• Convergence Security Journal
• /
• v.24 no.2
• /
• pp.189-200
• /
• 2024

In recent years, the development of defense technology has become digital with the introduction of advanced assets such as drones equipped with artificial intelligence. These assets are integrated with modern information technologies such as industrial IoT, artificial intelligence, and cloud computing to promote innovation in the defense domain. However, the convergence of the technology is increasing the possibility of transfer of cyber threats, which is emerging as a problem of increasing the vulnerability of defense assets. While the current cybersecurity methodologies focus on the vulnerability of a single asset, interworking of various military assets is necessary to perform the mission. Therefore, this paper recognizes these problems and presents a mission-based asset management and evaluation methodology. It aims to strengthen cyber security in the defense sector by identifying assets that are important for mission execution and analyzing vulnerabilities in terms of cyber security. In this paper, we propose a method of classifying mission dependencies through linkage analysis between functions and assets to perform a mission, and identifying and classifying assets that affect the mission. In addition, a case study of identifying key assets was conducted through an attack scenario.

• KIPS Transactions on Computer and Communication Systems
• /
• v.9 no.5
• /
• pp.107-112
• /
• 2020

Ultra-lightweight password CHAM is an algorithm with efficient addition, rotation and XOR operations on resource constrained devices. CHAM shows high computational performance, especially on IoT platforms. However, lightweight block encryption algorithms used on the Internet of Things may be vulnerable to side channel analysis. In this paper, we demonstrate the vulnerability to side channel attack by attempting a first power analysis attack against CHAM. In addition, a safe algorithm was proposed and implemented by applying a masking technique to safely defend the attack. This implementation implements an efficient and secure CHAM block cipher using the instruction set of an 8-bit AVR processor.

• Convergence Security Journal
• /
• v.16 no.5
• /
• pp.87-93
• /
• 2016

An Interest and development of an automation of the manufactory technology has been attempted actively in domestic and outside country. In particular, small and medium-sized manufactory are striving for the improvement of productivity through the automation of the plant. And manufactories to comply with the German's Industry 4.0 standard has attempted worldwide recently. But, This is not performed because a substantial investment-cost and development-cost and high efforts. Therefore, we attempted to design and mockup the SEB to enhance the productivity of the factory automation system. SEB, in conjunction with RFID and WiFi networks, expanding the communication range than the automation system of the existing plant, the transfer speed was also improved rapidly. And to be able to solve the existing factory automation system of vulnerability security of the problem, it can be solved by adding a section for user authentication.

• Convergence Security Journal
• /
• v.16 no.7
• /
• pp.173-180
• /
• 2016

There has been a growing interest in automation of factories in the country. And, the development in this regard has been actively attempted. In particular, on the basis of the "innovation 3.0 strategy of manufacturing industry", interest in the smart of the manufacturing plant of small and medium-sized enterprises has increased rapidly. As well as policy for building smart plant, technical, seeking a strategic approach. But, in order to introduce such a smart plant or factory automation systems, manufacturing plant security with vulnerability and personal information protection problems, it should always be top priority there. Accordingly, we provide the applicable lightweight secure protocols in RFID communication. It is a wireless communication technology that is most often introduced for factory automation. Our proposed lightweight secure protocol in this study, less the number of calculations in comparison with the existing public key-based and the symmetric key encryption algorithm. And it is fast in compare with the existing protocol. Furthermore, we design that it system can support to low power consumption and small consume the memory size.

• Journal of Information Technology Services
• /
• v.20 no.5
• /
• pp.119-136
• /
• 2021

Since the global spread of COVID-19, social distancing and untact service implementation have spread rapidly. With the transition to a non-face-to-face environment such as telework and remote classes, cyber security threats have increased, and a lot of cyber compromises have also occurred. In this study, cyber-attacks and response cases related to COVID-19 are summarized in four aspects: cyber fraud, cyber-attacks on companies related to COVID-19 and healthcare sector, cyber-attacks on untact services such as telework, and preparation of untact services security for post-covid 19. After the outbreak of the COVID-19 pandemic, related events such as vaccination information and payment of national disaster aid continued to be used as bait for smishing and phishing. In the aspect of cyber-attacks on companies related to COVID-19 and healthcare sector, we can see that the damage was rapidly increasing as state-supported hackers attack those companies to obtain research results related to the COVID-19, and hackers chose medical institutions as targets with an efficient ransomware attack approach by changing 'spray and pray' strategy to 'big-game hunting'. Companies using untact services such as telework are experiencing cyber breaches due to insufficient security settings, non-installation of security patches, and vulnerabilities in systems constituting untact services such as VPN. In response to these cyber incidents, as a case of cyber fraud countermeasures, security notices to preventing cyber fraud damage to the public was announced, and security guidelines and ransomware countermeasures were provided to organizations related to COVID-19 and medical institutions. In addition, for companies that use and provide untact services, security vulnerability finding and system development environment security inspection service were provided by Government funding programs. We also looked at the differences in the role of the government and the target of security notices between domestic and overseas response cases. Lastly, considering the development of untact services by industry in preparation for post-COVID-19, supply chain security, cloud security, development security, and IoT security were suggested as common security reinforcement measures.

• Journal of Information Technology Applications and Management
• /
• v.28 no.3
• /
• pp.49-58
• /
• 2021

Due to the increasing interest in wellness aroused by the aging population and the pursuing feature of active old age, Korean elderly set importance on long life with their healthy condition. Following the change in the paradigm of the medical delivery system from hospital-oriented, treatment-oriented to personal-centered and self-care, Service design application of Smart Healthcare for the elderly became valuable. Smart Healthcare is a healthcare service provided through the fusion of ICT technologies including mobile/wearable devices, IoT, big data, and information technology, and it is utilized to prevent diseases managing abundant health information and living habits. As a methodology for delivering such Smart Healthcare to the elderly, Service design can be adopted. Therefore, this study would like to present the perquisites of Smart Healthcare design for the elderly through analyzing the results from in-depth interview methods between the elderly and medical staff. As a result of this study, guidelines for Service design application of health vulnerability management for the elderly utilizing smart phones were presented. Therefore, this study presented four prerequisites composed of 'high level of supplementation and ethical decision making', 'improvement of inequality in accessibility and experience', 'resolving problems in policy implementation' and 'user-friendliness' for the Smart Healthcare service design for the elderly. Overall, Service design is expected to play an innovative role in improving the quality of life for the elderly through the process of collecting and delivering information on Smart Healthcare centered on the experience of the elderly.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.6
• /
• pp.1103-1112
• /
• 2022

Blockchain technology is widespread in everyday life and various industry fields. It guarantees integrity and transparency between blockchain network participants through a distributed ledger. The smart contract is modifying and managing the distributed ledger, which is the most important component of guaranteeing integrity and transparency of blockchain network. Still, smart contracts are also a component of blockchain networks, it is disclosed to network participants transparently. For this reason, the vulnerability of smart contracts could be revealed easily. To mitigate this, various studies are leveraging TEE to guarantee the confidentiality of smart contracts. In existing studies, TEE provides confidentiality of smart contracts but guaranteeing the integrity of smart contracts is out of their scope. In this study, we provide not only the confidentiality of smart contracts but also their integrity, by guaranteeing the CFI of smart contracts within TEE.

• Journal of Industrial Convergence
• /
• v.20 no.10
• /
• pp.17-24
• /
• 2022

Lora, a non-band network technology of the long-distance wireless standard LPWAN standard, uses ABP and OTTA methods and AES-128-based encryption algorithm (shared key) for internal terminal authentication and integrity verification. Lora's recent firmware tampering vulnerability and shared-key encryption algorithm structure make it difficult to defend against MITM attacks. In this study, the consensus algorithm(PBFT) is applied to the Lora network to enhance safety. It performs authentication and PBFT block chain creation by searching for node groups using the GPS module. As a result of the performance analysis, we established a new Lora trust network and proved that the latency of the consensus algorithm was improved. This study is a 4th industry convergence study and is intended to help improve the security technology of Lora devices in the future.