• Korean Security Journal
• /
• no.29
• /
• pp.301-336
• /
• 2011

This exploratory study aims to review the risks and threats of social network services(SNSs), particularly focusing upon the policing perspective. This paper seeks to acknowledge the present risk/danger of SNSs and the very significance of establishing a strategic framework to effectively prevent and/or control criminal misuse of SNSs. This research thus advocates that proactive study on security issues and criminal aspects of SNSs and preventive countermeasures can play a significant role in policing the networked society in the time of digital/internet age. Social network sites have been increasingly attracting the attention of entrepreneurs, and academic researchers as well. In this exploratory article, the researcher tried to define concepts and features of SNSs and describe a variety of issues and threats posed by SNSs. After summarizing existing security risks, the researcher also investigated both the potential threats to privacy associated with SNSs, such as ID theft and fraud, and the very danger of SNSs in case of being utilized by terrorists and/or criminals, including cyber-criminals. In this study, the researcher primarily used literature reviews and empirical methods. The researcher thus conducted extensive case studies and literature reviews on SNSs. The literature reviews herein cover theoretical discussions on characteristics, usefulness, and/or potential danger/harm of SNSs. Through the literature review, the researcher also concentrated upon being able to identify a strategic framework for law enforcement to effectively prevent criminal misuse of SNSs The limitation of this study can be lack of statistical data and attempts to examine previously un-researched area in the field of SNS and its security risks and potential criminal misuse. Thus, to supplement this exploratory study, more objective theoretical models and/or statistical approaches would be needed to provide law enforcement with sustainable policing framework and contribute to suggesting policy implications.

• Korean Security Journal
• /
• no.18
• /
• pp.169-190
• /
• 2009

Today, the rapid advance of scientific technologies has brought about fundamental changes to the types and levels of terrorism while the war against the world more than one thousand small and big terrorists and crime organizations has already begun. A method highly likely to be employed by terrorist groups that are using 21st Century state of the art technology is cyber terrorism. In many instances, things that you could only imagine in reality could be made possible in the cyber space. An easy example would be to randomly alter a letter in the blood type of a terrorism subject in the health care data system, which could inflict harm to subjects and impact the overturning of the opponent's system or regime. The CIH Virus Crisis which occurred on April 26, 1999 had significant implications in various aspects. A virus program made of just a few lines by Taiwanese college students without any specific objective ended up spreading widely throughout the Internet, causing damage to 30,000 PCs in Korea and over 2 billion won in monetary damages in repairs and data recovery. Despite of such risks of cyber terrorism, a great number of Korean sites are employing loose security measures. In fact, there are many cases where a company with millions of subscribers has very slackened security systems. A nationwide preparation for cyber terrorism is called for. In this context, this research will analyze the current status of Korea's cyber security systems and its laws from a policy perspective, and move on to propose improvement strategies. This research suggests the following solutions. First, the National Cyber Security Management Act should be passed to have its effectiveness as the national cyber security management regulation. With the Act's establishment, a more efficient and proactive response to cyber security management will be made possible within a nationwide cyber security framework, and define its relationship with other related laws. The newly passed National Cyber Security Management Act will eliminate inefficiencies that are caused by functional redundancies dispersed across individual sectors in current legislation. Second, to ensure efficient nationwide cyber security management, national cyber security standards and models should be proposed; while at the same time a national cyber security management organizational structure should be established to implement national cyber security policies at each government-agencies and social-components. The National Cyber Security Center must serve as the comprehensive collection, analysis and processing point for national cyber crisis related information, oversee each government agency, and build collaborative relations with the private sector. Also, national and comprehensive response system in which both the private and public sectors participate should be set up, for advance detection and prevention of cyber crisis risks and for a consolidated and timely response using national resources in times of crisis.

• Proceedings of the Korean Society of Computer Information Conference
• /
• 2023.07a
• /
• pp.631-633
• /
• 2023

본 논문에서는 빅데이터의 활용이 확산되는 현대 사회에서 빅데이터의 수집, 관리, 이용 등에서 나타날 수 있는 문제를 확인하고 그 문제에 대한 기존의 대응 방법과 보완점을 시사한다. 빅데이터의 위험성은 개인 정보유출, 디지털 디바이드, 편향성과 신뢰성, 의존성과 통제 가능성 등이 있다. 해당 문제는 빅데이터의 보편화가 가중될수록 큰 규모의 사회적 문제로 대두될 가능성이 높다. 이를 보완하기 위한 대응 방법을 크게 기술적 대응, 법적 대응, 사회적 대응으로 나누어 알아보고 각 부분의 취약점을 분석하여 개선의 방향을 제시한다.

• Proceedings of the Korea Information Assurance Society Conference
• /
• 2004.05a
• /
• pp.259-265
• /
• 2004

Since the 2003.1.25 Internet Crisis, the government has been looking at a number of options to strengthen national cyber-security/crisis management capability to guard against ever increasing threat of cyber-war and terror. Thus, the focus of this study was to explorer new ways of developing a comprehensive cyber-security/crisis management system, in particular by combining modern social-science analytic theories. As a result, although there has to be more in-depth researches into incorporating advanced techniques to generate more detailed and object-specific indexes and protocols, the use of 'event data system,' which has been widely utilized in many recent social science researches to assess a wide-range of socio-political risks and crises, could be adopted as a basis for a comprehensive nationwide cyber-risk management system.

• Journal of Platform Technology
• /
• v.6 no.4
• /
• pp.78-86
• /
• 2018

In this paper, a VR-based cyber hiking system was designed to provide virtual reality for famous mountains that can offer the real senses and feelings of hiking in supporting environmental factors of actual mountains such as the temperature, air, sound, echoes, etc., of the mountain the user wants to climb. The VR-based cyber hiking system that reflects real-time site conditions is largely consisted of the data collection module that collects data from the live site, multiple drive modules that enables the user to feel real senses using data from the sites, and sensor module to detect the stimuli provided by the drive modules and the user's physical body transition. Unlike existing VR-based hiking systems, the proposed cyber hiking system not only provides simple virtual reality for the wanted mountain, but can also provide the natural conditions of real mountains and implement the uphill and downhill of hiking routes. In particular, it has the effect of providing fun and game elements to users by excluding unnecessary conditions and risks that may arise in actual hiking and instead supporting augmented realities such as squirrels on actual hiking paths. In addition, in providing users with the changes in their body before and after hiking, it is expected to be effective in providing diverse feedback such as the height, gradient, and speed of mountain hiking.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.2
• /
• pp.447-463
• /
• 2022

Artificial Intelligence (AI) technology is a major technology that develops smart ships into autonomous ships in the marine industry. Autonomous ships recognize a situation with the information collected without human judgment which allow them to operate on their own. Existing ship systems, like control systems on land, are not designed for security against cyberattacks. As a result, there are infringements on numerous data collected inside and outside the ship and potential cyber threats to AI technology to be applied to the ship. For the safety of autonomous ships, it is necessary to focus not only on the cybersecurity of the ship system, but also on the cybersecurity of AI technology. In this paper, we analyzed potential cyber threats that could arise in AI technologies to be applied to existing ship systems and autonomous ships, and derived categories that require security risks and the security of autonomous ships. Based on the derived results, it presents future directions for cybersecurity research on autonomous ships and contributes to improving cybersecurity.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.4
• /
• pp.637-659
• /
• 2021

Since the creation of the first Bitcoin blockchain in 2009, the number of cryptocurrency users has steadily increased. However, the number of hacking attacks targeting assets stored in these users' cryptocurrency wallets is also increasing. Therefore, we evaluate the security of the wallets currently on the market to ensure that they are safe. We first conduct threat modeling to identify threats to cryptocurrency wallets and identify the security requirements. Second, based on the derived security requirements, we utilize attack trees and Bayesian network analysis to quantitatively measure the risks inherent in each wallet and compare them. According to the results, the average total risk in software wallets is 1.22 times greater than that in hardware wallets. In the comparison of different hardware wallets, we found that the total risk inherent to the Trezor One wallet, which has a general-purpose MCU, is 1.11 times greater than that of the Ledger Nano S wallet, which has a secure element. However, use of a secure element in a cryptocurrency wallet has been shown to be less effective at reducing risks.

• Journal of Information Technology Services
• /
• v.20 no.6
• /
• pp.63-81
• /
• 2021

Joint financial network of Korea Financial Telecommunications and Clearings Institute, which is an essential facility with a natural monopoly, maintained its closedness as monopoly/public utility model, but it has evolved in the form of open banking in order to obtain domestic fintech competitiveness in the rapidly changing digital financial ecosystem such as the acceleration of Big Blur. In accordance with digital transformation strategy of financial institutions, various ICT companies are actively participating in the financial industries, which has been exclusive to banks, through the link technology called Open API. For this reason, there has been a significant change in the financial service supply chain in which ICT companies participate as users. The level of security in the financial service supply chain is determined based on the weakest part of the individual components according to the law of minimum. In addition, there is a perceived risk of personal information and financial information leakage among the main factors that affect users' intention to accept services, and appropriate protective measures against perceived security risks can be a catalyst, which increases the acceptance of open banking. Therefore, this is a study on factors affecting the introduction of open banking to achieve financial innovation by developing an open banking security control model for financial institutions, as a protective measures to user organizations, from the perspectives of cyber financial security and customer information protection, respectively, and surveying financial security experts. It is expected, from this study, that effective information protection measures will be derived to protect the rights and interests of financial customers and will help promote open banking.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2017.10a
• /
• pp.302-305
• /
• 2017

With the development of new ICT technology, new technologies are being applied to automobiles. The smart key for vehicles is also a device to which ICT new technology is applied. Therefore, a cyber-hacking attack against a smart key of a vehicle is possible. The cyber attack on the smart key can cause an abnormal control of the vehicle. Vehicle control can lead to vehicle hijacking and vehicle control risks. In this paper, we analyze the vulnerability of smart key for vehicle. Analyze cyber attacks against smart keys in vehicles. Then, we conduct real hacking attacks on smart keys for vehicles and propose countermeasures. We conduct a hacking attack against the smart key for vehicle that has devised countermeasures and analyze countermeasures against cyber attack security. This paper will contribute to the prevention of vehicle deodorization and to the safety of the people.

• Journal of Distribution Science
• /
• v.18 no.9
• /
• pp.31-43
• /
• 2020

Purpose: This study examined a comprehensive model for assessing the success probability of electric vehicle (EV) commercialization in the Korean market. The study identified three risks associated with successful commercialization which were technology, social, policy, environmental, and consumer risk. Research design, methodology: The assessment of the riskiness was represented by a Bayes belief network, where the probability of success at each stage is conditioned on the outcome of the preceding stage. Probability of success in each stage is either dependent on input (i.e., investment) or external factors (i.e., air quality). Initial input stages were defined as the levels of investment in product R&D, battery technology, production facilities and battery charging facilities. Results: Reasonable levels of investment were obtained by expert opinion from industry experts. Also, a survey was carried out with 78 experts consisting of automaker engineers, managers working at EV parts manufacturers, and automobile industry researchers in government think tanks to obtain the conditional probability distributions. Conclusion: The output of the model was the likelihood of success - expressed as the probability of market acceptance - that depended on the various input values. A model is a useful tool for understanding the EV industry as a whole and explaining the likely ramifications of different investment levels.