• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.17 no.7
• /
• pp.1544-1550
• /
• 2013

In recent years, Container Security Device(CSD) using GPS & GLONASS to improve logistics efficiency are being extensively researched. The purpose of this paper is to examine the performance development antenna usable cargo container security transport. Antenna developed by study were optimized to match logistics environment apply to GPS/GLONASS dual frequency for monitering system. The measure of antenna have confirmation about frequency characteristics each 1575.42MHz, 1602MHz and VSWR is 2:1 measured in return loss -9.54dB. Reliability of this antenna has been verified about GPS/GLONASS through test-operation between the south korea and Russia.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.6
• /
• pp.1309-1318
• /
• 2014

In the past few years, data leakage of information assets has become a prominent social issue. According to the National Industrial Security Center in South Korea, 71 percent who suffer from technology leakage are small and medium sized enterprises. Hence, establishment and operation of ISMS (Information Security Management System) for small and medium sized enterprises become an important issue. Since it is not easy to obtain ISMS certification for a small or medium sized enterprise by itself, consultation with an expert firm in information security is necessary before the security implementation. However, how to select a proper security consulting company for a small or medium sized firm has not been studied yet. In this study, we analyze empirically the selection factors of ISMS certification consulting company for a small or medium sized firm through exploratory factor analysis (EFA). Our study identified the following four important factors in selecting a security consulting company: expertise of the staffs and human resource management proficiency, market leading capability, competence to make progress during the consultation, and the performance and the size of the physical assets and human resources.

• Journal of the Korea Society of Computer and Information
• /
• v.12 no.4
• /
• pp.239-248
• /
• 2007

There's been a difficulty for general corporate to adopt recent incident response study because those studies focus on nation wide CERT Coordination Center or large organization aspect. This study is focus on study and design on security ticket based CERT system through analysis Security management's threat element, attack element, response element and it also help general corporate establish incident response process that is adjusted on IT operation. Confirmed CERT model's effectiveness and effect of quantitative Security incident management way that propose executing Security incident response experiment on the basis of this way. This study which provides general corporate oriented CERT model can be used to improve corporate's capability of responding incident by quantified management technique and select incident response SLA indicator. Already, formation which operate CERT can heighten corporation's information protection level by measure Security incident response result as metrical and analyze and improve problem continuously.

• KSCI Review
• /
• v.15 no.1
• /
• pp.141-150
• /
• 2007

There's been a difficulty for general corporate to adopt recent incident response study because those studies focus on nation wide CERT Coordination Center or large organization aspect. This study is focus on study and design on security ticket based CERT system through analysis Security management's threat element, attack element. response element and it also help general corporate establish incident response process that is adjusted on IT operation. Confirmed CERT model's effectiveness and effect of quantitative Security incident management wav that propose executing Security incident response experiment on the basis of this way. This study which Provides general corporate oriented CERT model can be used to improve corporate's capability of responding incident by quantified management technique and select incident response SLA indicator. Already, formation which operate CERT can heighten corporation's information protection level by measure Security incident response result as metrical and analyze and improve problem continuously.

• Journal of Internet Computing and Services
• /
• v.23 no.1
• /
• pp.105-112
• /
• 2022

The national defense requires uninterrupted decision-making, even under direct or indirect impacts on non-traditional threats such as infectious diseases. Since all work utilizes the information system, it is very important to ensure the availability of the information system. In particular, in terms of security management, defense work is being performed by dividing the network into a national defense network and a commercial Internet network. This study suggests a work execution plan that takes into account the efficiency of work performed on the Internet and the effectiveness of security through effective defense information system operation. It is necessary to minimize the network contact point between the national defense network and the commercial Internet, and to select a high-priority one among various tasks and operate it efficiently. For this purpose, actual cases were investigated for "A" institution and characteristics were presented. Through the targeted tasks and operation plans to improve the effectiveness of defense tasks and ensure security, presented in this paper, it will be possible to increase the availability of task performance even in non-traditional threats such as infectious diseases.

• Journal of the Society of Disaster Information
• /
• v.3 no.2
• /
• pp.95-117
• /
• 2007

With rapid changes taking place in every field, the expansion and specialization of various social service activities are one of the characteristics of the modem society. However, the increase of crimes and inefficiency of public police service to cope with this situation have caused discontent and distrust on the service among the public, making people more inclined to solve safety-related problems by themselves. Private Security Service(PSS) and Private Investigation Service(PIS) were introduced to satisfy these needs. In the area of PIS, Public Investigation Service System(PISS) has been established for a quite long time in foreign countries. However in Korea, PIS is being provided by unregulated service providers such as errand service center due to the lack of legal system, causing many problems related with illegal practices by the service providers. This paper is the result of the research on how to adopt a relevant PISS in Korea and develop it in the future. This kind of research is much needed to curb the rising illegal practices of the errand service centers, complement the insufficient operation of public police service, and strengthen the competitiveness of our country by taking more efficient actions in the changing public security environment. Based on the research, this paper also examines positively the possibility of introduction of PIS in Korea. This paper also recommends a prompt enactment of PIS regulation and improvement on the legal environment for such introduction of the relevant and suitable PISS in Korea.

• Journal of the Korea Society of Computer and Information
• /
• v.24 no.5
• /
• pp.27-33
• /
• 2019

One of serious security threats is a botnet-based attack. A botnet in general consists of numerous bots, which are computing devices with networking function, such as personal computers, smartphones, or tiny IoT sensor devices compromised by malicious codes or attackers. Such botnets can launch various serious cyber-attacks like DDoS attacks, propagating mal-wares, and spreading spam e-mails over the network. To establish a botnet, attackers usually inject malicious URLs into web source codes stealthily by using data hiding methods like Javascript obfuscation techniques to avoid being discovered by traditional security systems such as Firewall, IPS(Intrusion Prevention System) or IDS(Intrusion Detection System). Meanwhile, it is non-trivial work in practice for software developers to manually find such malicious URLs which are hidden in numerous web source codes stored in web servers. In this paper, we propose a security defense system to discover such suspicious, malicious URLs hidden in web source codes, and present experiment results that show its discovery performance. In particular, based on our experiment results, our proposed system discovered 100% of URLs hidden by Javascript encoding obfuscation within sample web source files.

• International Journal of Computer Science & Network Security
• /
• v.22 no.3
• /
• pp.355-363
• /
• 2022

This paper presents the modeling for islanded hybrid AC/DC microgrid and the verification of the proposed supervisory controller for energy management for this microgrid. The supervisory controller allows the microgrid system to operate in different power flows through the proposed control algorithm, it has several roles in the management of the energy flow between the different components of the microgrid for reliable operation. The proposed microgrid has both essential objectives such as the maximum use of renewable energies resources and the reduction of multiple conversion processes in an individual AC or DC microgrids. The microgrid system considered for this study has a solar photovoltaic (PV), a wind turbine (WT), a battery (BT), and a AC/DC loads. A small islanded hybrid AC/DC microgrid has been modeled and simulated using the MATLAB-Simulink. The simulation results show that the system can maintain stable operation under the proposed supervisory controller when the microgrid is switched from one operating mode of energy flow to another.

• ETRI Journal
• /
• v.44 no.6
• /
• pp.991-1003
• /
• 2022

Industrial control systems (ICSs) used to be operated in closed networks, that is, separated physically from the Internet and corporate networks, and independent protocols were used for each manufacturer. Thus, their operation was relatively safe from cyberattacks. However, with advances in recent technologies, such as big data and internet of things, companies have been trying to use data generated from the ICS environment to improve production yield and minimize process downtime. Thus, ICSs are being connected to the internet or corporate networks. These changes have increased the frequency of attacks on ICSs. Despite this increased cybersecurity risk, research on ICS security remains insufficient. In this paper, we analyze threats in detail using STRIDE threat analysis modeling and DREAD evaluation for distributed control systems, a type of ICSs, based on our work experience as cybersecurity specialists at a refinery. Furthermore, we verify the validity of threats identified using STRIDE through case studies of major ICS cybersecurity incidents: Stuxnet, BlackEnergy 3, and Triton. Finally, we present countermeasures and strategies to improve risk assessment of identified threats.

• Journal of Digital Convergence
• /
• v.12 no.9
• /
• pp.219-223
• /
• 2014

In line with the advanced wireless communication technology, M2M (Machine-to-Machine) communication has drawn attention in industry. M2M communication features are installed and operated in the fields where human accessibility is highly limited such as disaster, safety, construction, health and welfare, climate, environment, logistics, culture, defense, medical care, agriculture and stockbreeding. In M2M communication, machine replaces people for automatic communication and countermeasures as part of unmanned information management and machine operation. Wireless M2M inter-device communication is likely to be exposed to intruders' attacks, causing security issues, which warrants proper security measures including cross-authentication of whether devices are legitimate. Therefore, research on multiple security protocols has been conducted. The present study applied SessionKey, HashFunction and Nonce to address security issues in M2M communication and proposed a safe protocol with reinforced security properties. Notably, unlike most previous studies arguing for the security of certain protocols based on mathematical theorem proving, the present study used the formal verification with Casper/FDR to prove the safety of the proposed protocol. In short, the proposed protocol was found to be safe and secure.