• Journal of the Korea Institute of Information Security & Cryptology
• /
• 제31권3호
• /
• pp.291-307
• /
• 2021

There has been global efforts to prevent the further spread of the COVID-19 and get society back to normal. 'Contact tracing' is a crucial way to detect the infected person. However the contact tracing makes another concern about the privacy violation of the personal data of infected people, released by governments. Therefore Google and Apple are announcing a joint effort to enable the use of Bluetooth technology to help governments and health agencies reduce the spread of the virus, with user privacy and security central to the design. However, in order to provide the improved tracing application, it is necessary to identify potential security threats and investigate vulnerabilities for systematically. In this paper, we provide security analysis of Privacy-Preserving COVID-19 Contact Tracing App with STRIDE and LINDDUN threat models. Based on the analysis, we propose to adopt a verifiable computation scheme, Zero-knowledge Succinctness Non-interactive Arguments of Knowledges (zkSNARKs) and Public Key Infrastructure (PKI) to ensure both data integrity and privacy protection in a more practical way.

• International Journal of Computer Science & Network Security
• /
• 제22권6호
• /
• pp.390-399
• /
• 2022

Cyber security and resilience are phrases that describe safeguards of ICTs (information and communication technologies) from cyber-attacks or mitigations of cyber event impacts. The sole purpose of Risk models are detections, analyses, and handling by considering all relevant perceptions of risks. The current research effort has resulted in the development of a new paradigm for safeguarding services offered online which can be utilized by both service providers and users. customers. However, rather of relying on detailed studies, this approach emphasizes task selection and execution that leads to successful risk treatment outcomes. Modelling intelligent CSGs (Cyber Security Games) using MLTs (machine learning techniques) was the focus of this research. By limiting mission risk, CSGs maximize ability of systems to operate unhindered in cyber environments. The suggested framework's main components are the Threat and Risk models. These models are tailored to meet the special characteristics of online services as well as the cyberspace environment. A risk management procedure is included in the framework. Risk scores are computed by combining probabilities of successful attacks with findings of impact models that predict cyber catastrophe consequences. To assess successful attacks, models emulating defense against threats can be used in topologies. CSGs consider widespread interconnectivity of cyber systems which forces defending all multi-step attack paths. In contrast, attackers just need one of the paths to succeed. CSGs are game-theoretic methods for identifying defense measures and reducing risks for systems and probe for maximum cyber risks using game formulations (MiniMax). To detect the impacts, the attacker player creates an attack tree for each state of the game using a modified Extreme Gradient Boosting Decision Tree (that sees numerous compromises ahead). Based on the findings, the proposed model has a high level of security for the web sources used in the experiment.

• Convergence Security Journal
• /
• 제22권1호
• /
• pp.39-54
• /
• 2022

Recently, the importance of collecting, analyzing, and real-time sharing of various cybersecurity data has emerged in order to effectively respond to intelligent and advanced cyber threats. To cope with this situation, Korea is making efforts to expand its cybersecurity data sharing system, but many private companies are unable to participate in the cybersecurity data sharing system due to a lack of budget and professionals to collect cybersecurity data. In order to solve such problems, this paper analyzes the research and development trends of existing domestic and foreign cyber security data sharing systems, and based on that, propose a cybersecurity data sharing system model with a hierarchical structure that considers the size of the organization and a step-by-step security policy that can be applied to the model. In the case of applying the model proposed in this paper, it is expected that various private companies can expand their participation in cybersecurity data sharing systems and use them to prepare a response system to respond quickly to intelligent security threats.

• Journal of Internet of Things and Convergence
• /
• 제10권2호
• /
• pp.77-84
• /
• 2024

Over the past few years, IoT edges have begun to emerge based on new low-latency communication protocols such as 5G. However, IoT edges, despite their enormous advantages, pose new complementary threats, requiring new security solutions to address them. In this paper, we propose a cloud environment-based IoT edge architecture model that complements IoT systems. The proposed model acts on machine learning to prevent security threats in advance with network traffic data extracted from IoT edge devices. In addition, the proposed model ensures load and security in the access network (edge) by allocating some of the security data at the local node. The proposed model further reduces the load on the access network (edge) and secures the vulnerable part by allocating some functions of data processing and management to the local node among IoT edge environments. The proposed model virtualizes various IoT functions as a name service, and deploys hardware functions and sufficient computational resources to local nodes as needed.

• The Journal of the Convergence on Culture Technology
• /
• 제10권3호
• /
• pp.25-29
• /
• 2024

After the Russia-Ukraine War, NATO broke away from the peacekeeping strategy that it had maintained and declared that it would strengthen the multilateral security consultative body, pursue strategic stability, expand armaments, cooperate security, and strengthen dialogue and cooperation in the Indo-Pacific region. Changes in NATO's strategy directly and indirectly affect Korea's security environment. Only by clearly analyzing this and establishing policies and strategies to respond to it can the threat be suppressed and national interests protected. NATO designates China and Russia as threats. By using cooperation and solidarity with NATO as an opportunity, we will be able to strengthen security cooperation and alliances, develop and expand the defense industry market, and expand opportunities to participate in the Ukraine reconstruction project.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• 제24권5호
• /
• pp.919-929
• /
• 2014

Recently, organizational efforts to adopt ISMS(Information Security Management System) have been increasingly mandated and demanded due to the rising threat and the heavier cost of security failure. However there is a serious gap between awareness and investment of information security in a company, hence it is very important for the company to control effectively a variety of information security threats within a tight budget. To phase the ISMS, this study suggests the priorities based on evaluating the Importance of 13 areas for the ISMS by the information security experts and then we attempt to see the difference between importance and investment through the assessment of the actual investment in each area. The research findings show that intrusion incident handling is most important and IT disaster recovery is the area that is invested the most. Then, information security areas with the considerable difference between priorities of importance and investment are cryptography control, information security policies, education and training on information security and personnel security. The study results are expected to be used in making a decision for the effective investment of information security when companies with a limited budget are considering to introduce ISMS or operating it.

• Journal of Fisheries and Marine Sciences Education
• /
• 제26권4호
• /
• pp.769-788
• /
• 2014

Today, all the countries of the world newly recognize importance of sea on 70% area of the earth, which are focused on efforts for security of marine territory and fishes resources. On the security concerns of the ocean & fishes resources, Sea are very important on the ground of the importance of the ocean, thus international community has been trying to combat a maritime security threat and illegal fisheries. Coastal states need to have proper state's jurisdiction and exercise it's jurisdiction to response effectively to a maritime security threat and illegal fisheries. Here, many of the coastal states strengthened the rights in Exclusive Economic Zone(;EEZ) naturally, there are made cooperation activities and keen competition in the sea because deepening of complex understanding of the relationship between the surrounding countries with marine surveys & continental shelf development, island territorial sovereignty & marine jurisdiction in overlap of sea area on EEZ. In these circumstances, foreign fishing boats invaded to our territorial waters and EEZ many times. in addition, Chinese fishing boats are going to illegal fisheries naturally. On this point, a powerful crackdown of maritime enforcement organization had no effect on them. Also more and more their resistance gathered strength and tendency of a illegal activities became systematization, group action and atrocity little by little. So this thesis includes a study on the regal regulation, the system and formalities on the control of illegal fishing. And the author analyzed the details of the activities of illegal fishing and boats controlled by Korea Coast Guard(KCG), fishing patrol vessels of Ministry of Maritime Affaires and Fisheries(MOMAF) and Navy etc. from in adjacent sea area of Korea. In relation to this, the policy and activity plan were devised to crackdown to illegal fisheries of foreign fishing boats and then it was enforced every year. According to this, analyze the present conditions of illegal fisheries of a foreign fishing boats on this study, also analyze the present conditions of maritime enforcement organization & found out problems to compared it. protect the territorial waters, at the same time protection of marine mineral resources & fishes resources of EEZ including continental shelf, which has want to study for the role & response of maritime enforcement organization for the protection of fisheries resources and a proper, a realistic confrontation plan of maritime enforcement organization against illegal fisheries of foreign fishing boats.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• 제21권8호
• /
• pp.1581-1588
• /
• 2017

Recently, circulating ransomware is becoming intelligent and sophisticated through a spreading new viruses and variants, targeted spreading using social engineering attack, malvertising that circulate a large quantity of ransomware by hacking advertising server, or RaaS(Ransomware-as-a- Service), from the existing attack way that encrypt the files and demand money. In particular, it makes it difficult to track down attackers by bypassing security solutions, disabling parameter checking via file encryption, and attacking target-based ransomware with APT(Advanced Persistent Threat) attacks. For remove the threat of ransomware, various detection techniques are developed, but, it is very hard to respond to new and varietal ransomware. Accordingly, in this paper, find out a making Signature-based Detection Patterns and problems, and present a pattern automation model of ransomware detecting for responding to ransomware more actively. This study is expected to be applicable to various forms in enterprise or public security control center.

• The KIPS Transactions:PartA
• /
• 제8A권4호
• /
• pp.391-398
• /
• 2001

To design and develop secure operating systems, the BLP (Bell-La Padula) model that represents the MLP (Multi-Level Policy) has been widely adopted. However, user\`s security level in the most developed systems based on the BLP model is inherited to a process that is actual subject on behalf of the user, regardless whatever the process behavior is. So, there could be information disclosure threat or modification threat by malicious or unreliable processes even though the user is authorized in the system. These problems can be solved by defining the subject as (user, process) ordered pair and by defining the process reliability. Moreover, when the leveled programs which exist as objects in a disk are executed by a process and have different level from the process level, the security level decision problem occurs. This paper presents an extended BLP (E-BLP) model in which process reliability is considered and solves the security level decision problem. And this model is implemented into the Linux kernel 2.4.7.

• Korean Security Journal
• /
• 제42호
• /
• pp.205-227
• /
• 2015

The Korean Peninsula is put in a position to carry out a highly strategic game vis-a-vis nK, which is asserting itself as a nuclear power amongst Northeast Asia's complex dynamics. While the international community recognizes nK's possession of nuclear weapons as released secret based on nK's three nuclear tests, shrewd strategic thinking is needed by ROK to secure itself as a non-nuclear nation in order to assume a responsible role to the international community, while simultaneously being ready to respond at all times for nK's military provocations. ROK must continue with its twofold strategy, by firm response to military confrontation with nK and maintaining flexible policy of tolerance in the areas of economy and ethnicity. Various strategic options to overcome nK's nuclear threats have been presented to ROK, whose possession of nuclear weapons have been difficult, and nK's nuclear capability is a real threat to ROK's national security. We must be able to respond to nK's nuclear threats strictly from ROK's national security perspective. This thesis aims to propose a response policy for nK's nuclear capability and nK's nuclear attack based on analysis of such nuclear damage, ROK Government's response posture against nK's nuclear threats, centered around ROK Government's non-military response posture.