• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.27 no.1
• /
• pp.87-96
• /
• 2023

As the number of security vulnerabilities increases yearly, security threats continue to occur, and the vulnerability risk is also important. We devise a security threat score calculation reflecting trends to determine the risk of security vulnerabilities. The three stages considered key elements such as attack type, supplier, vulnerability trend, and current attack methods and techniques. First, it reflects the results of checking the relevance of the attack type, supplier, and CVE. Secondly, it considers the characteristics of the topic group and CVE identified through the LDA algorithm by the Jaccard similarity technique. Third, the latest version of the MITER ATT&CK framework attack method, technology trend, and relevance between CVE are considered. We used the data within overseas sites provide reliable security information to review the usability of the proposed final formula CTRS. The scoring formula makes it possible to fast patch and respond to related information by identifying vulnerabilities with high relevance and risk only with some particular phrase.

• Journal of Software Assessment and Valuation
• /
• v.16 no.2
• /
• pp.9-23
• /
• 2020

Microsoft's Windows system is widely used as an operating system for the desktops and enterprise servers of companies or organizations, and is a major target of cyber attacks. Microsoft provides various protection technologies and strives for defending the attacks through periodic security patches, however the threats such as DLL injection and process injection still exist. In this paper, we analyze 12 types of injection techniques in Microsoft Windows, and perform injection attack experiments on four application programs. Through the results of the experiments, we identify the risk of injection techniques, and verify the effectiveness of the mitigation technology for defending injection attacks provided by Microsoft. As a result of the experiments, we have found that the current applications are vulnerable to several injection techniques. Finally, we have presented the mitigation techniques for these injection attacks and analyzed their effectiveness.

• International Journal of Computer Science & Network Security
• /
• v.23 no.2
• /
• pp.199-202
• /
• 2023

Carriage return (CR) and line feed (LF), also known as CRLF injection is a type of vulnerability that allows a hacker to enter special characters into a web application, altering its operation or confusing the administrator. Log poisoning and HTTP response splitting are two prominent harmful uses of this technique. Additionally, CRLF injection can be used by an attacker to exploit other vulnerabilities, such as cross-site scripting (XSS). Email injection, also known as email header injection, is another way that can be used to modify the behavior of emails. The Open Web Application Security Project (OWASP) is an organization that studies vulnerabilities and ranks them based on their level of risk. According to OWASP, CRLF vulnerabilities are among the top 10 vulnerabilities and are a type of injection attack. Automated testing can help to quickly identify CRLF vulnerabilities, and is particularly useful for companies to test their applications before releasing them. However, CRLF vulnerabilities can also lead to the discovery of other high-risk vulnerabilities, and it fosters a better approach to mitigate CRLF vulnerabilities in the early stage and help secure applications against known vulnerabilities. Although there has been a significant amount of research on other types of injection attacks, such as Structure Query Language Injection (SQL Injection). There has been less research on CRLF vulnerabilities and how to detect them with automated testing. There is room for further research to be done on this subject matter in order to develop creative solutions to problems. It will also help to reduce false positive alerts by checking the header response of each request. Security automation is an important issue for companies trying to protect themselves against security threats. Automated alerts from security systems can provide a quicker and more accurate understanding of potential vulnerabilities and can help to reduce false positive alerts. Despite the extensive research on various types of vulnerabilities in web applications, CRLF vulnerabilities have only recently been included in the research. Utilizing automated testing as a recurring task can assist companies in receiving consistent updates about their systems and enhance their security.

• Convergence Security Journal
• /
• v.22 no.1
• /
• pp.129-134
• /
• 2022

A smart platform is defined as an evolved platform that realizes physical and virtual space into a hyper-connected environment by combining the existing platform and advanced IT technology. The hyper-connection that is the connection between information and information, infrastructure and infrastructure, infrastructure and information, or space and service, enables the realization and provision of high-quality services that significantly change the quality of life and environment of users. In addition, it is providing everyone with the effect of significantly improving the social safety net and personal health management level by implementing smart government and smart healthcare. A lot of information produced and consumed in these processes can act as a factor threatening the basic rights of the public and individuals by the informations themselves or through big data analysis. In particular, as the smart platform as a core function that forms the ecosystem of a smart city is naturally and continuously expanded, it faces a huge security burden in data processing and network operation. In this paper, platform components as core functions of smart city and appropriate security threats and countermeasures are studied.

• The Journal of the Convergence on Culture Technology
• /
• v.9 no.3
• /
• pp.183-192
• /
• 2023

Digital transformation is taking place rapidly around the world. As the development of digital technology becomes very fast, more information is expected to be digitized. Therefore, the possibility of cyber threats is increasing in transmitting and storing sensitive information such as personal and financial information online. In this paper, we compared and analyzed information security textbooks for elementary and secondary school students in China, where the recent development of artificial intelligence and digital transformation are rapidly occurring. After we collected related textbooks, textbooks suitable for analysis were selected. Then, we analyzed the external and internal systems of the textbooks separately. As a result of the external system analysis, all the textbook covers were properly produced, but the quality difference was significant among textbooks. In the case of textbooks for elementary school students, the excellence of layout and content placement was noticed. On the other hand, due to the internal system analysis, various contents were not included evenly when looking at the learning contents based on the "information society responsibility" learning goals presented in China. Through this paper, we hope to provide implications for information security-related education and textbook development research.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.34 no.3
• /
• pp.527-536
• /
• 2024

In the digital age, the growth of AI and digital technologies brings opportunities and cybersecurity risks. At the forefront of this change are teenagers, referred to as 'digital natives'. However, they may have difficulty using technology safely without proper information security knowledge. This paper highlights the need for information security education for teenagers in South Korea by referring to cases in the UK, Australia, and the US. These countries are already providing education that prepares young people for cyber threats and future societal needs. Reflecting this trend, South Korea should also establish comprehensive information security education for teenagers to equip them for the digital age.

• International Journal of Computer Science & Network Security
• /
• v.24 no.6
• /
• pp.207-215
• /
• 2024

Cloud computing is now used by most companies, business centres and academic institutions to embrace new computer technology. Cloud Service Providers (CSPs) are limited to certain services, missing some of the assets requested by their customers, it means that different clouds need to interconnect to share resources and interoperate between them. The clouds may be interconnected in different characteristics and systems, and the network may be vulnerable to volatility or interference. While information technology and cloud computing are also advancing to accommodate the growing worldwide application, criminals use cyberspace to perform cybercrimes. Cloud services deployment is becoming highly prone to threats and intrusions. The unauthorised access or destruction of records yields significant catastrophic losses to organisations or agencies. Human intervention and Physical devices are not enough for protection and monitoring of cloud services; therefore, there is a need for more efficient design for cyber defence that is adaptable, flexible, robust and able to detect dangerous cybercrime such as a Denial of Service (DOS) and Distributed Denial of Service (DDOS) in heterogeneous cloud computing platforms and make essential real-time decisions for forensic investigation. This paper aims to develop a framework for digital forensic for the detection of cybercrime in a joined heterogeneous cloud setup. We developed a Digital Forensics model in this paper that can function in heterogeneous joint clouds. We used Unified Modeling Language (UML) specifically activity diagram in designing the proposed framework, then for deployment, we used an architectural modelling system in developing a framework. We developed an activity diagram that can accommodate the variability and complexities of the clouds when handling inter-cloud resources.

• Journal of Platform Technology
• /
• v.12 no.3
• /
• pp.55-61
• /
• 2024

As the digital environment becomes more complex and cyber attacks become more sophisticated, the importance of data protection is emerging. As various security threats such as data leakage, system intrusion, and authentication bypass increase, secure key management is emerging. Key Management System (KMS) manages the entire encryption key life cycle procedure and is used in various industries. There is a need for a key management system that considers requirements suitable for the environment of various industries including public and finance. The purpose of this paper is to derive the characteristics of the key management system for each industry by comparing and analyzing key management systems used in representative industries. As for the research method, information was collected through literature and technical document analysis and case analysis, and comparative analysis was conducted by industry sector. The results of this paper will be able to provide a practical guide when introducing or developing a key management system suitable for the industrial environment. The limitations are that the analyzed industrial field was insufficient and experimental verification was insufficient. Therefore, in future studies, we intend to conduct specific performance tests through experiments, including key management systems in various fields.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.18 no.7
• /
• pp.1-8
• /
• 2017

As the IT environment becomes more sophisticated, various threats and their associated serious risks are increasing. Threats such as DDoS attacks, malware, worms, and APT attacks can be a very serious risk to enterprises and must be efficiently managed in a timely manner. Therefore, the government has designated the important system as the main information communication infrastructure in consideration of the impact on the national security and the economic society according to the 'Information and Communication Infrastructure Protection Act', which, in particular, protects the main information communication infrastructure from cyber infringement. In addition, it conducts management supervision such as analysis and evaluation of vulnerability, establishment of protection measures, implementation of protection measures, and distribution of technology guides. Even now, security consulting is proceeding on the basis of 'Guidance for Evaluation of Technical Vulnerability Analysis of Major IT Infrastructure Facilities'. There are neglected inspection items in the applied items, and the vulnerability of APT attack, malicious code, and risk are present issues that are neglected. In order to eliminate the actual security risk, the security manager has arranged the inspection and ordered the special company. In other words, it is difficult to check against current hacking or vulnerability through current system vulnerability checking method. In this paper, we propose an efficient method for extracting diagnostic data regarding the necessity of upgrading system vulnerability check, a check item that does not reflect recent trends, a technical check case for latest intrusion technique, a related study on security threats and requirements. Based on this, we investigate the security vulnerability management system and vulnerability list of domestic and foreign countries, propose effective security vulnerability management system, and propose further study to improve overseas vulnerability diagnosis items so that they can be related to domestic vulnerability items.

• The Journal of Society for e-Business Studies
• /
• v.21 no.2
• /
• pp.47-59
• /
• 2016

Parcel service is to deliver goods from one place to the designated destination requested according to user request. Parcel operations such as sorting, distributing, etc. or the managed information are heterogeneous by the companies. Additionally, it is impossible to support interoperability between companies with unformatted data of manual processing. Most parcel package boxes attached to paper typed waybill is attached is delivered to consignee. So, security problems such as personal information leaking are occurred, or extra processing time and logistics costs are needed due to wrong or the damaged information. Business environment of parcel service is rapidly changed as introducing unmanned delivery or the advanced technology such as Internet of Things. User want to know the accurate status or steps from parcel service request to delivery. To provide these requirements, the unified and integrated waybill information for reliable transportation of parcel service is needed. This information will provide to pickup or delivery carrier, warehouse or terminal, and parcel service user per pickup, transport, and delivery stage of parcel delivery service. Therefore, this paper defines the simplified and unified information model for parcel service waybill by analyzing information systems used for logistics unit processes that is occurred to parcel service, and manual work processes, and developing the relevant information of work flows occurred between business processes or transactions with the collected or processed information by from parcel service's stages. It is possible to share these standard model between business entities, and replacing paper typed waybill will improve national life safety as preventing security threats by paper typed waybill. As a result, it will promote the public interest from the stakeholder's perspective.