• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2016.10a
• /
• pp.807-808
• /
• 2016

With the recent rise in nuclear families and single-member families, there is a need for the kind of home management unaffected by neither space nor time. Moreover, electronic devices in and around the home need to be managed efficiently and prevented from overheating, and there is an increasing risk of fire, theft, and leak of personal data with these devices, which is leading to an increase in the economic costs. Accordingly, there is a growing need for an efficient and secure smart home management system. This paper proposes a home management system that uses smart devices. This system has addressed the shortcomings of a conventional Internet-based home network. Furthermore, it communicates with IoT-enabled devices and features intelligent information home appliances that are isolated from personally identifiable information and which are secure against advanced persistent threats, a type of cyber-attack.

• Korean Journal of Remote Sensing
• /
• v.37 no.4
• /
• pp.803-813
• /
• 2021

Coastal erosion has been a threat to coastal communities and emerged as an urgent problem. Among the coastal communities that are under perceived threat, Cotonou located in Benin, West Africa, is considered as one of the most dangerous area due to its high vulnerability. To address this problem, in 2013, the Benin authorities established seven groynes at east of Cotonou port, and two additional intermediate groynes have recently been integrated in April 2018. However, there is no quantitative analysis of groynes so far, so it is hard to know how effective they have been. To analyze effectiveness, we used optical satellite images from different time periods, especially 2004 and 2020, and then compared changes in length, width and area of shoreline in Cotonou. The study area is divided into two sectors based on the location of Cotonou port. The difference of two areas is that Sector 2 has groynes installed while Sector 1 hasn't. As result of this study, shoreline in Sector 1 showed accretion by recovering 1.20 km² of area. In contrast, 3.67 km² of Sector 2 disappeared due to coastal erosion, although it has groynes. This may imply that groynes helped to lessen the rate of average erosion, however, still could not perfectly stop the coastal erosion in the area. Therefore, for the next step, we assume it is recommended to study how to maximize effectiveness of groynes.

• Information Systems Review
• /
• v.18 no.4
• /
• pp.17-42
• /
• 2016

Information security incidents caused by authorized insiders are increasing in financial firms, and this increase is particularly increased by outsourced contractors. With the increase in outsourcing in financial firms, outsourced contractors having authorized right has become a threat and could violate an organization's information security policy. This study aims to analyze the differences between own employees and outsourced contractors and to determine the factors affecting the violation of information security policy to mitigate information security incidents. This study examines the factors driving employees to violate information security policy in financial firms based on the theory of planned behavior, general deterrence theory, and information security awareness, and the moderating effects of employee type between own employees and outsourced contractors. We used 363 samples that were collected through both online and offline surveys and conducted partial least square-structural equation modeling and multiple group analysis to determine the differences between own employees (246 samples, 68%) and outsourced contractors (117 samples, 32%). We found that the perceived sanction and information security awareness support the information security policy violation attitude and subjective norm, and the perceived sanction does not support the information security policy behavior control. The moderating effects of employee type in the research model were also supported. According to the t-test result between own employees and outsourced contractors, outsourced contractors' behavior control supported information security violation intention but not subject norms. The academic implications of this study is expected to be the basis for future research on outsourced contractors' violation of information security policy and a guide to develop information security awareness programs for outsourced contractors to control these incidents. Financial firms need to develop an information security awareness program for outsourced contractors to increase the knowledge and understanding of information security policy. Moreover, this program is effective for outsourced contractors.

• Journal of Internet Computing and Services
• /
• v.19 no.1
• /
• pp.27-35
• /
• 2018

This paper is a study to classify malicious applications in Android environment. And studying the threat and behavioral analysis of malicious Android applications. In addition, malicious apps classified by machine learning were performed as experiments. Android behavior analysis can use dynamic analysis tools. Through this tool, API Calls, Runtime Log, System Resource, and Network information for the application can be extracted. We redefined the properties extracted for machine learning and evaluated the results of machine learning classification by verifying between the overall features and the main features. The results show that key features have been improved by 1~4% over the full feature set. Especially, SVM classifier improved by 10%. From these results, we found that the application of the key features as a key feature was more effective in the performance of the classification algorithm than in the use of the overall features. It was also identified as important to select meaningful features from the data sets.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.2
• /
• pp.295-310
• /
• 2014

DCS (Distributed Control System), the main control system of power plants, is an automated system for enhancing operational efficiency by monitoring, tuning and real-time operation. DCS is becoming more intelligent and open systems as Information technology are evolving. In addition, there are a large amount of investment to enable proactive facility management, maintenance and risk management through the predictive diagnostics. However, new upcoming weaponized malware, such as Stuxnet designed for disrupting industrial control system(ICS), become new threat to the main control system of the power plant. Even though these systems are not connected with any other outside network. The main control systems used in the power plant usually have been used for more than 10 years. Also, this system requires the extremely high availability (rapid recovery and low failure frequency). Therefore, installing updates including security patches is not easy. Even more, in some cases, installing security updates can break the warranty by the vendor's policy. If DCS is exposed a potential vulnerability, serious concerns are to be expected. In this paper, we conduct the penetration test by using NESSUS, a general-purpose vulnerability scanner under the simulated environment configured with the Ovation version 1.5. From this result, we suggest a log analysis method to detect the security infringement and react the incident effectively.

• Korean Security Journal
• /
• no.57
• /
• pp.253-275
• /
• 2018

Economic security emerged as a strong element of national security. Nations around the world are exerting their efforts to collect economic intelligence to serve their national interest while making added efforts to uncover industrial espionage and arrest industrial spies in defensive aspect. Cases in point are the enactment of "Economic Espionage Act(1996)" of the U.S. and the "Act on Prevention of Divulgence and Protection of Industrial Technology(2006)"of Korea. Korea is trying to punish industrial spying on the same level as espionage that poses national security threat by revising Criminal Code. It is necessary to review whether the move to toughen the punishment of industrial spying from "up to 15 years in prison and/or up to 1.5 billion won in fine" to "minimum seven years of imprisonment, life imprisonment or death penalty" is appropriate. Advanced nations regulate industrial spying with a special act on economy although they have applied espionage act not to "enemy states" but to "foreign countries" in the first place. Likewise, preventing industrial spying by applying espionage act through the revision of criminal code poses a risk of undermining the autonomy of industry sector by excessive influence of state power. Furthermore, the penalty of minimum imprisonment of seven years, life imprisonment or death penalty with the application of espionage act under the criminal code is an legal application by stretching of the law, posing a risk of dampening healthy economic activities. Therefore, revising and applying relevant economic laws such as aforementioned 'Act on Prevention of Divulgence and Protection of Industrial Technology(2006)' is thought to be desirable to achieve the goal of protecting industrial technologies.

• Convergence Security Journal
• /
• v.18 no.1
• /
• pp.117-128
• /
• 2018

The purpose of this paper is to analyze the behavior of North Korea's cyber attack against South Korea since 2009 based on major international security theories and suggest South Korea's policy option. For this purpose, this paper applied the behavioral domain and characteristics of 'cyber power' and 'coercion dynamics' model, which are attracting attention in international security studies. The types of cyber attacks from North Korea are classified into the following categories: power-based incarceration, leadership attacks and intrusions, military operations interference, and social anxiety and confusion. In terms of types and means of cyber power, North Korean GPS disturbance, the Ministry of Defense server hacking and EMP are hard power with high retaliation and threat and cyber money cashing and ransomware are analyzed by force in the act of persuasion and incentive in the point of robbing or asking for a large amount of money with software pawns. North Korea 's cyber attack has the character of escape from realistic sanctions based on the second nuclear test. It is important for South Korea to clearly recognize that the aggressive cyberpower of North Korea is changing in its methods and capabilities, and to ensure that North Korea's actions result in far greater losses than can be achieved. To do this, it is necessary to strengthen the cyber security and competence to simultaneously attack and defend through institutional supplement and new establishment such as cyber psychological warfare, EMP attack preparation, and enhancement of security expertise against hacking.

• International Commerce and Information Review
• /
• v.15 no.4
• /
• pp.457-479
• /
• 2013

Through a Chinese rise, Chinese dream is actualizing as the world's great power. According to outlook of World Bank and IMF, Around 2030 China will be a great power bigger than America's economic power. The rise of China will give a huge impact to the whole world. China expands her influence through a global manufacturing base and a global market. To actualize 'Peaceful Rise' Strategy, China has many constraints. Chinese society is facing many difficult social problem due to side effects of a rapid development. Such as the spread of corruption, the severity of wealth gap, environmental degradation and energy shortage. Internationally there are containment from hegemon so-called 'China threat' dispute, Taiwan issue and territorial disputes. Western countries are hostile to China for two reasons. Based on expectations, one is China's socialist system and the other is the rising China which will compete for supremacy with Europe and America. Recent emergence of Chinese nationalism and the containment of the neighboring countries are also serious limiting factors. Domestically they have the rampant corruption in the bureaucracy, weakened capacity of Communist rule, wealth disparity due to the discriminatory economic development strategy, seriousness of rural problem, social instability, lack of social security systems and the development gap between the eastern coastal areas and western inland areas, ethnic minorities problems, the constraint of sustainable development issues due to lack of resources, environmental pollution and energy constraints. Like the former Soviet Union, China may face a dismantlement. After the rise, China may encounter possibilities of a war between great powers or a collapse of Chinese society caused by deepening internal conflict. Serious economic polarization would make peasants and urban workers, who are social vulnerable people, to turn their back to communist party and threaten the justification and the appropriateness of the ruling communist party. Chinese government will think internal system security threat is more formidable risk factor than a system security threat from the hegemon. The decline of great country comes from internal reasons rather than external reasons. To achieve peaceful rise, unification with Taiwan is an essential prerequisite. Taiwan issues are complex problems which equipped with international and domestic factors. Lack of energy resources, environmental pollution in China will bring economic crisis to Korean enterprises. Important influence to Korean economy will be a changeover of the method in economic development. It will turn the balance of investment and consumption, GDP-centered growth to consumption and environment-centered growth. Services industries including finance, environment, culture, education, health care and social welfare will grow. Change in China's growth model will give a great challenge upon the intermediate goods industry in Korea. Korea should reduce the portion of machinery, automotive, semiconductor, steel and chemical-centered export industry to China, and should increase the proportion of the service industry.

• Korean Security Journal
• /
• no.62
• /
• pp.9-33
• /
• 2020

This study presents aspects of the financing of terrorism using virtual-currencies. Fisrt of all, this introduces the conventional threat of the financing of terrorism and the analysis of current legal system regarding virtual-currency in South Korea. Next, the financing of terrorism cases are analyzed. With given analysis, the paper deals with its response and future extensions by technical and institutional aspects. The threats of the financing of terrorism are going higher after the appearance of virtual-currencies such as Bitcoin. There are two typical ways to use virtual-currencies by terrorist groups. One is to conduct public fund-raising in the social network system and the dark web. The other is to hack into virtual-currency exchange network in order to steal virtual currencies for developing the weapon of mass destruction. Specifically South Korea is top three country of trading virtual currencies and has been subject to virtual-currency hacking more than 10 cases. However, many countries including South Korea deal with virtual currencies as only innovative technology and means of investment, not the threats of the financing of terrorism. Under these circumstances, there a the legal contradiction. This article points this limit and absurdity. Also, it shows reasonable alternatives. All in all, given these aspects, the article proposes detailed policy directions.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.18 no.1
• /
• pp.185-194
• /
• 2018

This study investigates the limitations of blockchain technology and the ways to improve it by using Delphi technique. Limit factors and improvement measures are classified into technology, service, and legal system. First, from a technical point of view, lack of standardization of the technology, insufficiency of integration, lack of scalability, unclear cancellation or correction policy, excessive cost of transaction verification, insufficient personal information protection and not enough to respond to hacking defense were the limiting factors. In order to improve these, the followings; ensuring standardization, securing integration and scalability, establishing cancellation of each applicable data, establishment of correction policy, efficiency of verification cost, the protection of personal information and countermeasure against hacking are provided. The related technology development and countermeasures must be established to effectively introduce the blockchain technology to the market. Second, in the early stage of blockchain service, it showed lack of utilization of the blockchain, security threat, shortage of skilled workers, and lack of legal liability. As a solution to these problems, it is necessary to suggest various applications, against security threat, training professional manpower, and securing legal responsibility. It should also provide a foundation for providing institutionally stable services. Third, from as legal system point of view, inadequate legal compliance, lack of relevant regulation, and uncertainty in the regulation were the limiting factors. Therefore establishing a legal system, which is the most important area for activating the service, should be accompanied by the provision of legal countermeasures, clearness of regulations and measures to be taken by relevant governmental authorities. This study will contribute as a reference for a research, related to the blockchain.