• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.17 no.6
• /
• pp.99-119
• /
• 2007

The USB flash drive is common used for portable storage. That is able to store large data and transfer data quickly and carry simply. But when you lose your USB flash drive without any security function in use, all stored data will be exposed. So the new USB flash drive supported security function was invented to compensate for the problem. In this paper, we analyze vulnerability of 6 control access program for secure USB flash drives. And we show that exposed password on communication between secure USB flash drive and PC. Also we show the vulnerability of misapplication for initialization. Further we develop a protection profile for secure USB flash drive based on the common criteria version 3.1. Finally, we examine possible threat of 6 secure USB flash drives and supports of security objectives which derived from protection profile.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.19 no.3
• /
• pp.107-117
• /
• 2009

Network administrator recognizes the abnormal phenomenon in the managed network by using the alert messages generated in the security devices including the intrusion detection system, intrusion prevention system, firewall, and etc. And then the series of task, which searches for the traffic related to the alert message and analyzes the traffic data, are required to determine where the abnormal phenomenon is the real network security threat or not. There are many alert messages to have to inspect in order to determine the network security situation. Also the much times are needed so that the network administrator can analyze the security condition using existing methods. Therefore, in this paper, we proposed an efficient method for analyzing network security situation using visualization. The proposed method monitors anomalies occurred in the entire IP address's space and displays the detail information of a security event. In addition, it represents the physical locations of the attackers or victims by linking GIS information and IP address. Therefore, it is helpful for network administrator to rapidly analyze the security status of managed network.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.20 no.2
• /
• pp.109-116
• /
• 2010

We consider an information system where its throughput deteriorates due to security threats and evaluate information security investment portfolios. We assume that organizations adopt information security countermeasures (or portfolios consisted of countermeasures) to lessen the damage resulted from the productivity (or throughput) deterioration. A probability model is used to derive the system throughput and the average number of repairs according to the occurrence rate of security threats. Considering the revenue from throughput, the repair cost, and the investment for the security system, the net present value for each portfolio is derived. Organizations can compare information security investment portfolios and select the optimal portfolio.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.26 no.8
• /
• pp.1205-1212
• /
• 2022

Cyber threat targeting ICS (Industrial Control System) has indicated drastic increases over the past decade and Cyber Incident in Critical Infrastructure such as Energy, Gas Terminal and Petrochemical industries can lead to disaster-level accidents including casualties and large-scale fires. In order to effectively respond to cyber attacks targeting ICS, a multi-layered defense-in-depth strategy considering Control System Architecture is necessary. In particular, the centralized security log system integrating OT (Operational Technology) and IT (Information Technology) plays an important role in the ICS incident response plan. The paper suggests the way of implementing centralized security log system that collects security events and logs using OPC Protocol from Level 0 to Level 5 based on IEC62443 Purdue Model to integrate ICS security logs with SIEM (Security Information Event Management) operated in IT environment.

• Convergence Security Journal
• /
• v.23 no.2
• /
• pp.85-94
• /
• 2023

In the face of the serious security situation with the increasing threat from North Korea, Korean Army is pursuing a reduction in troops through the performance improvement project of the GOP science-based border security system, which utilizes advanced technology. In order for the GOP science-based border security system to be an effective alternative to the decrease in military resources due to the population decline, it must guarantee a high detection and identification rate and minimize troop intervention by dramatically improving the false detection rate. Recently introduced in Korean Army, the GOP science-based border security system is known to ensure a relatively high detection and identification rate in good weather conditions, but its performance in harsh weather conditions such as rain and fog is somewhat lacking. As an alternative to overcoming this, a radar-based border security system that can detect objects even in bad weather has been proposed. This paper proves the effectiveness of the AI-based scientific border security system based on radar that is being currently tested at the 00th Division through the 2021 Rapid Acquisition Program, and suggests the direction of development for the GOP scientific border security system.

• Convergence Security Journal
• /
• v.20 no.4
• /
• pp.27-34
• /
• 2020

Recently, the fourth industrial revolution technology has not only changed everyday life greatly through technological development, but has also become a major keyword in the establishment of defense policy. In particular, Internet of Things, cloud, big data, mobile and cybersecurity technologies, called ICBMS, were selected as core leading technologies in defense information policy along with artificial intelligence. Amid the growing importance of the fourth industrial revolution technology, research is being carried out to develop the C4I system, which is currently operated separately by the Joint Chiefs of Staff and each military, including the KJCCS, ATCIS, KNCCS and AFCCS, into an integrated system in preparation for future warfare. This is to solve the problem of reduced interoperability for joint operations, such as information exchange, by operating the C4I system for each domain. In addition, systems such as the establishment of an integrated C4I system and the U.S. military's Risk Management Framework (RMF) are essential for efficient control and safe operation of weapons systems as they are being developed into super-connected and super-intelligent systems. Therefore, in this paper, the intelligent cyber threat detection, management of users' access to information, and intelligent management and visualization of cyber threat are presented in the future C4I system based on big data/cloud.

• Korean Security Journal
• /
• no.34
• /
• pp.89-113
• /
• 2013

Travel by airplane using airport in globalized modern society is familiar to our life but such airport can be a target of terrorists who would threaten our safety. However, aviation terrorism which is represented by 9.11 terror gives horror beyond our imagination to modern people. Since the first airplane hijacking in Peru in 1931 happened, security organization in each nation has taken various prevention measures to block aviation terrorism. The most realistic measures to prevent aviation terrorism would be security check activity to control approach of terrorist that passengers on airplane and cargos are checked to find out dangerous article like explosive etc. But security check activity in Korea shifted to security check activity focused on private security for efficiency of airport operation differently from security check activity in advanced countries where public interests is strengthened according to risk of terror after 9.11 system. That is, since Incheon airport opened in March 2001, security check system focused on the police was changed. Now Incheon international airport Corporation instructs and supervises security check job and private security personnel are in charge of actual security check activity. But this check system has limitation in blocking terror activity by terrorists which is systematized and intelligent as time passes due to deteriorated job satisfaction of private security personnel and confusing supervising system. Accordingly, it is suggested to introduce risk management skill which is one of management strategy of private corporation for security check activity to prevent terror activity. With this skill, risk factors of aviation terror are identified and analyzed regularly, and each process such as setting of priority, activity to reduce risk, and assessment of security is carried out. And it would be necessary to do efforts, for example, to properly change level of security check according to threat of terror such as to place policeman at airport security in case threat of terror is severe. On the other hand, it is necessary to establish national police organization for good communication of security check activity in field and supervising function, which can encourage systematization and specialization of aviation security job.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.3
• /
• pp.445-457
• /
• 2013

This paper is about the study to build a quantitative methodology to assess cyber threats and vulnerabilities on control systems. The SCADA system in power industry is one of the most representative and biggest control systems. The SCADA system was originally a local system but it has been extended to wide area as both ICT and power system technologies evolve. Smart Grid is a concept to integrate energy and IT systems, and therefore the existing cyber threats might be infectious to the power system in the integration process. Power system is operated on a real time basis and this could make the power system more vulnerable to the cyber threats. It is a unique characteristic of power systems different from ICT systems. For example, availability is the most critical factor while confidentiality is the one from the CIA triad of IT security. In this context, it is needed to reflect the different characteristics to assess cyber security risks in power systems. Generally, the risk(R) is defined as the multiplication of threat(T), vulnerability(V), and asset(A). This formula is also used for the quantification of the risk, and a conceptual methodology is proposed for the objective in this study.

• Journal of the Korea Society for Simulation
• /
• v.16 no.2
• /
• pp.27-35
• /
• 2007

When sensor networks are deployed in open environments, all the sensor nodes are vulnerable to physical threat. An attacker can physically capture a sensor node and obtain the security information including the keys used for data authentication. An attacker can easily inject false reports into the sensor network through the compromised node. False report can lead to not only false alarms but also the depletion of limited energy resource in battery powered sensor networks. To overcome this threat, Fan Ye et al. proposed that statistical on-route filtering scheme(SEF) can do verify the false report during the forwarding process. In this scheme, the choice of a security threshold value is important since it trades off detection power and energy, where security threshold value is the number of message authentication code for verification of false report. In this paper, we propose a fuzzy rule-based system for security threshold determination that can conserve energy, while it provides sufficient detection power in the SEF based sensor networks. The fuzzy logic determines a security threshold by considering the probability of a node having non-compromised keys, the number of compromised partitions, and the remaining energy of nodes. The fuzzy based threshold value can conserve energy, while it provides sufficient detection power.

• Korean Security Journal
• /
• no.15
• /
• pp.221-242
• /
• 2008

Protection is to maximize the protectee's physical security by minimizing the threats and minimizing the damages caused by the threats. From this point of view, the assassination case of Israel's former Premier Yitzhak Rabin who devoted himself to proceed peace process in Middle East, on November 4, 1995, gives us a lot of lessons on protection. At that time, Israeli society was chaotic with anti-Rabin and anti-government demonstrations which is against Rabin's peace process, and they openly threatened to assassinate Premier Rabin. However, Shin Bet, Israeli Protective Agency, didn't reacted against the assassination threats effectively. Also they have to try to secure friendly public to widen the width of selection in case of crisis and to secure the credibility of the organization. They have to prevent harmful activities in advance by securing wide intelligence networks to collect and analyze various protective intelligences and preparing proper protective countermeasures. Intelligence is a basic element in protection and any protective measures not supported by intelligence activities are not useful and effective. Potential attackers study their target thoroughly and make an elaborate plan before their attack. Advance team is required to conduct security measures on a basis of analysis of vulnerability and threat factors, and close protection team should be prepared for the changing situations with crisis-consciousness. Is security, 100% perfection is not possible. However, Shin Bet failed to analyze and approach to the existing threats. They forgot the fact that security environment reflects social situations. Protection agents should be conscious of the fact that today is different from yesterday. So we have to expect what is not expected when not expected.