• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.16 no.4
• /
• pp.41-46
• /
• 2016

Recently, many domestic and foreign corporates are concentrating in investment to wearable devices and users are provided with various service based on wearable devices 26% more than compared to last year. It is widely used in previous healthcare, smart work, smart home environment, and it is now introduced to get connection to fused service environment. However, as products of G company are commercialized, the security issue of personal information is causing dispute in society, and the danger of data management and security regarding telecommunication is increasing. Also, because the password system used in previous wireless environment is still in use, there are possible vulnerability considering the new and mutant security threat. This thesis conducted study about protocols that can exercise safe telecommunication in the basis of wearable devices. In the registration and certification process, the signature value is created based on the code value. The telecommunication method is designed to conduct safe telecommunication based on the signature value. As for the attack method occurring in the wearable device environment, the safety was analyzed and conducted performance evaluation of previous password system and proposal system, and verified about 14% of efficiency.

• Korean Security Journal
• /
• no.33
• /
• pp.137-161
• /
• 2012

There are some common and broad trends in National crisis management system around the world. This article considers that paradigm theoretically. 1) a shift from civil defense to civil protection, 2) 10 principles in sustainable National crisis management system, 3) the collaborative governance of crisis management. Some civil defense problems in National crisis management system are as follows; 1) obscurity of organizational identity through twofold function in civil defense, 2) ineffective organization in civil defense and disaster management system, 3) weakness of competencies in local government, 4) overlook of actual condition in communities and civil defense resources. This article suggests that to provide retired and active private security practitioners, retired law enforcement personnel, and retired military personnel to form a elite civil defense force and to find creative ways to address this pervasive threat which one reasonable and affordable solution would be for the government to take advantage of an existing resource.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.4
• /
• pp.895-902
• /
• 2016

Smart phone distribution rate has been rising and it's security threat also has been rising. Especially Android smart phone reaches nearly 85% of domestic share. Since repackaging on android smart phone is relatively easy, the number of re-packaged malwares has shown steady increase. While many detection techniques have been proposed in order to prevent malwares, it is not easy to detect re-packaged malwares by static analysis and it is also difficult to operate dynamic analysis in android smart phone. Static analysis proposed in this paper features code reuse of repackaged malwares. We extracted DEX files from android applications and performed static analysis using class names and method names. This process doesn't not include reverse engineering, so it is possible to detect malwares efficiently.

• Convergence Security Journal
• /
• v.16 no.2
• /
• pp.25-34
• /
• 2016

This study aims to prevent the serious threat from dangerous person or group by responding or blocking or separating illegal activities by use of SNA: Social Network Analysis. SNA enables to identify the complex social relation of suspect and individuals in order to enhance the effectiveness and efficiency of investigation. SNS has rapidly developed and expanded without restriction of physical distance and geo-location for making new relation among people and sharing large amount of information. As rise of SNS(facebook and twitter) related crimes, terrorist group 'ISIS' has used their website for promotion of their activity and recruitment. The use of SNS costs relatively lower than other methods to achieve their goals so it has been widely used by terrorist groups. Since it has a significant ripple effect, it is imperative to stop their activity. Therefore, this study precisely describes criminal and terrorist activities on SNS and demonstrates how effectively detect, block and respond against their activities. Further study is also suggested.

• Journal of KIISE:Computer Systems and Theory
• /
• v.35 no.9_10
• /
• pp.441-451
• /
• 2008

Currently, the X.509 proxy certificate is widely used to delegate an entity's right to another entity in the computational grid environment. However it has two drawbacks: the potential security threat caused by intraceability of a delegation chain and the inefficiency caused by an interactive communication between the right grantor and the right grantee on the delegation protocol. To address these problems for computational grids, we propose a new delegation protocol without additional cost. We use an ID-based key generation technique to generate a proxy private key which is a means to exercise the delegated signing right. By applying the ID-based key generation technique, the proposed protocol has the delegation traceability and the non-interactive delegation property. Since the right delegation occurs massively in the computational grid environment, our protocol can contribute the security enhancement by providing the delegation traceability and the efficiency enhancement by reducing the inter-domain communication cost.

• Journal of KIISE:Information Networking
• /
• v.35 no.1
• /
• pp.76-90
• /
• 2008

Wireless sensor networks are expected to play a vital role in the upcoming age of ubiquitous computing such as home environmental, industrial, and military applications. Compared with the vivid utilization of the sensor networks, however, security and privacy issues of the sensor networks are still in their infancy because unique challenges of the sensor networks make it difficult to adopt conventional security policies. Especially, node compromise is a critical threat because a compromised node can drain out the finite amount of energy resources in battery-powered sensor networks by launching various insider attacks such as a false data injection. Even cryptographic authentication mechanisms and key management schemes cannot suggest solutions for the real root of the insider attack from a compromised node. In this paper, we propose a novel trust-based secure aggregation scheme which identifies trustworthiness of sensor nodes and filters out false data of compromised nodes to make resilient sensor networks. The proposed scheme suggests a defensible approach against the insider attack beyond conventional cryptographic solutions. The analysis and simulation results show that our aggregation scheme using trust evaluation is more resilient alternative to median.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.3
• /
• pp.431-444
• /
• 2013

Widespread use of smartphones and wireless LAN accompany a threat called rogue AP. When a user connects to a rogue AP, the rogue AP can mount the man-in-the-middle attack against the user, so it can easily acquire user's private information. Many researches have been conducted on how to detect a various kinds of rogue APs, and in this paper, we are going to propose an algorithm to identify and detect a rogue AP that impersonates a regular AP by showing a regular AP's SSID and connecting to a regular AP. User is deceived easily because the rogue AP's SSID looks the same as that of a regular AP. To detect this type of rogue APs, we use a machine learning algorithm called SVM(Support Vector Machine). Our algorithm detects rogue APs with more than 90% accuracy, and also adjusts automatically detection criteria. We show the performance of our algorithm by experiments.

• Journal of Advanced Navigation Technology
• /
• v.21 no.6
• /
• pp.633-637
• /
• 2017

Cyber attacks on aircraft and aeronautical networks are not much different from cyber attacks commonly found in the ground industry. Air traffic management infrastructure is being transformed into a digital infrastructure to secure air traffic. A wide variety of communication environments, information and communications, navigation, surveillance and inflight entertainment systems are increasingly threatening the threat posed by cyber terrorism threats. The emergence of unmanned aircraft systems also poses an uncontrollable risk with cyber terrorism. We have analyzed cyber security standards and response strategies in developed countries by recognizing the vulnerability of cyber threats to aircraft systems and aviation infrastructure in next generation data network systems. We discussed comprehensive measures for cybersecurity policies to consider in the domestic aviation environment, and discussed the concept of security environment and quick response strategies.

• Proceedings of the Korea Information Assurance Society Conference
• /
• 2004.05a
• /
• pp.259-265
• /
• 2004

Since the 2003.1.25 Internet Crisis, the government has been looking at a number of options to strengthen national cyber-security/crisis management capability to guard against ever increasing threat of cyber-war and terror. Thus, the focus of this study was to explorer new ways of developing a comprehensive cyber-security/crisis management system, in particular by combining modern social-science analytic theories. As a result, although there has to be more in-depth researches into incorporating advanced techniques to generate more detailed and object-specific indexes and protocols, the use of 'event data system,' which has been widely utilized in many recent social science researches to assess a wide-range of socio-political risks and crises, could be adopted as a basis for a comprehensive nationwide cyber-risk management system.

• Convergence Security Journal
• /
• v.6 no.4
• /
• pp.29-40
• /
• 2006

Recent trends for cyber threat such as worm and virus exploit vulnerabilities inherent to main information communication infrastructures like the internet to achieve economical and political goals. It needs to develop checking programs for new vulnerabilities published in prompt and apply them to vulnerable systems for the defense of those cyber threats. In this paper, we study of methodologies for new vulnerability checking module development proper to user level. First, we analyze current 7 methodologies for the development of new vulnerability checking modules including GFI LANGuard and Nessus and then compare them. Second, We define and propose the 5 unique methodologies for the development of new vulnerability checking modules in depth. Finally, we induct the best methodology proper to a certain user level by assessing each methodology according to conditions which is set virtually.