• Convergence Security Journal
• /
• v.12 no.6
• /
• pp.77-84
• /
• 2012

Recent Security Programs are widely used to improve the security of Client Systems in the Web authentication. Security Program is provide the function of the Keyboard Security and Certificate Management, Vaccines, Firewall. in particular, This Security Program has been used Financial Institutions and Government Agencies, and some private corporate Home Page. and ActiveX is used to install the Security Program. but Security Programs caused by several security vulnerabilities and problems as they appear, are threat to the stability of the Client System. Therefore, This paper will be analyzed through Case Studies and Experiments to the Vulnerabilities and Problems of Security Program and This Is expected to be utilized to further improve the performance of the Security Program and the building of a new Certification Scheme for material in the future.

• Proceedings of the KAIS Fall Conference
• /
• 2009.05a
• /
• pp.386-389
• /
• 2009

SCADA 시스템은 대개 생산 공정을 감시하고 제어하는데 사용되는 소프트웨어 패키지로써, 대부분 대규모 플랜트 상태를 감시하고 제어하기 위해 사용된다. 특히, 전력, 댐 철도, 원자력 등과 같은 주요 핵심기반시설에서 이를 활용한다. 기존 SCADA 시스템은 일반적으로 분리된 독자적 네트워크상에서 존재했기 때문에 보안에 소홀할 수밖에 없었다. 그러나 최근 기업정보시스템과의 연동 필요성으로 인해 아주 적게나마 원격에서 접속가능한 지점이 존재하고 이로 인한 취약성이 드러나고 있다. 이처럼 외부 공격에서의 취약성 분석을 통한 연구는 현재 진행 중에 있지만, 물리적인 접속을 통한 RTU Master와 Slave의 데이터를 직접적인 변조에 대한 연구는 이루어지지 않고 있다. Modbus RS485통신을 사용하는 SCADA 시스템의 특성상 RTU Master와 Slave는 RJ11 케이블을 통해 1km까지도 연결될 수 있는 상황이므로, 이러한 케이블에 물리적인 접속을 통하여 데이터를 Sniffing하고 Spoofing하는 것이 가능하다. 따라서 본 논문에서는 이러한 물리적인 접속을 통한 데이터 변조 공격에 대비하기 위하여 RSS를 활용한 보안 향상 방안에 대하여 연구하였고, 이러한 데이터 변조 공격을 검출해 낼 수 있는 모니터링 시스템에 대하여 제안하였다.

• Journal of Korea Society of Industrial Information Systems
• /
• v.8 no.1
• /
• pp.62-74
• /
• 2003

Information security becomes a critical attribute to corporate information systems as increased strategic an operational reliance on information systems. Current proliferation of password requires more attention on information security because its nature of external connection with password user makes information systems more vulnerable from various threats are an important element of information systems management. This study focused on two issues : (1) the relationships between risk management factors(asset, threat, vulnerability) and risk level affected by threat, (2) the relationships between risk level and key password characteristics(length, composition, lifetime, selection method).

• The Journal of Korean Institute of Electromagnetic Engineering and Science
• /
• v.18 no.1 s.116
• /
• pp.76-81
• /
• 2007

In this paper, we analyzed the vulnerability of information leakage due to the leakage electromagnetic waves of a PC keyboard. First, we reviewed the keyboard protocol and hardware structure, we analyzed the correlation between the data signal, which is transmitted from the keyboard to the main body, and the leakage signal on the power cable. With the result, we grasped the cause of the Conducted Emission of a PC keyboard. Also, we compared the limit level of the CISPR 22 standard with the amplitude of the keyboard leakage electromagnetic waves we calculated. By analyzing the signal on the power cable of the PC main body through the simple experiment, we show that it is possible to extract the contents of the PC key. Therefore it is verified that the secret information of the PC user could leak out.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.13 no.4
• /
• pp.47-62
• /
• 2003

Patch distribution is one of important processes to fix vulnerabilities of software and to ensure security of systems. Since an institute or a company has various operating systems or applications, it is not easy to update patches promptly. In this paper, we propose a secure patch distribution architecture with an authentication mechanism, a security assurance mechanism, a patch integrity assurance mechanism, and an automatic patch installation mechanism. We argue that the proposed architecture improve security of patch distribution processes within a domain.

• Journal of KIISE:Computing Practices and Letters
• /
• v.14 no.2
• /
• pp.246-250
• /
• 2008

This paper presents the design of network vulnerability analysis system which can integrate various vulnerability assessment tools to improve the preciseness of the vulnerability scan result. Manual checking method performed by a security expert is the most precise and safe way. But this is not appropriate for the large-scale network which has a lot of systems and network devices. Therefore automatic scanning tool is recommended for fast and convenient use. The scanning targets may be different according to the kind of vulnerability scanners, or otherwise even for the same scanning target, the scanning items and the scanning results may be different by each vulnerability scanner, Accordingly, there are the cases in which various scanners, instead of a single scanner, are simultaneously utilized with the purpose of complementing each other. However, in the case of simultaneously utilizing various scanners on the large-scale network, the integrative analysis and relevance analysis on vulnerability information by a security manager becomes time-consumable or impossible. The network vulnerability analysis system suggested in this paper provides interface which allows various vulnerability assessment tools to easily be integrated, common policy which can be applied for various tools at the same time, and automated integrative process.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.6
• /
• pp.1539-1552
• /
• 2018

The necessity of establishing a more secure cyber security system is emerging to protect NPP against cyber attacks as nuclear facilities become increasingly reliant on digital system. Proper security measures should be established through periodic analysis and evaluation of vulnerabilities. However, as Nuclear facilities has safety characteristics as their top priority and it requires a lot of time and cost to construct regarding the activities for vulnerability analysis, it is difficult to apply the existing vulnerability analysis environment and analysis tools. In this study, We propose a analytical vulnerability assessment method to overcome the limitations of existing vulnerability analysis methods through analysis the existing vulnerability analysis methods and the issues to be considered when applying the vulnerability analysis method.

• Journal of Climate Change Research
• /
• v.3 no.1
• /
• pp.13-24
• /
• 2012

CCGIS (Climate Change Adaptation Toolkit based on GIS) was developed to use as a tool for the climate change assessment and any relevant tasks involving climate change adaptation policy over Korean peninsula. The main objective of CCGIS is to facilitate an efficient and relevant information for the estimation of climate change vulnerability index by providing key information in the climate change adaptation process. In particular, the atmospheric modeling system implemented in CCGIS, which is composed of climate and meteorological numerical model and the atmospheric environmental models, were used as a tool to generate the climate and environmental IPCC SRES (A2, B1, A1B, A1T, A1FI, and A1 scenarios) climate data for the year of 2000, 2020, 2050, and 2100. This article introduces the components of CCGIS and describes its application to the Korean peninsula. Some examples of the CCGIS and its use for both climate change adaptation and estimation of vulnerability index applied to Korean provinces are presented and discussed here.

• KSCE Journal of Civil and Environmental Engineering Research
• /
• v.26 no.5B
• /
• pp.489-499
• /
• 2006

The Potential Flood Damage (PFD) is widely used for representing the degree of potential of flood damage. However, this cannot be related with the design frequency of river basin and so we have difficulty in the use of water resources field. Therefore, in this study, the concept of Potential Risk for Flood Damage Occurrence (PRFD) was introduced and estimated, which can be related to the design frequency. The PRFD has three important elements of hazard, exposure, and vulnerability. The hazard means a probability of occurrence of flood event, the exposure represents the degree that the property is exposed in the flood hazard, and the vulnerability represents the degree of weakness of the measures for flood prevention. Those elements were devided into some sub-elements. The hazard is explained by the frequency based rainfall, the exposure has two sub-elements which are population density and official land price, and the vulnerability has two sub-elements which are undevelopedness index and ability of flood defence. Each sub-elements are estimated and the estimated values are rearranged in the range of 0 to 100. The Analytic Hierarchy Process (AHP) is also applied to determine weighting coefficients in the equation of PRFD. The PRFD for the Anyang river basin and the design frequency are estimated by using the maximum rainfall. The existing design frequency for Anyang river basin is in the range of 50 to 200. And the design frequency estimation result of PRFD of this study is in the range of 110 to 130. Therefore, the developed method for the estimation of PRFD and the design frequency for the administrative districts are used and the method for the watershed and the river channel are to be applied in the future study.

• Journal of KIISE:Information Networking
• /
• v.31 no.2
• /
• pp.207-216
• /
• 2004

IPsec protocol has been developed to provide security services to Internet. Recently IPsec is implemented on the various operating systems Hence, it is very important to evaluate the stability of the Ipsec protocol as well as other protocols that provide security services. However, there has been little effort to develop the tools that require to evaluate the stability of IPsec protocols. Therefore, in this paper, we develope the security requirements and suggest a security evaluation system for the Internet packet protection protocols that provide security services at the If level that can be used to check if the security protocols Provide the claimed services correctly This system can be used as debugging tool for developing IPsec based security system.