• Proceedings of the Korean Society of Computer Information Conference
• /
• 2011.06a
• /
• pp.83-86
• /
• 2011

2009년 7월 G8 확대정상회의에서 이태리와 공동으로 Smart Grid 선도국으로 한국이 지정되었다. 하지만 차세대 국가 성장 동력인 Smart Grid에 대한 사이버 공격 사례가 발생하고 있으며, 모의실험을 통해 보안 위협이 예측되고 있어, Smart Grid 공격을 분석하고, 안전성을 확보하기 위한 Smart Grid 보안기술에 대한 연구가 필요하다. 본 논문은 Smart Grid의 AMI, 네트워크 인프라, 시스템의 스마트 제어 및 스마트 서비스에 대한 보안성 분석과 램 공격, 주파수 크래킹, 악성코드 등의 공격과 취약점에 관한 연구를 한다. 그리고 Smart Grid 기술에 대한 공격을 방어 할 수 있는 보안 기술 및 보안 방법을 연구한다. 본 연구를 통해 Smart Grid에 대한 보안성을 강화하여 Smart Grid 보안기술 발전에 기여할 것이다.

• Convergence Security Journal
• /
• v.18 no.1
• /
• pp.117-128
• /
• 2018

The purpose of this paper is to analyze the behavior of North Korea's cyber attack against South Korea since 2009 based on major international security theories and suggest South Korea's policy option. For this purpose, this paper applied the behavioral domain and characteristics of 'cyber power' and 'coercion dynamics' model, which are attracting attention in international security studies. The types of cyber attacks from North Korea are classified into the following categories: power-based incarceration, leadership attacks and intrusions, military operations interference, and social anxiety and confusion. In terms of types and means of cyber power, North Korean GPS disturbance, the Ministry of Defense server hacking and EMP are hard power with high retaliation and threat and cyber money cashing and ransomware are analyzed by force in the act of persuasion and incentive in the point of robbing or asking for a large amount of money with software pawns. North Korea 's cyber attack has the character of escape from realistic sanctions based on the second nuclear test. It is important for South Korea to clearly recognize that the aggressive cyberpower of North Korea is changing in its methods and capabilities, and to ensure that North Korea's actions result in far greater losses than can be achieved. To do this, it is necessary to strengthen the cyber security and competence to simultaneously attack and defend through institutional supplement and new establishment such as cyber psychological warfare, EMP attack preparation, and enhancement of security expertise against hacking.

• Journal of KIISE:Computing Practices and Letters
• /
• v.8 no.4
• /
• pp.457-467
• /
• 2002

In order to simulate cyber attacks and predict network behavior by attacks, we should represent attributes of network components in the simulation model, and should express characteristics of systems that carry out various cyber attacks and defend from these attacks. To simulate how network load may change under the cyber attacks, we extended SSF[9, 10] that is process-based event-oriented simulation system. We added a firewall class and a packet manipulator into the SSFNet that is a component of SSF. The firewall class, which is related to the security, is to simulate cyber attacks, and the packet manipulator is a set of functions to write attack programs for the simulation. The extended SSFNet enables to simulate a network with the security systems and provides advantages that make easy to port already exsiting attack programs and apply them to the simulation evironment. We made a vitual network model to verify operations of the added classes, and simulated a smurf attack that is a representative denial of sevive attack, and observed the network behavior under the smurf attack. The results showed that the firewall class and packet manipulator developed in this paper worked normaly.

• Review of KIISC
• /
• v.15 no.1
• /
• pp.41-49
• /
• 2005

정보화에 대한 의존도가 심화됨에 따라 사이버상의 테러는 기업과 국가안보를 위협하는 단계에까지 이르렀으나 아직까지 이를 방어하기 위한 정보보호시스템은 침해사고에 대한 정보가 공유되지 못하고 독립되어 운영되고 있는 실정이다. 이에 기업과 국가는 물론 전세계에서 발생되는 실시간 위협 상황에 대해 조기분석과 대응을 위한 정보공유의 필요성이 무엇보다 강조되고 있다. 본 논문에서는 종합침해사고대응시스템에서 침해사고에 대한 실시간 분석 및 대응을 위한 중요자인인 블랙리스트 DB 구축방법과 관리방안을 제시하였다. 인터넷상에서 광범위하고 지속적인 공격을 시도하는 공격 IP정보를 효율적으로 판별하고 추출한 IP를 실시간으로 자동대응할 수 있는 모델을 제안하였으며 사고 시나리오를 통해 통해 검증하였다.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.17 no.2
• /
• pp.51-56
• /
• 2017

With the rapid increase in the number of mobile terminals, demand for wireless technologies has sharply increased these days. While wireless communication provides advantages such as ease of deployment, mobility of terminals, continuity of session, and almost comparable transmission bandwidth to the wired communication, it has vulnerability to malicious radio attacks such as eavesdropping, denial of service, session hijacking, and jamming. Among a variety of methods of preventing wireless attacks, the MTD(Moving Target Defense) is the technique for improving the security capability of the defense system by constantly changing the ability of the system to be attacked. In this paper, in order to develop a resilient software defined radio communication testbed system, we present a novel MTD approach to change dynamically and randomly the radio parameters such as modulation scheme, operating frequency, packet size. The probability of successful attack on the developed MTD-based SDR communication system has been analysed in a mathematical way and verified through simulation.

• Journal of Convergence Society for SMB
• /
• v.4 no.4
• /
• pp.1-6
• /
• 2014

A wireless sensor network is being actively researched around the world that are connected to the mesh are a plurality of sensor nodes in a wireless manner that span different regions of the techniques. However, wireless communications use the limitation of resources, so it is very weak due to the properties of the network itself secure in comparison to the normal network. Wireless sensor network is divided into tapped-based attacks, forgery based attacks, denial of service attacks based largely by securities laws must defend against various attacks such as insertion of the wrong information being sent eavesdropping or modification of information, which is usually sensor network applications need to do. The countermeasure of sensor network attack is described in this research, and it will contribute to establish a secure sensor network communication.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.25 no.3
• /
• pp.449-455
• /
• 2021

This paper proposes an encryption web transaction attack detection system based on the existing web application monitoring system. Although there was difficulty in detecting attacks on the encrypted web traffic because the existing web traffic security systems detect and defend attacks based on encrypted packets in the network area of the encryption section between the client and server, by utilizing the technology of the web application monitoring system, it is possible to detect various intelligent cyber-attacks based on information that is already decrypted in the memory of the web application server. In addition, since user identification is possible through the application session ID, statistical detection of attacks such as IP tampering attacks, mass web transaction call users, and DDoS attacks are also possible. Thus, it can be considered that it is possible to respond to various intelligent cyber attacks hidden in the encrypted traffic by collecting and detecting information in the non-encrypted section of the encrypted web traffic.

• Review of KIISC
• /
• v.30 no.5
• /
• pp.35-44
• /
• 2020

정보화 시대의 도래와 함께 원자력발전소 등 사회 간접자본의 중요 시설에서 운영되는 각종 장치들 역시 디지털화되면서 기존에 존재하지 않았던 사이버 공격에 대한 위협이 현실화되고 있다. 이러한 중요 사회 간접자본 등의 운영에 위협을 가하는 행위는 사회적으로 경제적으로 매우 큰 재난을 발생시킬 수 있기 때문에 공격 발생 이전에 사전 방어 체계를 구축해야 하는데, 이때, 실질적으로 위협이 되는 취약점의 존재 여부를 사전 인지하는 것이 매우 중요하다. 이를 위하여 본 논문에서는 원자력발전소의 계측제어계통에서 운영되는 국산화된 디지털 장치에 대하여 관련 취약점을 확인하고 확인된 취약점의 실질적인 위험도를 장치의 운영환경 특징을 반영하여 도출하며, 주요 기기의 운영 규제지침의 준수 여부를 점검하는 도구의 개발 결과를 소개한다. 본 논문은 원자력발전소 상에서 운영되는 시스템을 주요 대상으로 작성되었다.

• Convergence Security Journal
• /
• v.24 no.2
• /
• pp.79-87
• /
• 2024

This paper addresses the increasing cyber attacks exploiting security vulnerabilities in software due to the rise in web applications. CSRF (Cross-Site Request Forgery) attacks pose a serious threat to web users and developers and must be prevented in advance. CSRF involves performing malicious requests without the user's consent, making protection methods crucial for web applications. This study compares and verifies the CSRF defense performance of two frameworks, Spring Security and Apache Shiro, to propose an effectively applicable framework. The results show that both frameworks successfully defend against CSRF attacks; however, Spring Security processes requests faster, averaging 2.55 seconds compared to Apache Shiro's 5.1 seconds. This performance difference stems from variations in internal processing methods and optimization levels. Both frameworks showed no significant differences in resource usage. Therefore, Spring Security is more suitable for environments requiring high performance and efficient request processing, while Apache Shiro needs improvement. These findings are expected to serve as valuable references for designing web application security architectures

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.5
• /
• pp.1039-1055
• /
• 2012

It is required for us to enhance the national cyber capability as the worldwide countries have been doing effort to strengthen their cyber capabilities. However, we are encountering the difficulty in estimating national cyber capability due to the absence of any cyber capability assessment methodology. This paper presents the national cyber capability assessment methodology which is used for settle up national cyber policy. We also introduce the result of five major nations(US, China, Japan, Russia, Korea)' cyber capability assessment using the proposed methodology. The methodology is developed using open data and includes three areas; base capability, attack capability and defense capability. The assessment result shows the in the order of US, China, Korea, Russia, Japan. As the analysis of that result, in order to enhance the our cyber capability, we recommend that first, cyber budget and human resources for the base capability should be more invested, second, the strategy for attack capability enhancement is strongly required and lastly, the patch ratio and security monitoring level should be upgraded.