• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.14 no.10
• /
• pp.4157-4175
• /
• 2020

Moving target defense, as a 'game-changing' security technique for network warfare, realizes proactive defense by increasing network dynamics, uncertainty and redundancy. How to select the best countermeasure from the candidate countermeasures to maximize defense payoff becomes one of the core issues. In order to improve the dynamic analysis for existing decision-making, a novel approach of selecting the optimal countermeasure using game theory is proposed. Based on the signal game theory, a multi-stage adversary model for dynamic defense is established. Afterwards, the payoffs of candidate attack-defense strategies are quantified from the viewpoint of attack surface transfer. Then the perfect Bayesian equilibrium is calculated. The inference of attacker type is presented through signal reception and recognition. Finally the countermeasure for selecting optimal defense strategy is designed on the tradeoff between defense cost and benefit for dynamic network. A case study of attack-defense confrontation in small-scale LAN shows that the proposed approach is correct and efficient.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.16 no.1
• /
• pp.79-92
• /
• 2020

As the number of systems increases and the network size increases, automated attack prediction systems are urgently needed to respond to cyber attacks. In this study, we developed four types of information gathering sensors for collecting asset and vulnerability information, and developed technology to automatically generate attack graphs and predict attack targets. To improve performance, the attack graph generation method is divided into the reachability calculation process and the vulnerability assignment process. It always keeps up to date by starting calculations whenever asset and vulnerability information changes. In order to improve the accuracy of the attack target prediction, the degree of asset risk and the degree of asset reference are reflected. We refer to CVSS(Common Vulnerability Scoring System) for asset risk, and Google's PageRank algorithm for asset reference. The results of attack target prediction is displayed on the web screen and CyCOP(Cyber Common Operation Picture) to help both analysts and decision makers.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2014.10a
• /
• pp.518-520
• /
• 2014

Radar Cross Section(RCS) is very important factor to detect target by radar. Even if the same target, RCS value is significantly different according to the direction facing the radar. Therefore, it is advantageous to place the radar, where RCS is larger to increase the probability of detecting a target with a radar. North Korean ballistic missiles are major threat to our security, ballistic missiles should be detected early and traced for ballistic missile defense. In this paper, it is analyzed that ballistic missile's RCS characteristics and trajectory and proposed a way of radar deployment to improve the detection probability of ballistic missile.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.9 no.3
• /
• pp.1057-1073
• /
• 2015

In this paper, we consider cooperative D2D communications in cellular networks. More precisely, a cellular user leases part of its spectrum to facilitate the D2D communication with a goal of improving the energy efficiency of a D2D pair. However the D2D pair is untrusted to the cellular user, such resource sharing may result in the information of this cellular user unsecured. In order to motivate the cellular user's generosity, this D2D pair needs to help the cellular user maintain a target secrecy rate. To address this issue, we formulate a joint spectrum and power allocation problem to maximize the energy efficiency of the D2D communication while guaranteeing the physical layer security of the cellular user. Then, a theorem is proved to indicate the best resource allocation strategy, and accordingly, an algorithm is proposed to find the best solution to this resource allocation problem. Numerical results are finally presented to verify the validity and effectiveness of the proposed algorithm.

• The KIPS Transactions:PartD
• /
• v.11D no.4
• /
• pp.917-928
• /
• 2004

Common Criteria as ISO/IEC 15408 is used to assure and evaluate IT system security. As the Prime class of security assurance requirement, CM Configuration Management needs the more principled quality activities and practices for developer must be supported. So in this paper, we propose the well-defined CM method as guideline for TOE developer based on Process model including common criteria and develop the CMPET a quantitative process evaluating tool for CM using checklist. It can support useful process analyzing data to developer, evaluator and user.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.12 no.9
• /
• pp.4512-4526
• /
• 2018

The Internet of Things (IoT) has become an emerging industry that is broadly used in many fields from industrial and agricultural manufacturing to home automation and hospitality industry. Because of the sheer number of connected devices transmitting valuable data, the IoT infrastructures have become a main target for cyber-criminals. One of the key challenges in protecting IoT devices is the lack of security measures by design. Although there are many hardware and software based security solutions (firewalls, honeypots, IPDS, anti-virus etc.) for information systems, most of these solutions cannot be applied to IoT devices because of the fact that IoT devices have limited computing resources (CPU, RAM,). In this paper, we propose a honeypot system called HoneyThing for modem/router devices (i.e. a kind of IoT device). HoneyThing emulates TR-069 protocol which is prevalent protocol used to remotely manage customer-premises equipment (CPE) devices, e.g. modems, routers. Honeything also serves an embedded web server simulating a few actual, critical vulnerabilities associated with the implementation of TR-069 protocol. To show effectiveness of the HoneyThing in capturing real world attacks, we have deployed it in the Internet. The obtained results are highly promising and facilitate to reveal network attacks targeting to CPE devices.

• Convergence Security Journal
• /
• v.5 no.4
• /
• pp.7-18
• /
• 2005

Recently, ISO/IEC SC27 WG3 is actively working on the revision of CC V3.0 to be an international standard by 2008, principally supported by Common Criteria Development Board (CCDB). Hence, it is essential for Korea to review and analyze the changes in CC V3.0, so as to be completely prepared for any change to be occurred from CC V2.* to V3.0. Taking into account of CC V3.0 being revised currently, this paper gives a general overview of revision in CC V3.0 : then, closely examines and explains the improvements and changes made by the revision in CC V3.0

• Journal of IKEEE
• /
• v.19 no.2
• /
• pp.160-167
• /
• 2015

We present an experimental implementation of the inexpensive microwave security sensor that can detect both static and slowly moving objects in cluttered environment. The prototype consists of a frequency-modulated continuous wave radar sensor, control board or computer and software. The prototype was tested in a cluttered indoor environment. In case of intrusion or change of environment the sensor will give an alarm, determine the location of new object, change in its location and can detect a slowly moving target. To make a low-cost unit we use commercially available automotive radar and own signal processing techniques for object detection and tracking. The intruder detection is based on a comparison between current 'image' in memory and 'no-intrusion' reference image. The main challenge is to develop a reliable technique for detection of a relatively low-magnitude object signals hidden in multipath clutter echo signals. Various experimental measurements and computations have shown the feasibility and performance of the system.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.38B no.7
• /
• pp.526-534
• /
• 2013

With rapid rise of virtualization technology from diverse types of cloud computing service, security problems such as data safety and reliability are the issues at stake. Since damage in virtualization layer of cloud service can cause damage on all host (user) tasks, Hypervisor that provides an environment for multiple virtual operating systems can be a target of attackers. This paper propose a security structure for protecting Hypervisor from hacking and malware infection.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2003.11c
• /
• pp.1747-1750
• /
• 2003

IT 제품 및 시스템의 보안성 평가를 위한 국제표준(ISO/IEC15408)인 공통평가기준(CC)은 해당 평가 보증등급(EAL, Evaluation Assurance Level)의 요구사항에 따라 평가대상 제품(TOE, Target of Evaluation), 제품의 개발 및 운영 문서를 포함하는 평가제출물을 요구하고 있다. 개발자가 공통평가기준을 적용하여 제품의 보안성을 개선하고 성공적으로 평가인증서를 받기 위해서는 상당한 노력이 요구된다. 대부분의 개발자는 제품 개발 완료 후 제품의 보안성을 검토하고 평가를 준비하므로 리엔지니어링 등 추가적인 비용과 시간을 투입해야 하는 문제가 있다. 본 논문에서는 BSD(Berkeley Software Distributions) 4.4 기반의 운영체제인 MTOS(Mitretek)를 개발한 사례를 통하여 개발과정과 요구사항 및 평가준비를 위한 평가제출물 작성과의 연계성을 제시하였다. 개발자는 본 논문에서 제시한 연계성을 활용하여 소프트웨어 제품의 개발과정에 공통평가기준을 적용하여 제품의 보안성을 제고하고 보안성 평가를 준비하는데 시간과 노력을 절감할 수 있다.