• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2017.05a
• /
• pp.327-330
• /
• 2017

In recent years, Drone(lightweight unmanned aerial vehicle) is used for broadcast shooting, disaster scene, leisure, observation and military purposes. However, as the use of drones increases the threat of hacking is also rising. Especially when a flying drone is seized, a dangerous situation can occur which is abused regardless of the driver's intention. Already in Iran and China, there is a case of hacking and stealing the drones of other countries under reconnaissance. In this paper, we analyze the security vulnerabilities of Wi-Fi and Bluetooth communication in wireless network which are used in drones for stealing the commercial drones. The results provide a countermeasure to safeguard the drones against attempts by the unauthorized attacker to take out the drones.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.34 no.8B
• /
• pp.797-804
• /
• 2009

Recently, SIP(Session Initiation Protocol) is used to set up and manage sessions for multimedia applications such as VoIP(Voice over IP) and IMS(IP Multimedia Subsystem). However, because SIP operates over the Internet, it is exposed to pre-existed internet security threats such as service degradation or service disruptions. Multimedia applications which are delay sensitive even suffers more from the threats mentioned above. The proposed methods so far to detect SIP INVITE flooding are CUSUM(Cumulative Sum), Hellinger distance and adaptive threshold, but among methods only take normal state into consideration. So, it is not capable of adapting the condition of the network congestion which are dynamically changing. In this paper, SIP INVITE flooding detection algorithm considering network congestion which enables efficient detections of such attacks is proposed. The proposed algorithm is expected to detect other types of attacks such as BYE and CANCEL more precisely compared to other methods.

• Convergence Security Journal
• /
• v.16 no.3_2
• /
• pp.13-23
• /
• 2016

North Korea had recently conducted the fourth nuclear test and ICBM tests, dared nuclear provocation targeting the Korea and the international community. It is determined based on experiments of nuclear and missile in progress in North Korea that the technical level of nuclear force reached the completion stage of standardization, lightweight, and variation. It is expected to become reality that North Korea executes the nuclear provocation targeting the Korea and the international community in the near future. Nuclear bomb is an absolute weapon that the logic of counterattack after allowing the first strike of the other party cannot be applied due to its tremendous destructive power. Therefore, as the opponent to North Korea that it decided to hold the nuclear, the exercise of anticipatory self-defense in order to guarantee a minimum of right to life is not a choice, but the only essential correspondence concept. At the moment that the North Korean nuclear provocation is expected in the near future, it shall be provided with competence to strike the origin region of provocation by forming a national consensus of preemptive strike enforcement. Also, in preparation for the fifth nuclear test of North Korea, which is anticipated, the national competence must be mobilize to be able to ensure the 'Nuclear Option' from the international community.

• Convergence Security Journal
• /
• v.8 no.4
• /
• pp.173-181
• /
• 2008

Recently, Worm epidemic models have been developed in response to the cyber threats posed by worms in order to analyze their propagation and predict their spread. Some of the most important ones involve mathematical model techniques such as Epidemic(SI), KM (Kermack-MeKendrick), Two-Factor and AAWP(Analytical Active Worm Propagation). However, most models have several inherent limitations. For instance, they target worms that employ random scanning in the network such as CodeRed worm and it was able to be applied to the specified threats. Therefore, we propose the probabilistic of worm propagation based on the Markov Chain, which can be applied to cyber threats such as Mass SQL Injection worm. Using the proposed method in this paper, we can predict the occurrence probability and occurrence frequency for each threats in the entire system.

• Journal of Digital Convergence
• /
• v.15 no.3
• /
• pp.175-180
• /
• 2017

In accordance with the development of IT industry worldwide, software industry has also grown tremendously, and it is exerting influence on the general society starting from daily life to financial organizations and public institutions. However, various security threats that can inflict serious threat to provided services in proportion to the growing software industry, have also greatly increased. In this thesis, we suggest a smart fuzzing system combined with black box and white box testing that can effectively detectxdistinguish software vulnerability which take up a large portion of the security incidents in application programs.

• Convergence Security Journal
• /
• v.17 no.2
• /
• pp.159-164
• /
• 2017

The international community recognizes North Korea's nuclear and missile provocation as a real threat. This is due to the analysis and evaluation that has developed nuclear electro magnetic pulse of domestic and overseas North Korea experts, intelligence agencies related to electro magnetic pulse. Electro magnetic pulse experts are concerned about North Korea's nuclear electro magnetic pulse in the following aspects. First, industrial, military, medical, and living facilities in modern society are constructed with electrical and electronic systems. So, All electrical and electronic appliances will become neutralization if North Korea's nuclear electro magnetic pulse was set off over the world(i.e. Korean Peninsula, United States etc). Second, North Korea will judge that possibility of criticism by the international community is low from the point of view of an attacker. Because nuclear electro magnetic pulse aim to destroy only the electronic equipment of the opposite nation and cause damage rather than taking life. Finally, nuclear electro magnetic pulse is more threatening than weapons like mass destruction because it does not need to hit targets accurately and can strike a wide area with nuclear weapon of the low technology levels. In this respect, we will analyze and evaluate nuclear and missile development and make a prospects about nuclear electro magnetic pulse developed by North Korea.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.31 no.2B
• /
• pp.91-97
• /
• 2006

As increasing the network bandwidth, the threat of a network also increases with emerging various new services. For a high-performance network security, It is generally used that high-speed packet classification methods which employ hardware like TCAM. There needs an method using these devices efficiently because they are expensive and their capacity is not sufficient. In this paper, we propose an efficient packet classification using a Ternary-CAM(TCAM) which is widely used device for high-speed packet classification in which we have applied Snort rule set for the well-known intrusion detection system. In order to save the size of an expensive TCAM, we have eliminated duplicated IP addresses and port numbers in the rule according to the partitioning of a table in the TCAM, and we have represented negation and range rules with reduced TCAM size. We also keep advantages of low TCAM capacity consumption and reduce the number of TCAM lookups by decreasing the TCAM partitioning using combining port numbers. According to simulation results on our TCAM partitioning, the size of a TCAM can be reduced by upto 98$\%$ and the performance does not degrade significantly for high-speed packet classification with a large amount of rules.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.5
• /
• pp.771-780
• /
• 2020

QKD(Quantum Key Distribution) is one of the protocols that can make two distant parties safely share secure keys against the threat of quantum computer. Generally, cryptographic applications which are connected to the QKD device have fixed roles as a transmitter and a receiver due to the race condition and complexity of implementation. Because the conventional QKD system is mainly applied to the link encryptor, there are no problems even if the roles of the cryptographic devices are fixed. We propose a new scheme of QKD system and protocol that is easy to extend to the QKD network by eliminating quantum key dependency between cryptographic device and QKD node. The secure keys which are generated by the TRNG(True Random Number Generator) are provided to the cryptographic applications instead of quantum keys. We design an architecture to transmit safely the secure keys using the inbound and outbound quantum keys which are shared between two nodes. In this scheme, since the dependency of shared quantum keys between two QKD nodes is eliminated, all cryptographic applicatons can be a master or a slave depending on who initiates the cryptographic communications.

• Journal of the Korea Society of Computer and Information
• /
• v.18 no.8
• /
• pp.95-104
• /
• 2013

DDoS attacks have became as a social threat since 2009 7.7 DDoS turmoil. Even though defence techniques have been developing to provide against those threats, they become much more sophisticate. In recent years, the attack form of DDoS is changing from high amount of traffic attack of network layers to highly sophisticate small amount of application layers. To make matters worse, attack agent for the attack has became very intelligent so that it is difficult to be blocked since it can't be distinguished from normal PCs. In the user authentication system(such as CAPTCHA) User intervention is required to distinguish normal PCs and intelligent attack agents and in particular, in a NAT environment, IP-based blocking method can be cut off the normal users traffic at the same time. This research examined defense techniques which are able to distinguish between agent and normal PC and effectively block ways the HTTP DDoS offense applying one-time session key based authentication method using Cookie which is used in HTTP protocol to protect web sever from sophisticate application layer of DDoS.

• Journal of the Korean Society of Marine Environment & Safety
• /
• v.23 no.7
• /
• pp.829-833
• /
• 2017

Recently, pirate incidents involving passing ships have been continuously occurring in the seas southwest of the Philippines, the Sulu Sea and the Celebes Sea. Pirates in these areas are members of the "Abu Sayyaf Group", which consists of Islamic armed rebels. They have abducted and confined 59 ship crews over the last 13 months to obtain money for group operations. The activities of these pirates, abducting and killing crews, have became a significant threat for marine security in the Sulu and Celebes Seas and for logistic activities in Asia. This study examines and analyzes 22 recent incidents in terms of ships gross tonnage, kind, nationality, incident time, location, etc. The identity of the Abu Sayyaf Group, which has been committing this piracy and represents the de facto power behind the actors responsible, is also unpacked, along with current challenges to resolving these conflicts. Finally, responses passing ships, shipping companies, related countries and the international community should make are proposed.