• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.1
• /
• pp.123-140
• /
• 2022

Recently, research on solving problems that have introduced the concept of smart city in countries and companies around the world is in progress due to various urban problems. A smart city converges the city's ICT, connects all the city's components with a network, collects and delivers data, and consists of a supply chain composed of various IoT products and services. The increase in various cyber security threats and supply chain threats in smart cities is inevitable, in addition to establishing a framework such as supply chain security policy, authentication of each data provider and service according to data linkage and appropriate access control are required in a Zero-Trust point of view. To this end, a smart city security model has been developed for smart city security threats in Korea, but security requirements related to supply chain security and zero trust are insufficient. This paper examines overseas smart city security trends, presents international standard security requirements related to ISMS-P and supply chain security, as well as security requirements for applying zero trust related technologies to domestic smart city security models.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.12 no.12
• /
• pp.6057-6078
• /
• 2018

Smart home systems provide a safe, comfortable, and convenient living environment for users, whereby users enjoy featured home services supported by the data collected and generated by smart devices in smart home systems. However, existing smart devices lack sufficient protection in terms of data security and privacy, and challenging security and privacy issues inevitably emerge when using these data. This article aims to address these challenging issues by proposing a private blockchain-based access control (PBAC) scheme. PBAC involves employing a private blockchain to provide an unforgeable and auditable foundation for smart home systems, that can thwart illegal data access, and ensure the accuracy, integrity, and timeliness of access records. A detailed security analysis shows that PBAC could preserve data security against various attacks. In addition, we conduct a comprehensive performance evaluation to demonstrate that PBAC is feasible and efficient.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.6
• /
• pp.1355-1369
• /
• 2018

As smart bands make life more convenient and provide a positive lifestyle, many people are now using them. Since smart bands deal with private information, security design and implementation for smart band system become necessary. To make a trustworthy smart band, we must derive the security requirements of the system first, and then design the system satisfying the security requirements. In this paper, we apply threat modeling techniques such as Data Flow Diagram, STRIDE, and Attack Tree to the smart band system to identify threats and derive security requirements accordingly. Through threat modeling, we found the vulnerabilities of the smart band system and successfully exploited smart bands with them. To defend against these threats, we propose security measures and verify that they are secure by using Scyther which is a tool for automatic verification of security protocol.

• Smart Media Journal
• /
• v.6 no.3
• /
• pp.95-102
• /
• 2017

A large volume of research has been devoted to the development of security tools for protecting the Smart Grid systems, however the most of them have not taken the Availability, Integrity, Confidentiality (AIC) security triad model, not like CIA triad model in traditional Information Technology (IT) systems, into account the security measures for the electricity control systems. Thus, this study would propose a novel security framework, an abnormal behavior detection system, to maximize the availability of the control systems by considering a unique set of characteristics of the systems.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.20 no.6
• /
• pp.111-125
• /
• 2010

There is a growing interest in "smart grid" technology, especially after the government recently announced "low-carbon green-growth industry" project. A smart grid uses "smart meters", which can be deployed in any power-consuming places like homes and factories. It has been shown that smart meters have several security weaknesses. There is, however, no protection profile available for smart meters, which means that safety with using them is not guaranteed at all. This paper analyzes vulnerabilities of smart meters and the relevant attack methods, thereby deriving the security functions and requirements for smart meters. Finally, we propose a protection profile based on Common Criterion v3.l for smart meters.

• Convergence Security Journal
• /
• v.22 no.4
• /
• pp.147-159
• /
• 2022

This study conducted a patent analysis to explore the trend of technology development in the field of smart car security. As a result of the analysis, it was confirmed that along with the growth of the smart car market, the development of smart car security related technology is also increasing. In particular, as related technology development has been rapidly taking place in recent years, it has been confirmed that competition among leading smart car countries and major companies is also expanding due to the commercialization of smart car. This study is meaningful in that it examines trends related to smart car security through quantitative analysis using patent data and presents implications accordingly.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.9 no.3
• /
• pp.107-117
• /
• 2013

In this paper, we designed the security management system based on IEC 62351-7 in the Smart Grid environment. The scope of IEC 62351-7 focuses on network and system management (NSM) of the information infrastructure as well as end-to-end security through abstract NSM data objects for the power system operational environment. However, it does not exist that security management system based on IEC 62351-7 manages the security of the power system in the Smart Grid environment, because power equipment or SNMP agents providing NSM data do not exist yet. Therefore, we implemented the security management system to manage the information infrastructure as reliably as the power system infrastructure is managed. We expect that this system can perform the security management of IEC 61850 based digital substation and can be a prototype of the security system for the Smart Grid in the future.

• Journal of Advanced Navigation Technology
• /
• v.25 no.6
• /
• pp.492-497
• /
• 2021

Smart Security is the global initiative of Airports Council International in collaboration with airports, airlines and governmental agencies. Its main objective is to create a step change in passenger and cabin baggage screening, escalating security costs and constantly evolving threats. Incheon International Airport should adopt and deploy smart security systems not only to strengthen aviation security but also increase passenger's experiences and operational efficiency by way of seamless security screening that it will lead to establish the best security environment to prevent terrorism and acts of unlawful interference.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.6
• /
• pp.1375-1391
• /
• 2012

Smart grid is a next-generation intelligent power grid that applying ICT to power grid to maximize the energy efficiency ratio. Recently, technologies and standards for smart grid are being developed around the world. Information security which is an essential part of smart grid development has to be managed continuously. Information security management system certification for organizational risk management has been implemented in Korea. Although preparation for information security management system certification which is applicable to smart grid is considered, there are no specific methods. This paper is to propose core and added evaluation criteria for Korean smart grid based on K-ISMS through comparative analysis between ISMS operated in Korea and smart grid information security management system developed in the United States. Added evaluation criteria enable smart grid related business that certified existing ISMS to minimize redundant and unnecessary certification assessment work.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.9 no.4
• /
• pp.1493-1515
• /
• 2015

A smart meter is one of the core components in Advanced Metering Infrastructure (AMI) that is responsible for providing effective control and monitor of electrical energy consumptions. The multifunction tasks that a smart meter carries out such as facilitating two-way communication between utility providers and consumers, managing metering data, delivering anomalies reports, analyzing fault and power quality, simply show that there are huge amount of data exchange in smart metering networks (SMNs). These data are prone to security threats due to high dependability of SMNs on Internet-based communication, which is highly insecure. Therefore, there is a need to identify all possible security threats over this network and propose suitable countermeasures for securing the communication between smart meters and utility provider office. This paper studies the architecture of the smart grid communication networks, focuses on smart metering networks and discusses how such networks can be vulnerable to security attacks. This paper also presents current mechanisms that have been used to secure the smart metering networks from specific type of attacks in SMNs. Moreover, we highlight several open issues related to the security and privacy of SMNs which we anticipate could serve as baseline for future research directions.