• 한국산학기술학회:학술대회논문집
• /
• 한국산학기술학회 2009년도 춘계학술발표논문집
• /
• pp.421-424
• /
• 2009

SCADA control systems and protocols are developed based on reliability, availability, and speed but with no or little attention paid to security. Specifically in Modbus protocol, there are inherent security vulnerabilities in their design. The lack of common security mechanisms in the protocol such as authentication, confidentiality and integrity must be addressed. In this paper, security vulnerabilities of Modbus-based SCADA controls systems will be studied. An in-depth analysis of the message frame formats being sent between master and slave will be discussed to expose the security vulnerabilities. This will enable SCADA users to find ways to fix the security flaws of the protocol and design mitigation strategies to reduce the impact of the possible attacks. Security mechanisms are recommended to further enhance the security of SCADA control systems.

• International Journal of Computer Science & Network Security
• /
• 제21권4호
• /
• pp.199-208
• /
• 2021

This is an era of technology and with the rapid growth of the Internet, networks are continuously growing. Companies are shifting from simple to more complex networks. Since networks are responsible to transmit huge data which is often sensitive and a point of concern for hackers. Despite the sizes of the networks, all networks are subject to several threats. Companies deploy several security measures to protect their networks from unauthorized access. These security measures are implemented from the device level to the network level. Every security layer adds more to the security of the company's network. Firewalls are the piece of software that provides internal and external security of the network. Firewalls aim to enhance the device level as well as network-level security. This paper aims to investigate the different types of firewalls, their architecture, and vulnerabilities of the firewall. This paper improves the understanding of firewall and its various types of architecture.

• International journal of advanced smart convergence
• /
• 제13권2호
• /
• pp.25-34
• /
• 2024

The paper investigates how the semiconductor and electric vehicle industries are addressing safety and security concerns in the era of autonomous driving, emphasizing the prioritization of safety over security for market competitiveness. Collaboration between these sectors is deemed essential for maintaining competitiveness and value. The research suggests solutions such as advanced autonomous driving technologies and enhanced battery safety measures, with the integration of AI chips playing a pivotal role. However, challenges persist, including the limitations of big data and potential errors in semiconductor-related issues. Legacy automotive manufacturers are transitioning towards software-driven cars, leveraging artificial intelligence to mitigate risks associated with safety and security. Conflicting safety expectations and security concerns can lead to accidents, underscoring the continuous need for safety improvements. We analyzed the expansion of electric vehicles as a means to enhance safety within a framework of converging security concerns, with AI chips being instrumental in this process. Ultimately, the paper advocates for informed safety and security decisions to drive technological advancements in electric vehicles, ensuring significant strides in safety innovation.

• Journal of Communications and Networks
• /
• 제11권6호
• /
• pp.634-644
• /
• 2009

A diversity of wireless networks, with rapidly evolving wireless technology, are currently in service. Due to their innate physical layer vulnerability, wireless networks require enhanced security components. WLAN, WiBro, and UMTS have defined proper security components that meet standard security requirements. Extensive research has been conducted to enhance the security of individual wireless platforms, and we now have meaningful results at hand. However, with the advent of ubiquitous service, new horizontal platform service models with vertical crosslayer security are expected to be proposed. Research on synchronized security service and interoperability in a heterogeneous environment must be conducted. In heterogeneous environments, to design the balanced security components, quantitative evaluation model of security policy in wireless networks is required. To design appropriate evaluation method of security policies in heterogeneous wireless networks, we formalize the security properties in wireless networks. As the benefit of security protocols is indicated by the quality of protection (QoP), we improve the QoP model and evaluate hybrid security policy in heterogeneous wireless networks by applying to the QoP model. Deriving relative indicators from the positive impact of security points, and using these indicators to quantify a total reward function, this paper will help to assure the appropriate benchmark for combined security components in wireless networks.

• 한국정보시스템학회지:정보시스템연구
• /
• 제25권2호
• /
• pp.51-77
• /
• 2016

Purpose Organizations invest significant portions of their budgets in fortifying information security. Nevertheless, the security threats by employees are still at large. We discuss methods to reduce security threats that are posed by employees in organization. This study finds antecedent factors that increases or decreases employee's compliance intention. Also, the study suggests organizations' security environmental factors which influences the antecedent factors of compliance intention. Design/methodology/approach The structural equation model is then applied in order to verify this research model and hypothesis. Data were collected on 415 employees working in organizations with an implemented information security policy in South Korea. We analyzed the fitness and validity of the research model via confirmatory factor analysis in order to verify the research hypothesis, then we analyzed structural model, and derived the result. Findings The result shows that organizational commitment and peer behavior increase security compliance intention of employees, while security system anxiety decreases compliance intention. And, organization's physical security system and security communication both have influence on antecedent factors for information security compliance of employees. Our findings help organizations to establish information security strategies that enhance employee security compliance intention.

• International Journal of Contents
• /
• 제7권3호
• /
• pp.71-81
• /
• 2011

This paper is mainly associated with setting out an agenda for the transformation of security by creating a new framework for a security system, which can maximise its effectiveness. Noticeably, this research shows empirically that crimes are getting a major cost to organisations, which if reduced by security and investigations could reap substantial rewards to the finances of an organisation. However, the problem is that the delivery of security is frequently delegated to personnel (e.g. security guards) with limited training, inadequate education, and no real commitment to professionalism - 'sub-prime' security, finally causing security failures. Therefore, if security can be enhanced to reduce the crime cost, this will produce financial benefits to business, and consequently could produce a competitive advantage. For this, the paper basically draws upon Luke's theoretical framework for deconstructing 'power' into three dimensions. Using this three-dimensional approach, the paper further sets out a model of how security can be enhanced, utilising a new Security Risk Management (SRM) model, and how can this SRM model create competitive advantage in business. Finally, this paper ends with the six strategies needed to enhance the quality of security: refiguring as SRM, Professional Staff, Accurate Measurement, Prevention, Cultural Change, and Metrics.

• 한국콘텐츠학회논문지
• /
• 제5권6호
• /
• pp.360-367
• /
• 2005

인터넷의 보급으로 인해 기업의 전산화가 발전함에 따라, 바이러스, 전산망 침해 등 정보화의 역기능도 크게 증가하고 있다. 따라서 오늘날, 기업 보안의 중요성이 매우 강조되고 있다. 이렇게 보안의 중요도가 높아짐으로 인하여 보안 솔루션도 함께 발전하고 있다. 보안 솔루션은 기존 단일 체제에서 통합 보안 관리 시스템으로 발전하고 있으며 통합보안관리 시스템에서 중요한 것은 각 보안 솔루션의 기능과 정책 의 적합한 설계이다. 기존의 보안 정책은 외부의 침입으로 부터의 보안을 중요시 해왔으나 현재는 내부의 보안도 그 중요도가 높아지고 있다 이를 위하여 새로운 구조의 통합 보안관리 시스템을 구축해야 한다. 본 논문에서는 침입탐지차단 시스템을 활용하여 내부보안을 강화한 통합 보안 관리 시스템을 제안, 구현하였으며. 내 외부의 IP와 ID접근을 실험하여 그 결과를 분석하였다.

• Strategy21
• /
• 통권31호
• /
• pp.220-250
• /
• 2013

South Korean national security strategy should be developed to effectively handle and counter increasing maritime threats and challenges. There are three major maritime threats South Korea faces today; maritime disputes on the EEZ boundary and Dokdo islet issues, North Korean threats, and international maritime security. Maritime disputes in the region are getting intensified and turned into a military confrontation after 2010. Now regional countries confront each other with military and police forces and use economic leverage to coerce the others. They are very eager to create advantageous de facto situations to legitimize their territorial claims. North Korean threat is also increasing in the sea as we witnessed in the Cheonan incident and Yeonpyoung shelling in 2010. North Korea resorts to local provocations and nuclear threats to coerce South Korea in which it may enjoy asymmetric advantages. The NLL area of the west sea would be a main hot spot that North Korea may continue to make a local provocation. Also, South Korean national economy is heavily dependent upon foreign trade and national strategic resources such as oil are all imported. Without an assurance on the safety of sea routes, these economic activities cannot be maintained and expanded. This paper argues that South Korea should make national maritime strategy and enhance the strength of naval forces. As a middle power, its national security strategy needs to consider all the threats and challenges not only from North Korea but also to maritime security. This is not a matter of choice but a mandate for national survival and prosperity. This paper discusses the importance of maritime security, changing characteristics of maritime threats and challenges, regional maritime disputes and its threat to South Korea's security, and South Korea's future security strategy and ways to enhance the role of naval forces. Our national maritime strategy needs to show middle and long term policy directions on how we will protect our maritime interests. Especially, it is important to build proper naval might to carry out all the roles and missions required to the military.

• 한국정보통신학회논문지
• /
• 제8권3호
• /
• pp.661-669
• /
• 2004

분산시스템은 호환성과 이식성 그리고 보안 문제을 확대하고 있다. 이의 해결을 위하여 네트워크와 데이터에 대한 접근 투명성을 제공하는 코바와 객체데이타베이스가 폭넓게 사용되고 있으나 보안성의 보장을 위하여 사용하는 메서드와 속성지향적인 접근제어기법은 자료가 방대하고 사용자가 다수인 경우에는 가용성을 제한하고 효과적이지 못하다. 이는 접근처리지연과 네트워크폭주를 야기하는 객체의 인스턴스를 통한 접근제어를 수행하기 때문이다. 따라서 본 논문에서는 이의 해결책으로 보안성과 가용성을 동시에 고려하는 접근제어시스템으로 타입정보를 사용한 지속성객체의 접근제어 모델을 제안하고 이의 검증을 위하여 코바와 객체DB시스템의 접근제어모델과 분리 통합되는 형태로 지속성보안시스템을 구현하였다.

• 한국정보통신학회:학술대회논문집
• /
• 한국정보통신학회 2012년도 춘계학술대회
• /
• pp.899-900
• /
• 2012

RFID technology can help automatically and remotely identify objects, which raises many security concerns. We review and categorize several RFID security and privacy solutions, and conclude that the most promising and low-cost approach currently attracts little academic attention. We therefore concluded that, from a privacy perspective, the user scheme is an important strategy for meeting the consumer's needs. Furthermore, we call for the privacy research community to put more effort into this line of thinking about RFID privacy.