• Proceedings of the Korean Institute of Navigation and Port Research Conference
• /
• 2023.11a
• /
• pp.64-65
• /
• 2023

The purpose of this study was to assess the current status of cyber security at the Busan Port container terminal and derive strengthening factors through exploratory research. In recent years, the maritime industry has actively adopted Fourth Industrial Revolution technologies, resulting in changes in the form of ports, such as automated and smart terminals. While these changes have brought positive improvements in port efficiency, they have also increased the potential for cyber security incidents and threats, including information leakage through cargo handling equipment and ransomware attacks leading to terminal operations disruption. Especially in the case of ports, cyber security threats can have not only local effects within the port but also physical damage and implications for national security. However, despite the growing cyber security threats within ports, research related to domestic port cyber security remains limited. Therefore, this study aimed to identify factors for enhancing cyber security in ports and derive future enhancement strategies. The study conducted an analysis focusing on the Busan Port container terminal, which is one of the leading ports in South Korea actively adopting Fourth Industrial Revolution technologies, and conducted a survey of stakeholders in the Busan Port container terminal. Subsequently, exploratory factor analysis was used to derive strengthening factors. This study holds significance in providing directions for enhancing cyber security in domestic container ports in the future.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2022.05a
• /
• pp.243-245
• /
• 2022

In this paper, a policy to manage e-mail system with respect to the increase in cyber threats through e-mail will be proposed but only from the perspective of security. After covering recent trends on cyber threats through e-mail, security measures including technical, administrative and operational will be encountered in order to finalize the policy proposal.

• Journal of Advanced Navigation Technology
• /
• v.18 no.4
• /
• pp.353-358
• /
• 2014

In the past, security on control system was guaranteed by isolation of control system networks from external networks. However as devices of the control systems became more various and interaction between the devices became necessary, effective management system for such network emerged and this triggered connection between control system networks and external system networks. This made management of control system easier but also made control system exposed to various cyber attack threats, Therefore researches on appending security measures on each protocols are in progress. This paper focused on DNP(distributed network protocol)3 protocol which is used for communication between control center and substations. It describes characteristics of DNP3 protocol and research on adding security elements to the protocol. It also analyzed known vulnerabilities of DNP3 protocol and proposed data mining methodology for detecting such vulnerabilities.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.7 no.10
• /
• pp.2544-2560
• /
• 2013

As a cornerstone of the next generation air traffic management (ATM), automatic dependent surveillance-broadcast (ADS-B) system can provide continual broadcast of aircraft position, identity, velocity and other messages over unencrypted data links to generate a common situational awareness picture for ATM. However, since ADS-B messages are unauthenticated, it is easy to insert fake aircrafts into the system via spoofing or insertion of false messages. Unfortunately, the authentication for ADS-B messages has not yet been well studied. In this paper, we propose an efficient broadcast authentication scheme with batch verification for ADS-B messages which employs an identity-based signature (IBS). Security analysis indicates that our scheme can achieve integrity and authenticity of ADS-B messages, batch verification, and resilience to key leakage. Performance evaluation demonstrates that our scheme is computationally efficient for the typical avionics devices with limited resources, and it has low communication overhead well suitable for low-bandwidth ADS-B data link.

• Korean Chemical Engineering Research
• /
• v.60 no.4
• /
• pp.492-498
• /
• 2022

Process control systems used in most domestic petrochemical corporates today are based on the Windows platforms. As technology leans toward opened environment, the exposure risk of control systems is increasing. However, not many companies are preparing for various cyberattacks due to lack of awareness and misunderstanding of cyber intrusion. This study investigated the extent of how much exposed the petrochemical process control system is to security threats and suggested practical measures to reduce OT cybersecurity vulnerabilities. To identify the cyber threat status of process control systems, vulnerabilities of the Windows platform, a principal cyber threat factor, have been analyzed. For research, three major DCS providers in Korea and the discontinuation of Windows platform of 635 control systems were investigated. It was confirmed that 78% of the survey subjects were still operating in the discontinued windows platforms, and those process control systems were operated in a state vulnerable to cyber intrusions. In order to actively cope with these cyber threats, legal regulations such as designation of critical infrastructure for major petrochemical facilities which is implemented in advanced countries such as the United States are needed. Additionally, it is necessary to take the initiative in eradicating security threats to the process control systems by aggressively introducing security solutions provided from existing DCS suppliers. This paper was submitted to Professor Ko JaeWook's retirement anniversary issue.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.12 no.2
• /
• pp.906-918
• /
• 2018

The advent of the Internet of Things (IoT) technology, which brings many benefits to our lives, has resulted in numerous IoT devices in many parts of our living environment. However, to adapt to the rapid changes in the IoT market, numerous IoT devices were widely deployed without implementing security by design at the time of development. As a result, malicious attackers have targeted IoT devices, and IoT devices lacking security features have been compromised by attackers, resulting in many security incidents. In particular, an attacker can take control of an IoT device, such as Mirai Botnet, that has insufficient security features. The IoT device can be used to paralyze numerous websites by performing a DDoS attack against a DNS service provider. Therefore, this study proposes a scheme to minimize security vulnerabilities and threats in IoT devices to improve the security of the IoT service environment.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.12 no.6
• /
• pp.2881-2894
• /
• 2018

Cyber attacks are increasing continuously. On average about one million malicious codes appear every day, and attacks are expanding gradually to IT convergence services (e.g. vehicles and television) and social infrastructure (nuclear energy, power, water, etc.), as well as cyberspace. Analysis of large-scale cyber incidents has revealed that most attacks are started by PCs infected with malicious code. This paper proposes a method of detecting an attack IP automatically by analyzing the characteristics of the e-mail transfer path, which cannot be manipulated by the attacker. In particular, we developed a system based on the proposed model, and operated it for more than four months, and then detected 1,750,000 attack IPs by analyzing 22,570,000 spam e-mails in a commercial environment. A detected attack IP can be used to remove spam e-mails by linking it with the cyber removal system, or to block spam e-mails by linking it with the RBL(Real-time Blocking List) system. In addition, the developed system is expected to play a positive role in preventing cyber attacks, as it can detect a large number of attack IPs when linked with the portal site.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.13 no.5
• /
• pp.2610-2628
• /
• 2019

Advanced persistent threats (APTs) are constant attacks of specific targets by hackers using intelligent methods. All current internal infrastructures are constantly subject to APT attacks created by external and unknown malware. Therefore, information security officers require a framework that can assess whether information security systems are capable of detecting and blocking APT attacks. Furthermore, an on-line evaluation of information security systems is required to cope with various malicious code attacks. A regular evaluation of the information security system is thus essential. In this paper, we propose a dynamic updated evaluation framework to improve the detection rate of internal information systems for malware that is unknown to most (over 60 %) existing static information security system evaluation methodologies using non-updated unknown malware.

• Journal of Digital Contents Society
• /
• v.16 no.2
• /
• pp.345-353
• /
• 2015

Security Management System is a system which operates in the security control center for security control. All living things across the Internet in recent years, with the rapid increase in the subscriber base has increased the need for network security dramatically depending on yirueojim through web services, thus cyber security sheriff, I have a big issue to build a security management system, each agency and perform control tasks. But the security functional requirements for security management system would not specified exactly, in developing a security management system to build and design a situation that PP's needs require a lot of trouble. In this paper, we develop a Managed Security System Protection Profile for the security functional requirements specification of the security management system.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.18 no.4
• /
• pp.669-676
• /
• 2017

Recently, due to the importance of information security, security vulnerability analysis and various information protection technologies and security systems are being introduced as a countermeasure against cyber-attacks in new as well as existing buildings, and information security studies on high-rise buildings are also being conducted. However, security system introduction and research are generally performed from the viewpoint of general IT systems and security policies, so there is little consideration of the infrastructure of the building. In particular, the BAS or building infrastructure, is a closed system, unlike typical IT systems, but has unique structural features that accommodate open functions. Insufficient understanding of these system structures and functions when establishing a building security policy makes the information security policies for the BAS vulnerable and increases the likelihood that all of the components of the building will be exposed to malicious cyber-attacks via the BAS. In this paper, we propose an architecture reference model that integrates three different levels of BAS structure (from?) different vendors. The architectures derived from this study and the security characteristics and vulnerabilities at each level will contribute to the establishment of security policies that reflect the characteristics of the BAS and the improvement of the safety management of buildings.