• Journal of Korea Society of Digital Industry and Information Management
• /
• v.16 no.4
• /
• pp.29-42
• /
• 2020

SCADA (Supervisory Control and Data Acquisition) systems for remote monitoring, data acquisition and control are applied to major industrial infrastructures including power, water and railroad. Recently, there are many researches on key management scheme for secure communication due to change to the open network environment. These systems are located at far distances and are connected to the main control center through various types of communication methods. Due to the nature of these systems, they are becoming the significant targets of cyber attack. We propose an efficient key management scheme which is established on ID-based cryptosystem without an expensive computation on MTU (Master Terminal Unit), Sub-MTU, and RTU (Remote Terminal Unit). The proposed method is secure and effective in key management among multiple legitimate devices.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.41 no.12
• /
• pp.1814-1823
• /
• 2016

LVC(live-virtual-constructive) integrated training system is a representative cyber-physical system. Each systems in a LVC system has different time domain, resolution and operation methods. So, it is very important to integrate different middlewares as a common middleware for heterogeneous systems using inter-working GWs. Especially, since the LVC system uses different time, it is necessary to study the method for guaranteeing causality and time synchronization among the events from different systems. In this study, we propose an time synchronization scheme to integrate the virtual and constructive system which use the simulation time of HLA (High Level Architecture)/ RTI (Run Time Infrastructure) into the live system based on the OMG DDS (Data Distribution Service). We propose a precise time synchronization scheme based on HLA time management and clock federate between participants and federates which are the communication objects of DDS and HLA/RTI respectively. In addition, we verified that time is well-synchronized among heterogeneous systems using the suggested scheme by implementing and demonstrating simulation applications on each middleware.

• The Journal of Korean Association of Computer Education
• /
• v.20 no.6
• /
• pp.95-104
• /
• 2017

The damage caused by information spill, forgery, falsification, and deletion by cyber infringement in educational institutions and universities is very large. In this study, we analyzed the types, causes, and problems of cyber infringement in educational administrative institutions and universities. As a result, administrative, physical and technical information protection activities were weak. In this paper, we propose a security enhancement method for each domain by dividing them into Internet zone, network-neutral zone (DMZ: Demilitarized Zone), general server zone, internal server zone (Server Farm), and user zone so that these vulnerabilities can be easily identified, supplemented or security enhanced. In addition, we have proposed a method to apply security information system architecture and information protection technology correctly for educational administration institutions and universities. This study is meaningful not to provide conceptual guidance but to suggest specific action and procedure oriented security management plan.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.3
• /
• pp.531-543
• /
• 2013

The destruction and prejudice of major infrastructure such as energy, broadcast, communication and transportation could result in a threat to individual rights and liberties, as well as social and economic losses. If a traffic signal control facilities have been violated, the lives of the citizens discomfort as well as causing social disruption such as traffic accident. Because the control system is operating as a closed network and you think it is safe, the information protection system has not been built or security patches and anti-virus updates do not work properly. So, cyber attacks by security vulnerabilities are exposed. Therefore, there is a need to identify the characteristics of the system, and develop appropriate countermeasures in order to prevent cyber attacks and prejudices incidents. This paper examines the vulnerabilities of Intelligent Transport Systems and proposes the improvement of security vulnerabilities.

• IEIE Transactions on Smart Processing and Computing
• /
• v.3 no.2
• /
• pp.65-73
• /
• 2014

An overall responding security-centered framework is necessary required for infringement accidents, failures, and cyber threats. On the other hand, the correspondence structures of existing administrative, technical, physical security have weakness in a system responding to complex attacks because each step is performed independently. This study will recognize all internal and external users as a potentially threatening element. To perform connectivity analysis regarding an action, an intelligent convergence security framework and road map is suggested. A suggested convergence security framework was constructed to be independent of an automatic framework, such as the conventional single solution for the priority defense system of APT of the latest attack type, which makes continuous reputational attacks to achieve its goals. This study suggested the next generation convergence security framework to have preemptive responses, possibly against an APT attack, consisting of the following five hierarchical layers: domain security, domain connection, action visibility, action control, and convergence correspondence. In the domain, the connection layer suggests a security instruction and direction in the domains of administrative, physical and technical security. The domain security layer has consistency of status information among the security domain. A visibility layer of an intelligent attack action consists of data gathering, comparison and decision cycle. The action control layer is a layer that controls the visibility action. Finally, the convergence corresponding layer suggests a corresponding system of before and after an APT attack. The administrative security domain had a security design based on organization, rule, process, and paper information. The physical security domain is designed to separate into a control layer and facility according to the threats of the control impossible and control possible. Each domain action executes visible and control steps, and is designed to have flexibility regarding security environmental changes. In this study, the framework to address an APT attack and load map will be used as an infrastructure corresponding to the next generation security.

• The Journal of Korean Association of Computer Education
• /
• v.10 no.6
• /
• pp.79-89
• /
• 2007

The advent of e-Learning paradigm requires a various type of e-Learning models and systems which are appropriate to support effective teaching-learning process. Accordingly, the teaching-learning system using the Internet and the intelligent tutoring system(ITS) in e-Learning environment has attracted a fair amount of critical attention. However there is a wide gap between infrastructure of a present educational site and the u-learning environment. Therefore, in this paper, an ITS teaching-learning model is proposed and system is developed for a school environment, which is based on a learner's cognitive structure and applies a concept of u-Learning, and then is verified for validity. X-Neuronet, the developed system, offers a method of representing a learner's cognitive structure so as to apply the method for the efficient individualized learning.

• Convergence Security Journal
• /
• v.13 no.6
• /
• pp.51-59
• /
• 2013

Cyberspace, based on the dramatic development of information and communications technology, has brought enormous benefits to mankind. However, concerns over cyber terrorism and cyber attack are becoming serious. It is time to expand the global dialogue on international security issues in cyberspace. It is imperative to have a common understanding that cyberspace, the infrastructure for prosperity, should not be utilized as a space to create conflicts among states, and that all states agree to build confidence and peace in cyberspace. For this purpose, there are 3 tracks of international cooperations: 1)international cooperation such as UN and Conference on Cyberspace, 2)regional cooperations such as ARF and OSCE. 3)bilateral cooperations such US-Russia Cybersecurity Agreement, US-China presidential level dialogue. This paper will analyze the 1st track of international cooperations of UN and Conference on Cyberspace. With this, Korean government can prepare the forthcoming GGE activities and make our own strategy to deal with the global norms of good behaviour in cyberspace.

• Convergence Security Journal
• /
• v.13 no.6
• /
• pp.91-98
• /
• 2013

Cyber attacks threaten the national security in this day and age. The government of the Republic of Korea recently released the National Cyber Security Comprehensive Countermeasures as a new cybersecurity policy. But current legal system cannot provide legal basis for the implementation of such measures. The current legal system related to cybersecurity is applied in each sector, thus the governance system in cybersecurity is separate. So there are many problems in the governance system in cybersecurity. To solve these problems fundamentally, it is righter to make a new cybersecurity law than to revise existing laws. Meanwhile, lawmakers proposed some bills in Congress to strengthen the cybersecurity in Korea in 2013. It will increase possibility of legislation of cybersecurity act to make a law through the analysis of these bills and to derive the essential elements from those. and to reflect these in the new cybersecurity act.

• Journal of Convergence for Information Technology
• /
• v.9 no.8
• /
• pp.35-44
• /
• 2019

The purpose of this study is to find out quantitative vulnerability assessment about COTS(Commercial Off The Shelf) O/S based I&C System. This paper analyzed vulnerability's lifecycle and it's impact. this paper is to develop a quantitative assessment of overall cyber security risks and vulnerabilities I&C System by studying the vulnerability analysis and prediction method. The probabilistic vulnerability assessment method proposed in this study suggests a modeling method that enables setting priority of patches, threshold setting of vulnerable size, and attack path in a commercial OS-based measurement control system that is difficult to patch an immediate vulnerability.

• Korean Journal of Comparative Education
• /
• v.28 no.2
• /
• pp.123-151
• /
• 2018

The purposes of this study were to examine the current status of ICT in all ASEAN countries and to provide implications for Korea to find appropriate ways to support and collaborate with HEIs in ASEAN countries. To achieve these purposes, ASEAN countries were categorized into 3 groups based on the development stages of ICT, and the key ICT initiatives, current facts about ICT, and related issues were analyzed. The results of the study were as follows: Group 1 countries, Brunei, Malaysia, and Singapore, with relatively well-established ICT infrastructure, have established their own ICT policies and initiated e-learning programs. Group 2 countries, Indonesia, Philippines, Thailand, and Vietnam, which have relatively well-developed ICT infrastructure with existing regional gaps, showed different uses of ICT in higher education. Philippines and Thailand established their own policies based on national ICT master plans while Indonesia focused on MOOCs and Vietnam initiated cyber university projects. Group 3 countries, Cambodia, Lao PDR, and Myanmar, with the least developed ICT infrastructure in ASEAN, have also tried to develop national level strategies to utilize ICT in higher education. However, insufficient and inadequate ICT infrastructure created issues and challenges for these countries to successfully initiate ICT policies. This study suggested that it is necessary to take into serious consideration the national differences when collaborating with and supporting ASEAN countries due to the variation of ICT development stages and different levels of using ICT in higher education among ASEAN countries.