• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.3
• /
• pp.565-573
• /
• 2022

Current mobile communication system is in the mid-process of conversion from 4G LTE to 5G network. According to the generalization of mobile communication services, personal information such as user's identifiers and location information is transmitted through a mobile communication network. The importance of security technology is growing according to the characteristics of wireless mobile communication networks, the use of wireless shared channels is inevitable, and security technology cannot be applied to all network system elements in order to satisfy the bandwidth and speed requirements. In particular, for security threat analysis, researches are being conducted on various attack types and vulnerability analysis through rogue base stations or attacker UE to make user services impossible in the case of 5G networks. In this paper, we established a 5G network testbed using open sources. And we analyzed three security vulnerabilities related to NAS COUNT and confirmed the validity of two vulnerabilities based on the testbed or analyzing the 3GPP standard.

• Review of KIISC
• /
• v.7 no.3
• /
• pp.53-76
• /
• 1997

현대 사회의 경제 및 사회 활동에는 필연적으로 컴퓨터, 통신과의 정보 통합이 요구되며 전송정보의 표준화를 근간으로 하는 CALS의 도입이 필요하다. 본 논문에서는 CALS 체제의 외국 동향 분석과 CALS에서의 정보보호 위협 그리고 보안 요소들과 CALS 구현 사례 연구를 통하여 안전한 EDI 시스템을 근간으로 하는 CALS 정보보호 통합체제의 프레임워크를 제시하였다. 이러한 작업은 국내 산업에서 도입이 되고 있는 CALS 체제의 정보보호 연구에 도움이 될 것이며 CALS 통합 체제 정보보호 모델 개발에 기반이 될 것이다.

• Journal of Internet Computing and Services
• /
• v.9 no.3
• /
• pp.43-50
• /
• 2008

Authenticated Encryption scheme in RFID system is the important issue for ID security. But, implementing authenticated Encryption scheme in RFID systems is not an easy proposition and systems are often delivered for reasons of complexity, limited resources, or implementation, fail to deliver required levels of security. RFID system is so frequently limited by memory, performance (or required number of gates) and by power drain, that lower levels of security are installed than required to protect the information. In this paper, we design a new authenticated encryption scheme based on the EC(Elliptic Curve)'s x-coordinates and scalar operation. Our scheme will be offers enhanced security feature in RFID system with respect to user privacy against illegal attack allowing a ECC point addition and doubling operation.

• Journal of the Korea Society of Computer and Information
• /
• v.25 no.7
• /
• pp.85-92
• /
• 2020

Following the development of Internet of Things (IoT) technology, the scope of application of IoT technology is expanding to industrial safety areas that detect and prevent possible risks in outdoor environments in advance, away from improving the convenience of living in indoor environments. Although this expansion of IoT service provides many advantages, it also causes security problems such as data leakage and modulation, so research on security response strategies is being actively carried out. In this paper, the IoT-based road construction risk management system in outdoor environment is proposed as a research subject. As a result of investigating the security vulnerabilities of the low-power wide-area (LPWA, BLE) communication protocol applied to the research targets, the security vulnerabilities were identified in terms of confidentiality, integrity, and availability, which are the three major elements of information security, and countermeasures for each vulnerability were proposed. This study is meaningful in investigating and analyzing possible vulnerabilities in the operation of the IoT-based risk management system and proposing practical security guidelines for each vulnerability.

• Convergence Security Journal
• /
• v.20 no.3
• /
• pp.115-123
• /
• 2020

Cyber Attack have evolved more and more in recent years. One of the best countermeasure to counter this advanced and sophisticated cyber threat is to predict cyber attacks in advance. It requires a lot of information and effort to predict cyber threats. If we use Open Source Intelligence(OSINT), the core of recent information acquisition, we can predict cyber threats more accurately. In order to predict cyber threats using OSINT, it is necessary to establish a Database(DB) for cyber attacks from OSINT and to select factors that can evaluate cyber threats from the established DB. We are based on previous researches that built a cyber attack DB using data mining and analyzed the importance of core factors among accumulated DG factors by AHP technique. In this research, we present a method for quantifying cyber threats and propose a cyber threats prediction model based on artificial neural networks.

• Journal of the Institute of Electronics Engineers of Korea CI
• /
• v.41 no.6
• /
• pp.13-22
• /
• 2004

This study proposes a risk analysis methodology for information system security management in which the complexity on the procedure that the existing risk analysis methodology is reduced to the least. The proposed risk analysis methodology is composed of 3 phases as follows: beforehand processing phase, counter measure setting phase, post processing phase. The basic risk analysis phase is a basic security management phase in which fixed items are checked when the information security system is not yet established or a means for the minimum security control is necessary for a short period of time. In the detailed risk analysis phase, elements of asset a vulnerability, and threat are analysed, and using a risk degree production table produced from these elements, the risk degree is classified into 13 cases. In regard to the risk, the 13 types of risk degree will execute physical, administrative, and technical measures through ways such as accepting, rejecting, reducing, and transferring. Also, an evaluation on a remaining risk of information system is performed through a penetration test, and security policy set up and post management phase is to be carried out.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.27 no.1
• /
• pp.87-96
• /
• 2023

As the number of security vulnerabilities increases yearly, security threats continue to occur, and the vulnerability risk is also important. We devise a security threat score calculation reflecting trends to determine the risk of security vulnerabilities. The three stages considered key elements such as attack type, supplier, vulnerability trend, and current attack methods and techniques. First, it reflects the results of checking the relevance of the attack type, supplier, and CVE. Secondly, it considers the characteristics of the topic group and CVE identified through the LDA algorithm by the Jaccard similarity technique. Third, the latest version of the MITER ATT&CK framework attack method, technology trend, and relevance between CVE are considered. We used the data within overseas sites provide reliable security information to review the usability of the proposed final formula CTRS. The scoring formula makes it possible to fast patch and respond to related information by identifying vulnerabilities with high relevance and risk only with some particular phrase.

• Review of KIISC
• /
• v.7 no.3
• /
• pp.23-38
• /
• 1997

SET은 인터넷과 같은 개방형 통신망에서 안전하고 효율적인 신용카드 기반의 전자 결제를 수행하기 위해 개발된 전자 지불 표준 프로토콜이다. SET을 기반으로하는 전자 지불 시스템은 크게 카드를 소지하고 있는 고객(Cardholder), 상품을 판매하고 대금 결제를 요구하는 상인(Merchant)기존의 은행과 연동하기위한 지불 게이트웨이(Payment gateway)로 구성되며 부가적인 요소로 인증기관(CA)을 포함하고 있다. SET은 고객과 상인, 상인과 은행간의 안전한 거래를 지원하기 위해 여러 가지의 강력한 암호화 알고리즘을 채용하고 있으며 이러한 SET의 보안성은 전자 상거래의 보급에 커다란 기여를 할 것으로 예상된다. 본 논문에서는 기존의 전자 지불 방식을 특성별로 분류하여 그 기능과 구성에 대해 검토하고 SET에서 사용된 보안 기술과 SET을 기반으로 하는 전자지불 시스템의 기능과 특성을 검토·분석한다.

• Review of KIISC
• /
• v.31 no.3
• /
• pp.7-12
• /
• 2021

사이버 공간은 제4차 산업혁명의 진전과 5세대 이동통신(5G) 시대의 도래로 초연결사회의 핵심요소로 등장하였다. 하지만 이러한 사이버공간 활용성의 증대와 함께 취약성도 증대하고 있어 사이버상의 산업기술 유출 역시 증가할 전망이다. 실제로 국내외에서 중소기업, 대기업을 막론하고 다양한 사이버공격을 통한 산업기술 유출 사례가 속속 보고되고 있다. 특히, 과거 No Tech상의 사이버공격에서 APT, 다크웹, 클라우드 서비스 등 High Tech를 이용하는 고도화된 사이버공격으로 진화하고 있다. 이는 기업의 영업비밀 유출 노하우 손실, 일자리와 경쟁우위 손실 등 경제력 손실과 평판 하락에 큰 영향을 미친다. 이에 본 논문에서는 국내외 사이버공격을 통한 산업기술 유출사고의 영향력을 산정하고 이에 대한 시사점을 서술 한다.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2013.10a
• /
• pp.154-155
• /
• 2013

This paper presents a user authentication scheme for healthcare application using wireless sensor networks, where wireless sensors are used for patients monitoring. These medical sensors' sense the patient body data and transmit it to the professionals. Since, the data of an individual are highly vulnerable; it must ensures that patients medical vital signs are secure, and are not exposed to an unauthorized person. In this regards, we propose a user authentication scheme for healthcare application using medical sensor networks. The proposed scheme includes: a novel two-factor user authentication, where the healthcare professionals are authenticated before access the patient's body data; a secure session key is establish between the patient sensor node and the professional at the end of user authentication. Furthermore, the analysis shows that the proposed scheme is safeguard to various practical attacks and achieves efficiency at low computation cost.