• Convergence Security Journal
• /
• v.11 no.6
• /
• pp.53-58
• /
• 2011

There is increasing use of common commercial operation system and standard PCs to control industrial production systems, and cyber security threat for industrial facilities have emerged as a serious problem. Now these network connected ICS(Industrial Control Systems) stand vulnerable to the same threats that the enterprise information systems have faced and they are exposed to malicious attacks. In particular Stuxnet is a computer worm targeting a specific industrial control system, such as a gas pipeline or power plant and in theory, being able to cause physical damage. In this paper we present an overview of the general configuration and cyber security threats of a SCADA and investigate the attack tree analysis to identify and assess security vulnerabilities in SCADA for the purpose of response to cyber attacks in advance.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.18 no.2
• /
• pp.49-54
• /
• 2018

In this paper, we study the secrecy outage probability when using cooperative diversity and jammer in a relay system based on decode-and-forward. MRC method is used in receiver and eavesdroppers to obtain cooperative diversity. To use the MRC technique, direct links between the sender and receiver, and between the sender and the eavesdropper are used, respectively. Jammers are used to generate intentional noise siganls to increase security capacity. Jammers generate intentional noise, degrading the channel quality of the eavesdropper and helping physical layer security be realized. The secrecy outage probability is used to evaluate security performance. Assume that the system is under the Rayleigh fading channel.

• Convergence Security Journal
• /
• v.14 no.1
• /
• pp.77-83
• /
• 2014

In times past, the awareness of security held good on the physical aspect, but it has been expanded to the aspect of information security and management security owing to the development of information and communication technology, therefore an effort is being made to meet multidimensional security needs. These realities are currently changing the viewpoint of consumers from manned guarding to machine-aided guarding. The change to the machine-aided guarding caused the profitability problem of manned guarding companies, and brought about a reverse side effect that prompt and correct countermeasure was inferior to that of manned-guarding. Therefore, this study proposes a 'smart time & attendance management system' that can be applied to various types of work and can minimize position information.

• Journal of the Korean Data and Information Science Society
• /
• v.22 no.2
• /
• pp.207-215
• /
• 2011

This Risk analysis on information related assets is conducted primarily according to the standards the Korea Information and Telecommunications Technology Association (TTA) or the International Organization for Standardization (ISO). The process is made of asset analysis, threat analysis, vulnerability analysis, and response plan analysis. The risk for information related assets belongs to the operational risks suggested by BIS (Bank for International Settlements) and the information related losses can be estimated in terms of BIS' suggestion. In this paper it is proposed that how to apply the method proposed by BIS to estimate the loss of information assets.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2017.10a
• /
• pp.341-342
• /
• 2017

Control and development systems such as air traffic control systems, road traffic systems, and Korea Hydro &Nuclear Power are the infrastructure facilities of the country, and if the malicious hacking attacks proceed, the damage is beyond imagination. In fact, Korea Hydro & Nuclear Power has been subjected to a hacking attack, causing internal information to leak and causing social problems. In this study, we analyze the environment of the development control system and analyze the status of the convergence security research, which is a recent issue, and propose a strategy system for stabilizing various power generation control systems and propose countermeasures. We propose a method to normalize and integrate data types from various physical security systems (facilities), IT security systems, access control systems, to control the whole system through convergence authentication, and to detect risks through fusion control.

• Advanced Industrial SCIence
• /
• v.2 no.1
• /
• pp.1-7
• /
• 2023

The use of Internet of Things(IoT) in smart cities and smart homes is essential. The security of the sensor nodes, which are the core of the IoT, is weak and hacking attacks are severe enough to have a fatal impact on real life. This research is conducted to improve the security of the Internet of Things by developing a lightweight secure communication protocol for the Internet of Things, and to build a safe Internet of Things environment suitable for the era of the 4th Industrial Revolution. It contributes to building a safe and convenient smart city and smart home by proposing key management and identifier development to increase the confidentiality of communication and the establishment of an Internet authentication system.

• The Journal of Korean Association of Computer Education
• /
• v.20 no.6
• /
• pp.95-104
• /
• 2017

The damage caused by information spill, forgery, falsification, and deletion by cyber infringement in educational institutions and universities is very large. In this study, we analyzed the types, causes, and problems of cyber infringement in educational administrative institutions and universities. As a result, administrative, physical and technical information protection activities were weak. In this paper, we propose a security enhancement method for each domain by dividing them into Internet zone, network-neutral zone (DMZ: Demilitarized Zone), general server zone, internal server zone (Server Farm), and user zone so that these vulnerabilities can be easily identified, supplemented or security enhanced. In addition, we have proposed a method to apply security information system architecture and information protection technology correctly for educational administration institutions and universities. This study is meaningful not to provide conceptual guidance but to suggest specific action and procedure oriented security management plan.

• Review of KIISC
• /
• v.22 no.8
• /
• pp.54-60
• /
• 2012

기존 마그네틱 카드의 보안성을 강화하기 위해 집적회로칩이 부착된 IC카드의 사용이 날로 증가하고 있으나 IC카드에 대한 보안 위협 또한 발생하고 있는 실정이다. 그 중에서도 암호화에 사용된 키를 찾기 위해서 암호 알고리즘의 이론적인 취약점이 아닌 암호화 과정에서 누설되는 수행시간, 소비전력, 전자기 방사 등을 이용하는 물리적 공격 방법인 부채널분석 공격이 대표적인 보안 위협이다. 본 논문에서는 부채널분석 공격 기법을 구현한 국내 외 시험 도구의 차이점 및 시험방법의 유효성을 확인하기 위해, 각 도구별 시험 결과를 전력분석 관점에서 비교 분석해 보았다. 시험 결과, 각 도구별 특징을 파악할 수 있었고, 시험 도구의 동작 방식에 다소 차이가 있으나 모두 동일한 결과를 도출해 낼 수 있었다.

• Review of KIISC
• /
• v.23 no.4
• /
• pp.7-14
• /
• 2013

영업비밀 관련 또는 특허문제로 소송이 빈번하게 발생하는 요즘 특허 전쟁에 있어서도 해당 정보를 적절하게 보호하고 유지하기 위한 특허정보 관리체계에 있어서의 정보보안은 매우 중요한 요인으로 인식되고 있다. 이러한 상황에서 보안사고가 발생했을 경우, 이에 효과적으로 대응하기 위한 방안들에 대해 기업 전반에 걸쳐 인지될 필요성 또한 부각되고 있으며 이를 가능하게 해주는 방안으로 국제인증 기준이 떠오르고 있다. 각종 정보보호의 중요성에 따른 기업 관리시스템들이 이러한 인증체계를 도입 및 운영하고 있는 추세이며 이를 뒷받침 해주기 위해 특허법을 비롯하여 관련 컴플라이언스를 준수하기 위한 개인정보보호법(안전성 확보조치), 정보통신망 이용촉진 및 정보보호 등에 관한 법률과 같은 정보보호 법률을 기준으로 제시할 수 있다. 사례 기업에서는 이 중 정보보호 국제인증의 대표격인 ISO27001을 바탕으로 현재 특허관련 기업에 필요한 정보보호관리체계를 정립 및 적용하였다. 해당 정보보호 관리체계는 특허관련 업무분장에서 주요하게 다루어지지 않았던 기술적, 관리적, 물리적 보안에 대한 부적합사항을 충족시키고 특허정보보호업무, 감사업무, 검사업무, 전산운영 등 분산된 업무를 일관된 업무로 통합하는 효과적인 관리체계가 될 수 있음을 제시하였다.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2005.11a
• /
• pp.953-956
• /
• 2005

보건의료정보는 개인의 가장 민감한 정보로 최상의 보호가 이뤄져야하는 한편, 국민 건강과 복지 향상을 위한 공익의 성격도 강하여 관리와 책임에 대한 명확한 지침이 반드시 필요하다. 본 연구에서는 보건의료 부문의 특성과 정보화 현황을 반영하고 선행연구의 한계점을 보완하여 국내 보건의료 환경에 적합한 정보보호관리 모델을 개발하였다. BS7799, HIPAA Security Rule, HL7 EHR SIG 기능명세 등을 참고하여 필요성, 정보보호 목적/전략 수립, 위험분석/평가, 정보보호관리 정책수립, 정보보호관리 프레임워크 설계, 관리적 보안, 물리적 보안, 기술적 보안, 정보보호관리 평가,운영관리의 총 10개 세부 프로세스와 111개의 이행지표로 구성된 본 모델은 보건의료정보 취급자에게 실행 지침을 제공하여 보건의료정보시스템의 안정성 향상과 국민 보건복지 수준 향상에 이바지할 수 있을 것으로 기대된다.