• Journal of Korea Society of Digital Industry and Information Management
• /
• v.13 no.1
• /
• pp.103-111
• /
• 2017

Recently, new variants of Ransomware are becoming a new security issue. Ransomware continues to evolve to avoid network of security solutions and extort users' information to demand Bitcoin using social engineering technique. Ransomware is damaging to users not only in Korea but also in all around the world. In this thesis, it will present research solution to prevent and cope from damage by new variants Ransomware, by studying on the types and damage cases of Ransomware that cause social problems. Ransomware which introduced in this paper, is the most issued malicious code in 2016, so it will evolve to a new and more powerful Ransomware which security officers cannot predict to gain profit. In this thesis, it proposes 4 methods to prevent the damage from the new variants of Ransomware to minimize the damage and infection from Ransomware. Most importantly, if user infected from Ransomware, it is very hard to recover. Thus, it is important that users understand the basic security rules and effort to prevent them from infection.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.12 no.4
• /
• pp.41-49
• /
• 2016

Smart Grid is a next generation of new power growth electrical grid which provide high quality of electrical service by using Information Technologies to increase intelligence and performance. By using Smart Grid system, it can support energy management such as increase quality of electrical power, decrease energy and decrease emissions. However, Smart Grid uses information of energy consumption and when Smart Grid collects information, it will create private information. In this thesis, it will address issues of security private information which caused by Smart Grid for administrative measure and efficiency of Smart Grid in domestic. Also, cryptographic module algorithm, latest security solutions and strong wireless security policy for network environment such as wireless communication Iinternet are require for Smart Grid perform successfully and protect national power network equipment from cyber-attack and can stop leakage of user's personal information. Finally, it is urgent to prepare protection measures of National industrial facilities and power grid which can prepare for a cyber terrorism and penetration attacks and build emergency countermeasure management team for Smart Grid are require for safe Smart Grid environment.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.12 no.4
• /
• pp.89-96
• /
• 2016

Before an IT product is used, there is a sequence of the process such as the components supply-demand of the product, their assembly and production, their logistics and delivery, and then finally, the product can be used by a user. During this sequence of the process, there can be many security exposures and risks. In this paper, we show, by examining security cases of various IT products, that there are many security exposures in the process of IT products from their production to their delivery to end users and in their use, and also show how critical the security exposures are. Even though there are various security theories, technologies and security controls, there is still weak link from the production of an IT product to its use, and this weak link can lead to security vulnerabilities and risks. This paper tries to call attention to the importance of the execution of the security control and the control components. We examine the practical cases to find out how the security control is paralyzed, and to show how it is compromised by asymmetric security resources. Lastly, from the cases, we examine and review the possible domestic security issues and their countermeasures.

• International Commerce and Information Review
• /
• v.10 no.1
• /
• pp.217-236
• /
• 2008

The purpose of this paper is to discuss the impact of the New Container Security Initiatives of U.S., CSI(Container Security Initiative) and C-TPAT(Customs-Trade Partnership against Terrorism). The CSI which aims to pre-screen high-risk containers in ports of loading. It is a unilateral effort that seeks to develop bi-lateral agreements between the United States and foreign countries with significant container trade volumes into the U.S. C-TPAT is a voluntary initiative to develop cooperative security relationships between the U.S. government and U.S. firms in the global supply chain. Government and Industry have already responded with proposals to create more confidence in supply chain security. These proposals call for heightened inspection and scrutiny of the goods flowing through a supply chain, increased information exchange among participants of supply chain. While government and the private sector are working together to launch new initiative to create more secure and reliable supply chains, industry is rapidly exploring the potential of new technologies such as RFID. The security recommendations will eventually become the requirements to be complied with by importers and their supplier extending to the carriers. It is needed that Korean shippers involved in US importer's supply chain should pay attention to the requirements and start implementing the security measures.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.5 no.4
• /
• pp.99-108
• /
• 2009

In the security environments of heterogeneous multidatabase systems, not only the existing local autonomy but also the security autonomy as a new constraint are required. From global aspects, transactions maintain consistent data value when they assure serializability. Also, secure properties must protect these transactions and data values to prevent direct or indirect information effluence. This paper proposes scheduling algorithm for global transactions to ensure multilevel secure one-copy quasi-serializability (MLS/1QSR) in security environments of multidatabase systems with replicated data and proves its correctness. The proposed algorithm does not violate security autonomy and globally guarantees MLS/1QSR without indirect information effluence in multidatabase systems.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.1
• /
• pp.235-255
• /
• 2019

Recent technological advances and industry changes, the game industry is maximizing fun by supporting cross-play that can be enjoyed by different platform users in PC, Mobile and Console games. If the boundaries are lost through the cross play, unexpected security threats can occur due to new services, even if existing security is maintained above a certain level. The existing online game security researches are mostly fraud detection that can occur in PC and mobile environment, but it is also necessary to study the security of the console game as cross play becomes possible. Therefore, this paper systematically identifies the security threats that can occur when enjoying cross play against console game users using STRIDE and LINDDUN threat modeling, derives security requirements using the international common evaluation standard.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.14 no.4
• /
• pp.47-56
• /
• 2018

We analyzed security threats and suggested countermeasures about the block chain technologies which has emerged as a core technology of the fourth industrial revolution. We know that increasing the security leads to slow down program processing rate in the block chain systems. The block chain system which is currently an early stage of technological development, to become an economic and social infrastructure, development of technology and active policy implementation will be necessary. We studied on the security threats and countermeasures of the Bit Coin based on block chain. Further research should be undertaken on the possibility that future studies could have a real adverse effect on the integrity of the data.

• Convergence Security Journal
• /
• v.14 no.3_2
• /
• pp.3-12
• /
• 2014

The government was fully aware of the gravity of a recent massive leak of personal information of credit card users. Meanwhile, the government just took a light disciplinary action by imposing a fine, but it showed its intention to strengthen the regulations by taking the severest disciplinary action. The tightened regulations against personal information leak will be applied to the private security industry without exception to protect individual people's property and lives if such an incident occurs in that industry that deals with a wide variety of personal information such as CCTV data or privacy information all the time. The purpose of this study was to examine the state of the protection and management of personal information for service users among private security firms in an effort to suggest some reform measures. The findings of the study were as follows: First, administrators or managers who are involved with personal information protection should make a full-fledged effort to gather information. Second, counseling or related programs should be provided for small and mid-sized security firms to guarantee thorough personal information protection. Third, Korea Security Association should improve the educational system related to personal information protection to resolve problems with this education currently provided for managers and employees of these companies.

• Journal of Digital Convergence
• /
• v.11 no.10
• /
• pp.1-16
• /
• 2013

This study analyzed on local governmental role for strengthening of industry security in small and medium-sized businesses, Focused on case of Gyeonggido. In particular, Gyunggi-do evaluates various businesses (construction for cyber security businesses and revitalization of the private security control centers) which are promoted to strengthen industrial security in the region, by targeting SME representatives in various aspects. We focused on finding what role Gyeonggido can take to meet this demand has been explored. Based on the above research result, discuss ways to maximize promotion effects about industry security's activites, and more realistic business management. Futhermore, The need for further follow-up studies are presented.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.11 no.1
• /
• pp.69-78
• /
• 2015

Internet of Things(IoT) is electronic devices and household appliances use wireless sensor network in environment of high speed wireless network and LTE mobile service. The combination of the development of Internet and wireless network led to development of new forms of service such as electronic devices and household appliances can connect to the Internet through various sensors and online servers such as a Home Network. Even though Internet of Things is useful, there are problems in Internet of Things. In environment of Internet of Things, information leakage could happens by illegal eavesdropping and spoofing. Also illegal devices of wireless communication interference can cause interfere in Internet of things service, physical damage and denial of service by modulation of data and sensor. In this thesis, it will analyze security threats and security vulnerability in environment of mobile services and smart household appliances, then it will suggest plan. To solve security issues, it is important that IT and RFID sensor related companies realize importance of security environment rather than focus on making profit. It is important to develop the standardized security model that applies to the Internet of Things by security-related packages, standard certification system and strong encrypted authentication.