• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.8 no.5
• /
• pp.1146-1151
• /
• 2007

In this paper, it is investigated to the security services and vulnerability tools of IEEE802.11 wireless LAN, and it is considered the employment state of wireless LAN AP (access point) and analyzed the state of security vulnerability. In according to this study, among wireless LAN APs, which are operated in each company or each factory, in center around industrial of Cheonan city, 50% of AP, which is used, is not operated on WEP, and therefore, it is stated the weakness of security so far. From the result of this study, in case of mid and small company, it can be distinguished the necessity of the security training for the informaton system manager.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.6
• /
• pp.1523-1537
• /
• 2018

The AI speaker is a simple operation that provides users with useful functions such as music playback, online search, and so the AI speaker market is growing at a very fast pace. However, AI speakers always wait for the user's voice, which can cause serious problems such as eavesdropping and personal information exposure if exposed to security threats. Therefore, in order to provide overall improved security of all AI speakers, it is necessary to identify potential security threats and analyze them systematically. In this paper, security threat modeling is performed by selecting four products with high market share. Data Flow Diagram, STRIDE and LINDDUN Threat modeling was used to derive a systematic and objective checklist for vulnerability checks. Finally, we proposed a method to improve the security of AI speaker by comparing the vulnerability analysis results and the vulnerability of each product.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.2
• /
• pp.315-327
• /
• 2017

Security threats such as unauthorized access and data tampering can occur during the virtual machine migration process. In particular, since virtual machine migration requires users to transfer important data and infrastructure information, it is relatively risky to other cloud services in case of security threats. For this reason, there is a need for dynamic authentication for virtual machine migration. Therefore, this paper proposes an OTP-based dynamic authentication framework to improve the vulnerabilities of the existing authentication mechanism for virtual machine migration. It consists of a virtual machine migration request module and an operation module. The request module includes an OTP-based user authentication process and a migration request process to a data center when a user requests a migration. The operation module includes a secure key exchange process between the data centers using SPEKE and a TOTP-based mutual authentication process between the data center and the physical server.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.3
• /
• pp.309-322
• /
• 2021

In this study, an extension instruction set for high-speed operation of the ARIA block cipher algorithm on RISC-V processor is added to support high-speed cryptographic operation on low performance IoT devices. We propose the efficient ARIA cryptographic instruction set which runs on a conventional 32-bit processor. Compared to the existing software cryptographic operation, there is a significant performance improvement with proposed instruction set.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.34 no.4
• /
• pp.587-596
• /
• 2024

Cyber Attack and Cyber Threat are getting confused and evolved. Therefore, using AI(Artificial Intelligence), which is the most important technology in Fourth Industry Revolution, to build a Cyber Threat Detection System is getting important. Especially, Government's SOC(Security Operation Center) is highly interested in using AI to build SOAR(Security Orchestration, Automation and Response) Solution to predict and build CTI(Cyber Threat Intelligence). In this thesis, We introduce the Cyber Threat Detection System by analyzing Network Traffic and Web Application Firewall(WAF) Log data. Additionally, we apply the well-known TF-IDF(Term Frequency-Inverse Document Frequency) method and AutoML technology to classify Web traffic attack type.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.3
• /
• pp.765-774
• /
• 2018

As the IT technology develops, the military information system develops to the current IT environment for efficient operation and rapid communication, and the threat of cyber attack against the advanced weapon system using network technology is increasing simultaneously. In order to prevent and mitigate these problems, the United States has applied the cybersecurity test evaluation system from the beginning to the beginning of weapon system development. However, in Korea, the evaluation process of cyber security test is weak, and there is concern about the damage due to cyber attack. In this paper, we analyze cybersecurity test evaluation status of U.S. and domestic weapon systems and propose a solution to the problem of cybersecurity test evaluation system.

• Journal of Korea Multimedia Society
• /
• v.18 no.3
• /
• pp.287-297
• /
• 2015

A railway security detection system is very important. There are many safety factors that directly affect the safe operation of trains. Security detection technology can be divided into passive and active approaches. In this paper, we will first survey the railway security systems and compare them. We will also propose a subway security detection system with computer vision technology, which can detect three kinds of problems: the spark problem, the obstacle problem, and the lost screw problem. The spark and obstacle detection methods are unique in our system. In our experiment using about 900 input test images, we obtained about a 99.8% performance in F- measure for the spark detection problem, and about 94.7% for the obstacle detection problem.

• Convergence Security Journal
• /
• v.21 no.1
• /
• pp.25-31
• /
• 2021

The purpose of this study was to keep the Security Control Center, which operates under a shift system, uninterrupted during the COVID-19 virus epidemic. Security facilities responding to cybersecurity threats are essential security facilities that must be operated 24 hours a day, 365 days a day in real time, and are critical to security operations and management. If security facilities such as infectious disease epidemic, system failure, and physical impact are closed or affected, they cannot respond to real-time cyberattacks and can be fatal to security issues. Recently, there have been cases in which security system facilities cannot be operated, such as the closure of facilities due to the COVID-19 virus epidemic and the availability of security systems due to the rainy season, and other cases need to be prepared. In this paper, we propose a plan to configure a security system facility as a multiplexing facility and operate it as an alternative in the event of a closed situation.

• Proceedings of the Korean Institute of Navigation and Port Research Conference
• /
• 2023.05a
• /
• pp.158-159
• /
• 2023

With the development and state-of-the-art of ocean satellites, wide-area management of the waters around Korea has become possible. In particular, in the field of ship operation, as autonomous navigation technology based on artificial intelligence and big data is being developed, there is a need for additional analysis and observation through ocean satellite data.. Researches that can combine ship operation with ocean satellite data include ship detection based on ocean satellites and ship navigation assistance using marine weather forecasting.

• International Journal of Computer Science & Network Security
• /
• v.22 no.11
• /
• pp.241-247
• /
• 2022

Ad hoc network is self-organized network powered by battery. The reliability of virtual user identification and channel security are reduced when SNR is low due to limited user energy. In order to solve this problem, a joint virtual user identification and channel security en/decoding method is proposed in this paper. Transmitter-receiver-based virtual user identification code is generated by executing XOR operation between orthogonal address code of transmitter and pseudo random address code of receiver and encrypted by channel security code to acquire orthogonal random security sequence so as to improve channel security. In order to spread spectrum as well as improve transmission efficiency, data packet is divided into 6-bit symbols, each symbol is mapped with an orthogonal random security sequence. Subspace-based method is adopted by receiver to process received signal firstly, and then a judgment model is established to identify virtual users according to the previous processing results. Simulation results indicate that the proposed method obtains 1.6dB E_b/N₀ gains compared with reference methods when miss alarm rate reaches 10^-3.