• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.22 no.10
• /
• pp.1392-1397
• /
• 2018

Nuclear power plants(NPPs) are protected as core facilities managed by major countries. Applying general IT technology to facilities of NPPs, the proportion of utilizing the digitized resources for the rest of the assets except for the existing installed analog type operating resources is increasing. Using the network to control the IT assets of NPPs can provide significant benefits, but the potential vulnerability of existing IT resources can lead to significant cyber security breaches that threaten the entire NPPs. In this paper, we analyze the nuclear cyber security vulnerability regulatory requirements, characteristics of existing vulnerability scanners and their requirements and investigate commercial and free vulnerability scanners. Based on the proposed application method, we can improve the efficiency of checking the network security vulnerability of NPPs when applying vulnerability scanner to NPPs.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.16 no.12
• /
• pp.2695-2701
• /
• 2012

We need privacy protection protocols, that satisfy three essential security requirements; confidentiality, indistinguishability and forward security, in order to protect user's privacy in RFID system. The hash-chain based protocol that Ohkubo et. al proposed is the most secure protocol, that satisfies all of the essential security requirements, among existing protocols. But, this protocol has a disadvantage that it takes very long time to identify a tag in the back-end server. In this paper, we propose a scheme to keep security just as it is and to reduce computation time for identifying a tag in back-end server. The proposed scheme shows the results that the identification time in back-end server is reduced considerably compared to the hash-chain based protocol.

• Journal of the Korean Society of Marine Environment & Safety
• /
• v.9 no.1
• /
• pp.25-31
• /
• 2003

In 1994, the International Maritime Organization (IMO) adopted the International Safety Management Code (ISM Code) as SOLAS convention to ensure the safe operation of ships and to protect marine environment from pollution In December 2002, the IMO adopted the International Ship and Port Facility Security Code (ISPS Code) in the Chapter XI-1 of SOLAS to ensure the security of ships, crew, cargo and port facility. With 1 July 2004 being the coming into effective date of ISPS Code, there is a sense of urgency among the shipping companies and port authorities to accomodate the ISPS Code. Although both the ISM Code and the ISPS Code are based on the management system concept introduced in the ISO 9001, two Codes pursue different objective. Accordingly, it is meaningful to compare and analyze the requirements of three standards. In this article, the backgrounds, principles and requirements of three standards are analyzed and presented to offer several suggestions on the establishment and implementation of security measures in compliance with the ISPS Code to the shipping industry in time.

• Journal of the Korean Society of Marine Environment & Safety
• /
• v.9 no.1
• /
• pp.33-40
• /
• 2003

This paper is intended as an investigation of introduction of Maritime Security System. In the last few years, several articles have been devoted to the study of ISPS Code(International Code for the Security of Ships and of Port Facilities). The Diplomatic Conference on Maritime Security held in London in December 2002 adopted new provisions in the International Convention for the Safety of Life at Sea, 1974 and this ISPS Code to enhance maritime security. These new requirements form the international framework through which ships and port facilities can co-operate to detect and deter acts which threaten security in the maritime transport sector. Accordingly, the purpose of this paper is to suggest an introduction, if Maritime Security System and understanding of ISPS Code.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.11 no.1
• /
• pp.1-8
• /
• 2016

The Nuclear Power Plants(: NPP) are being protected as national infrastructure, and instrumentation and control(: I&C) systems are one of the principle facilities of the NPP, which perform the protection, control, and monitoring function. The I&C systems are being evolved into digitalization based on computer and network technology from analog system. In addition, the I&C systems are mostly employ the specialized logic controllers which are dedicated for the NPP, but the usage of generalized IT resources are steadily increased. The cyber security issues for the NPP are being emerged due to cyber incidents by Stuxnet and various accidents in the NPP. In this paper, hybrid access control model is proposed which are applicable to I&C system by analyzing the access control requirements specified in regulatory guides. The safety of in-service and under construction of NPP are effectively increased by applying proposed hybrid model.

• Review of KIISC
• /
• v.22 no.5
• /
• pp.28-34
• /
• 2012

원자력발전소(원전) 계측제어시스템은 원전을 안전하게 운전하기 위해 계측, 제어 및 보호, 감시 기능을 수행하는 설비로서, 2000년대에 들면서 아날로그 기술에서 컴퓨터와 데이터통신망을 기반으로 하는 디지털 기술로 변하고 있다. 디지털 기술의 도입은 원전에 많은 이점을 부여하였지만 한편으로는 최근 이란 핵시설 및 중국에서 발생한 사이버 사고를 통해 디지털 계측제어시스템이 사이버공격으로부터 취약함이 입증되었다. 이에 따라 사이버보안 기술을 도입하여 원전의 안전성을 확보하기 위한 방안이 요구되고 있다. 하지만 원전 계측제어시스템의 최상위 설계요건으로 요구되는 안전성 확보는 복잡한 기기검증 절차와 긴 시간이 요구되는 인허가 과정 등으로 인해 사이버보안 기술을 적용하는데 많은 어려움이 따른다. 본 논문에서는 원전 계측제어시스템의 특성을 살펴보고 현재 국내외에서 개발 및 적용중인 원전 사이버보안 기술동향을 소개한다.

• Proceedings of the KIEE Conference
• /
• 2005.10c
• /
• pp.340-342
• /
• 2005

태양광 발전 시스템은 신재생에너지의 한 분야로서 이동형 전원부터 대용량 발전 시스템까지 다양한 분야에 적용되고 있다. 본 논문에서는 응용분야의 하나인 정원 보안등에 관한 것이다. 기존 정원 보안등은 전원으로 소형 전지를 내장하여 구동하는 방식과 일반 상용전원을 연결하여 구동하는 방식이 대표적이었다. 본 논문에서는 태양전지를 정원 보안등에 적용하여 내부 충전지를 충전 구동하는 방식을 택하였다. 반사갓의 구형과 신형, 외부요건 변화에 따른 출력의 특성을 비친 분석 모니터링 하였다.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2012.04a
• /
• pp.676-679
• /
• 2012

지능형 전력망인 AMI(Advanced Metering Infrastructure)에 대한 관심이 높아지고 있다. AMI 시스템은 전력의 제공자와 소비자가 양방향 통신을 함으로써 전력의 효율적인 관리를 위한 것이지만 기존의 전력망에 통신망인 IT의 결합으로 인한 보안 문제에 대한 대응방안이 필요하다. 본 논문에서는 한전 KDN(주)가 규정하여 추진하고 있는 AMI 시스템의 문제점을 분석하고, 한전의 규정상에서 적용 가능한 대칭키 기반의 보안으로 안전한 AMI 시스템의 통신망 구조를 제시하여 암호화 및 메시지인증을 통해 기밀성, 무결성, 가용성 등의 보안 요건을 만족시킬 수 있는 통합적인 관리를 제안한다.

• Journal of Satellite, Information and Communications
• /
• v.11 no.1
• /
• pp.16-20
• /
• 2016

In this paper, we analyze the characteristics and ATM applications for fingerprint, iris, vein recognition technology that can be applied to the ATM to reinforce security. Describe the important requirements to be considered when introducing a biometric authentication in the ATM, and were compared to each biometric authentication scheme based on these requirements. Fingerprint authentication has limitations in accuracy, iris recognition is a big weakness in user convenience, whereas vein recognition has the advantage of being hygienic, yet excellent accuracy and secrecy. Vein authentication approach is expected to be expanded to apply to ATM due to the many advantages.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2014.10a
• /
• pp.211-212
• /
• 2014

This paper is to suggest the security requirements for identification and authentication in analysis step. Firstly, individual ID should be uniquely identified. The second element is to apply the length limitations, combination and periodic changes of passwords. The third should require the more reinforced authentication methods besides ID and passwords and satisfy the defined security elements on authentication process.