• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.11 no.8
• /
• pp.2983-2988
• /
• 2010

The train control system used in Gyeongbu-line is classified in ATC, IXL and CTC. Domestic railway signaling systems are being developed by electrification. In these systems the electrification of interlocking reaches 57% and the safety equipments of railway crossings in trackside devices have completed their development into an integrated system. Block systems of all the existing sections have not yet electrified and integrated so that they need a number of complement in terms of construction and maintenance. For ABS currently used in existing domestic lines, and LEU being installed in Gyeongbu and Honam lines, although a train is controlled by the signaling information of the same train in the same location, the system is separately installed so that the same information is separately divided and transmitted at the each distinct system. Therefore, in the conventional ABS and LEU, there are a lot of duplicate installed compartments such as lamp detection and a power supply unit. Hence, we have a lot of problems: for maintenance, a lot of manpower and costs need to be invested and the overall manufacturing costs get higher, as well as the construction costs by duplicate. Therefore, this paper suggest design to develop an integrated electronic Block Control Unit by the integration of the currently used ABS, and communication and electronic technology. We are to monitor and manage the block systems in the corresponding station by integrating. And we are to transmit information together with LEU, which is an ATS wayside transmitter.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.7 no.2
• /
• pp.287-293
• /
• 2012

It has been only few years that various contents information subject for information processing system has been remarkably increased in online. If we say the year 2000 is the technology based year when deluge of information and data such as real time sharing, the time since after 2000 until 2011 has been a period plentiful of application based functions and solutions. Also, as the applicable range of these information process systems extends, individual information effluence has been social issues twice in 2009 and 2010. Thus now there are continuous efforts made to develop technologies to secure and protect information. However, the range problem has been extended from the illegal access from outside to the legal access from internal user and damages by agents hidden in internal information process system and client system. Therefore, this study discusses the necessity for the studies on efficiency based information security by control of access to internal information and authority setting for administrator and internal users. Based on the result of this study, it provides data that can be used from SOHO class network to large scale for information security method.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.19 no.1
• /
• pp.185-191
• /
• 2015

This paper suggest the safety class communication board in order to design the safety network of the nuclear safety class controller. The reactor protection system use the digitized networks because from analog system to digital system. The communication board shall be provided to pass the required performance and test of the safety class in the digital network used in the nuclear safety class. Communication protocol is composed of physical layer(PHY), data link layer(MAC: Medium Access Control), the application layer in the OSI 7 layer only. The data link layer data package for the cyber security has changed. CRC32 were used for data quality and the using one way communication, not requests and not responses for receiving data, does not affect the nuclear safety system. It has been designed in accordance with requirements, design, verification and procedure for the approving the nuclear safety class. For hardware verification such as electromagnetic test, aging test, inspection, burn-in test, seismic test and environmental test in was performed. FPGA firmware to verify compliance with the life-cycle of IEEE 1074 was performed by the component testing and integration testing.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.2
• /
• pp.261-273
• /
• 2019

Recently, with the development of IT technology, there is an increasing interest in cloud services as the number of users using mobile devices such as mobile phones and tablets is increasing. However, there is a need for techniques to control or control various methods of accessing data as the user's service demands increase. In this paper, we propose a dual key based user authentication model that improves the user 's authentication efficiency by using two keys (secret key and access control key) to access the users accessing various services provided in the cloud environment. In the proposed model, the operation process and the function are divided through the sequence diagram of the algorithms (key generation, user authentication, permission class permission, etc.) for controlling the access right of the user with dual keys. In the proposed model, two keys are used for user authentication and service authorization class to solve various security problems in the cloud service. In particular, the proposed model is one of the most important features in that the algorithm responsible for access control of the user determines the service class of the user according to the authority, thereby shortening the management process so that the cloud administrator can manage the service access permission information of the user.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.6
• /
• pp.1115-1130
• /
• 2020

Modern vehicles are equipped with a number of ECUs(Electronic Control Units), and ECUs can control vehicles efficiently by communicating each other through CAN(Controller Area Network). However, CAN bus is known to be vulnerable to cyber attacks because of the lack of message authentication and message encryption, and access control. To find these security issues related to vehicle hacking, CAN Fuzzing methods, that analyze the vulnerabilities of ECUs, have been studied. In the existing CAN Fuzzing methods, fuzzing inputs are randomly generated without considering the structure of CAN messages transmitted by ECUs, which results in the non-negligible fuzzing time. In addition, the existing fuzzing solutions have limitations in how to monitor fuzzing results. To deal with the limitations of CAN Fuzzing, in this paper, we propose a Non-Random CAN Fuzzing, which consider the structure of CAN messages and systematically generates fuzzing input values that can cause malfunctions to ECUs. The proposed Non-Random CAN Fuzzing takes less time than the existing CAN Fuzzing solutions, so it can quickly find CAN messages related to malfunctions of ECUs that could be originated from SW implementation errors or CAN DBC(Database CAN) design errors. We evaluated the performance of Non-Random CAN Fuzzing by conducting an experiment in a real vehicle, and proved that the proposed method can find CAN messages related to malfunctions faster than the existing fuzzing solutions.

• Journal of Navigation and Port Research
• /
• v.46 no.6
• /
• pp.554-561
• /
• 2022

Technology development related to maritime autonomous surface ships (MASS) is actively progressing around the world. However, since there are still many technically unresolved problems such as communication, cybersecurity, and emergency response capabilities, it is expected that it will take a lot of time for MASS to be commercialized. In this study, we proposed a ship group navigation system in which one leader ship and several follower ship are grouped into one group. In this system, when the leader ship begins to navigate, the follower ship autonomously follows the path of the leader ship. For path following, PD (proportional-derivative) control is applied. In addition, each ship navigates in a straight line shape while maintaining a safe distance to prevent collisions. Speed control was implemented to maintain a safe distance between ships. Simulations were performed to verify the ship group navigation system. The ship used in the simulation is the L-7 model of KVLCC2, which has related data disclosed. And the MMG (Maneuvering Modeling Group) standard method proposed by the Japan Society of Naval Architects and Ocean Engineering (JASNAOE) was used as a model of ship maneuvering motion. As a result of the simulation, the leader ship navigated along a predetermined route, and the follower ship navigated along the leader ship's path. During the simulation, it was found that the three ships maintained a straight line shape and a safe distance between them. The ship group navigation system is expected to be used as a navigation system to solve the problems of MASS.

• Journal of Software Assessment and Valuation
• /
• v.16 no.1
• /
• pp.65-79
• /
• 2020

As Programmable Logic Controllers (PLCs), popular components in industrial control systems (ICS), are incorporated with the technologies such as micro-controllers, real-time operating systems, and communication capabilities. As the latest PLCs have been connected to the Internet, they are becoming a main target of cyber threats. This paper proposes two sanitizers that improve the security of uC/OS-II based firmware for a PLC. That is, we devise BU sanitizer for detecting out-of-bounds accesses to buffers and UaF sanitizer for fixing use-after-free bugs in the firmware. They can sanitize the binary firmware image generated in a desktop PC before downloading it to the PLC. The BU sanitizer can also detect the violation of control flow integrity using both call graph and symbols of functions in the firmware image. We have implemented the proposed two sanitizers as a prototype system on a PLC running uC/OS-II and demonstrated the effectiveness of them by performing experiments as well as comparing them with the existing sanitizers. These findings can be used to detect and mitigate unintended vulnerabilities during the firmware development phase.

• Journal of KIISE:Computer Systems and Theory
• /
• v.33 no.3
• /
• pp.178-192
• /
• 2006

The buffer overflow attack is the single most dominant and lethal form of security exploits as evidenced by recent worm outbreaks such as Code Red and SQL Stammer. In this paper, we propose microarchitectural techniques that can detect and recover from such malicious code attacks. The idea is that the buffer overflow attacks usually exhibit abnormal behaviors in the system. This kind of unusual signs can be easily detected by checking the safety of memory references at runtime, avoiding the potential data or control corruptions made by such attacks. Both the hardware cost and the performance penalty of enforcing the safety guards are negligible. In addition, we propose a more aggressive technique called corruption recovery buffer (CRB), which can further increase the level of security. Combined with the safety guards, the CRB can be used to save suspicious writes made by an attack and can restore the original architecture state before the attack. By performing detailed execution-driven simulations on the programs selected from SPEC CPU2000 benchmark, we evaluate the effectiveness of the proposed microarchitectural techniques. Experimental data shows that enforcing a single safety guard can reduce the number of system failures substantially by protecting the stack against return address corruptions made by the attacks. Furthermore, a small 1KB CRB can nullify additional data corruptions made by stack smashing attacks with only less than 2% performance penalty.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.35 no.3B
• /
• pp.408-420
• /
• 2010

On a Mobile Ad hoc NETwork(MANET), it is difficult to detect and prevent misbehaviors nodes existing between end nodes, as communication between remote nodes is made through multiple hop routes due to lack of a fixed networked structure. Therefore, to maintain MANET's performance and security, a technique to identify misbehaving middle nodes and nodes that are compromise by such nodes is required. However, previously proposed techniques assumed that nodes comprising MANET are in a friendly and cooperative relationship, and suggested only methods to identify misbehaving nodes. When these methods are applied to a larger-scale MANET, large overhead is induced. As such, this paper suggests a system model called Secure Cluster-based MANET(SecCBM) to provide secure communication between components aperANET and to ensure eed. As such, this pand managems suapemisbehavior nodes. SecCBM consists apetwo stages. The first is the preventis pstage, whereemisbehavior nodes are identified when rANET is comprised by using a cluster-based hierarchical control structure through dynamic authentication. The second is the post-preventis pstage, whereemisbehavior nodes created during the course apecommunication amongst nodes comprising the network are dh, thed by using FC and MN tables. Through this, MANET's communication safety and efficiency were improved and the proposed method was confirmed to be suitable for MANET through simulation performance evaluation.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.20 no.6
• /
• pp.183-194
• /
• 2010

A company's private network protected by a firewall and NAT(Network Address Translation) is not accessible directly through an external internet. However, as Reverse Connection technology used by NetCat extends to the technologies such as SSH Tunnel or HTTP Tunnel, now anyone can easily access a private network of corporation protected by a firewall and NAT. Furthermore, while these kinds of technologies are commercially stretching out to various services such as a remote control and HTTP Tunnel, security managers in a company or general users are confused under the circumstances of inner or outer regulation which is not allowed to access to an internal system with a remote control. What is more serious is to make a covert channel invading a company's private network through a malicious code and all that technologies. By the way, what matters is that a given security system such as a firewall cannot shield from these perceived dangers. So, we analyze the indirect access of technological methods and the status quo about a company's internal network and find a solution to get rid of the related dangers.