• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.3
• /
• pp.565-573
• /
• 2022

Current mobile communication system is in the mid-process of conversion from 4G LTE to 5G network. According to the generalization of mobile communication services, personal information such as user's identifiers and location information is transmitted through a mobile communication network. The importance of security technology is growing according to the characteristics of wireless mobile communication networks, the use of wireless shared channels is inevitable, and security technology cannot be applied to all network system elements in order to satisfy the bandwidth and speed requirements. In particular, for security threat analysis, researches are being conducted on various attack types and vulnerability analysis through rogue base stations or attacker UE to make user services impossible in the case of 5G networks. In this paper, we established a 5G network testbed using open sources. And we analyzed three security vulnerabilities related to NAS COUNT and confirmed the validity of two vulnerabilities based on the testbed or analyzing the 3GPP standard.

• Journal of Industrial Convergence
• /
• v.21 no.3
• /
• pp.181-188
• /
• 2023

The e-Government standard framework provides overall technologies such as reuse of common components for web environment development such as domestic government/public institutions, connection of standard modules, and resolution of dependencies. However, in a standardized development environment, there is a possibility of updating old versions according to core versions and leakage of personal and confidential information due to hacking or computer viruses. This study directly analyzes security vulnerabilities focusing on websites that operate eGovFrame in Korea. As a result of analyzing/classifying vulnerabilities at the internal programming language source code level, five items associated with representative security vulnerabilities could be extracted again. As a countermeasure against this, the security settings and functions through the 2 steps (1st and 2nd steps) and security policy will be explained. This study aims to improve the security function of the e-government framework and contribute to the vitalization of the service.

• Journal of Internet Computing and Services
• /
• v.24 no.4
• /
• pp.15-24
• /
• 2023

Digital therapeutics (DTx) are utilized to replace or supplement drug therapy to treat patients. DTx are developed as a mobile application for portability and convenience. The government requires security verification to be performed on digital medical devices that manage sensitive information during the transmission and storage of patient data. Although safety verification is included in the approval process for DTx, the cybersecurity checklist used as a reference does not reflect the characteristics of mobile applications. This poses the risk of potentially overlooking vulnerabilities during security verification. This study aims to address this issue by comparing and analyzing existing items based on the mobile tactics, techniques, and procedures of MITRE ATT&CK, which manages globally known and occurring vulnerabilities through regular updates. We identify 16 items that require improvement and expand the checklist to 29 items to propose improvement measures. The findings of this study may contribute to the safe development and advancement of DTx for managing sensitive patient information.

• Journal of KIISE
• /
• v.45 no.1
• /
• pp.76-85
• /
• 2018

Governments and public agencies try to use the cloud to carry out their work and provide public services. However, a public cloud is vulnerable to security side because it has a structure to support services using public networks (i.e, the internet). Thus, this paper finds the general security vulnerabilities of a network and compares and analyzes the characteristics of transport protocols (UDP, TCP, SCTP, and MPTCP) on the basis of their security vulnerabilities. This paper uses a reliability and security factor for the comparative analysis, evaluates the security exposure, and chooses a suitable protocol considering the security of the transport protocols in the cloud circumstance.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.9 no.5
• /
• pp.1920-1937
• /
• 2015

Network environment has been under constant threat from both malicious attackers and inherent vulnerabilities of network infrastructure. Existence of such threats calls for exhaustive vulnerability analyzing to guarantee a secure system. However, due to the diversity of security hazards, analysts have to select from massive alternative hardening strategies, which is laborious and time-consuming. In this paper, we develop an approach to seek for possible hardening strategies and prioritize them to help security analysts to handle the optimal ones. In particular, we apply a Risk Flow Attack Graph (RFAG) to represent network situation and attack scenarios, and analyze them to measure network risk. We also employ a multi-objective genetic algorithm to infer the priority of hardening strategies automatically. Finally, we present some numerical results to show the performance of prioritizing strategies by network risk and hardening cost and illustrate the application of optimal hardening strategy set in typical cases. Our novel approach provides a promising new direction for network and vulnerability analysis to take proper precautions to reduce network risk.

• International Journal of Advanced Culture Technology
• /
• v.3 no.2
• /
• pp.77-86
• /
• 2015

In this paper there is an overview of some standards and security models which are implemented in such an IP-based and heterogeneous networks and we also present some security models in an open environment and finally we obtain that as a result of the nature of 4G networks there are still more security holes and open issues for expert to notice. Our survey shows that a number of new security threats to cause unexpected service interruption and disclosure of information will be possible in 4G due mainly to the fact that 4G is an IP-based, heterogeneous network. Other than that, it tells about the security issues and vulnerabilities present in the above 4G standards are discussed. Finally, we point to potential areas for future vulnerabilities and evaluate areas in 4G security which warrant attention and future work by the research and advanced technology industry.

• Convergence Security Journal
• /
• v.19 no.3
• /
• pp.29-36
• /
• 2019

The convergence of traditional industry and ICT is a combination of security threats and vulnerabilities in ICT and specific industry-specific problems of existing industries, and new security threats and vulnerabilities are emerging. In particular, in the medical ICT convergence industry, various problems regarding user authentication are derived from the medical information system, which is being used for abuse and security weaknesses. According, this study designed and implemented a user authentication system for secure user management in medical ICT convergence environment. Specifically, we design and implement measures to solve the abuse and security weaknesses of ID sharing and to solve the inconvenience of individual ID / PW authentication by performing user authentication using personalized devices based on medical information systems.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.3
• /
• pp.635-642
• /
• 2018

In the Era of the Fourth Industrial Revolution, we live in huge amounts of software. However, as software increases, software vulnerabilities are also increasing. Therefore, it is important to detect and remove software vulnerabilities. Currently, many researches have been studied to predict and detect software security problems, but it takes a long time to detect and does not have high prediction accuracy. Therefore, in this paper, we describe a method for efficiently predicting software vulnerabilities using machine learning algorithms. In addition, various machine learning algorithms are compared through experiments. Experimental results show that the k-nearest neighbors prediction model has the highest prediction rate.

• Journal of the Korea Convergence Society
• /
• v.2 no.4
• /
• pp.1-7
• /
• 2011

As the developing of the information technology, M2M market that is using communication between devices is growing rapidly and many companies are involved in M2M business. In this paper, the concept of telematics and vulnerabilities of vehicle network security are discussed. The convergence of vehicle and information technology, the development of mobile communication technology have improved quality of service that provided to user but as a result security threats has diverse. We proposed new business model that be occurred to the participation of mobile carriers in telematics business and we analyzed mobile radio communication network security vulnerabilities. We proposed smart phone and Vehicle authentication scheme with M2M device as a way to solve vulnerabilities.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.3
• /
• pp.557-564
• /
• 2019

As the number and type of software increases, those security vulnerabilities are also increasing. Various types of software may have multiple vulnerabilities and those vulnerabilities as they can cause irrecoverable significant damage must be detected and deleted quickly. Various studies have been carried out to detect the vulnerability of the current software, but it is slow, and prediction accuracy is low. Therefore, in this paper, we describe a method to efficiently predict software vulnerability by using neural network algorithm and compare prediction accuracy with conventional system using machine learning algorithm. As a result of the experiment, the prediction system proposed in this paper showed the highest prediction rate.