• Journal of Information Technology Services
• /
• v.8 no.1
• /
• pp.47-58
• /
• 2009

The information protection security diagnosis institution was applied services since 2004, for the leveling up of public information protection and the establishment of the stability and reliability of information communication. And this security diagnosis was implemented actually on the 142 firms in 2005, the 160 firms in 2006 and the 205 firms in 2007. But this is recognized by the some firms as one of the unnecessary regulations. And there are some difficulties with collecting the subjective and reliable source data for establishing the information protection security diagnosis target. In this research, the enhanced model on the selection of information protection security diagnosis target firms was suggested by the interview with some expert and the analysis for the related actual data. By the model which are introduced from the statistical analysis of the related data and the summary of some expert's suggestions, information protection security diagnosis target can include the information telecommunication service providers taking 5 billion won as sales in a year, and web service providers like as shopping mall site, with the personal records of 2 million subscribers.

• Journal of the Korea Society of Computer and Information
• /
• v.24 no.9
• /
• pp.35-42
• /
• 2019

In this paper, we propose an approach to apply network-based moving target defense into Internet of Things (IoT) networks. The IoT is a technology that provides the high interconnectivity of things like electronic devices. However, cyber security risks are expected to increase as the interconnectivity of such devices increases. One recent study demonstrated a man-in-the-middle attack in the statically configured IoT network. In recent years, a new approach to cyber security, called the moving target defense, has emerged as a potential solution to the challenge of static systems. The approach continuously changes system's attack surface to prevent attacks. After analyzing IPv4 / IPv6-based moving target defense schemes and IoT network-related technologies, we present our approach in terms of addressing systems, address mutation techniques, communication models, network configuration, and node mobility. In addition, we summarize the direction of future research in relation to the proposed approach.

• Korean Security Journal
• /
• no.56
• /
• pp.9-30
• /
• 2018

Crime prevention strategies are introduced to reduce the loss caused by crimes, and Target hardening against domestic burglary attacks is broadly accepted as one of such physical security strategies. In terms of business and home security, target hardening is one of the suite of protective measures that are included in crime prevention through environmental design(CPTED). This can include ensuring all doors and windows are sourced and fitted in such a way that they can resist forcible and surreptitious from the attack of intruder. Target hardening with certified security doors, security windows and secure locks are revealed to be much more effective to deter burglary attacks than other security devices, such as CCTV, lightings and alarms which have largely psychological and indirect impact. A pilot program of target hardening utilizing certified security window and locks was carried out in Ansan city, South Korea in 2016. This study is based on the quasi-experimental design of this program for a residential area. The researchers tried to verify the crime displacement effect of the target hardening program and the diffusion effects of crime prevention benefits by analysing the crime statistics. The evaluation utilized WDQ(Weighted Displacement Quotient) technique to analyze whether the crime displacement occurred, compared the crime statistics of the experimental area with that of buffer zone and controlled areas. The result showed that the target hardening program was significantly effective in crime prevention. The number of burglary in the experimental site with target hardening intervention reduced by 100%, although the areas without the intervention showed reduction in the burglary. The crime displacement was not found at all, and the number of burlary at the buffer zone also reduced significantly.

• Convergence Security Journal
• /
• v.16 no.5
• /
• pp.65-71
• /
• 2016

The use of Wireless Sensor Networks in many applications require not only efficient network design but also broad aspects of security, military and health care for hospital. Among many applications of WSNs, target tracking is an essential research area in WSNs. We need to track a target quickly as well as find the lost target in WSNs. In this paper, we propose an efficient target tracking method. We also propose an efficient clustering method and algorithm for target tracking.

• Proceedings of the KIEE Conference
• /
• 2003.07d
• /
• pp.2744-2746
• /
• 2003

ISO/IEC 15408 requires the TOE(Target of Evaluation) Security Environment section of a Protection Profile(PP) or Security Target(ST) to contain a list of assumptions about the TOE security environment or the intended usage of the TOE. This paper presents a specific conditions should be assumed to exist in the smart card environment and the analysis of those conditions developer of smart card PP must consider.

• Korean Security Journal
• /
• no.6
• /
• pp.327-340
• /
• 2003

As a countermeasure under accidental occurrence situation, First, as application form of martial arts, A security guard foster ability that can protect a target person of guard and own body under accidental occurrence situation through incessant martial arts practice. To achieve this purpose, incessant training mental power and physical strength reinforcement should be kept on to prevent, therefore make a safety control function for such as weapon, small arms, explosive, vehicles terror etc. happened under accidental occurrence situation. Second, according to the contents of training based on the classification category of martial arts for security guard under accidental situation, a security guard must keep safety distance necessarily lest a target person of gurad should be attacked by attacker, therefore, intercept an attack opportunity if a safety distance between a target person of guard and attacker is not kept. Third, It is to practice confrontation techniques based on the type of attack. A security guard must develp situation disposal ability that can cope properly with the attack using empty hands, murderous weapon, small arms, explosive by case or individual or mass of threat that impose danger and injury in a target person's body of guard.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.16 no.3
• /
• pp.1063-1075
• /
• 2022

In recent years, container techniques have been broadly applied to cloud computing systems to maximize their efficiency, flexibility, and economic feasibility. Concurrently, studies have also been conducted to ensure the security of cloud computing. Among these studies, moving-target defense techniques using the high agility and flexibility of cloud-computing systems are gaining attention. Moving-target defense (MTD) is a technique that prevents various security threats in advance by proactively changing the main attributes of the protected target to confuse the attacker. However, an analysis of existing MTD techniques revealed that, although they are capable of deceiving attackers, MTD techniques have practical limitations when applied to an actual cloud-computing system. These limitations include resource wastage, management complexity caused by additional function implementation and system introduction, and a potential increase in attack complexity. Accordingly, this paper proposes a software-defined MTD system that can flexibly apply and manage existing and future MTD techniques. The proposed software-defined MTD system is designed to correctly define a valid mutation range and cycle for each moving-target technique and monitor system-resource status in a software-defined manner. Consequently, the proposed method can flexibly reflect the requirements of each MTD technique without any additional hardware by using a software-defined approach. Moreover, the increased attack complexity can be resolved by applying multiple MTD techniques.

• Proceedings of the KIEE Conference
• /
• 2003.07d
• /
• pp.2747-2749
• /
• 2003

Security is concerned with the protection of assets from threats, where threats are categorised as the potential for abuse of protected assets. All categories of threats should be considered, but in the domain of security greater attention is given to those threats that are related to malicious or other human activities ISO/IEC 15408 requires the TOE(Target of Evaluation) Security Environment section of a Protection Profile(PP) or Security Target(ST) to contain a list of threats about the TOE security environment or the intended usage of the TOE. This paper presents a specific physical threats should be considered in the smart card PP which developers of smart card PP must consider.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.5
• /
• pp.1191-1204
• /
• 2012

As attackers try to paralyze information security systems, many researchers have investigated security testing to analyze vulnerabilities of information security products. Penetration testing, a critical step in the development of any secure product, is the practice of testing a computer systems to find vulnerabilities that an attacker could exploit. Security testing like penetration testing includes gathering information about the target before the test, identifying possible entry points, attempting to break in and reporting back the findings. Therefore, to obtain maximum generality, re-usability and efficiency is very useful for efficient security testing and vulnerability hunting activities. In this paper, we propose a threat analysis based software security testing technique for evaluating that the security functionality of target products provides the properties of self-protection and non-bypassability in order to respond to attacks to incapacitate or bypass the security features of the target products. We conduct a security threat analysis to identify vulnerabilities and establish a testing strategy according to software modules and security features/functions of the target products after threat analysis to improve re-usability and efficiency of software security testing. The proposed technique consists of threat analysis and classification, selection of right strategy for security testing, and security testing. We demonstrate our technique can systematically evaluate the strength of security systems by analyzing case studies and performing security tests.

• International journal of advanced smart convergence
• /
• v.5 no.3
• /
• pp.27-31
• /
• 2016

High-tech industries in a state well enough to troubleshoot hacking information introduction a big barrier to delay the growth of the market related to IoT(Internet of Things) as is likely to be on the rise. This early on, security issues introduced in the solution, a comprehensive solution, including the institutional laws/precautions needed. Recent examples of frequent security threats while IoT is the biggest issue of introducing state-of-the-art industry information due to the vulnerable security hacking. This high-tech industries in order to bridge the information responsible for the target attribute, target range, and the protection of security and how to protect the subject, IoT environment (domestic industrial environment) considering the approach is needed. IoTs with health care and a wide variety of services, such as wearable devices emerge. This ensures that RFID/USN-based P2P/P2M/M2M connection is the implementation of the community. In this study, the issue on the high-tech industrial information and the vulnerable security issues of IoT are described.