• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.2
• /
• pp.267-280
• /
• 2023

With development of computing and communications technologies, IoT environments based on high-speed networks have been extending rapidly. Especially, from home to an office or a factory, applications of IoT devices with sensing environment and performing computations are increasing. Unfortunately, IoT devices which have limited hardware resources can be vulnerable to cyber attacks. Hence, there is a concern that an IoT botnet can give rise to information leakage as a national cyber security crisis arising from abuse as a malicious waypoint or propagation through connected networks. In order to response in advance from unknown cyber threats in IoT networks, in this paper, We firstly define four types of We firstly define four types of characteristics by analyzing darknet traffic accessed from an IoT botnet. Using the characteristic, a suspicious IP address is filtered quickly. Secondly, the filtered address is identified by Cyber Threat Intelligence (CTI) or Open Source INTelligence (OSINT) in terms of an unknown suspicious host. The identified IP address is finally fingerprinted to determine whether the IP is a malicious host or not. To verify a validation of the proposed method, we apply to a Darknet on real-world SOC. As a result, about 1,000 hosts who are detected and blocked preemptively by the proposed method are confirmed as real IoT botnets.

• Journal of Internet Computing and Services
• /
• v.25 no.1
• /
• pp.147-155
• /
• 2024

Currently, the 4th Industrial Revolution, like other revolutions, is bringing great change and new life to humanity, and in particular, the demand for and use of drones, which can be applied by combining various technologies such as big data, artificial intelligence, and information and communications technology, is increasing. Recently, it has been widely used to carry out dangerous military operations and missions, such as the Russia-Ukraine war and North Korea's reconnaissance against South Korea, and as the demand for and use of drones increases, concerns about the safety and security of drones are growing. Currently, a variety of research is being conducted, such as detection of wireless communication abnormalities and sensor data abnormalities related to drones, but research on real-time detection of threats using radio frequency characteristic data is insufficient. Therefore, in this paper, we conduct a study to determine whether the characteristic data is normal or abnormal signal data by collecting radio frequency signal characteristic data generated while the drone communicates with the ground control system while performing a mission in a HITL(Hardware In The Loop) simulation environment similar to the real environment. proceeded. In addition, we propose an unsupervised learning-based threat detection system and optimal threshold that can detect threat signals in real time while a drone is performing a mission.

• Journal of Advanced Navigation Technology
• /
• v.11 no.3
• /
• pp.259-265
• /
• 2007

Systematic components for implementing ubiquitous computing, for example, electronic devices, electric home appliances, and controllers, etc, are consist of not only circuits but also softwares expected to do some special system-controlling functions, and these softwares used to be called like as embedded software. Because embedded software is a core component controlling systems, the codes or control flows should be protected from being opened to the public or modified. Embedded software security can be divided into 2 parts: first is the unauthorized access to development site and embedded software, second is the unauthorized disclosure or modification. And this research is related to the first aspect of them.This paper proposes some security check requirements related to embedded software development site by analyzing the ALC_DVS.1 of the ISO/IEC 15408 and Base Practices (BPs) of the ISO/IEC 21827. By applying this research, we expect to protect unauthorized modification of embedded software indirectly.

• Strategy21
• /
• s.33
• /
• pp.37-64
• /
• 2014

The year 2010 has been regarded as a year of China's assertive diplomacy. A series of China's behavior--including China's critical reaction to the U.S. for its sales of weapons to Taiwan, the Dalai Lama's visit to President Obama, China's arbitrary designation of 'core interests' over the South China Sea, China's inordinate reactions to the sinking of the Cheonan and Yeonpyeong bombardment, and China's activities in the Senkaku/Diaoyu island areas--has served as the witnesses to China's assertive diplomacy in 2010. The major causes of China's assertive diplomacy can be summed up by three factors: potential power transition from U.S. to China; emerging China's nationalism; and the recession of the Tao Guang Yang Hui as a diplomatic principle. But a majority of Western sinologists claim that China's assertive diplomacy is defensive in terms of its character. China's neighboring states, however, perceive its assertive diplomacy as diplomatic threat. Due to these states' geographical proximity and capability gaps with China, these neighbors experience difficulties in coping with China's behavior. In particular, China's coercive economic diplomacy, in which China tends to manipulate the neighbors' economic dependency on China for its diplomatic leverage, is a case in point for China's assertive diplomacy. China's assertiveness seems to be continued even after the inauguration of Xi Jinping government. Although the Xi government's diplomatic rhetorics in "New Type of Great Power Relationship" and the "Convention for Neighboring States Policy" sound friendly and cooperative, its subsequent behavior, like unilateral announcement of Chinese Air Defense Identification Zone (CADIZ), does not conform with its rhetoric. Overall, China's assertiveness has been consolidated as a fashion of its diplomacy, and it is likely to continue in its relations with neighbors. As a neighboring state, the ROK should approach to it with more balanced attitude. In addition, it needs to find out a new diplomatic leverage to deal with China in accordance with its security environment, in which China plays a growing role.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.8 no.12
• /
• pp.1841-1848
• /
• 2013

In this paper, the plans for improvement of real-time security monitoring accuracy and expansion of control region were investigated through comprehensive and systematic collection and analysis of the anomalous activities that inflow and outflow in the network on a large scale in order to overcome the existing security monitoring system based on stylized detection patterns which could correspond to only very limited cyber attacks. This study established an anomaly observation system to collect, store and analyze a diverse infringement threat information flowing into the darknet network, and presented the information classification system of cyber threats, unknown anomalies and high-risk anomalous activities through the statistics based trend analysis of hacking. If this security monitoring system utilizing darknet traffic as presented in the study is applied, it was indicated that detection of all infringement threats was increased by 12.6 percent compared with conventional case and 120 kinds of new type and varietal attacks that could not be detected in the past were detected.

• Journal of Digital Convergence
• /
• v.12 no.2
• /
• pp.513-518
• /
• 2014

According to the development of IT technology, various new technologies are being produced. As the complexity of the information system like using the network and convergence devices is increasing, threat and vulnerability against various security problems are increasing even though new IT services provide the convenience of users' accessibility to services. In order to secure the safety of information system, the weakness is being removed through the information protection vulnerability analysis starting from information and communication service construction stage and the system is being prepared for pre-inspection activities about whether the information protection measures were established and applied. In this paper, introduction and current status of each country about advanced check-up systems in the information system are to be identified. Progress direction about the advanced pre-inspection system which is driven by Korea Internet Security Agency and its activation plan to secure the safety are to be suggested.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.4
• /
• pp.647-656
• /
• 2020

Recently, there has been an increasing number of cases in which important data (personal information, technology, etc.) of national and public institutions are leaked to the outside world. Surveys show that the largest cause of such leakage accidents is "insiders." Insiders of organization with the most authority can cause more damage than technology leaks caused by external attacks due to the organization. This is due to the characteristics of insiders who have relatively easy access to the organization's major assets. This study aims to present an optimized property selection model for detecting such abnormalities through supervised learning algorithms among machine learning techniques using actual data such as CrossNet data transfer system transmission log, e-mail transmission log, and personnel information, which safely transmits data between separate areas (security area and non-security area) of the business network and the Internet network.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.17 no.9
• /
• pp.2063-2072
• /
• 2013

Smart Grid is the next-generation intelligent power grid that maximizes energy efficiency with the convergence of IT technologies and the existing power grid. It enables consumers to check power rates in real time for active power consumption. It also enables suppliers to measure their expected power generation load, which stabilizes the operation of the power system. However, there are high possibility that various kinds of security threats such as data exposure, data theft, and privacy invasion may occur in interactive communication with intelligent devices. Therefore, to establish a secure environment for responding to such security threat with the smart grid, the key management technique, which is the core of the development of a security mechanism, is required. Using a hash chain, this paper suggests a group key management mechanism that is efficiently applicable to the smart grid environment with its hierarchical structure, and analyzes the security and efficiency of the suggested group key management framework.

• The Journal of the Korea Contents Association
• /
• v.18 no.7
• /
• pp.620-627
• /
• 2018

With the widespread adoption of blockchain in the field of business, the importance of confidentiality of critical information has been emerging. Although blockchain models solve the security problem regarding integrity threat by sharing transactions and making them public, it is vulnerable in terms of confidentiality. Therefore, a security mechanism to provide confidentiality of critical information and private information of a firm is necessary to utilize block chain in the process of work. In order to solve the problem, we suggest Private blockchain based cryptographic protocol application model using Smart contract commitment scheme of the Ethereum. It can contribute to activation of blockchain services by enabling non-trusted participants to perform businesses through application of smart contract enhanced in terms of confidentiality and integrity to private blockchain.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.9 no.2
• /
• pp.374-379
• /
• 2005

In the most of medical institution medical information is totally stored in a database and many number of researchers and staffs of the hospital access these information anytime. This can be caused patient's privacy to be violated. Introducing a tool for security should be considered as one of the most important requirement especially in the case that today's medical information service expands into an integrated one. In this paper we review the matters of security threat on a medical information system and propose a secure medical information service model equipped on mobile device such as PDA. Also we propose a security architecture employing a digital signature mechanism to protect the personal information on the model. Proposed architecture can lead the doctor to diagnose with high responsibility, help to build a reliable medical information system. and through the signed data, we can get some useful information against medical strife.