• 정보처리학회논문지:컴퓨터 및 통신 시스템
• /
• 제6권3호
• /
• pp.121-134
• /
• 2017

다양한 산업에 걸쳐 IoT 기기의 보급이 급격히 증가하면서 신뢰성, 보안성과 같은 안전한 IoT 기기 및 서비스를 위한 요구가 증가하고 있으며 보안공학에서는 고 신뢰(Trustworthy) 시스템의 설계 및 구현을 위해 안전한 개발 생명주기를 활용한다. 안전한 개발 생명주기는 보안요구사항 도출, 설계, 구현, 운영 단계로 구분되며 각 단계별로 달성하기 위한 목표 및 활동이 존재한다. 그 중 보안요구사항 도출 단계는 가장 첫 단계로 향후 설계, 구현 단계의 목표를 달성을 위해 정확하고 객관적인 보안요구사항을 도출하는 것이 중요하다. 정확하고 객관적인 보안요구사항을 도출하기 위해 보안위협모델링을 활용하며 이를 통해 도출된 보안요구사항은 위협 식별 범위에 대한 완전성과 대응되는 위협에 대한 추적성을 만족시킬 수 있다. 해외에서는 다양한 대상과 보안위협방법론을 활용한 연구가 진행되고 있는 반면 국내 연구는 중요성에 비해 상대적으로 미흡한 편이다. 따라서 본 논문에서는 IP Camera를 대상으로 Data Flow Diagram, STRIDE, Attack Tree와 같은 체계적인 보안위협모델링을 통해 보안요구사항을 도출하는 과정에 대해 설명하고 객관적인 의미 전달을 위해 도출한 보안요구사항은 국제표준인 공통평가기준을 활용하여 표현한다.

• Journal of information and communication convergence engineering
• /
• 제5권1호
• /
• pp.64-67
• /
• 2007

IT industry strategy trend and home network security technology is presented. First, we consider the development strategy to improve next generation IT industry. Second, we have analyzed the technique for implementing home network. Last, we have analyzed the technique to security home network field.

• 한국군사과학기술학회지
• /
• 제26권3호
• /
• pp.281-301
• /
• 2023

The shipboard combat system is a key system for naval combat that supports a command and control process cycle consisting of Detect - Control - Engage in real time to ensure ship viability and conduct combat missions. Modern combat systems were developed on the basis of Open Architecture(OA) to maximize acceptance of latest technology and interoperability between systems, and actively introduced the COTS(Commercial-of-the-shelf). However, as a result of that, vulnerabilities inherent in COTS SW and HW also occurred in the combat system. The importance of combat system cybersecurity is being emphasized but cybersecurity research reflecting the characteristics of the combat system is still lacking in Korea. Therefore, in this paper, we systematically identify combat system threats by applying Data Flow Diagram, Microsoft STRIDE threat modelling methodology. The threats were analyzed using the Attack Tree & Misuse case. Finally we derived the applicable security requirements which can be used at stages of planning and designing combat system and verified security requirements through NIST 800-53 security control items.

• Journal of Computing Science and Engineering
• /
• 제12권1호
• /
• pp.12-23
• /
• 2018

The Internet of Things (IoT) ecosystem potentially includes heterogeneous devices with different processing mechanisms as well as very complicated network and communication models. Thus, analysis of data associated with adverse conditions is much more complicated. Moreover, mobile things in the IoT lead to dynamic alteration of environments and developments of a dynamic and ultra-large-scale (ULS) environment. Also, IoT and the services provided by that are mostly based on devices with limited resources or things that may not be capable of hosting conventional controls. Finally, the dynamic and heterogeneous and ULS environment of the IoT will lead to the emergence of new security requirements. The conventional preventive and diagnostic security controls cannot sufficiently protect it against increasing complication of threats. The counteractions provided by these methods are mostly dependent on insufficient static data that cannot sufficiently protect systems against sophisticated and dynamically evolved attacks. Accordingly, this paper investigates the current security approaches employed in the IoT architectures. Moreover, we define the dynamic security based on dynamic event analysis, dynamic engineering of new security requirements, context awareness and adaptability, clarify the need for employment of new security mechanism, and delineate further works that need to be conducted to achieve a secure IoT.

• 산업경영시스템학회지
• /
• 제34권4호
• /
• pp.72-81
• /
• 2011

In this paper, we propose adaptive convergence security policies and management technologies to improve security assurance in the home networking environment. Many security issues may arise in the home networking environment. Examples of such security issues include the user privacy, the service security, the integrated networking security, the middleware security and the device failure. All these security issues, however, should be fulfilled in phase due to many difficulties including deployment cost and technical complexity. For instance, fundamental security requirements such as authentication, access control and prevention of crime and disaster should be addressed first. Then, supplementary security policies and diverse security management technologies should be fulfilled. In this paper, we classify these requirements into three categories, a service authentication, a user authentication and a device authentication, and propose security policies and management technologies for each requirement. Since the home gateway is responsible for interconnection of many home devices and external network access, a variety of context information could be collected from such devices.

• Journal of Electrical Engineering and Technology
• /
• 제7권3호
• /
• pp.443-450
• /
• 2012

As power grids are integrated into one big umbrella (i.e., Smart Grid), communication network plays a key role in reliable and stable operation of power grids. For successful operation of smart grid, interoperability and security issues must be resolved. Security means providing network system integrity, authentication, and confidentiality service. For a cyber-attack to a power grid system, which may jeopardize the national security, vulnerability of communication infrastructure has a serious impact on the power grid network. While security aspects of power grid network have been studied much, security mechanisms are rarely adopted in power gird communication network. For security issues, strict timing requirements are defined in IEC 61850 for mission critical messages (i.e., GOOSE). In this paper, we apply security algorithms (i.e., MD-5, SHA-1, and RSA) and measure their processing time and transmission delay of secured mission critical messages. The results show the algorithms satisfying the timing requirements defined in IEC 61850 and we observer the algorithm that is optimal for secure communication of mission critical messages. Numerical analysis shows that SHA-1 is preferable for secure GOOSE message sending.

• 한국정보처리학회:학술대회논문집
• /
• 한국정보처리학회 2015년도 추계학술발표대회
• /
• pp.634-636
• /
• 2015

As the expansion of enterprise scale and the increase of staff, the amount of terminal is increasing as well. It is very difficult to the system manager of traditional data protection scheme to manage and maintenance for the large number of terminals. This problem can be solved by desktop virtualization, which use traditional security problems still exist and new security problems occur at the same time. Using desktop virtualization, it needs a method of automatic security protection. In this paper, the desktop virtualization security requirements are discussed.

• 한국정보통신학회:학술대회논문집
• /
• 한국정보통신학회 2014년도 춘계학술대회
• /
• pp.175-176
• /
• 2014

식별 및 인증은 어플리케이션 보안 요건의 한 영역이다. 개별 ID를 유일하게 식별해야 한다. 패스워드는 길이 제한 및 조합 표준을 적용해야 한다. 그리고 주기적으로 변경해야 한다. ID/PW 이외의 강화된 인증 방식을 제공해야 한다. 인증 프로세스는 정의된 보안 요건을 만족해야 한다.

• Journal of Computing Science and Engineering
• /
• 제4권1호
• /
• pp.23-51
• /
• 2010

Wireless Sensor Networks (WSN) have proved to be useful in applications that involve monitoring of real-time data. There is a wide variety of monitoring applications that can employ Wireless Sensor Network. Characteristics of a WSN, such as topology and scale, depend upon the application, for which it is employed. Security requirements in WSN vary according to the application dependent network characteristics and the characteristics of an application itself. Key management is the most important aspect of security as some other security modules depend on it. We discuss application dependent variations in WSN, corresponding changes in the security requirements of WSN and the applicability of existing key management solutions in each scenario.

• Nuclear Engineering and Technology
• /
• 제51권7호
• /
• pp.1791-1798
• /
• 2019

Instrumentation and Control (I&C) systems of nuclear power plants (NPPs) have been continuously digitalized. These systems have a critical role in the operation of nuclear facilities by functioning as the brain of NPPs. In recent years, as cyber security threats to NPP systems have increased, regulatory and policy-related organizations around the world, including the International Atomic Energy Agency (IAEA), Nuclear Regulatory Commission (NRC) and Korea Institute of Nuclear Nonproliferation and Control (KINAC), have emphasized the importance of nuclear cyber security by publishing cyber security guidelines and recommending cyber security requirements for NPP facilities. As described in NRC Regulatory Guide (Reg) 5.71 and KINAC RS015, challenge response authentication should be applied to the critical digital I&C system of NPPs to satisfy the cyber security requirements. There have been no cases in which the most robust response authentication technology like challenge response has been developed and applied to nuclear I&C systems. This paper presents a challenge response authentication mechanism for a Programmable Logic Controller (PLC) system used as a control system in the safety system of the Advanced Power Reactor (APR) 1400 NPP.