• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.2
• /
• pp.471-484
• /
• 2018

Recently, cyber threats are frequently occurring in ICS(industrial control systems) of government agencies, infrastructure, and manufacturing companies. In order to cope with such cyber threats, it is necessary to apply CTI to ICS. For this purpose, a security information collection system is needed. However, it is difficult to install security solution in control devices such as PLC. Therefor, it is difficult to collect security information of ICS. In addition, there is a problem that the security information format generated in various assets is different. Therefore, in this paper, we propose an efficient method to collect ICS security information. We utilize CybOX/STIX/TAXII CTI models that are easy to apply to ICS. Using this model, we designed the formats to collect security information of ICS assets. We created formats for system logs, IDS logs, and EWS application logs of ICS assets using Windows and Linux. In addition, we designed and implemented a security information collection system that reflects the designed formats. This system can be used to apply monitoring system and CTI to future ICS.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.13 no.6
• /
• pp.3280-3298
• /
• 2019

Vehicular ad-hoc networks (VANETs) have become increasingly significant in intelligent transportation systems, they play a great role in improving traffic safety and efficiency. In the deployment of intelligent VANETs, intelligent vehicles can efficiently exchange important or urgent traffic information and make driving decisions. Meanwhile, secure data communication and vehicle's identity privacy have been highlighted. To cope with these security issues, in this paper, we construct an efficient anonymous authentication scheme with secure communication in intelligent VANETs. Combing the ElGamal encryption technique with a modified Schnorr signature technique, the proposed scheme provides secure anonymous authentication process for encrypted message in the vehicle-to-infrastructure communication model, and achieves identity privacy, forward security, and reply attack resistance simultaneously. Moreover, except the trusted authority (TA), any outside entity cannot trace the real identity of an intelligent vehicle. The proposed scheme is designed on an identity-based system, which can remove the costs of establishing public key infrastructure (PKI) and certificates management. Compared with existing authentication schemes, the proposed scheme is much more practical in intelligent VANETs.

• Journal of the Korea Society of Computer and Information
• /
• v.24 no.9
• /
• pp.35-42
• /
• 2019

In this paper, we propose an approach to apply network-based moving target defense into Internet of Things (IoT) networks. The IoT is a technology that provides the high interconnectivity of things like electronic devices. However, cyber security risks are expected to increase as the interconnectivity of such devices increases. One recent study demonstrated a man-in-the-middle attack in the statically configured IoT network. In recent years, a new approach to cyber security, called the moving target defense, has emerged as a potential solution to the challenge of static systems. The approach continuously changes system's attack surface to prevent attacks. After analyzing IPv4 / IPv6-based moving target defense schemes and IoT network-related technologies, we present our approach in terms of addressing systems, address mutation techniques, communication models, network configuration, and node mobility. In addition, we summarize the direction of future research in relation to the proposed approach.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2018.10a
• /
• pp.647-650
• /
• 2018

With the advent of advanced technologies in the real world, the cyber domain has become wider and cyber threats are increasing. A cyber threat intelligence sharing system is needed to more effectively defend and respond to such cyber threats. Through the definition of cyber threat information expression standard, it enables rapid sharing, consistent analysis, and automated interpretation of cyber threat information possessed by individual security control providers or organizations.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.5
• /
• pp.1223-1234
• /
• 2016

The Industrial control system is adopted by various industry field and national infrastructure, therefore if it received cyber attack, the serious security problems can be occured in the public sector. For this reason, security requirements of the industrial control system have been proposed, in accordance with the security guidelines of the electronic control system, and it is operated by separate from the external and the internal network. Nevertheless, cyber attack by malware (such as Stuxnet) targeting to control system have been occurred continuously, and also the real-time detection of untrusted traffic is very difficult because there are some difficulty of keeping up with quickly evolving the advent of new-variant malicious codes. In this paper, we propose the traffic analysis architecture for providing secure industrial control system based on the analyzed the security threats, the security requirements, and our proposed architecture.

• Journal of Advanced Navigation Technology
• /
• v.15 no.6
• /
• pp.1220-1227
• /
• 2011

According to the development of IT technology, life itself is becoming the change to Knowledge-based systems or information-based systems. However, the development of IT technology, the cyber attack techniques are improving. And DDoS a crisis occurs frequently, such as cyber terrorism has become a major data leakage. In addition, the various paths of attack from malicious code entering information in the system to work for your company for loss and damage to information assets is increasing. In this environment, the need to preserve the organization and users of information assets to perform ongoing inspections risk management processes within the organization should be established. Processes and managerial, technical, and physical systems by establishing an information security management system should be based. Also, we should be introduced information security product for protecting internal assets from the threat of malicious code incoming to inside except system and process establishment. Therefore we proposed enterprise and government information security enhancement scheme through the introduction of information security management system and information security product in this paper.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.15 no.6
• /
• pp.1320-1326
• /
• 2011

National institutions on the importance of information security is being recognized, information security laws are being discussed in Congress 3.4 DDoS incident and Nonghyup hacking, etc. However, National Assembly Secretariat when the results of the Information Security Consulting has been assessed very low 61.2 points, evaluation of hardware and software in secure areas were vulnerable. This paper, the legislative support agencies National Assembly and National Assembly Secretariat on the network and computer systems, and managerial, technical and physical security elements are analyzed for the status. And network should have the legislative support agencies and system for the physical network separation, DDoS attack response, Virus attack response, hacking attacks response, and Cyber Emergency Response Team/Coordination Center for Cyber infringing design and research through the confidentiality, integrity, availability, access control, authentication and security analysis is based on the evaluation criteria. Through this study, the legislative support agencies to strengthen the security of data and security laws enacted to provide the basis for.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2016.05a
• /
• pp.301-304
• /
• 2016

Cyber world constitute the infrastructure of the country and its people and control. Cyber attacks and leakage of personal information are being threatened damage to the national economy and national security. December 2014 had been cyber hacking attacks on Korea Hydro & Nuclear Power Nuclear cooling system design drawings of a spill, and Cheong Wa Dae website hacked, KBS stations occurred in cyber hacking accidents. As a result, ICT-based Protection Act, Promotion of Information and Communications Network Utilization and Information Act on Protection, etc., privacy laws are being enforced, personal information in the form of requirements from leading high-tech eoryeowoona is to prevent the attacks of armed hackers Internet information society It proposes positive measures to keep your personal information officer and laws.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.14 no.2
• /
• pp.369-376
• /
• 2019

This paper studies desirable form of future e-government in terms of intelligent government research in response to new intelligent cyber security services in the fourth industrial revolution. Also, the strategic planning of the future e-government has been contemplated in terms of the centralization and intellectualization which are significant characteristics of the fourth industrial revolution. The new system construction which is applied with security analysis technology using big data through advanced relationship analysis is suggested in the paper. The establishment of the system, such as SIEM(Security Information & Event Management), which anticipatively detects security threat by using log information through big data analysis is suggested in the paper. Once the suggested system is materialized, it will be possible to expand big data object, allow centralization in terms of e-government security in the fourth industrial revolution, boost data process, speed and follow-up response, which allows the system to function anticipatively.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2021.05a
• /
• pp.635-637
• /
• 2021

Cybersecurity assessment is the process of assessing the risk level of a system through threat and vulnerability analysis to take appropriate security measures. Accurate security evaluation models are needed to prepare for the recent increase in cyberattacks and the ever-developing intelligent security threats. Therefore, we present a risk assessment model through a matrix-based security assessment model analysis that scores by assigning weights across security equipment, intervals, and vulnerabilities. The factors necessary for cybersecurity evaluation can be simplified and evaluated according to the corporate environment. It is expected that the evaluation will be more appropriate for the enterprise environment through evaluation by security equipment, which will help the cyber security evaluation research in the future.