• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.5
• /
• pp.957-966
• /
• 2020

According to the recent statistics of the National Industrial Security Center, about 80% of the confidential leak are caused by former and current employees in the case of domestic confidential leak accidents. Most of the information leak incidents by these insiders are due to poor security management system and information leak detection technology. Blocking confidential leak of insiders is a very important issue in the corporate security sector, but many previous researches have focused on responding to intrusions by external threats rather than by insider threats. Therefore, in this research, we design an internal information leak scenario to effectively and efficiently detect various abnormalities occurring in the enterprise, analyze the key indicators of the leak symptoms derived from the scenarios by using data analytics and propose a model that accurately detects leak activities.

• Convergence Security Journal
• /
• v.10 no.3
• /
• pp.23-28
• /
• 2010

Recently, the leak of domestic core technology of major business in Korea and the subsequent damage, has been increasing every year. Financial losses due to this leak are estimated to be about 220 trillion, which is equivalent to the gross budget of Korea Besides, the majority of the leaks are caused by former and current staff members, cooperated businesses, scientists and invesment companies. This shows that the source of the leaks are internal personnel. In this manner, we can infer that the management and plan of personnel security has not implemented sound practices to prevent technology leak by people. Therefore, this thesis suggests classifying methods of technology leak through clustering, one of the data mining methods about the information of internal personnel to prevent core technology leak from businesses.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.9 no.11
• /
• pp.4662-4679
• /
• 2015

Currently, the leakage of internal information has emerged as one of the most significant security concerns in enterprise computing environments. Especially, damage due to internal information leakage by insiders is more serious than that by outsiders because insiders have considerable knowledge of the system's identification and password (ID&P/W), the security system, and the main location of sensitive data. Therefore, many security companies are developing internal data leakage prevention techniques such as data leakage protection (DLP), digital right management (DRM), and system access control, etc. However, these techniques cannot effectively block the leakage of internal information by insiders who have a legitimate access authorization. The security system does not easily detect cases which a legitimate insider changes, deletes, and leaks data stored on the server. Therefore, we focused on the insider as the detection target to address this security weakness. In other words, we switched the detection target from objects (internal information) to subjects (insiders). We concentrated on biometrics signals change when an insider conducts abnormal behavior. When insiders attempt to leak internal information, they appear to display abnormal emotional conditions due to tension, agitation, and anxiety, etc. These conditions can be detected by the changes of biometrics signals such as pulse, temperature, and skin conductivity, etc. We carried out experiments in two ways in order to verify the effectiveness of the emotional recognition technology based on biometrics signals. We analyzed the possibility of internal information leakage detection using an emotional recognition technology based on biometrics signals through experiments.

• Korean Journal of Computational Design and Engineering
• /
• v.11 no.5
• /
• pp.327-334
• /
• 2006

Recently, security incidents are growing rapidly in which internal employees let the drawing leak out to competitors or other countries. This type of security incidents has a characteristic that it occurs less frequently than other types of security incidents such as network or server security incident, but the damage is a lot more serious. The existing information security technologies to prevent internal information from being leaked out are only applicable to general documents(office documents, web pages and image files in which data are encrypted one by one). However, architectural drawings made up of collection of files with various formats(extensions) have problems with the process speed of en(de) cryption and accuracy, so the developments of security technologies by new methods are required. In this study, we design and develop a security technology based on work area with which users can protect the leakage of critical information in the kernel level while maintaining their work environment when they have to use sharing information that cannot be managed by the unit of file. As a result, we developed the "Virtual Secure Disk" which allows only authorized users and applications to have an access to drawings, and have verified its security by applying it to the actual company.

• Journal of Convergence for Information Technology
• /
• v.7 no.1
• /
• pp.25-33
• /
• 2017

In order to prevent information leakage, companies are monitoring the information leakage by internal staff by building individual security system and integrated monitoring system of firewall and DLP function. Especially, many log data of the integrated monitoring system cause time and money, and it is difficult to detect information leak of fast malicious personnel due to system slowdown. It is necessary to speed up the system by digitizing large log data for each day and person for fast information leakage detection and there is a need to develop and manage a continuous monitoring program for the information leakage indications personnel. Therefore, we propose an improved integrated monitoring system using log data by date and individual data.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.22 no.11
• /
• pp.1544-1553
• /
• 2018

Recently internal information leakage in industries is severely increasing in spite of industry security policy. Thus, it is essential to prepare an information leakage prevention measure by industries. Most of the leaks result from the insiders, not from external attacks. In this paper, a real-time internal information leakage prevention system via both storage and network is implemented in order to protect confidential file leakage. In addition, a Hadoop-based user behavior analysis and statistics system is designed and implemented for storing and analyzing information log data in industries. The proposed system stores a large volume of data in HDFS and improves data processing capability using RHive, consequently helps the administrator recognize and prepare the confidential file leak trials. The implemented audit system would be contributed to reducing the damage caused by leakage of confidential files inside of the industries via both portable data media and networks.

• Journal of the Society of Disaster Information
• /
• v.9 no.4
• /
• pp.449-461
• /
• 2013

As the hydrofluoric acid leak in Gumi-si, Gyeongsangbuk-do or hydrochloric acid leak in Ulsan, Gyeongsangnam-do demonstrated, chemical related accidents are mostly caused by large amounts of volatile toxic substances leaking due to the damages of storage tank or pipe lines of transporter. Safety assessment is the most important concern because such toxic material accidents cause human and material damages to the environment and atmosphere of the surrounding area. Therefore, in this study, a hydrofluoric acid leaked from a storage tank was selected as the study example to simulate the leaked substance diffusing into the atmosphere and result analysis was performed through the numerical Analysis and diffusion simulation of ALOHA(Areal Location of Hazardous Atmospheres). the results of a qualitative evaluation of HAZOP (Hazard Operability)was looked at to find that the flange leak, operation delay due to leakage of the valve and the hose, and toxic gas leak were danger factors. Possibility of fire from temperature, pressure and corrosion, nitrogen supply overpressure and toxic leak from internal corrosion of tank or pipe joints were also found to be high. ALOHA resulting effects were a little different depending on the input data of Dense Gas Model, however, the wind direction and speed, rather than atmospheric stability, played bigger role. Higher wind speed affected the diffusion of contaminant. In term of the diffusion concentration, both liquid and gas leaks resulted in almost the same $LC_{50}$ and ALOHA AEGL-3(Acute Exposure Guidline Level) values. Each scenarios showed almost identical results in ALOHA model. Therefore, a buffer distance of toxic gas can be determined by comparing the numerical analysis and the diffusion concentration to the IDLH(Immediately Dangerous to Life and Health). Such study will help perform the risk assessment of toxic leak more efficiently and be utilized in establishing community emergency response system properly.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2017.10a
• /
• pp.341-342
• /
• 2017

Control and development systems such as air traffic control systems, road traffic systems, and Korea Hydro &Nuclear Power are the infrastructure facilities of the country, and if the malicious hacking attacks proceed, the damage is beyond imagination. In fact, Korea Hydro & Nuclear Power has been subjected to a hacking attack, causing internal information to leak and causing social problems. In this study, we analyze the environment of the development control system and analyze the status of the convergence security research, which is a recent issue, and propose a strategy system for stabilizing various power generation control systems and propose countermeasures. We propose a method to normalize and integrate data types from various physical security systems (facilities), IT security systems, access control systems, to control the whole system through convergence authentication, and to detect risks through fusion control.

• The Transactions of The Korean Institute of Electrical Engineers
• /
• v.57 no.4
• /
• pp.706-714
• /
• 2008

In this paper, we suggest a practical and flexible system architecture for JTAG(Joint Test Action Group) protection of application processors. From the view point of security, the debugging function through JTAG port can be abused by malicious users, so the internal structures and important information of application processors, and the sensitive information of devices connected to an application processor can be leak. This paper suggests a system architecture that disables computing power of computers used to attack processors to reveal important information. For this, a user authentication method is used to improve security strength by checking the integrity of boot code that is stored at boot memory, on booting time. Moreover for user authorization, we share hard wired secret key cryptography modules designed for functional operation instead of hardwired public key cryptography modules designed for only JTAG protection; this methodology allows developers to design application processors in a cost and power effective way. Our experiment shows that the security strength can be improved up to $2^{160}{\times}0.6$second when using 160-bit secure hash algorithm.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.2
• /
• pp.449-456
• /
• 2018

Many organizations divide the network to manage the network in order to prevent the leakage of internal data between separate organizations / departments by sending and receiving unnecessary traffic. The most fundamental network separation method is based on physically separate equipment. However, there is a case where a network is divided and operated logically by utilizing a virtual LAN (VLAN) network access control function that can be constructed at a lower cost. In this study, we first examined the possibility of bypassing the logical network separation through VLAN ID scanning and double encapsulation VLAN hopping attack. Then, we showed and implemented a data leak scenario by utilizing the acquired VLAN ID. Furthermore, we proposed a simple and effective technique to detect and prevent the double encapsulation VLAN hopping attack, which is also implemented for validation. We hope that this study improves security of organizations that use the VLAN-based logical network separation by preventing internal data leakage or external cyber attack exploiting double encapsulation VLAN vulnerability.