environment that can reduce the storage space by using Extended Merkle Tree and secure and efficient KSI-based authentication and communication with enhanced security strength.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2016.10a
• /
• pp.281-282
• /
• 2016

최근 사물인터넷(IoT)이 도래함에 따라 IT 산업을 중심으로 소프트웨어의 활용 용도가 컴퓨터 뿐 아니라, 의료, 교육, 금융, 자동차, 에너지 등 다양한 분야에서 활용되고 있다. 이처럼 소프트웨어 활용 분야가 본격적으로 확산됨에 따라 소프트웨어 보안 취약점을 이용한 공격위험 또한 증가하고 있으며, 이에 따라 시큐어코딩의 중요성이 부각되고 있다. 본 논문에서는 기존 시큐어코딩 관리 시스템 환경에서 효율적인 시큐어코딩 관리를 위해 운영서버와 Program Server를 이용한 시큐어코딩 관리 시스템 향상 방안을 제안한다. 제안하는 시스템을 시큐어코딩 프로그램에 적용한다면, 시큐어코딩 프로그램 성능향상과 효율적인 시큐어코딩 시스템 관리에 도움이 될 것으로 기대된다.

• Journal of the Society of Disaster Information
• /
• v.15 no.1
• /
• pp.39-48
• /
• 2019

Purpose: This study aims at developing and implementing Smart Safety Management System based on IoT/ICT Convergence for safety of high-risk groups working at disaster or industrial field. Its functions are as follows. Method: We will develop three devices for keeping the safety of high-risk jobs: Sensor of inactivity, Lora based Refitting technology for communication between high-risk workers, and Lora Gateway for monitoring entire situations. Then we will test three devices in respect of their functions, and propose their applicabilities in the field. Results: The system can send and receive safety tags and danger signals by which sensor technology can detect dangerous state of workers. And its command terminal was developed by low-power wireless communication technology and LoRa Gateway, which can fulfill the lifting functions between safety tags. And, furthermore, the command terminal can monitor dangerous situations of disaster sites in real time and can perform the preemptive rescues. Conclusion: This study proves the functional efficacy of Smart Safety Management System for worker safety in various high-risk occupational groups, and also suggests ways to secure worker safety in disaster area and various high risk industrial sites.

• Convergence Security Journal
• /
• v.22 no.1
• /
• pp.99-111
• /
• 2022

With current battlefield environment relying heavily on Network Centric Warfare(NCW), existing weaponary systems are evolving into a new concept that converges IT technology. Majority of the weaponary systems are implemented with numerous embedded softwares which makes such softwares a key factor influencing the performance of such systems. Furthermore, due to the advancements in both IoT technoogies and embedded softwares cyber threats are targeting various embedded systems as their scope of application expands in the real world. Weaponary systems have been developed in various forms from single systems to interlocking networks. hence, system level cyber security is more favorable compared to application level cyber security. In this paper, a secure real-time operating system has been designed, implemented and measured to protect embedded softwares used in weaponary systems from unknown cyber threats at the operating system level.

• Journal of the Korea Convergence Society
• /
• v.8 no.11
• /
• pp.21-27
• /
• 2017

Internet of Things(IoT), which is developing for the hyper connection society, is based on OSHW (Open Source Hardware) such as Arduino and various small products are emerging. Because of the limitation of low performance and low memory, the IoT is causing serious information security problem that it is difficult to apply strong security technology. In this paper, we analyze the vulnerability that can occur as a result of compiling and loading the application program of Arduino on the host computer. And we propose a new attack method that allows an attacker to arbitrarily change the value input from the sensor of the arduino board. Such as a proposed attack method may cause the arduino board to misinterpret environmental information and render it inoperable. By understanding these attack techniques, it is possible to consider how to build a secure development environment and cope with these attacks.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.19 no.5
• /
• pp.9-17
• /
• 2019

As the IoT environment becomes more popular, the safety of the M2M environment, which establishes the communication environment between objects and objects without human intervention, becomes important. Due to the nature of the wireless communication environment, there is a possibility of exposure to security threats in various aspects such as data exposure, falsification, tampering, deletion and privacy, and secure communication security technology is considered as an important requirement. In this paper, we propose a new method for group key generation and exchange using trap hash collision hash in existing 'M2M communication environment' using hash collision, And a mechanism for confirming the authentication of the device and the gateway after the group key is generated. The proposed method has attack resistance such as spoofing attack, meson attack, and retransmission attack in the group communication section by using the specificity of the collision message and collision hash, and is a technique for proving safety against vulnerability of hash collision.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.15 no.6
• /
• pp.2148-2167
• /
• 2021

The proliferation of the Internet of Things (IoT) technologies and applications, especially the rapid rise in the use of mobile devices, from individuals to organizations, has led to the fundamental role of secure wireless networks in all aspects of services that presented with many opportunities and challenges. To ensure the CIA (confidentiality, integrity and accessibility) security model of the networks security and high efficiency of performance results in various resource-constrained applications and environments of the IoT platform, DDO-(data-driven operation) based constructions have been introduced as a primitive design that meet the demand of high speed encryption systems. Among of them, the TMN-family ciphers which were proposed by Tuan P.M., Do Thi B., etc., in 2016, are entirely suitable approaches for various communication applications of wireless mobile networks (WMNs) and advanced wireless sensor networks (WSNs) with high flexibility, applicability and mobility shown in two different algorithm selections, TMN64 and TMN128. The two ciphers provide strong security against known cryptanalysis, such as linear attacks and differential attacks. In this study, we demonstrate new probability results on the security of the two TMN construction versions - TMN64 and TMN128, by proposing efficient related-key recovery attacks. The high probability characteristics (DCs) are constructed under the related-key differential properties on a full number of function rounds of TMN64 and TMN128, as 10-rounds and 12-rounds, respectively. Hence, the amplified boomerang attacks can be applied to break these two ciphers with appropriate complexity of data and time consumptions. The work is expected to be extended and improved with the latest BCT technique for better cryptanalytic results in further research.