• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.3
• /
• pp.809-820
• /
• 2016

The smart grid, a new open platform, is a core application for facilitating a creative economy in the era of the Internet of Things (IoT). Advanced Metering Infrastructure (AMI) is one of the components of the smart grid and a two-way communications infrastructure between the main utility operator and customer. The smart meter records consumption of electrical energy and communicates that information back to the utility for monitoring and billing. This paper investigates the impact of a cybersecurity attack on the smart meter. We analyze the cost to the smart grid in the case of a smart meter attack by authorized users based on a high risk scenario from NESCOR. Our findings could be used by policy makers and utility operators to create investment decision-making models for smart grid security.

• Review of KIISC
• /
• v.32 no.1
• /
• pp.47-56
• /
• 2022

NIST는 PQC Round 3 평가 기준으로 부채널 분석 및 오류 주입에 대한 안전성을 역설함에 따라 Round 3 양자내성암호에 대한 새로운 부채널 공격 시나리오 및 대응 기법이 빠르게 제시되고 있다. 따라서 각 방법론의 동향을 파악하고 재정의, 분류하는 작업이 필수적으로 요구된다. 본 논문에서는 NIST PQC Round 3 최종 후보 중 격자 기반 암호 KEM(SABER, CRYSTALS-KYBER, NTRU)에 대한 부채널 분석기법 및 대응기술 동향을 조사 및 분석하고 향후 Round 3 격자 기반 KEM 알고리즘의 부채널 연구 전망을 논의한다.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2003.11c
• /
• pp.1905-1908
• /
• 2003

현재 네트워크는 유 무선이 통합되는 차세대 네트워크(NGN), 유비쿼터스 시대로 발전하고 있다. 현대인의 네트워크에 대한 의존도가 커질수록, 네트워크 취약점을 악용한 사이버상의 위협과 새로운 공격 유형이 급증하고 있다. 보다 안전하고 신뢰할 수 있는 네트워크 환경을 위해 다양한 보안 제품들이 등장하고 서로의 기능들을 통합하여 더 나은 보안 서비스를 제공하고자 노력하고 있으나, 기존의 대표적인 보안 제품들로는 그 한계가 있다. 따라서 네트워크 자체가 취약점과 공격을 받더라도 지속적으로 서비스를 제공할 수 있고, 빠른 보안 업데이트를 통해 네트워크 자체의 붕괴를 미연에 예방 가능한 새로운 네트워크 보안 구조가 요구된다. 본 논문에서는 차세대 네트워크 발전 방향에 적합한 네트워크 보안 구조를 제안하고, 제안하는 구조에서 네트워크 보안 시나리오를 제시하여 검증한다.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.16 no.6
• /
• pp.43-54
• /
• 2016

The occurrence of cyber crime is on the rise every year, and the security control center, which should play a crucial role in monitoring and early response against the cyber attacks targeting various information systems, its importance has increased accordingly. Every endeavors to prevent cyber attacks is being attempted by information security personnel of government and financial sector's security control center, threat response Center, cyber terror response center, Cert Team, SOC(Security Operator Center) and else. The ordinary method to monitor cyber attacks consists of utilizing the security system or the network security device. It is anticipated, however, to be insufficient since this is simply one dimensional way of monitoring them based on signatures. There has been considerable improvement of the security control system and researchers also have conducted a number of studies on monitoring methods to prevent threats to security. In accordance with the environment changes from ESM to SIEM, the security control system is able to be provided with more input data as well as generate the correlation analysis which integrates the processed data, by extraction and parsing, into the potential scenarios of attack or threat. This article shows case studies how to detect the threat to security in effective ways, from the initial phase of the security control system to current SIEM circumstances. Furthermore, scenarios based security control systems rather than simple monitoring is introduced, and finally methods of producing the correlation analysis and its verification methods are presented. It is expected that this result contributes to the development of cyber attack monitoring system in other security centers.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2011.10a
• /
• pp.245-248
• /
• 2011

Voice over Internet protocol(VoIP) is call's contents using the existing internet. Thus, in common with the Internet service has the same vulnerability. In addition, unlike traditional PSTN remotely without physical access to hack through the eavesdropping is possible. Cyber terrorism by anti-state groups take place when the agency's computer network and telephone system at the same time work is likely to get upset. In this paper is penetration testing for security threats(Call interception, eavesdropping, misuse of services) set out in the NIS in the VoIP. In addition, scenario writing and penetration testing, hacking through the Voice over Internet protocol at the examination center will study discovered vulnerabilities. Vulnerability discovered in Voice over Internet protocol presents an attack and defense plan.

• Convergence Security Journal
• /
• v.22 no.2
• /
• pp.27-42
• /
• 2022

In the era of the Fourth Industrial Revolution, digital transformation to increase the effectiveness of industry is becoming more important to achieving the goal of industrial innovation. The digital new deal and smart defense are required for digital transformation and utilize artificial intelligence, big data analysis technology, and the Internet of Things. These changes can innovate the industrial fields of national defense, society, and health with new intelligent services by continuously expanding cyberspace. As a result, work productivity, efficiency, convenience, and industrial safety will be strengthened. However, the threat of cyber-attack will also continue to increase due to expansion of the new domain of digital transformation. This paper presents the risk scenarios of cyber-attack threats in the Fourth Industrial Revolution. Further, we propose a preemptive intrusion response model to bolster the complex security environment of the future, which is one of the fundamental alternatives to solving problems relating to cyber-attack. The proposed model can be used as prior research on cyber security strategy and technology development for preemptive response to cyber threats in the future society.

• Convergence Security Journal
• /
• v.24 no.2
• /
• pp.189-200
• /
• 2024

In recent years, the development of defense technology has become digital with the introduction of advanced assets such as drones equipped with artificial intelligence. These assets are integrated with modern information technologies such as industrial IoT, artificial intelligence, and cloud computing to promote innovation in the defense domain. However, the convergence of the technology is increasing the possibility of transfer of cyber threats, which is emerging as a problem of increasing the vulnerability of defense assets. While the current cybersecurity methodologies focus on the vulnerability of a single asset, interworking of various military assets is necessary to perform the mission. Therefore, this paper recognizes these problems and presents a mission-based asset management and evaluation methodology. It aims to strengthen cyber security in the defense sector by identifying assets that are important for mission execution and analyzing vulnerabilities in terms of cyber security. In this paper, we propose a method of classifying mission dependencies through linkage analysis between functions and assets to perform a mission, and identifying and classifying assets that affect the mission. In addition, a case study of identifying key assets was conducted through an attack scenario.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.2
• /
• pp.449-456
• /
• 2018

Many organizations divide the network to manage the network in order to prevent the leakage of internal data between separate organizations / departments by sending and receiving unnecessary traffic. The most fundamental network separation method is based on physically separate equipment. However, there is a case where a network is divided and operated logically by utilizing a virtual LAN (VLAN) network access control function that can be constructed at a lower cost. In this study, we first examined the possibility of bypassing the logical network separation through VLAN ID scanning and double encapsulation VLAN hopping attack. Then, we showed and implemented a data leak scenario by utilizing the acquired VLAN ID. Furthermore, we proposed a simple and effective technique to detect and prevent the double encapsulation VLAN hopping attack, which is also implemented for validation. We hope that this study improves security of organizations that use the VLAN-based logical network separation by preventing internal data leakage or external cyber attack exploiting double encapsulation VLAN vulnerability.

• Journal of Convergence for Information Technology
• /
• v.8 no.6
• /
• pp.231-236
• /
• 2018

Recently, a wide variety of IoT environment is being created due to the rapid development of information and communication technology. And accordingly in a variety of network structures, a countless number of attack techniques and new types of vulnerabilities are producing a social disturbance. In May of 2018, Talos Intelligence, the Cisco threat intelligence team has newly discovered 'VPN-Filter', which constitutes a large-scale IoT-based botnet, is infecting consumer routers in over 54 countries around the world. In this paper, types of IoT-based botnets and the attack techniques utilizing botnet will be examined and the countermeasure technique through EXIF metadata removal method which is the cause of connection method of C & C Server will be proposed by examining the characteristics of attack vulnerabilities and attack scenarios of VPN-Filter.

• Smart Media Journal
• /
• v.9 no.3
• /
• pp.71-79
• /
• 2020

Mobile network is used by many users worldwide for diverse services, including phone-call, messaging and data transfer over the Internet. However, this network may experience massive damage if it is exposed to cyber-attacks or denial-of-service attacks via wireless communication interference. Because the mobile network is also used as an emergency network in cases of disaster, evaluation or verification for security and safety is necessary as an important nation-wide asset. However, it is not easy to analyze the mobile core network because it's built and serviced by private service providers, exclusively operated, and there is even no separate network for testing. Thus, in this paper, a virtual mobile network is built using OpenAirInterface, which is implemented based on 3GPP standards and provided as an open source software, and the structure and protocols of the core network are analyzed. In particular, the S1AP protocol messages captured on S1-MME, the interface between the base station eNodeB and the mobility manager MME, are analyzed to identify potential security threats by evaluating the effect of the messages sent from the user terminal UE to the mobile core network.