• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2011.10a
• /
• pp.245-248
• /
• 2011

Voice over Internet protocol(VoIP) is call's contents using the existing internet. Thus, in common with the Internet service has the same vulnerability. In addition, unlike traditional PSTN remotely without physical access to hack through the eavesdropping is possible. Cyber terrorism by anti-state groups take place when the agency's computer network and telephone system at the same time work is likely to get upset. In this paper is penetration testing for security threats(Call interception, eavesdropping, misuse of services) set out in the NIS in the VoIP. In addition, scenario writing and penetration testing, hacking through the Voice over Internet protocol at the examination center will study discovered vulnerabilities. Vulnerability discovered in Voice over Internet protocol presents an attack and defense plan.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.5
• /
• pp.1279-1294
• /
• 2016

Information security to use information technology(IT) in safety and reliability environment is becoming of great importance. In advanced countries including United States and United Kingdom are consistently expanding budget for information security. Korea also has been a growing interest in information security and Korea government announced plan to develop information security into next-generation growth engine. However, information security budget has increased slightly in recent years, so many national institutions and state governments have budget shortfall to perform information security work. Moreover budget items do not include generic contents about information security and there are confined to some security SW, HW and services. It is necessary to expand information security budget for enhancement national capabilities of information security. In this paper, we analyze the IT and information security budget situation for Korea and United States and propose effective budget expansion and improvement approaches for Korea.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.5
• /
• pp.1077-1086
• /
• 2017

Malware mutants based on existing malware is widely used because it can easily avoid the existing security system even with a slight pattern change. These malware appear on average more than 1.6 million times a day, and they are gradually expanding to IoT / ICS as well as cyber space, which has a large scale of damage. In this paper, we propose an analytical method based on features of PE Section and DLL that do not give much significance, rather than pattern-based analysis, Sandbox-based analysis, and CFG, Strings-based analysis. It is expected that the proposed model will be able to cope with effective malicious code in case of combined operation of various existing analysis technologies.

• Journal of KIISE:Databases
• /
• v.36 no.2
• /
• pp.63-72
• /
• 2009

Digital forensics refers to finding electronic evidences related to crimes. As cyber crimes are increasing daily, digital forensics for finding electronic evidences is also becoming important. At present, various aspects of digital forensics have being researched including the overall process model and analysis techniques such as network forensics, system forensics and database forensics for digital forensics. Regarding database forensics, only analysis techniques dependent on specific vendors have been suggested. And general process models and analysis techniques which can be used in various databases have not been studied. This paper proposes an integrated process model and analysis technique for database forensics. The proposed database forensics model (DFM) allows us to solve problems and analyze databases according to the situation and purpose, and to use a standard model and techniques for various database analyses. In order to test our model(DFM), we applied it to various database analyses. And we confirmed the results of our experiment that it can be applicable to acquisition in the scene as well as analysis of data relationships.

• The KIPS Transactions:PartA
• /
• v.8A no.4
• /
• pp.331-338
• /
• 2001

With the general use of network, cyber terror rages throughout the world. However, IP Fragmentation isn\`t free from its security problem yet, even though it guarantees effective transmission of the IP package in its network environment. Illegal invasion could happen or disturb operation of the system by using attack mechanism such as IP Spoofing, Ping of Death, or ICMP taking advantage of defectiveness, if any, which IP Fragmentation needs improving. Recently, apart from service refusal attack using IP Fragmentation, there arises a problem that it is possible to detour packet filtering equipment or network-based attack detection system using IP Fragmentation. In the paper, we generate the real time access log file to make the system manager help decision support and to make the system manage itself in case that some routers or network-based attack detection systems without packet reassembling function could not detect or suspend illegal invasion with divided datagrams of the packet. Through the implementation of the self-managing system we verify its validity and show its future effect.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.5
• /
• pp.1045-1054
• /
• 2021

As APT attacks become more frequent and sophisticated, not only the advancement of the security systems but also the competence of the cybersecurity officers of each institution that operates them is becoming increasingly important. In a large-scale cyber defence exercise with many blue teams participating and many systems to simulate and defend against, it should be possible to simulate attacks to generate various attack patterns, network payloads, and system events. However, if one RT framework is used, there is a limitation that it can be easily detected by the blue team. In the case of operating multiple RT frameworks, a lot of time and effort by experts for exercise setup and operation for each framework is required. In this paper, we propose iRF(integrated RT framework) that can automatically operate large-scale cyber defence exercise by integrating a number of open RT frameworks and RT frameworks created by ourselves.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.2
• /
• pp.365-375
• /
• 2019

A PLC (Programmable Logic Controller) is a highly-reliable industrial digital computer which supports real-time embedded control applications for safety-critical control systems. Real-time operating systems such as uC/OS have been used for PLCs and must meet real-time constraints. As PLCs have been widely used for industrial control systems and connected to the Internet, they have been becoming a main target of cyberattacks. In this paper, we propose an execution code sanitizer to enhance the security of PLC systems. The proposed sanitizer analyzes PLC programs developed by an IDE before downloading the program to a target PLC, and mitigates security vulnerabilities of the program. Our sanitizer can detect vulnerable function calls and illegal memory accesses in development of PLC programs using a database of vulnerable functions as well as the other database of code patterns related to pointer misuses. Based on these DBs, it detects and removes abnormal use patterns of pointer variables and existence of vulnerable functions shown in the call graph of the target executable code. We have implemented the proposed technique and verified its effectiveness through experiments.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.4
• /
• pp.847-857
• /
• 2019

Recently, various cyber threats such as Ransomware and APT attack are increasing by e-mail. The characteristic of such an attack is that it is important to take administrative measures by improving personal perception of security because it bypasses technological measures such as past pattern-based detection The purpose of this study is to investigate the human factors of employees who are vulnerable to spam mail attacks through field experiments and to establish future improvement plans. As a result of sending 7times spam mails to employees of a company and analyzing training report, It was confirmed that factors such as the number of training and the recipient 's gender, age, and workplace were related to the reading rate. Based on the results of this analysis, we suggest ways to improve the training and to improve the ability of each organization to carry out effective simulation training and improve the ability to respond to spam mail by awareness improvement.

• Journal of the Korea Convergence Society
• /
• v.10 no.6
• /
• pp.157-164
• /
• 2019

This research examines how IoT makes a significant contribution to the innovation of media firms. The media firms will be able to find new reveue sources and strengthen firms' competence through innovating product, process and business model. While IoT increases the experience of interactivity and immersion for consumption, it improves the way ads are exposed and its impact is measured, leading to revenue increase. For these benefits fulfilled, innovation friendly media eco-system must be established. It is the most critical that media firms should change skeptical attitude toward IoT's potential and actively invest it to employ IoT. The government should create regulatory framework to best utilize the innovative advantages of IoT.

• The Journal of the Korea Contents Association
• /
• v.19 no.9
• /
• pp.476-484
• /
• 2019

RFID yoking proof proves that a pair of tags is scanned at the same time. Since the tags scanned simultaneously by a single reader are adjacent to each other, the yoking proof is used in applications that need to check the physical proximity of tagged objects. Most of the yoking proof schemes require pre-knowledge on adjacent tags. If an error occurs in the process of collecting information about adjacent tags, all subsequent proofs will fail verification. However, there is no research that suggests specific methods for obtaining information about adjacent tags. In this study, I propose a tag proximity information acquisition scheme for a yoking proof. The proposed method consists of two steps: scanning area determination and scanning area verification. In the first step, the size and position of the area to scan tags is determined in consideration of position and transmission range of the tags. In the next step, whether tag scanning is performed within the scanning area or not is verified through reference tags of the fixed position. In analysis, I show that the determined scanning area assures acquisition of adjacent tag information and the scanning area verification detects deformation and deviation of the scanning area.