• Proceedings of the Korea Information Processing Society Conference
• /
• 2023.05a
• /
• pp.116-118
• /
• 2023

자율주행차가 제공하는 새로운 시장과 경쟁력, 인력 및 시간 절약, 교통 체증 문제 해결 등의 장점을 다루고, UN 사이버 보안 법률에 따른 자율주행차의 기술적인 요구사항을 준수해야 한다. 하지만 자율주행차에 대한 기술적인 요구사항을 준수하는 것으로는 모든 사이버 공격에 대해서 막을 수 없다. 자율주행차의 법적 요구사항과 사이버 보안 위협에 대처하는 방법을 다룬다. 특히 RTOS(Real Time OS)와 같은 실시간 시스템에 매우 위험할 수 있는 DRAM(Dynamic Random Access Memory)에 대한 로우해머링 공격 기법에 대해 분석하고 로우해머링에 대한 보안 방법을 제시한다. 그리고 자율 주행 시스템의 안전과 신뢰성을 보장하기 위해 하드웨어 기반 또는 소프트웨어 기반 방어 기술을 소개하고 있다.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2015.05a
• /
• pp.224-226
• /
• 2015

Recently, Android-based mobile devices has increased. Thus increasing market share of the Android operating system. However, in the case of the Android operating system, it has the relatively large number of security vulnerabilities Unlike other closed operating systems. Most Android application requires the identity of the mobile device or over-authorization approval. This information can be a security threat. In addition, in the event of a security problem because obtaining the user's consent during the installation of the application is the user responsible. If these problems persist, loss of reliability of the user operating system, as well as to feel a resistance when using an Android application. In this paper, we investigate a security vulnerability in the Android operating system, and proposed countermeasures.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.5
• /
• pp.769-780
• /
• 2014

In general, internet users need to remember several IDs and passwords when they use diverse web sites. From an effective management perspective, SSO system was suggested to reduce user inconvenience. Kerberos authentication, which uses centralized system management, is a typical example of a broker-based SSO authentication model. However, further research is required, because the existing Kerberos authentication system has security vulnerability problems of password and replay attacks. In SSO authentication systems, a major security vulnerability is the replay attack. When user credentials are seized by attackers, an authorized session can be obtained through a replay attack. In this paper, an improved SSO authentication model based on the broker-based model and a secure lightweight SSO mechanism against credential replay attack is proposed.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.20 no.9
• /
• pp.504-509
• /
• 2019

Recently, both wireless communications technology and the performance of small devices have developed exponentially, while the number of services using various types of Internet of Things (IoT) devices has also massively increased in line with the ongoing technological and environmental changes. Furthermore, ever more devices that were previously used in the offline environment-including small-size sensors and CCTV-are being connected to the Internet due to the huge increase in IoT services. However, many IoT devices are not equipped with security functions, and use vulnerable open source software as it is. In addition, conventional network equipment, such as switches and gateways, operates with vulnerabilities, because users tend not to update the equipment on a regular basis. Recently, the simple vulnerability of IoT devices has been exploited through the distributed denial of service (DDoS) from attackers creating a large number of botnets. This paper proposes a system that is capable of identifying Internet-connected devices quickly, analyzing and managing the vulnerability of such devices using Internet-wide scan technology. In addition, the vulnerability analysis rate of the proposed technology was verified through collected banner information. In the future, the company plans to automate and upgrade the proposed system so that it can be used as a technology to prevent cyber attacks.

• Journal of Service Research and Studies
• /
• v.7 no.4
• /
• pp.69-81
• /
• 2017

Smart work refers to enhancing the efficiency of work by utilizing smart devices. Smart work improves business productivity by improving business productivity of companies, reducing costs, but there is a threat to various information protection. To operate telecommuting, mobile office, and smart work center, hardware and software are needed to support various network resources, servers, and platforms. As a result, there are many vulnerabilities to security and information protection that protect information resources. In this paper, we analyze the smart work environment for smart work service and analyze vulnerability for smart work information protection through analysis of IOS27001 and KISA-ISMS. We have developed requirements for information protection requirements for users and service providers. We have developed a solution for information security protection for smart work environments such as common parts, mobile office, telecommuting, and smart work center for security threats and weaknesses per smart work type.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.20 no.11
• /
• pp.2014-2020
• /
• 2016

In general, automatic access control management system using smart door-lock must be always exposed to security vulnerability during wireless communication based on Bluetooth. In particular, important information such as a secrete key can be exposed to the attacker when the authentication protocol has been operating in the wireless section. Therefore important information exchanged in the radio section needs to be properly encrypted. In order to analyze security vulnerability for automatic access control management system of public facilities such as subway vent, GNU Radio platform and HackRF device will be considered and experimented. Proposed experimental system to perform software based power analysis attack could be very effectively applied. As a result, important information such as packet type, CRC, length of data, and data value can be easily decoded from wireless packet obtained from HackRF device on GNU Radio platform. Constructed experimental system will be applied to avoid some security problems.

• Earthquakes and Structures
• /
• v.16 no.4
• /
• pp.501-512
• /
• 2019

In this study, seismic vulnerability assessment and seismic isolation retrofit of Bayburt Yakutiye Mosque is investigated. Bayburt Yakutiye Mosque was built in the early 19th century at about 30-meter distance to Coruh river in the center of Bayburt in Turkey. The walls of historical masonry structure were built with regional white and yellow stones and the domes of the mosque was built with masonry bricks. This study is completed in four basic phases. In first phase, experimental determination of the regional white stone used in the historical structure are investigated to determine mechanical properties as modulus of elasticity, poison ratio and compression strengths etc. The required information of the other materials such as masonry brick and the regional yellow stone are obtained from literature studies. In the second phase, three dimensional finite element model (FEM) of the historical masonry structure is prepared with 4738 shell elements and 24789 solid elements in SAP2000 software. In third phase, the vulnerability assessment of the historical mosque is researched under seismic loading such as Erzincan (13 March 1992), Kocaeli (17 August 1999) and Van (23 November 2011) earthquakes. In this phase, the locations where damage can occur are determined. In the final phase, rubber base isolators for seismic isolation retrofit is used in the macro model of historical masonry mosque to prevent the damage risk. The results of all analyses are comparatively evaluated in details and presented in tables and graphs. The results show that the application of rubber base isolators can prevent to occur the destructive effect of earthquakes.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.34 no.1
• /
• pp.21-29
• /
• 2024

With the development of ICT and network, security management of IT infrastructure that has grown in size is becoming very difficult. Many companies and public institutions are having difficulty managing system and network security. In addition, as the complexity of hardware and software grows, it is becoming almost impossible for a person to manage all security. Therefore, AI is essential for network security management. However, since it is very dangerous to operate an attack model in a real network environment, cybersecurity emulation research was conducted through reinforcement learning by implementing a real-life network environment. To this end, this study applied reinforcement learning to the network environment, and as the learning progressed, the agent accurately identified the vulnerability of the network. When a network vulnerability is detected through AI, automated customized response becomes possible.

• Journal of KIISE
• /
• v.44 no.10
• /
• pp.1019-1025
• /
• 2017

Binary similarity analysis is used in vulnerability analysis, malicious code analysis, and plagiarism detection. Proving that a function is equal to a well-known safe functions of different versions through similarity analysis can help to improve the efficiency of the binary code analysis of malicious behavior as well as the efficiency of vulnerability analysis. However, few studies have been carried out on similarity analysis of the same function of different versions. In this paper, we analyze the similarity of function units through various methods based on extractable function information from binary code, and find a way to analyze efficiently with less time. In particular, we perform a comparative analysis of the different versions of the OpenSSL library to determine the way in which similar functions are detected even when the versions differ.

• The Journal of the Korea Contents Association
• /
• v.10 no.8
• /
• pp.111-118
• /
• 2010

The OSGi platform is a Java-based component platform that is being widely used from environments for the application development to enterprise software. The OSGi platform provides dynamic and transparent installation for open environments. However, it open new attacks so that many researches try to solve OSGi vulnerability. Security flaws in OSGi platform are categorized two parts: the JVM and the OSGi platform itself. We focus on vulnerability by OSGi platform itself, particularly service injection. We identify the service injection attack and suggest secure mechanisms to prevent the attack. Those mechanisms are implemented, providing a few modification to the Knopflerfish OSGi implementation and are evaluated through comparing with existing mechanisms.