• Journal of the Society of Disaster Information
• /
• v.14 no.1
• /
• pp.36-42
• /
• 2018

Most of the disaster situation management system is focusing in the providing the situational information to support the decision of the commander. The information includes the sensing, CCTV, and weather data. Additionally, the reporting from the field agents is an axle of the data. These systems has weak in the field response capacities about the detail mission management to field agents. In this study, we focus in the development of the integrated model for SOP(Standard Operation Procedures) and situation information management.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.4
• /
• pp.961-974
• /
• 2015

With the advancement of SIEM from ESM, it allows deep correlated analysis using huge amount of data. By collecting software's vulnerabilities from assessment with certain classification measures (e.g., CWE), it can improve detection rate effectively, and respond to software's vulnerabilities by analyzing big data. In the phase of monitoring and vulnerability diagnosis Process, it not only detects predefined threats, but also vulnerabilities of software in each resources could promptly be applied by sharing CCE, CPE, CVE and CVSS information. This abstract proposes a model for effective detection and response of software vulnerabilities and describes effective outcomes of the model application.

• The Journal of the Korea Contents Association
• /
• v.10 no.1
• /
• pp.46-58
• /
• 2010

The user valence of VoIP services with SIP protocol is increasing rapidly because of cheap communication cost and its conveniency. But attacker can easily modify the packet contents of SIP protocol as SIP header is transmitted by using UDP methods in text form. The reason is that SIP protocols does not provide an authentication function on the transmission session. Therefore, existing SIP protocol is very weak on SIP Packet Flooding attack etc. In order to solve like this kinds of SIP vulnerabilities, we used SIP status codes under the monitoring module for detecting SIP Flooding attacks and additionally proposed an advanced protocol where the authentication and security function is strengthened about SIP packet. We managed SIP session spontaneously in order to strengthen security with SIP authentication function and to solve the vulnerability of SIP protocol. The proposed mechanism can securely send SIP packet to solves the security vulnerability with minimum traffic transmission. Also service delay in SIP proxy servers will be minimized to solve the overload problem on SIP proxy server.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.2
• /
• pp.295-310
• /
• 2014

DCS (Distributed Control System), the main control system of power plants, is an automated system for enhancing operational efficiency by monitoring, tuning and real-time operation. DCS is becoming more intelligent and open systems as Information technology are evolving. In addition, there are a large amount of investment to enable proactive facility management, maintenance and risk management through the predictive diagnostics. However, new upcoming weaponized malware, such as Stuxnet designed for disrupting industrial control system(ICS), become new threat to the main control system of the power plant. Even though these systems are not connected with any other outside network. The main control systems used in the power plant usually have been used for more than 10 years. Also, this system requires the extremely high availability (rapid recovery and low failure frequency). Therefore, installing updates including security patches is not easy. Even more, in some cases, installing security updates can break the warranty by the vendor's policy. If DCS is exposed a potential vulnerability, serious concerns are to be expected. In this paper, we conduct the penetration test by using NESSUS, a general-purpose vulnerability scanner under the simulated environment configured with the Ovation version 1.5. From this result, we suggest a log analysis method to detect the security infringement and react the incident effectively.

• Journal of Internet Computing and Services
• /
• v.11 no.2
• /
• pp.85-98
• /
• 2010

An advanced and proactive response mechanism against diverse attacks on All-IP network should be proposed for enhancing its security and reliability on open network. There are two main research works related to this study. First one is the SPIE system with hash function on Bloom filter and second one is the Sinkhole routing mechanism using BGP protocol for verifying its transmission path. Therefore, advanced traceback and network management mechanism also should be necessary on All-IP network environments against DDoS attacks. In this study, we studied and proposed a new IP traceback mechanism on All-IP network environments based on existing SPIE and Sinkhole routing model when diverse DDoS attacks would be happen. Proposed mechanism has a Manager module for controlling the regional router with using packet monitoring and filtering mechanism to trace and find the attack packet's real transmission path. Proposed mechanism uses simplified and optimized memory for storing and memorizing the packet's hash value on bloom filter, with which we can find and determine the attacker's real location on open network. Additionally, proposed mechanism provides advanced packet aggregation and monitoring/control module based on existing Sinkhole routing method. Therefore, we can provide an optimized one in All-IP network by combining the strength on existing two mechanisms. And the traceback performance also can be enhanced compared with previously suggested mechanism.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.10 no.10
• /
• pp.2733-2740
• /
• 2009

An advanced and proactive response mechanism against diverse attacks on All-IP network should be proposed for enhance its security and reliability on open network. There are two main research works related to this study. First one is the SPIE system with hash function on Bloom filter and second one is the Sinkhole routing mechanism using BGP protocol for verifying its transmission path. In this study, we proposed an advanced IP Tracing mechanism based on Bloom filter and Sinkhole routing mechanism. Proposed mechanism has a Manager module for controlling the regional router with using packet monitoring and filtering mechanism to trace and find the attack packet's real transmission path. Additionally, proposed mechanism provides advanced packet aggregation and monitoring/control module based on existing Sinkhole routing method. Therefore, we can provide an optimized one in All-IP network by combining the strength on existing two mechanisms. And the Tracing performance also can be enhanced compared with previously suggested mechanism.

• Journal of Industrial Convergence
• /
• v.20 no.7
• /
• pp.65-71
• /
• 2022

With the development of ICT, as the era of the 4th industrial revolution arrives, the amount of data is enormous, and as big data technologies emerge, technologies for processing, storing, and processing data are becoming important. In this paper, we propose a system that detects events through monitoring and judges them using hash values because the damage to important files in case of leakage in industries and public places is serious nationally and property. As a research method, an optional event method is used to compare the hash value registered in advance after performing the encryption operation in the event of a file leakage, and then determine whether it is an important file. Monitoring of specific events minimizes system load, analyzes the signature, and determines it to improve accuracy. Confidentiality is improved by comparing and determining hash values pre-registered in the database. For future research, research on security solutions to prevent file leakage through networks and various paths is needed.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.5
• /
• pp.891-898
• /
• 2022

Along with global interest, drones are expanding the base of utilization such as transportation of goods, forest protection, and safety management, and cluster flights are being applied in various fields such as military operations and environmental monitoring. Currently, specialized networks such as e-UM 5G for services in specific industries are being established in Korea. In this regard, drone systems are also moving to establish specialized networks to provide services that are fused with AI and autonomous flight. As drones converge with various services, various security threats in various environments are also subordinated, and in response, requirements and guidelines for drone security are being prepared in Korea. In this paper, we propose a technology method for peer identification and safe information provision between cluster flight drones by utilizing a cryptographic module equipped with wireless LAN and quantum entropy-based random number generator in a cluster flight system and a mobile communication network such as e-UM 5G.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.15 no.6
• /
• pp.25-30
• /
• 2015

One of the hottest issues of security is information leakage of financial institution. Financial institutions including commercial banks are frequently threatened by attempts of leakage through hacking and vulnerability, and this information is centered on personal information of their clients. Through this study, I found out that security managers of financial institutions are trying to prevent the leaking of private information, but in fact most of them barely know where their personal information is. Even if they know where it is and trace the data, it is often found in unexpected places. Because there is a lot of waste in time and human resources as search is done manually, we have understood that responding to IT Compliance requires a lot of effort. This study is to improve IT Compliance response and protect information leakage through monitoring PC and servers, the main storage of personal information by automated system, periodically.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.20 no.4
• /
• pp.73-79
• /
• 2020

Due to the rapidly ageing population and low birth rates, most countries have faced with the problems of an ageing population. As a result, research into aging and the means to support an aging population has therefore become a priority for many governments around the world. Ambient Assisted Living(AAL) approach is the way to guarantee better life conditions for the aged and for monitoring their health conditions by the development of innovative technologies and services. AAL technologies can provide more safety for the elderly, offering emergency response mechanisms and fall detection solutions. Since the information transmitted in AAL systems is very personal, however, the security and privacy of such data are becoming important issues that must be dealt with. In this paper, we propose a Chameleon hash-based secure authentication protocol for AAL systems. The proposed authentication protocol not only supports several important security requirements needed by the AAL systems, but can also withstand various types of attacks. In addition, the security analysis results show that the proposed authentication protocol is more efficient and secure than the existing authentication protocols.