• Convergence Security Journal
• /
• v.23 no.5
• /
• pp.209-221
• /
• 2023

Due to the rapid spread of the COVID-19 virus in December 2019, the working environment was rapidly converted to telecommuting. However, since the defense industry is an organization that handles technology related to the military, the network separation policy is applied, so there are many restrictions on the application of telecommuting. Telecommuting is a global change and an urgent task considering the rapidly changing environment in the future. Currently, in order for defense companies to implement telecommuting, VPN, VDI, and network interlocking systems must be applied as essential elements. Eventually, some contact points will inevitably occur, which will increase security vulnerabilities, and strong security management is important. Therefore, in this paper, attack types are selected and threats are analyzed based on the attack tactics of the MITER ATT&CK Framework, which is periodically announced by MITER in the US to systematically detect and respond to cyber attacks. Then, by applying STRIDE threat modeling, security threats are classified and specific security requirements are presented.

• Convergence Security Journal
• /
• v.24 no.3
• /
• pp.3-11
• /
• 2024

Information security is crucial not only for protecting against external cyber-attacks but also for identifying and blocking internal data leakage risks in advance. To this end, many companies and institutions implement digital rights management(DRM) document security solutions, which encrypt files to prevent content access if leaked, and data loss prevention(DLP) solutions, which control devices such as USB ports on computing equipment to prevent data leaks. At a time when efforts to prevent internal data leaks are crucial, there is a growing need for control policies such as device control and the identification of information assets in standalone network environments, which could otherwise fall into unmanaged domains. In this study, we propose a Generation-Distribution-Application model for device control policies that are uniquely applied to standalone information assets that are not connected to internal networks. To achieve this, we developed an authentication technique linked with the asset management system, where information assets are automatically registered upon acquisition. This system allows for precise identification of information assets and enables flexible device control, and we have designed and implemented a system based on these principles.

• Journal of Platform Technology
• /
• v.12 no.3
• /
• pp.55-61
• /
• 2024

As the digital environment becomes more complex and cyber attacks become more sophisticated, the importance of data protection is emerging. As various security threats such as data leakage, system intrusion, and authentication bypass increase, secure key management is emerging. Key Management System (KMS) manages the entire encryption key life cycle procedure and is used in various industries. There is a need for a key management system that considers requirements suitable for the environment of various industries including public and finance. The purpose of this paper is to derive the characteristics of the key management system for each industry by comparing and analyzing key management systems used in representative industries. As for the research method, information was collected through literature and technical document analysis and case analysis, and comparative analysis was conducted by industry sector. The results of this paper will be able to provide a practical guide when introducing or developing a key management system suitable for the industrial environment. The limitations are that the analyzed industrial field was insufficient and experimental verification was insufficient. Therefore, in future studies, we intend to conduct specific performance tests through experiments, including key management systems in various fields.

• Korean Security Journal
• /
• no.25
• /
• pp.185-208
• /
• 2010

This study is to suggest the current security education programs and improvement of industrial security curriculums in Korea. We live in a world of insecurity; the world is changing at an ever accelerating pace. Life, society, economics, international relations, and security risk are becoming more and more complex. The nature of work, travel, recreation, and communication is radically changing. We live in a world where, seemingly with each passing year, the past is less and less's guide to the future. Security is involved in on one way or another in virtually every decision we make and every activity we undertake. The global environment has never been more volatile, and societal expectations for industrial security and increasing if anything. The complexities of globalization, public expectation, regulatory requirements, transnational issues, jurisdictional risks, crime, terrorism, advances in information technology, cyber attacks, and pandemics have created a security risk environment that has never been more challenging. We had to educate industrial security professional to cope with new security risk. But, how relevant is a college education to the security professional? A college degree will not guarantee a job or advancement opportunities. But, with a college and professional training, a person has improved chances for obtaining a favored position. Commonly, Security education and experience are top considerations to find a job so far, also training is important. Today, Security is good source to gain competitive advantage in global business. The future of security education is prospect when one considers the growth evident in the field. Modern people are very security-conscious today, so now we had to set up close relevant industrial security programs to cope with new security risk being offered in colleges or several security professional educational courses.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.19 no.4
• /
• pp.664-673
• /
• 2018

The industrial control system (ICS) has operated as a closed network in the past, but it has recently been linked to information and communications services and has been causing damage due to cyber attacks. As a countermeasure, the Information Communication Infrastructure Protection Act was enacted, but it cannot be applied to various real control environments because there is only a one-way policy-from a control network to a business network. In addition, IEC62443 defines an industrial control system reference model as an international standard, and suggests an area security model using a firewall. However, there is a limit to linking an industrial control network, operating as a closed network, to an external network only through a firewall. In this paper, we analyze the security model and research trends of the industrial control system at home and abroad, and propose an industrial control system security model that can be applied to the actual interworking environments of various domestic industrial control networks. Also, we analyze the security of firewalls, industrial firewalls, network connection equipment, and one-way transmission systems. Through a domestic case and policy comparison, it is confirmed that security is improved. In the era of the fourth industrial revolution, the proposed security model can be applied to security management measures for various industrial control fields, such as smart factories, smart cars, and smart plants.

• Convergence Security Journal
• /
• v.17 no.3
• /
• pp.73-81
• /
• 2017

In April 2009, in the wake of President Obama's Prague speech, the international community held four nuclear sec urity summits from 2010 to 2016 to promote nuclear security and prevent nuclear terrorism. The Nuclear Security S ummit has made significant progress in preventing terrorists from attempting to acquire nuclear weapons or fissile materials, but it still has limitations and problems. To solve this problem, the international community should resume the joint efforts for strengthening bilateral cooperation and multilateral nuclear security regime, and the participating countries should strive to protect their own nuclear materials and fulfill their commitments to secure nuclear facilitie s. Second, the United Nations(UN), the IAEA(International Atomic Energy Agency), International Criminal Police Or ganization(INTERPOL), the Global Initiative to Combat Nuclear Terrorism(GICNT), and the Global Partnership(G P) must continue their missions to promote nuclear security in accordance with the five action plans adopted at the Fourth Nuclear Security Summit. Third, the participating countries should begin discussions on the management and protection of military nuclear materials that could not be covered by the Nuclear Security Summit. Fourth, the intern ational community must strive to strengthen the implementation of the Convention on the Physical Protection of Nuc lear Material(CPPNM) Amendment and International Convention for the Suppression of Acts of Nuclear Terrori sm(ICSANT), prepare for cyber attacks against nuclear facilities, and prevent theft, illegal trading and sabotage invo lving nuclear materials.

• Journal of Internet Computing and Services
• /
• v.18 no.1
• /
• pp.11-20
• /
• 2017

Recently, developments in the various fields of cloud computing technology has been utilized. Whereas the demand for cloud computing services is increasing, security threats are also increasing in the cloud computing environments. Especially, in case when the hosts interconnected in the cloud environments are infected and propagated through the attacks by malware. It can have an effect on the resource of other hosts and other security threats such as personal information can be spreaded and data deletion. Therefore, the study of malware analysis to respond these security threats has been proceeded actively. This paper proposes a type of attack clustering method of Zeus botnet using the k-means clustering algorithm for malware analysis that occurs in the cloud environments. By clustering the malicious activity by a type of the Zeus botnet occurred in the cloud environments. it is possible to determine whether it is a malware or not. In the future, it sets a goal of responding to an attack of the new type of Zeus botnet that may occur in the cloud environments.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.6
• /
• pp.1185-1195
• /
• 2014

Domestic and international CERTs are carrying out security monitoring and response services based on security devices for intrusion incident prevention and damage minimization of the organizations. However, the security monitoring and response service has a fatal limitation in that it is unable to detect unknown attacks that are not matched to the predefined signatures. In recent, many approaches have adopted the darknet technique in order to overcome the limitation. Since the darknet means a set of unused IP addresses, no real systems connected to the darknet. Thus, all the incoming traffic to the darknet can be regarded as attack activities. In this paper, we present a collection and analysis method of malicious URLs based on darkent traffic for advanced security monitoring and response service. The proposed method prepared 8,192 darknet space and extracted all of URLs from the darknet traffic, and carried out in-depth analysis for the extracted URLs. The analysis results can contribute to the emergence response of large-scale cyber threats and it is able to improve the performance of the security monitoring and response if we apply the malicious URLs into the security devices, DNS sinkhole service, etc.

• Journal of Internet Computing and Services
• /
• v.22 no.2
• /
• pp.29-39
• /
• 2021

As damages to individuals, private sectors, and businesses increase due to newly occurring cyber attacks, the underlying network security problem has emerged as a major problem in computer systems. Therefore, NIDS using machine learning and deep learning is being studied to improve the limitations that occur in the existing Network Intrusion Detection System. In this study, a deep learning-based NIDS model study is conducted using the Convolution Neural Network (CNN) algorithm. For the image classification-based CNN algorithm learning, a discrete algorithm for continuity variables was added in the preprocessing stage used previously, and the predicted variables were expressed in a linear relationship and converted into easy-to-interpret data. Finally, the network packet processed through the above process is mapped to a square matrix structure and converted into a pixel image. For the performance evaluation of the proposed model, NSL-KDD, a representative network packet data, was used, and accuracy, precision, recall, and f1-score were used as performance indicators. As a result of the experiment, the proposed model showed the highest performance with an accuracy of 85%, and the harmonic mean (F1-Score) of the R2L class with a small number of training samples was 71%, showing very good performance compared to other models.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.3
• /
• pp.629-643
• /
• 2019

In the era of the 4th industrial revolution, countries around the world are conducting projects to rapidly expand smart factory to secure competitiveness in manufacturing industries. However, unlike existing factories where the network environment was closed, smart factories can be vulnerable because internal and external objects are interconnected and various ICT technologies are used. And smart factories are likely to be the subject of cyber-attacks that are designed to cause monetary damage to certain targets because economic damage is so serious when an accident occurs. Therefore, it is necessary to study and apply security for smart factories, but there is no specific smart factory system architecture, so there is no establish for smart factory security requirements. In order to solve these problems, this paper derives the smart factory architecture that can extract and reflect the main characteristics of a smart factory based on the domestic and foreign reference model of smart factories. And this paper identifies the security threats based on the derived smart factory architecture and present the security requirements to cope with them for contributing to the improvement of the security of the smart factory.