• Journal of Internet Computing and Services
• /
• v.17 no.6
• /
• pp.81-91
• /
• 2016

VANET is one of the most developed technologies many people have considered a technology for the next generation. It basically utilizes the wireless technology and it can be used for measuring the speed of the vehicle, the location and even traffic control. With sharing those information, VANET can offer Cooperative ITS which can make a solution for a variety of traffic issues. In this way, safety for drivers, efficiency and mobility can be increased with VANET but data between vehicles or between vehicle and infrastructure are included with private information. Therefore alternatives are necessary to secure privacy. If there is no alternative for privacy, it can not only cause some problems about identification information but also it allows attackers to get location tracking and makes a target. Besides, people's lives or property can be dangerous because of sending wrong information or forgery. In addition to this, it is possible to be information stealing by attacker's impersonation or private information exposure through eavesdropping in communication environment. Therefore, in this paper we propose Privacy Assurance Architecture for VANET to ensure privacy from these threats.

• Journal of the Korea Society of Computer and Information
• /
• v.19 no.7
• /
• pp.17-25
• /
• 2014

In the devices that leave video records, it is an important issue to distinguish whether the input image is a real object or a photo when securing an identifying image. Using a single image and sensor, which is a simple way to distinguish the target from distance measurement has many weaknesses. Thus, this paper proposes a way to distinguish a simple photo and a real object by using stereo images. It is not only measures the distance to the target, but also checks a three-dimensional effect by making the depth map of the face area. They take pictures of the photos and the real faces, and the measured value of the depth map is applied to the learning algorithm. Exactly through iterative learning to distinguish between the real faces and the photos looked for patterns. The usefulness of the proposed algorithm was verified experimentally.

• Journal of Information Technology Application
• /
• v.3 no.2
• /
• pp.83-102
• /
• 2001

Internet-based shopping business spread rapidly in Korea. Companies are trying to develop and use various strategic competences. The strategies employed by those companies include activities related to the design of shopping site, market positioning, assistance of purchasing process, payment mechanism, and provision of various consumer services. However, the success of these strategies depends on various environmental factors and internal capability of the companies. In this study, I examined four successful Internet shopping mall companies and compared them to draw useful guidelines for Internet-based intermediary business. These four companies were selected because they are all considered successful by now, but brought different background. We found follows. First, each company tried to economize their own historical and developmental background. All of the selected companies were alike in their focus on the whole Internet user group. Customer needs analysis was performed more systematically. The Importance of customer information and the use of it are not sufficient. Second, Each companies consistently emphasized the importance of market-related activities. Despite the differences in initial states, all companies used similar strategies and had similar focus in target market and products. Conclusively, implications from this research for Internet shopping business can be summarized as follows. First, One of the important future directions for Internet shopping mall business is to broaden target market. Second, the provisions of carefully designed customized services are one success factor. Third, As customer traffic increased, the provision of differential customer service becomes a key success factor.

• Korean Security Journal
• /
• no.53
• /
• pp.11-33
• /
• 2017

Terrorism has existed in the entire human history and has become a significant topic in criminology while prior studies has focused on North Korea as the perpetrator, and this prevents an in-depth discussion of the international trends of terrorism. As soft targets are the main target of new terrorism and because we never ignore the significance of the consequences, there are needs for more studies on the topic. This study conducted a case study of major terrorism attacks and surveyed professionals in the field via an AHP analysis in order to find the characteristics of terrorism and its potential patterns in South Korea. As a result, we found that North Korea or the left-wing may utilize homemade bomb, motor vehicle or drone for the purpose of attacking multi-use facilities in South Korea. For policy implications, we insist developing a better CPTED approach on those facilities, improving professionalism of cyber-watchdog via more training and education, stricter control on drone permit, and operation of counseling centers for preventing radicalization.

• Convergence Security Journal
• /
• v.19 no.2
• /
• pp.83-89
• /
• 2019

In accordance with information security compliance and security regulations, there is a need to develop regular and real-time concepts for cyber-infringement attacks against network system vulnerabilities in branch and periodic forms. Vulnerability Analysis Analysis It is judged that it will be a countermeasure against new hacking attack in case of concept validation by interworking with TOOL. Vulnerability check module is standardized in event attribute management and ease of operation. Opening in terms of global sharing of vulnerability data, owasp zap / Angry ip Etc. were investigated in the SIEM system with interlocking design implementation method. As a result, it was proved that the inspection events were monitored and transmitted to the SIEM console by the vulnerability module of web and network target. In consideration of this, ESM And SIEM system In this paper, we propose a new vulnerability analysis method based on the existing information security consultation and the results of applying this study. Refer to the integrated interrelationship analysis and reference Vulnerability target Goal Hacking It is judged to be a new active concept against invasion attack.

• Journal of the Korea Society of Computer and Information
• /
• v.28 no.5
• /
• pp.57-66
• /
• 2023

In this paper, a research trend of attack graph studies for Cyber-Physical System (CPS) environments is surveyed, and we analyse the limitations of previous works and prospect the future directions. 35 among around 150 attack graph studies conducted within 5 years target CPS, and we inspect key features of CPS environment in the security aspect. Also, we categorize and analyze target studies in the aspect of modelling physical systems and considering air gaps, which are derived as key features of the security aspects of CPS. Half of 20 research that we surveyed do not reflect those two features, and other studies only consider one of the two features. In this circumstance, we examine challenges that attack graph studies on CPS environment face. Finally, we expect state-led studies or studies targeting open-spec commercial CPS will dominate.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.6
• /
• pp.939-946
• /
• 2023

In the hyper-connected network, which network equipment is diverse and network structure is complex, the attack surface has also increased. In this environment, MTD(Moving Target Defense) technology is being researched as a method to fundamentally defend against cyber attacks by actively changing the attack surface. network-based MTD technologies are being widely studied. However, in order for network address mutation technology to be applied within the existing fixed IP-based system, research is needed to determine what impact it will have. In this paper, we studied the impact of applying network address mutation technology to the existing network protection system. As a result of the study, factors to be considered when firewall, NAC, IPS, and network address mutation technologies are operated together were derived, and elements that must be managed in network address mutation technology for interoperability with the network analysis system were suggested.

• Electronics and Telecommunications Trends
• /
• v.35 no.1
• /
• pp.12-24
• /
• 2020

To keep pace with other powerful nations in this era of the era of digitalization and to emerge stronger in the world, the defense forces of South Korea aim to innovate and prepare themselves for digital battlefields of possible wars in the future. The resources in the defense sector, which is the core of defense intelligence, is based on an intelligent mission collaboration tactical network system via cyber, command, control, communication, and computer (C4), and military and non-human weapons. Defense intelligence depends on the degree of the convergence of advanced Information and communication technologies (ICTs). Considering this aspect of defense intelligence, We plan to determine the application status of defense blockchain technology and examine the feasibility of applying blockchain technology and the core of applied technology. Generally, a key feature of blockchain technology is its data integrity in untrusted environments. There are various types of core technologies for the blockchain depending on the target areas of application in the defense sector, and it is also essential to derive new application strategies for core technologies that are applied in combination with other ICT technologies. We plan to demonstrate new defense ICT converged technologies (DNAB2: Data, Network, AI, BigData, Blockchain) and DNAB2-As-Services in the defense strategy.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.20 no.3
• /
• pp.189-194
• /
• 2020

Most cyber breaches are caused by APT attacks using malware. Hackers use the email system as a medium to penetrate the target. It uses e-mail as a method to access internally, destroys databases using long-term collected vulnerabilities, and illegally acquires personal information through system operation and ransomware. As such, the e-mail system is the most friendly and convenient, but at the same time operates in a blind spot of security. As a result, personal information leakage accidents can cause great damage to the company and society as a whole. This study intends to suggest an effective methodology to securely manage the APT attack by strengthening the security configuration of the e-mail system operating in the enterprise.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.12 no.9
• /
• pp.4512-4526
• /
• 2018

The Internet of Things (IoT) has become an emerging industry that is broadly used in many fields from industrial and agricultural manufacturing to home automation and hospitality industry. Because of the sheer number of connected devices transmitting valuable data, the IoT infrastructures have become a main target for cyber-criminals. One of the key challenges in protecting IoT devices is the lack of security measures by design. Although there are many hardware and software based security solutions (firewalls, honeypots, IPDS, anti-virus etc.) for information systems, most of these solutions cannot be applied to IoT devices because of the fact that IoT devices have limited computing resources (CPU, RAM,). In this paper, we propose a honeypot system called HoneyThing for modem/router devices (i.e. a kind of IoT device). HoneyThing emulates TR-069 protocol which is prevalent protocol used to remotely manage customer-premises equipment (CPE) devices, e.g. modems, routers. Honeything also serves an embedded web server simulating a few actual, critical vulnerabilities associated with the implementation of TR-069 protocol. To show effectiveness of the HoneyThing in capturing real world attacks, we have deployed it in the Internet. The obtained results are highly promising and facilitate to reveal network attacks targeting to CPE devices.