• KIPS Transactions on Computer and Communication Systems
• /
• v.5 no.8
• /
• pp.197-210
• /
• 2016

Lately smartphone uasage is increasing and many Internet of Things (IoT) devices support wireless communications. Accordingly, small base stations which called femtocells are supplied to prevent saturation of existing base stations. However, unlike the original purpose of the femtocell with the advanced hacking technologies, Vulnerability such as gaining the administrator authority was discovered and this can cause serious problems such as the leakage of personal information of femtocell user. Therefore, identify security threats that may occur in the femtocell and it is necessary to ways for systematic vulnerability analysis. In this paper, We analyzed the security threats that can be generated in the femtocell and constructed a checklist for vulnerability analysis using the Threat Modeling method. Then, using the constructed checklist provides a scheme that can improve the safety of the femto cell through the actual analysis and taken the results of the femtocell vulnerabilities analysis.

• Proceedings of the Korean Society of Disaster Information Conference
• /
• 2017.11a
• /
• pp.231-232
• /
• 2017

건설업은 전체 산업중 두 번째로 높은 재해율을 보이는 산업이다. 그중 거푸집 작업의 재해율은 건설업 재해율의 24%를 차지하고 있다. 거푸집 공사에서 발생하는 재해비율은 추락(30.4%), 물체에 맞음(20.8%), 넘어짐(19.1%), 부딪힘(13.1%), 끼임(8.3%)이다. 이중 가장 높은 비율을 차지하고 있는 추락에 대해서 재해요인 분석을 통하여 체크리스트를 개발 하였다. 본 연구에서 개발한 체크리스트를 중소규모 건설현장의 거푸집 공사에 적용한 결과 안전관리의 취약점을 파악할 수 있었다. 본 연구의 결과가 중소규모 건설현장에 적용하여 보다 효율적인 안전관리에 기여할 수 있기를 기대한다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.6
• /
• pp.1523-1537
• /
• 2018

The AI speaker is a simple operation that provides users with useful functions such as music playback, online search, and so the AI speaker market is growing at a very fast pace. However, AI speakers always wait for the user's voice, which can cause serious problems such as eavesdropping and personal information exposure if exposed to security threats. Therefore, in order to provide overall improved security of all AI speakers, it is necessary to identify potential security threats and analyze them systematically. In this paper, security threat modeling is performed by selecting four products with high market share. Data Flow Diagram, STRIDE and LINDDUN Threat modeling was used to derive a systematic and objective checklist for vulnerability checks. Finally, we proposed a method to improve the security of AI speaker by comparing the vulnerability analysis results and the vulnerability of each product.

• Korean Security Journal
• /
• no.55
• /
• pp.117-141
• /
• 2018

Police crime statistics report that residential housing such as apartment, low rise, detached houses is the second most vulnerable to crime, which is closely followed by the number of street crimes. Also residential houses are often exposed to quality-of-life crime, e.g burglary. It threatens the basic human rights of house residents in terms of safety and comfort within the urban living environment. This study examines related precedent studies regarding the vulnerability of residential housing including studios, multi-family housing from the viewpoint of crime prevention through environment design(CPTED), extracted the elements and items suitable for the safety of residential facilities and the certification evaluation indicators and check items to be the basis for the checklist are derived. Based on these evaluation indicators and inspection items, we conducted on-site surveys of residential facilities in three areas of Seoul, Yongin and Asan, and the final draft of the checklist was revised based on the results of the field survey. There are 43 items on the 7 fields of evaluation in the final version of checklist, 11 items in the management and operation, 20 items in the surveillance, 7 items in the access control, 1 item in the territoriality, 2 items in the activity support, and 2 items in the security and safety facilities. In addition, various points of interest were added to allow the administrator of the residential facility to earn points for special measures taken for safety. This checklist can be appropriately modified and utilized in consideration of the characteristics of each facility. Korean national police agency has CPOs to check the residential facilities in their jurisdiction using checklists and to certify excellent facilities with high level of safety.

• KIPS Transactions on Computer and Communication Systems
• /
• v.6 no.3
• /
• pp.143-158
• /
• 2017

Smart Home Appliance which makes people to operate machines in the home by remote control is service or technology to provide convenience. It is close to home, so it has privacy problem and security problem. If Smart Home Applications is attacked, Scale of damage is anticipated. In case of products from overseas country, various vulnerability has been announced every year. Therefore, It is necessary to identify and to analysis threats of Smart Home Appliance using systematically method for using safe Smart home appliance service. In this paper, we present check list for identifying and analyzing threats using Threat Modeling and then we analyzed the Domestic Smart Home Appliance using check list which we present.

• KIPS Transactions on Computer and Communication Systems
• /
• v.2 no.10
• /
• pp.445-460
• /
• 2013

Mobile applications today are being offered as various services depending on the mobile device and mobile environment of users. This increase in mobile applications has shifted the spotlight to their vulnerability. As an effective method of security verification, this paper proposes "phase-wise security verification for the implementation of mobile applications". This method allows additional security verification by covering specific items across a wider range compared to existing methods. Based on the identified weaknesses, it detects the cause of vulnerability and monitors the related settings.

• Convergence Security Journal
• /
• v.22 no.2
• /
• pp.77-90
• /
• 2022

Domestic and foreign automakers compete to lead the autonomous vehicle industry through continuously developing self-driving technologies. These self-driving technologies are evolving with dependencies on the connection between vehicles and other objects such as the environment of cars and roads. Therefore, cyber security vulnerabilities become more likely to occur in the self-driving environment, so it is necessary to prepare for them carefully. In this paper, we model the threats in autonomous vehicles and make the checklist to securely countermeasure them.

• Smart Media Journal
• /
• v.11 no.11
• /
• pp.75-83
• /
• 2022

NIST in the United States has developed SCAP, a protocol that enables automated inspection and management of security vulnerability using existing standards such as CVE and CPE. SCAP operates by creating a checklist using the XCCDF and OVAL languages and running the prepared checklist with the SCAP tool such as the SCAP Workbench made by OpenSCAP to return the check result. SCAP checklist files for various operating systems are shared through the NCP community, and the checklist files include ID, title, description, and inspection method for each item. However, since the inspection items are simply listed in the order in which they are written, so it is necessary to classify and manage the items by type so that the security manager can systematically manage them using the SCAP checklist file. In this study, we propose a method of extracting the description of each inspection item from the SCAP checklist file written in OVAL language, classifying the categories through a machine learning model, and outputting the SCAP check results for each classified item.

• Journal of the Korea Institute of Building Construction
• /
• v.17 no.6
• /
• pp.587-594
• /
• 2017

The construction industry generates the greatest number of disasters. Laborer injury at construction sites is mostly reported by small and mid-sized construction sites. Moreover, of the injuries, the greatest number is related to formwork. The objective of this study is to propose a checklist of the risk factors of formwork, in which industrial injuries occur most frequently in small and mid-sized construction sites, with which safety management can be done thoroughly. Risk factors and preventive measures are derived by analyzing 9,396 industrial disasters occurring at construction sites in Korea. The checklist drawn in this study was reviewed by five specialists in safety management, and applied to construction sites to verify its applicability. In a result, applying the checklist to the site showed that the safety management system of small and medium-sized construction sites were insufficient. It is expected to contribute to the effective safety management of small and mid-sized construction sites.

• Journal of Convergence for Information Technology
• /
• v.11 no.10
• /
• pp.144-150
• /
• 2021

The purpose of this paper is to review the direction of the slicing security policy, which is a major consideration in the context of standardization in 5G communication network security, to derive security vulnerability diagnosis items, and to present about analyzing and presenting the issues of discussion for 5G communication network virtualization. As for the research method, the direction of virtualization security policy of 5G communication network of ENISA (European Union Agency for Cybersecurity), a European core security research institute, and research contents such as virtualization security policy and vulnerability analysis of 5G communication network from related journals were used for analysis. In the research result of this paper, the security structure in virtualization security of 5G communication network is arranged, and security threats and risk management factors are derived. In addition, vulnerability diagnosis items were derived for each security service in the risk management area. The contribution of this study is to summarize the security threat items in 5G communication network virtualization security that is still being discussed, to be able to gain insights of the direction of European 5G communication network cybersecurity, and to derive vulnerabilities diagnosis items to be considered for virtualization security of 5G communication network. In addition, the results of this study can be used as basic data to develop vulnerability diagnosis items for virtualization security of domestic 5G communication networks. In the future, it is necessary to study the detailed diagnosis process for the vulnerability diagnosis items of 5G communication network virtualization security.