• Journal of Internet Computing and Services
• /
• v.21 no.1
• /
• pp.221-230
• /
• 2020

The effects-based operation, which would reduce unnecessary efforts and meaningless sacrifices incurred during a war and simultaneously reach the will of the enemy leadership by strategic attacks, was discarded for the reason that it was difficult to apply it to military power except for airpower. However, cyberspace, which can be thoroughly logical and calculated, can be suitable for conducting effects-based operations. This study examined a way to carry out effects-based operations in such cyberspaces. It laid the foundation for overcoming the limitations of effects-based operations revealed in previous battle cases and executing the operations in cyber battlespace where the boundary between physical and cyberspaces gradually disappeared. Futhermore, it demonstrated that effects-based operations could be carried out in cyberspace by establishing a military strategy, which could conduct the operations through an analysis of previous cyber-attack cases.

• Information Systems Review
• /
• v.4 no.2
• /
• pp.81-94
• /
• 2002

The study employs the conceptual framework of the strategic success paradigm developed by Ansoff (1990). The strategic success paradigm denotes that optimal performance will be attained when the level of environmental turbulence is aligned with the strategic aggressiveness and organizational capability. Based on the paradigm, authors developed the concept of IT (information technology) aggressiveness (IT aggressiveness henceforth) and capability (IT capability henceforth). In order to clarify the different concept of IT aggressiveness and capability, the author brought the concept of IT architecture. The difference of capability and architecture lies in the depth of technical considerations. Where capability refers attitudinal aspects of managers, architecture emphasizes technical capacity of the organization as a whole. The study validated the need for alignment among IT architecture, environmental turbulence and IT aggressiveness. The imbalance between IT strategy and IT architecture (such as a higher level of IT aggressiveness but a lower level of IT architecture, or vice versa) has a marginal contribution to the organizational IT performance. The alignment among organizational environmental turbulence, IT aggressiveness, and IT architecture resulted in an optimal level of IT performance especially in a turbulent environment.

• Journal of Digital Convergence
• /
• v.13 no.9
• /
• pp.297-302
• /
• 2015

The increase in applying IT to vehicles has given birth to smart cars or connected cars. As smarts cars become connected with external network systems, threats to communication security are on the rise. With simulation test results supporting such threats to Convergence security in vehicular communication, concerns are raised over relevant vulnerabilities, while an increasing number of studies on secure vehicular communication are published. Hacking attacks against vehicles are more dangerous than other types of hacking attempts because such attacks may threaten drivers' lives and cause social instability. This paper designed a Convergence security protocol for inter-vehicle and intra-vehicle communication using a hash function, nonce, public keys, time stamps and passwords. The proposed protocol was tested with a formal verification tool, Casper/FDR, and found secure and safe against external attacks.

• Journal of the Korea Society for Simulation
• /
• v.21 no.3
• /
• pp.17-24
• /
• 2012

This paper suggests Effectiveness Evaluation Methods of DDoS attacks countermeasures model by simulation. According to the security objectives that are suggested by NIST(National Institute of Standards and Technology), It represents a hierarchical Effectiveness Evaluation Model. we calculated the weights of factors that security objectives, security controls, performance indicator through AHP(Analytic Hierarchy Process) analysis. Subsequently, we implemented Arena Simulation Model for the calculation of function points at the performance indicator. The detection and protection algorithm involve methods of critical-level setting, signature and anomaly(statistic) based detection techniques for Network Layer 4, 7 attacks. Proposed Effectiveness Evaluation Model can be diversely used to evaluate effectiveness of countermeasures and techniques for new security threats each organization.

• The KIPS Transactions:PartC
• /
• v.10C no.6
• /
• pp.665-674
• /
• 2003

In this paper, we propose an approach to correlate alerts using a clustering analysis of data mining techniques in order to support intrusion detection system. Intrusion detection techniques are still far from perfect. Current intrusion detection systems cannot fully detect novel attacks. However, intrucsion detection techniques are still far from perfect. Current intrusion detection systems cannot fully detect novel attacks or variations of known attacks without generating a large amount of false alerts. In addition, all the current intrusion detection systems focus on low-level attacks or anomalies. Consequently, the intrusion detection systems to underatand the intrusion behind the alerts and take appropriate actions. The clustering analysis groups data objects into clusters such that objects belonging to the same cluster are similar, while those belonging to different ones are dissimilar. As using clustering technique, we can analyze alert data efficiently and extract high-level knowledgy about attacks. Namely, it is possible to classify new type of alert as well as existed. And it helps to understand logical steps and strategies behind series of attacks using sequences of clusters, and can potentially be applied to predict attacks in progress.

• KIPS Transactions on Computer and Communication Systems
• /
• v.4 no.5
• /
• pp.171-176
• /
• 2015

Because the specific security technology alone can not cope with sophisticated attacks, various security management models are applied. But, they do not focus on the vulnerability of the highest part because they offer so many common security management criteria. By analyzing the main information and confidential leakage cases inflicting enormous damage to our society, we found that attackers are using mainly an interface vulnerabilities - the paths that connect the internal and external of the organization, such as e-mail, web server, portable devices, and subcontractor employees. Considering the reality that time and resources to invest in security domain are limited, we point out the interface security vulnerabilities the possibility of attackers to exploit and present a convergence method of security measures. Finally, based of ROI(Return on Investment), we propose the real-time security management system through the intensive and continuous management.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.13 no.3
• /
• pp.1-15
• /
• 2003

${Cachin}^{[1]}$ defined the security of steganography theoretically at first, then ${Katzenbeisser}^{[2]}$ and ${Hopper}^{[3]}$ also discussed it on the different aspects. Unfortunately, because many steganographic systems couldnt overcome the statistical gap between a stego-cover and a pure cover, the secure steganography hasn' been evaluated yet. By the effectivel steganalysis algorithm, statistical test which was suggested by Westfel $d^{［4］}$, the attacker Wendy could select the stego-covers out of suspicious covers. Our newly developed algorithm which minimizes the changes of a pure cover by using the block cipher withstands a statistical test and has a similar embedding capacity in comparison with a simple LSB substitution steganography.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.24 no.9
• /
• pp.1187-1192
• /
• 2020

The dronebot combat system is a representative model of the future battlefield in the 4th industrial revolution. In dronebot, unmanned reconnaissance tankrobot can minimize human damage and reduce cost with higher combat power than humans. However, since the battlefield environment is very complex such as obstacles and enemy situations, it is also necessary for the pilot to control the tankrobot. Tankrobot are robots with new ICT technology, capable of hacking attacks, and if there is an abnormality in control, it can pose a threat to manipulation and control. A Bluetooth sniffing attack was performed on the communication section of the tankrobot and the controller to introduce a vulnerability to Bluetooth, and a countermeasure using MAC address exposure prevention and communication section encryption was proposed as a security measure. This paper first presented the vulnerability of tankrobot to be operated in future military operations, and will be the basic data that can be used for defense dronebot units.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.6
• /
• pp.1045-1057
• /
• 2022

Recently, the National Institute of Standards and Technology (NIST) announced four cryptographic algorithms as a standard candidates of Post-Quantum Cryptography (PQC). In this paper, we show that private key can be exposed by a non-profiling-based power analysis attack such as Correlation Power Analysis (CPA) and Differential Deep Learning Analysis (DDLA) on CRYSTALS-KYBER algorithm, which is decided as a standard in the PKE/KEM field. As a result of experiments, it was successful in recovering the linear polynomial coefficient of the private key. Furthermore, the private key can be sufficiently recovered with a 13.0 Normalized Maximum Margin (NMM) value when Hamming Weight of intermediate values is used as a label in DDLA. In addition, these non-profiling attacks can be prevented by applying countermeasures that randomly divides the ciphertext during the decryption process and randomizes the starting point of the coefficient-wise multiplication operation.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.34 no.5
• /
• pp.1059-1071
• /
• 2024

The 5G mobile network provides various services to numerous devices and applications, unlike LTE which focuses on smartphones. Features of 5G, such as low latency and massive connectivity, increase the overhead of the control plane(CP, signaling part) and make it difficult to detect abnormal devices due to random traffic patterns. In this paper, we propose a DBSCAN clustering-based detection method to counter signaling attacks, which are a type of 'Denial of Service(DoS)' attack targeting mobile networks. DBSCAN helps to create clusters of various shapes and can address dynamic traffic because the algorithm needs not to depend on past traffic statistics. We also use a real-time traced dataset for experiments to assess usability in real-world scenarios. According to the experiments, our method achieves 99.32% of accuracy and 0.03% of false-positive rates, demonstrating superior performance compared to previous works.