• Convergence Security Journal
• /
• v.15 no.5
• /
• pp.53-59
• /
• 2015

With radical development of information and communication Technology, Internet of Things(IoT) era - all the th ings around us are connected through internet so that it enables objects to exchange data with connected devices a nd is expected to offer new advanced services that goes beyond the value where each existing objects could have o ffered respectively - has come. Concerns regarding security threat are being raised in adopting IoT as the number of internet-connected appliances are rapidly increasing. So, we need to consider how to protect and control countles s objects. This paper covers the role and procedures of existing security control. Futhermore, it provides information about the direction of security control when it comes to IoT.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.5
• /
• pp.929-943
• /
• 2020

Various methods are being presented to identify the movements of COVID-19 infected persons and to protect personal privacy at the same time. Among them, 'Exposure Notification' released by Apple and Google follows a decentralized approach using Bluetooth. However, the technology must always turn on Bluetooth for use, which can create a variety of security threats. Thus, in this paper, the security assessment of 'Exposure Notification' was performed by applying 'STRIDE' and 'LINDDUN' among the security threat modeling techniques to derive all possible threats. It also presented a new Dell that derived response measures with security assessment results and improved security based on them.

• Journal of the Korea Society of Computer and Information
• /
• v.25 no.9
• /
• pp.71-80
• /
• 2020

As societies become hyperconnected, we need more cyber security experts. To this end, in this paper, based on the analysis results of the real world cyber attacks and the MITRE ATT&CK framework, we developed CyTEA that can model cyber threats and generate simulated cyber threats in a cyber security training system. In order to confirm whether the simulated cyber threat has the effectiveness of the actual cyber threat level, the simulation level was examined based on procedural, environmental, and consequential similarities. in addition, it was confirmed that the actual defense training using cyber simulation threats is the same as the expected defense training when using real cyber threats in the cyber security training system.

• Convergence Security Journal
• /
• v.23 no.5
• /
• pp.35-43
• /
• 2023

As digital infrastructure increases connections and convergence progress rapidly in all areas, and it is most important to ensure safety from cyber infringement or hacking to continue national growth. Accordingly, it examines the obstacles to cyber threat information sharing, which is the basis for responding to cyber infringement, and suggests ways to improve efficiency. First of all, information sharing is divided into three areas: the government, cyber security companies, small and medium-sized enterprises and individuals and the requirements are checked from their respective positions. We will supplement this and explore ways to strengthen cybersecurity and provide economic benefits to each other. Therefore, national and public organizations will propose policies to create an cybersecurity industry ecosystem with a virtuous cycle that leads to diversification of cyber threat information sources, strengthening cybersecurity for general companies and individuals, and creating demand for the cybersecurity industry. The results of the study are expected to help establish policies to strengthen national cybersecurity.

• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 2006.06a
• /
• pp.654-657
• /
• 2006

무선 네트워크의 가장 큰 이점은 이동성에 있다. 따라서 사용자들은 네트워크에 접속하면서 자유롭게 로밍(이동)할 수 있다. 그 이동성의 전제는 물리적인 매체 없이 네트워크에 접속이 가능하다는 것이다. 그러나 이러한 이점에도 불구하고 유선 네트워크에서의 기초적인 물리적 보안기반 구조를 무선네트워크에서는 제공하고 있지 않다는 것이다. 하지만 무선 네트워크가 기존 유선 네트워크에 비해 대역폭이 적다는 이유로 성능감소를 우려하는 사용자들은 보안 알고리즘 적용을 꺼려왔고 쉽게 해킹의 대상이 되어 왔다. 이에 본 논문에서는 특정 네트워크에 국한되지 않으면서도 유연성을 제공하는 W-TMS(Wireless Threat Management System) 시스템을 설계하여 기존 무선 네트워크 환경에서 보안 취약성을 보안하면서 안전성을 강화할 수 있는 무선망 보안 시스템을 제안한다.

• Strategy21
• /
• s.39
• /
• pp.140-162
• /
• 2016

The construction of Jeju Naval Base was finally completed and donated to the Republic of Korea Navy on February 26th this year. There is no doubt that the new base will contribute to the substantial augmentation of Korea's naval power and maritime security. However, we should note that the new naval base took a long and hard twenty-three years to be completed. In the 21st century, Korea should adopt a new strategy that can fulfill the security requirements of Korea for the new age of international relations. The 21st century is characterized by globalization, and in the world of globalization, a national boarder has become meaningless. In the late 20th century, after the Cold War, trade between countries have greatly increased and so did the importance of the seas. Having transformed from an agricultural country into a commercial country, Korea went from a continental state to a maritime state. Korea has become the 9th largest trading state, and obviously, the importance of the sea has become significant. Korea's national strategic focus needs to be on the sea for national survival. Thus, since the 1990s, the Korean Navy has planned to build the Jeju Naval Base. Jeju, due to its geopolitical characteristics, is extremely important to the 21st century Korea's economy and national security. Jeju is the starting point of the sea route that reaches out to the world, and at the same time, the ending point of the sea route that heads towards Korea. Jeju is located in the center of Northeast Asia and thus, Jeju Naval Base is extremely important for the area's security and order. Jeju Naval Base will be very useful not only for the maritime security of Korea, but also for keeping peace and order in Northeast Asia. Jeju Naval Base was the minimal effort against the six sea route security threats towards Korea. The six sea route threats are: 1) Threat from North Korea; 2) China's Threat towards Korea's sovereignty; 3) China's treat towards Korea's fishery; 4) Threat from Japan; 5) Threat towards Korea's sea routes; 6) Threat from recent phenomena of isolationism of the United States. Jeju Naval Base is built for both warships and civilian ships--such as cruise ships--to use. Just like the United States' Pearl Harbor, Jeju Naval Base will become not only the largest military base, but a beautiful tourist site.

• Korean Security Journal
• /
• no.53
• /
• pp.283-303
• /
• 2017

This study which was started to identify the factors that change the security level of military organizations, analyzed the data collected from articles written by the active officers in the Defense Daily Journal hoping to improve the military security level by the qualitative research method called Grounded Theory, and establish causal relationship how organizational members respond to insider security threats. As a result of the analysis, the causal condition is 'the security threat of the insider', the contextual condition is 'the specificity of the military organization', the central phenomenon is 'the conflict of values as a soldier', the arbitrary condition is 'the security consciousness', Strategy is 'the responds to security threats', and the result was 'security level change'. The core categories can be presented as 'the degree of conflict of values on insider security threats' and two hypotheses have been derived. First, the members of the military organization strongly felt the conflict of values about security threat as the tendency to emphasize security was strong, and they helped to develop the security level of organization by responding strongly. Second, the stronger the tendency to focus on colleagues, respond weakly to security threats. And it undermines the security level of the organization. Finally, in order to improve the security level of the organization, it is necessary to establish a solid security consciousness and to make institutional development to support it.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.2
• /
• pp.393-399
• /
• 2019

In a situation where an unauthorized SW brought into the organization without being authorized is emerging as a threat to the network security, the security of the network based on the SDN(Software-Defined Network) can be strengthened through the development of the security application considering the organization's characteristics. Security technology of existing SDN environment has been studied to protect internal network from external networks such as firewalls and Intrusion Detection Systems, but the research for resolving insider threat was insufficient. Therefore, We propose a system that protects the internal network from unauthorized SW, which is one of the insider threats in the SDN environment.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2014.10a
• /
• pp.387-389
• /
• 2014

It is preferred to the popularization of smart device business processes through mobile. The ratio of Internet access via mobile devices is reached 30% of PC in September 2012. It is reproduced in a mobile environment that security threats arising from the Internet. that is the characteristics of cyber security threats appearing on the mobile era. Web Application Service security research firm OWASP (The Open Web Application Security Project) issued Session Management threat. That threat will be reproduced in the mobile environment. But Mobile is significantly different from Desktop Computer about Session Management environment. This proceeding proposes a improved Session Management method in Mobile environment.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.16 no.6
• /
• pp.55-63
• /
• 2016

SOA(service oriented architecture) based ESB(enterprise service bus) model is widely adopted in many companies for the safe processing of enormous data and the integration of business system. The existing web service technologies for the construction of SOA, however, show unsatisfactory in practical applications though the standardization of web service security technologies is in progress due to their limitations in safe exchange of data. Internal end users using a large business system based on such environment are composed of the variety of organizations and roles. Companies might receive more serious damage from insider threat than that from external one when internal end users get unauthorized information beyond the limits of their authority for private profit and bad purposes. In this paper, we propose a security architecture capable of identifying and coping with the security threats of web service technologies arouse from internal end users.