• Korean Security Journal
• /
• no.62
• /
• pp.9-33
• /
• 2020

This study presents aspects of the financing of terrorism using virtual-currencies. Fisrt of all, this introduces the conventional threat of the financing of terrorism and the analysis of current legal system regarding virtual-currency in South Korea. Next, the financing of terrorism cases are analyzed. With given analysis, the paper deals with its response and future extensions by technical and institutional aspects. The threats of the financing of terrorism are going higher after the appearance of virtual-currencies such as Bitcoin. There are two typical ways to use virtual-currencies by terrorist groups. One is to conduct public fund-raising in the social network system and the dark web. The other is to hack into virtual-currency exchange network in order to steal virtual currencies for developing the weapon of mass destruction. Specifically South Korea is top three country of trading virtual currencies and has been subject to virtual-currency hacking more than 10 cases. However, many countries including South Korea deal with virtual currencies as only innovative technology and means of investment, not the threats of the financing of terrorism. Under these circumstances, there a the legal contradiction. This article points this limit and absurdity. Also, it shows reasonable alternatives. All in all, given these aspects, the article proposes detailed policy directions.

• The Journal of Society for e-Business Studies
• /
• v.20 no.2
• /
• pp.27-36
• /
• 2015

Current leakage of industrial technologies with revealing state secret against nation is gradually increasing and scope of the spill is diversified from technology-oriented leakage to new economic security sector like information and communication, electrical and electronic, defense industry, illegal export of strategic material, economic order disturbance by foreign country, infringement of intellectual property, etc. So the spill damage can affect not only leaked company but also national interests and entire domestic industry. According to statistics from National Industrial Security Center of National Intelligence Service, a major cause of technology leakage is not only by external things about hacking and malignant code, but internal leakage of former and current employees account for about 80%. And technology leakage due to temptation of money and personal interests followed by technology leakage of subcontractor is steadily increased. Most studies in the field of security have tended to focus on measuring security capability of company in order to prevent leakage core assets or developing measurement Indicators for management rather than security activities of the company members that is most important. Therefore, this study analyzes the effect of most underlying security education in security activities on security capabilities of enterprise. As a result, it indicates that security education have a positive(+) correlation with security capabilities.

• The KIPS Transactions:PartC
• /
• v.12C no.7 s.103
• /
• pp.989-998
• /
• 2005

Information systems are today becoming larger and mostly broadband-networked. This exposes them at a higher risk of intrusions and hacking than ever before. Of the technologies developed to meet information system security needs, risk analysis is currently one of the most actively researched areas. Meanwhile, due to the extreme diversity of assets and complexity of network structure, there is a limit to the level of accuracy which can be achieved by an analysis tool in the assessment of risk run by an information system. Also, the results of a risk assessment are most oftennot up-to-date due to the changing nature of security threats. By the time an evaluation and associated set of solutions are ready, the nature and level of vulnerabilities and threats have evolved and increased, making them obsolete. Accordingly, what is needed is a risk analysis tool capable of assessing threats and propagation of damage, at the same time as security solutions are being identified. To do that, the information system must be simplified, and intrusion data must be diagrammed using a modeling technique this paper, we propose a modeling technique information systems to enable security risk analysis, using SPICE and Petri-net, and conduct simulations of risk analysis on a number of case studies.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.38B no.12
• /
• pp.944-953
• /
• 2013

Recently, a storage media is becoming smaller and storage capacity is also becoming larger than before. However, important data was leaked through a small storage media. To solve these serious problem, many security companies manufacture secure USBs with secure function, such as data encryption, user authentication, not copying data, and management system for secure USB, etc. But various attacks, such as extracting flash memory from USBs, password hacking or memory dump, and bypassing fingerprint authentication, have appeared. Therefore, security techniques related to secure USBs have to concern many threats for them. The basic components for a secure USB are secure authentication and data encryption techniques. Though existing secure USBs applied password based user authentication, it is necessary to develop more secure authentication because many threats have appeared. And encryption chipsets are used for data encryption however we also concern key managements. Therefore, this paper suggests mutual device authentication based on PUF (Physical Unclonable Function) between USBs and the authentication server and key management without storing the secret key. Moreover, secure USB is systematically managed with metadata and authentication information stored in authentication server.

• Journal of the Institute of Electronics Engineers of Korea CI
• /
• v.46 no.1
• /
• pp.35-45
• /
• 2009

In an open environment such as Home Network, ZigBee Cluster comprising a plurality of Ato-cells is required to provide intense security over the movement of collected, measured data. Against this setting, various security issues are currently under discussion concerning master key control policies, Access Control List (ACL), and device sources, which all involve authentication between ZigBee devices. A variety of authentication methods including Hash Chain Method, token-key method, and public key infrastructure, have been previously studied, and some of them have been reflected in standard methods. In this context, this paper aims to explore whether a new method for searching for neighboring devices in order to detect device replications and Sybil attacks can be applied and extended to the field of security. The neighbor detection applied method is a method of authentication in which ACL information of new devices and that of neighbor devices are included and compared, using information on peripheral devices. Accordingly, this new method is designed to implement detection of malicious device attacks such as Sybil attacks and device replications as well as prevention of hacking. In addition, in reference to ITU-T SG17 and ZigBee Pro, the home network equipment, configured to classify the labels and rules into four categories including user's access rights, time, date, and day, is implemented. In closing, the results demonstrates that the proposed method performs significantly well compared to other existing methods in detecting malicious devices in terms of success rate and time taken.

• Journal of the Korean Institute of Intelligent Systems
• /
• v.16 no.1
• /
• pp.49-54
• /
• 2006

The recent fingerprint recognition system has unstable factors, such as copy of fingerprint patterns and hacking of fingerprint feature point, which mali cause significant system error. Thus, in this research, we used the fingerprint as the main recognition device and then implemented the multi-biometric recognition system in serial using the speech recognition which has been widely used recently. As a multi-biometric recognition system, once the speech is successfully recognized, the fingerprint recognition process is run. In addition, speaker-dependent DTW(Dynamic Time Warping) algorithm is used among existing speech recognition algorithms (VQ, DTW, HMM, NN) for effective real-time process while KSOM (Kohonen Self-Organizing feature Map) algorithm, which is the artificial intelligence method, is applied for the fingerprint recognition system because of its calculation amount. The experiment of multi-biometric recognition system implemented in this research showed 2 to $7\%$ lower FRR (False Rejection Ratio) than single recognition systems using each fingerprints or voice, but zero FAR (False Acceptance Ratio), which is the most important factor in the recognition system. Moreover, there is almost no difference in the recognition time(average 1.5 seconds) comparing with other existing single biometric recognition systems; therefore, it is proved that the multi-biometric recognition system implemented is more efficient security system than single recognition systems based on various experiments.

• Journal of Internet Computing and Services
• /
• v.21 no.2
• /
• pp.81-90
• /
• 2020

The purpose of this study is to study how to apply block-chain technology to prevent data forgery and alteration in the defense sector of AI(Artificial intelligence). AI is a technology for predicting big data by clustering or classifying it by applying various machine learning methodologies, and military powers including the U.S. have reached the completion stage of technology. If data-based AI's data forgery and modulation occurs, the processing process of the data, even if it is perfect, could be the biggest enemy risk factor, and the falsification and modification of the data can be too easy in the form of hacking. Unexpected attacks could occur if data used by weaponized AI is hacked and manipulated by North Korea. Therefore, a technology that prevents data from being falsified and altered is essential for the use of AI. It is expected that data forgery prevention will solve the problem by applying block-chain, a technology that does not damage data, unless more than half of the connected computers agree, even if a single computer is hacked by a distributed storage of encrypted data as a function of seawater.

• Korean Security Journal
• /
• no.46
• /
• pp.63-86
• /
• 2016

The object of this study is to propose a study on the Private Investigator usage for Cyber Crime. The latest trend of cyber crime is being evolve in sophisticated and complex way over the global, like internet fraud, cyber gambling, hacking and etc. Hence national investigative authority mobilize high specialized skills and method of criminal investigation by each nation. But it is hard to respond in rapid and effective way because of propoor, distribution of group and insufficient of related legal system. Already in other countries, not considerable amount of services are given to private investigators in detection and tracking part which is inefficient by nation. So it has significantly meaningful to compensate the defect and study about private investigator usage as companion of cooperation policing for effectively respond to cyber-crime. The way to effectively deal with the cyber-crime is reevaluate meaning of partnership policing and need of private investigator usage. Also it is to analyze the main issue about introduction of a system and suggest the effective way of introduction. First, legislation of private investigator usage which is based upon partnership policing should be made up. Moreover, to establish the range of private investigator's business and enhance the reliability, it is to propose introduction of leading professional global certificate and license system with sufficient education and test. We are expecting introduction of private investigator usage can improve efficiency of investigation and promote effective countermeasures of cyber-crime.

• The Journal of the Korea Contents Association
• /
• v.13 no.1
• /
• pp.30-39
• /
• 2013

In recent years, with the development of devices to collect multimedia data such as small CMOS camera sensor and micro phone, studies on wireless multimedia sensor network technologies and their applications that extend the existing wireless sensor network technologies have been actively done. In such applications, various basic schemes such as the processing, storage, and transmission of multimedia data are required. Especially, a security for real world environments is essential. In this paper, in order to defend the sniffing attack in various hacking techniques, we propose a multipath routing scheme for physically avoiding the data transmission path from the risk factors. Our proposed scheme establishes the DEFCON of the sensor nodes that are geographically close to risk factors and the priorities according to the importance of the data. Our proposed scheme performs risk factor detour multipath routing through a safe path considering the DEFCON and data priority. Our experimental results show that although our proposed scheme takes the transmission delay time by about 5% over the existing scheme, it reduces the eavesdropping rate that can attack and intercept data by the risk factor by about 18%.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.21 no.10
• /
• pp.602-608
• /
• 2020

Development of Internet technology and the spread of various smart devices provide a convenient computing environment for people, which is becoming common thanks to the Internet of Things (IoT). However, attacks by hackers have caused various problems, such as leaking personal information or violating privacy. In the IoT environment, various smart devices are connected, and network attacks that are used in the PC environment are occurring frequently in the IoT. In fact, security incidents such as conducting DDoS attacks by hacking IP cameras, leaking personal information, and monitoring unspecified numbers of personal files without consent are occurring. Although attacks in the existing Internet environment are PC-oriented, we can now confirm that smart devices such as IP cameras and tablets can be targets of network attacks. Through performance evaluation, the proposed protocol shows 11% more energy efficiency on servers than RSA, eight times greater energy efficiency on clients than Kerberos, and increased efficiency as the number of devices increases. In addition, it is possible to respond to a variety of security threats that might occur against the network. It is expected that efficient operations will be possible if the proposed protocol is applied to the IoT environment.