• Journal of Korean Society of Water and Wastewater
• /
• v.33 no.5
• /
• pp.329-339
• /
• 2019

Recently, the advancement of information and communication technology(ICT) is expanding the connectivity through Internet of Things(IoT), and the media of connection is also expanding from wire/cable transmission to broadband wireless communication, which has significantly improved mobility. This hyperconnectivity has become a key element of the fourth industrial revolution, whereas the supervisory control network of purification plants in korea is operated as a communication network separated from the outside, thereby lagging in terms of connectivity. This is considered the best way to ensure security, and thus there is hardly any consideration of establishing alternatives to operate an efficient and stable communication network. Moreover, security for management of a commercialized communication network and network management solution may be accompanied by immense costs, making it more difficult to make new attempts. Therefore, to improve the conditions for the current supervisory control network of purification plants, this study developed a industrial security L2 switch that supports modbus TCP(Transmission Control Protocol) communication and encryption function of the transmission section. As a result, the communication security performance improved significantly, and the cost for implementing the network management system using Historical Trend and information of HMI(Human Machine Interface) could be reduced by approximately KRW 200 million. The results of this study may be applied to systems for gas, electricity and social safety nets that are infrastructure communication networks that are similar to purification plants.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.6
• /
• pp.1355-1369
• /
• 2018

As smart bands make life more convenient and provide a positive lifestyle, many people are now using them. Since smart bands deal with private information, security design and implementation for smart band system become necessary. To make a trustworthy smart band, we must derive the security requirements of the system first, and then design the system satisfying the security requirements. In this paper, we apply threat modeling techniques such as Data Flow Diagram, STRIDE, and Attack Tree to the smart band system to identify threats and derive security requirements accordingly. Through threat modeling, we found the vulnerabilities of the smart band system and successfully exploited smart bands with them. To defend against these threats, we propose security measures and verify that they are secure by using Scyther which is a tool for automatic verification of security protocol.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.1
• /
• pp.17-28
• /
• 2019

6LoWPAN based on IEEE 802.15.4 is a realistic standard platform for various Internet of Things (IoT) applications. To bootstrap the LoWPAN (Low-power Wireless Personal Area Network), each device must perform 6LoWPAN-ND address registration to assign a unique IPv6 address. Without adequate security mechanisms, 6LoWPAN-ND is vulnerable to a variety of security attacks including corrupted node attacks. Several security mechanisms have been proposed as a supplement to the vulnerability, but the vulnerability exists because it relies solely on IEEE 802.15.4 hop-by-hop security. In this paper, we propose and analyze a vulnerability of 6LoWPAN-ND address registration and a new security mechanism suitable for preventing the attack of damaged node. It also shows that the proposed security mechanism is compatible with the Internet Engineering Task Force (IETF) standard and is more efficient than the mechanism proposed in the IETF 6 lo WG.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.3
• /
• pp.613-628
• /
• 2019

In-Vehicle Infotainment provides navigation and various functions through the installation of the application. And infotainment is very important to control the entire vehicle by sending commands to the ECU. Infotainment supports a variety of wireless communication protocols to install and update applications. So Infotainment is becoming an attack surface through wireless communcation protocol for hacker's access. If malicious software is installed in infotainment, it can gain control of the vehicle and send a malicious purpose command to the ECU, affecting the life of the driver. Therefore, measures are needed to verify the security and reliability of infotainment software updates, and security requirements must be derived and verified. It must be developed in accordance with SDL to provide security and reliability, and systematic security requirements must be derived by applying threat modeling. Therefore, this paper conducts threat modeling to derive infotainment update security requirements. Also, the security requirements are mapped to the Common Criteria to provide criteria for updating infotainment software.

• Journal of Convergence for Information Technology
• /
• v.9 no.10
• /
• pp.9-15
• /
• 2019

Recently, in the field of next-generation e-commerce and finance, interest in blockchain-based technologies such as Bitcoin and Ethereum is great. Although the security of blockchain technology is known to be secure, hacking incidents / accidents related to cryptocurrencies are being issued. The main causes were vulnerabilities in the external environment, such as taking over login sessions on cryptocurrency wallets, exposing private keys due to malware infection, and using simple passwords. However, private key management recommends general methods such as utilizing a dedicated application or local backup and physical archiving through document printing. In this paper, we propose a white box password-based private key protection scheme. As a result of safety and performance analysis, we strengthened the security against vulnerability of private key exposure and proved the processing efficiency of existing protocol.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.17 no.1
• /
• pp.115-119
• /
• 2007

The IPv6 protocol provides the method to automatically generate an address of a node without additional operations of administrators, Before the generated address is used, the duplicate address detection (DAD) mechanism is required in order to verify the address. However, during the process of verification of the address, it is possible for a malicious node to send a message with the address which is identical with the generated address, so the address can be considered as previously used one; although the node properly generates an address, the address cannot be used. In this paper, we present a strong scheme to perform the DAD mechanism based on hash functions in IPv6 networks. Using this scheme, many nodes, which frequently join or separate from wireless networks in public domains like airports, terminals, and conference rooms, can effectively generate and verify an address more than the secure neighbor discovery (SEND) mechanism.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.16 no.3
• /
• pp.77-86
• /
• 2006

As a core technology in the ubiquitous environment, RFID (Radio Frequency Identification) technology takes an important role. RFID technology provides various information about objects or surrounding environment by attaching a small electronic tag on the object, thus, it means the remote control recognition technology. However, the problems which never happened before can be generated on the point of security and privacy due to the feature that RFID technology can recognize the object without any physical contact. In order to solve these problems, many studies for the RFID recognition technology are going on the progress. The currently running study is the secure communication channel between database and reader applying the recognition technology in the insecure communication channel between reader and tag. But, the purpose of this paper is to settle a privacy problem, which is insecurity of communication between database and reader channel by suggesting providing a user with authentication protocol in order to give information to an authorized entity.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.21 no.4
• /
• pp.161-169
• /
• 2011

There is a consensus in the field of vehicular network security that public key cryptography should be used to secure communications. A certificate revocation list (CRL) should be distributed quickly to all the vehicles in the network to protect them from malicious users and malfunctioning equipment as well as to increase the overall security and safety of vehicular networks. Thus, a major challenge in vehicular networks is how to efficiently distribute CRLs. This paper proposes a CRL distribution method aided by terrestrial digital multimedia broadcasting (T-DMB). By using T-DMB data broadcasting channels as alternative communication channels, the proposed method can broaden the network coverage, achieve real-time delivery, and enhance transmission reliability. Even if roadside units are not deployed or only sparsely deployed, vehicles can obtain recent CRLs from the T-DMB infrastructure. A new transport protocol expert group (TPEG) CRL application was also designed for the purpose of broadcasting CRLs over the T-DMB infrastructure.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.6
• /
• pp.1103-1113
• /
• 2020

Hospitals store and manage personal and health information through the electronic medical record (EMR). However, vulnerabilities and threats are increasing with the provision of various services for information sharing in hospitals. Therefore, in this paper, we propose a model to prevent personal information leakage due to the transmission of patient information in EMR. A method for granting permission to securely receive and transmit patient information from hospitals where patient medical records are stored is proposed using OAuth authorization tokens. A protocol was proposed to enable secure information delivery by applying and delivering the record access restrictions desired by the patient to the OAuth Token. OAuth Delegation Token can be delivered by writing the authority, scope, and time of destruction to view patient information.This prevents the illegal collection of patient information and prevents the leakage of personal information that may occur during the delivery process.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.27 no.1
• /
• pp.97-102
• /
• 2023

IoT is being used in a lot of industry domain such as smart home, smart ocean, smart energy, and smart farm, as well as legacy information services. For a server, an IoT device using the same protocol is a trusted object. Therefore, a malicious attacker can use an unauthorized IoT device to access IoT-based information services and access unauthorized important information, and then modify or extract it to the outside. In this study, to improve these problems, we propose an IoT device authentication system used in IoT-based information service. The IoT device authentication system proposed in this study applies identifier-based authentication such as MAC address. If the IoT device authentication function proposed in this study is used, only the authenticated IoT device can access the server. Since this study applies a method of terminating the session of an unauthorized IoT device, additional research on the access deny method, which is a more secure authentication method, is needed.