• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.3
• /
• pp.373-385
• /
• 2021

To provide convenience and safety of drivers, the recent vehicles are being equipped with a number of electronic control units (ECUs). Multiple ECUs construct a network inside a vehicle to share information related to the vehicle's status; in addition, the CAN protocol is normally applied. As the modern vehicles provide highly convenient and safe services, it provides many types of attack surfaces; as a result, it makes them vulnerable to cyber attacks. The automotive IDS (Intrusion Detection System) is one of the promising techniques for securing vehicles. However, the existing methods for automotive IDS are able to analyze only periodic messages. If someone attacks on non-periodic messages, the existing methods are not able to properly detect the intrusion. In this paper, we present a method to detect intrusions including an attack using non-periodic messages. Moreover, we evaluate our method on the real vehicles, where we show that our method has 0% of FPR and 0% of FNR under our attack model.

• The Journal of the Korea Contents Association
• /
• v.22 no.10
• /
• pp.271-278
• /
• 2022

MyData service integrates and manages user's personal data such as finance, credit, etc, and is expected to provide useful information to the user as personal data in various fields are gradually integrated. Discovering factors that affect the intention to use of MyData service is a very important topic for understanding that service. To this end, in this study, the attributes of the MyData service were derived, and the derived service attributes were grouped together by using factor analysis. As a result, we found four factors such as "convenience", "usefulness", "security", and "control". After that, we established our research model to analyze the causal relationship between these four factors and the intention to use of MyData service. According to the analysis results, among the factors of the MyData service attribute, "convenience", "usefulness", and "control" had a significant effect, and "security" did not have a significant effect. In particular, it was confirmed that "control" had the greatest influence on the intention to use. This study suggests that MyData service provider need to make users recognize they are controlling their data and develop services that provide various benefits to users.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.5
• /
• pp.1009-1017
• /
• 2022

Log data has been used as a basis in understanding and deciding the main functions and state of information systems. It has also been used as an important input for the various applications in cybersecurity. It is an essential part to get necessary information from log data, to make a decision with the information, and to take a suitable countermeasure according to the information for protecting and operating systems in stability and reliability, but due to the explosive increase of various types and amounts of log, it is quite challenging to effectively and efficiently deal with the problem using existing tools. Therefore, this study has suggested a multiclass classification of the security severity level of multi-source event log using machine learning based on natural language processing. The experimental results with the training and test samples of 472,972 show that our approach has archived the accuracy of 99.59%.

• Journal of Internet Computing and Services
• /
• v.23 no.1
• /
• pp.105-112
• /
• 2022

The national defense requires uninterrupted decision-making, even under direct or indirect impacts on non-traditional threats such as infectious diseases. Since all work utilizes the information system, it is very important to ensure the availability of the information system. In particular, in terms of security management, defense work is being performed by dividing the network into a national defense network and a commercial Internet network. This study suggests a work execution plan that takes into account the efficiency of work performed on the Internet and the effectiveness of security through effective defense information system operation. It is necessary to minimize the network contact point between the national defense network and the commercial Internet, and to select a high-priority one among various tasks and operate it efficiently. For this purpose, actual cases were investigated for "A" institution and characteristics were presented. Through the targeted tasks and operation plans to improve the effectiveness of defense tasks and ensure security, presented in this paper, it will be possible to increase the availability of task performance even in non-traditional threats such as infectious diseases.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.4
• /
• pp.637-645
• /
• 2022

Cloud computing has been gaining popularity over decades, and container, a technology that is primarily used in cloud native applications, is also drawing attention. Although container technologies are lighter and more capable than conventional VMs, there are several security threats, such as sharing kernels with host systems or uploading/downloading images from the image registry. one of which can refer to the integrity of container images. In addition, runtime security while the container application is running is very important, and monitoring the behavior of the container application at runtime can help detect abnormal behavior occurring in the container. Therefore, in this paper, first, we implement a signing checker that automatically checks the signature of an image based on the existing Docker Content Trust (DCT) technology to ensure the integrity of the container image. Next, based on falco, an open source project of Cloud Native Computing Foundation(CNCF), we introduce newly created image for the convenience of existing falco image, and propose implementation of docker-compose and package configuration that easily builds a monitoring system.

• Journal of the Korea Society for Simulation
• /
• v.18 no.4
• /
• pp.149-155
• /
• 2009

Attacks in wireless sensor networks (WSN), are similar to the attacks in ad-hoc networks because there are deployed on a wireless environment. However existing security mechanism cannot apply to WSN, because it has limited resource and hostile environment. One of the typical attack in WSN is setting up wrong route that using wormhole. To overcome this threat, Ji-Hoon Yun et al. proposed WODEM (WOrmhole attack DEfense Mechanism) which can detect and counter with wormhole. In this scheme, it can detect and counter with wormhole attacks by comparing hop count and initial TTL (Time To Live) which is pre-defined. The selection of a initial TTL is important since it can provide a tradeoff between detection ability ratio and energy consumption. In this paper, we proposed a fuzzy rule-based system for TTL determination that can conserve energy, while it provides sufficient detection ratio in wormhole attack.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2022.05a
• /
• pp.620-623
• /
• 2022

최근 이메일 해킹사고의 유형을 살펴보면 사회공학적인 기법을 활용한 피싱메일 공격이 대다수를 차지하고 있는 상황이다. 그중 사용자의 패스워드를 빼내기 위한 공격메일이 기존 첨부파일에 악성코드를 삽입해서 보내지는 방식보다 월등히 높아졌다고 할 수 있다. 이는 공격자가 이메일 내용에 관심이 높아진 것으로 이메일은 사용자의 성향, 직업, 라이프스타일 파악뿐만 아니라 해커가 원하는 중요자료가 저장되어 있을 가능성이 매우 높으며 또 다른 공격대상자를 선정할 수 있는 좋은 창구가 될 수 있을 것이기 때문이다. 만일 피싱메일에 노출되어 패스워드가 해커의 손에 넘어 갔다면 많은 보안대책이 무용지물이 된다. 많은 보안 전문가들은 패스워드를 8자리 이상으로 하되 영문대·소문자와 숫자 그리고 특수문자를 포함하고, 사이트별 규칙성이 없이 모두 다르게 설정해야 하며, 정기적으로 바꿔야 한다고 조언한다. 이러한 조언은 패스워드를 크랙할 경우 안전할 수 있지만 요즘처럼 한 개인이 100여개 이상의 사이트에 대한 패스워드를 관리해야 한다면 현실적으로 불가능한 조언이 되고 말 것이다. 이러한 상황에 2017년 6월 미국 국립표준기술연구소(NIST)에서 '특별 간행 800-63-3: 디지털 인증 가이드라인'을 발표하게 된다. 내용은 그동안 보안전문가들이 권고했던 내용과는 많은 차이가 있다. 오히려 자주 바꾸는 것이 문제가 될 수 있다는 내용이다. 자세한 내용은 본 논문에서 살펴보도록 한다. 우리는 스마트폰 등을 사용함으로써 2-Factor인증에 활용하고 있다. 스마트폰 인증의 대표적인 방법은 지문·얼굴인식 등 생체인증 방식을 사용한다. 패스워드 없이도 편리하고 안전하게 인증을 할 수 있다는 점이 장점이다. 이러한 상황에 FIDO라는 인증 프레임워크가 인기를 얻고 있다. FIDO(Fast IDentity Online)는 비밀번호의 문제점을 해결하기 위한 목적으로 FIDO 얼라이언스에 의해 제안된 사용자 인증 프레임워크다. 향후 FIDO로의 대체가 패스워드 문제의 대안이 될 수 있을 것이다. 이제는 패스워드 대신 생체인증 체계로 대체할 수 있는 시대가 되었다고 할 수 있다. 본 논문에서는 패스워드의 문제점을 살펴보고 이를 대체할 수 있는 FIDO기반의 인증체계가 대안이 될 수 있는 근거를 제시하고자 한다.

• Convergence Security Journal
• /
• v.22 no.2
• /
• pp.99-104
• /
• 2022

This study provided a prediction model for solar energy production in Yeongam province, Jeollanam-do. The model was derived from the correlation between climate changes and solar power production in Yeongam province, Jeollanam-do, and presented a prediction of solar power generation through the regression analysis of 6 parameters related to weather and solar power generation. The data used in this study were the weather and photovoltaic production data from January in 2016 to December in 2019 provided by public data. Based on the data, the machine learning technique was used to analyzed the correlation between weather change and solar energy production and derived to the prediction model. The model showed that the photovoltaic production can be categorized by the three-stage production index and will be used as an important barometer in the agriculture activity and the use of photovoltaic electricity.

• Convergence Security Journal
• /
• v.24 no.1
• /
• pp.27-34
• /
• 2024

Network separation is an important policy that Cyber Incident prevent cyber and protect data. Recently, the IT environment is changing in software development, such as remote work, using the cloud, and using open sources. Due to these changes, fintech companies' development productivity and efficiency are lowering due to network separation regulations, and the demand for easing network separation continued. The government revised the regulations electronic financial supervision(hereafter EFS) in response to needs for mitigation of network separation in the IT environment and fintech companies. Some amendments to the EFS, which took effect on 01/01/2023, mitigate network separation only for research and development purposes in cloud environments. If software developed in a cloud development environment is applied to an operating system through a distribution system the existing perimeter-based security model will not satisfaction the network separation conditions. In this Study, we would like to propose a way to maintain the DevOps system in a network separation environment by Using the zero trust security system.

• Convergence Security Journal
• /
• v.23 no.4
• /
• pp.101-108
• /
• 2023

Military organizations have stricter ranks than other organizations, and the age of retirement is lower than that of civil servants in other fields. In a rapidly changing society with a high unemployment rate, it is very important to prepare psychological resources for self-management by improving individual positive strengths throughout life, including job search activities. Various studies are being attempted on positive psychological capital, employment, and productivity that emphasize the strength of positive resources and, from this point of view, contribute to productivity improvement. In this study, the effect of the positive psychological capital of discharged soldiers on their will to re-employment was investigated through questionnaires targeting actual veterans. As a result, it is found that hope, self-efficacy, resilience, and optimism influenced the will to re-employment in the order.