• Proceedings of the KAIS Fall Conference
• /
• 2009.05a
• /
• pp.421-424
• /
• 2009

SCADA control systems and protocols are developed based on reliability, availability, and speed but with no or little attention paid to security. Specifically in Modbus protocol, there are inherent security vulnerabilities in their design. The lack of common security mechanisms in the protocol such as authentication, confidentiality and integrity must be addressed. In this paper, security vulnerabilities of Modbus-based SCADA controls systems will be studied. An in-depth analysis of the message frame formats being sent between master and slave will be discussed to expose the security vulnerabilities. This will enable SCADA users to find ways to fix the security flaws of the protocol and design mitigation strategies to reduce the impact of the possible attacks. Security mechanisms are recommended to further enhance the security of SCADA control systems.

• International Journal of Computer Science & Network Security
• /
• v.21 no.4
• /
• pp.199-208
• /
• 2021

This is an era of technology and with the rapid growth of the Internet, networks are continuously growing. Companies are shifting from simple to more complex networks. Since networks are responsible to transmit huge data which is often sensitive and a point of concern for hackers. Despite the sizes of the networks, all networks are subject to several threats. Companies deploy several security measures to protect their networks from unauthorized access. These security measures are implemented from the device level to the network level. Every security layer adds more to the security of the company's network. Firewalls are the piece of software that provides internal and external security of the network. Firewalls aim to enhance the device level as well as network-level security. This paper aims to investigate the different types of firewalls, their architecture, and vulnerabilities of the firewall. This paper improves the understanding of firewall and its various types of architecture.

• International journal of advanced smart convergence
• /
• v.13 no.2
• /
• pp.25-34
• /
• 2024

The paper investigates how the semiconductor and electric vehicle industries are addressing safety and security concerns in the era of autonomous driving, emphasizing the prioritization of safety over security for market competitiveness. Collaboration between these sectors is deemed essential for maintaining competitiveness and value. The research suggests solutions such as advanced autonomous driving technologies and enhanced battery safety measures, with the integration of AI chips playing a pivotal role. However, challenges persist, including the limitations of big data and potential errors in semiconductor-related issues. Legacy automotive manufacturers are transitioning towards software-driven cars, leveraging artificial intelligence to mitigate risks associated with safety and security. Conflicting safety expectations and security concerns can lead to accidents, underscoring the continuous need for safety improvements. We analyzed the expansion of electric vehicles as a means to enhance safety within a framework of converging security concerns, with AI chips being instrumental in this process. Ultimately, the paper advocates for informed safety and security decisions to drive technological advancements in electric vehicles, ensuring significant strides in safety innovation.

• Journal of Communications and Networks
• /
• v.11 no.6
• /
• pp.634-644
• /
• 2009

A diversity of wireless networks, with rapidly evolving wireless technology, are currently in service. Due to their innate physical layer vulnerability, wireless networks require enhanced security components. WLAN, WiBro, and UMTS have defined proper security components that meet standard security requirements. Extensive research has been conducted to enhance the security of individual wireless platforms, and we now have meaningful results at hand. However, with the advent of ubiquitous service, new horizontal platform service models with vertical crosslayer security are expected to be proposed. Research on synchronized security service and interoperability in a heterogeneous environment must be conducted. In heterogeneous environments, to design the balanced security components, quantitative evaluation model of security policy in wireless networks is required. To design appropriate evaluation method of security policies in heterogeneous wireless networks, we formalize the security properties in wireless networks. As the benefit of security protocols is indicated by the quality of protection (QoP), we improve the QoP model and evaluate hybrid security policy in heterogeneous wireless networks by applying to the QoP model. Deriving relative indicators from the positive impact of security points, and using these indicators to quantify a total reward function, this paper will help to assure the appropriate benchmark for combined security components in wireless networks.

• The Journal of Information Systems
• /
• v.25 no.2
• /
• pp.51-77
• /
• 2016

Purpose Organizations invest significant portions of their budgets in fortifying information security. Nevertheless, the security threats by employees are still at large. We discuss methods to reduce security threats that are posed by employees in organization. This study finds antecedent factors that increases or decreases employee's compliance intention. Also, the study suggests organizations' security environmental factors which influences the antecedent factors of compliance intention. Design/methodology/approach The structural equation model is then applied in order to verify this research model and hypothesis. Data were collected on 415 employees working in organizations with an implemented information security policy in South Korea. We analyzed the fitness and validity of the research model via confirmatory factor analysis in order to verify the research hypothesis, then we analyzed structural model, and derived the result. Findings The result shows that organizational commitment and peer behavior increase security compliance intention of employees, while security system anxiety decreases compliance intention. And, organization's physical security system and security communication both have influence on antecedent factors for information security compliance of employees. Our findings help organizations to establish information security strategies that enhance employee security compliance intention.

• International Journal of Contents
• /
• v.7 no.3
• /
• pp.71-81
• /
• 2011

This paper is mainly associated with setting out an agenda for the transformation of security by creating a new framework for a security system, which can maximise its effectiveness. Noticeably, this research shows empirically that crimes are getting a major cost to organisations, which if reduced by security and investigations could reap substantial rewards to the finances of an organisation. However, the problem is that the delivery of security is frequently delegated to personnel (e.g. security guards) with limited training, inadequate education, and no real commitment to professionalism - 'sub-prime' security, finally causing security failures. Therefore, if security can be enhanced to reduce the crime cost, this will produce financial benefits to business, and consequently could produce a competitive advantage. For this, the paper basically draws upon Luke's theoretical framework for deconstructing 'power' into three dimensions. Using this three-dimensional approach, the paper further sets out a model of how security can be enhanced, utilising a new Security Risk Management (SRM) model, and how can this SRM model create competitive advantage in business. Finally, this paper ends with the six strategies needed to enhance the quality of security: refiguring as SRM, Professional Staff, Accurate Measurement, Prevention, Cultural Change, and Metrics.

• Strategy21
• /
• s.31
• /
• pp.220-250
• /
• 2013

South Korean national security strategy should be developed to effectively handle and counter increasing maritime threats and challenges. There are three major maritime threats South Korea faces today; maritime disputes on the EEZ boundary and Dokdo islet issues, North Korean threats, and international maritime security. Maritime disputes in the region are getting intensified and turned into a military confrontation after 2010. Now regional countries confront each other with military and police forces and use economic leverage to coerce the others. They are very eager to create advantageous de facto situations to legitimize their territorial claims. North Korean threat is also increasing in the sea as we witnessed in the Cheonan incident and Yeonpyoung shelling in 2010. North Korea resorts to local provocations and nuclear threats to coerce South Korea in which it may enjoy asymmetric advantages. The NLL area of the west sea would be a main hot spot that North Korea may continue to make a local provocation. Also, South Korean national economy is heavily dependent upon foreign trade and national strategic resources such as oil are all imported. Without an assurance on the safety of sea routes, these economic activities cannot be maintained and expanded. This paper argues that South Korea should make national maritime strategy and enhance the strength of naval forces. As a middle power, its national security strategy needs to consider all the threats and challenges not only from North Korea but also to maritime security. This is not a matter of choice but a mandate for national survival and prosperity. This paper discusses the importance of maritime security, changing characteristics of maritime threats and challenges, regional maritime disputes and its threat to South Korea's security, and South Korea's future security strategy and ways to enhance the role of naval forces. Our national maritime strategy needs to show middle and long term policy directions on how we will protect our maritime interests. Especially, it is important to build proper naval might to carry out all the roles and missions required to the military.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.8 no.3
• /
• pp.661-669
• /
• 2004

As a large number of distributed systems becoming more popular, interoperability, portability and security are becoming major concerns of modern computing. CORBA and object-oriented database which provide transparency of network and database are increasingly being used as the basis for distributed system to solve these problems. The two methods can help accomplish assurance of security by using a method-based access control technique or an attribute-based access control technique. These methods also enhance the unavailability or inefficiency caused by the delay of access process and bottleneck of the network due to the complex instance-based access control. We propose a security model on the type information based access control system that can enhance both security and availability by separating the functions delivered from CORBA and object-oriented databases. We apply the access control model specifically to enhancement of security system and also perform a test to verify the security and availability of our model.

• The Journal of the Korea Contents Association
• /
• v.5 no.6
• /
• pp.360-367
• /
• 2005

Corporation's computerization developed by diffusion of internet, and dysfunction of Information is increasing greatly with virus, computing network infringement. Therefore, the today, corporation security is more and more emphasized. Security solution by that importance of security rises so is developing together Security solution is developing to ESM system in existing single system and important thing is function of each security solution and optimizing design of policy. Existent security policy taking a serious view security from external invasion but security of interior the importance rise the today. Accordingly, must construct ESM system of new structure for this. This paper proposes and embodied integration security administration system that solidify interior security utilizing IDS. Experiment external IP and ID access and analyzed the result.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2012.05a
• /
• pp.899-900
• /
• 2012

RFID technology can help automatically and remotely identify objects, which raises many security concerns. We review and categorize several RFID security and privacy solutions, and conclude that the most promising and low-cost approach currently attracts little academic attention. We therefore concluded that, from a privacy perspective, the user scheme is an important strategy for meeting the consumer's needs. Furthermore, we call for the privacy research community to put more effort into this line of thinking about RFID privacy.