• International Journal of Computer Science & Network Security
• /
• v.22 no.7
• /
• pp.157-164
• /
• 2022

The proposed privacy preserving scheme has identified the drawbacks of existing schemes in Vehicular Networks. This prototype enhances the number of nodes by decreasing the cluster size. This algorithm is integrated with the whale optimization algorithm and Block Chain Technology. A set of results are done through the NS-2 simulator in the direction to check the effectiveness of proposed algorithm. The proposed method shows better results than with the existing techniques in terms of Delay, Drop, Delivery ratio, Overhead, throughout under the denial of attack.

• International Journal of Computer Science & Network Security
• /
• v.22 no.9
• /
• pp.208-216
• /
• 2022

This paper provides an account of gamification in education. Apart from its emergence, it clarifies how gamification differs from gaming and game-based learning. It also discusses the elements of gamification, its advantages and its principles. It also sketches the theoretical underpinning of the concept, the models, its various applications, and the obstacles to using it in the educational process.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.6
• /
• pp.1197-1213
• /
• 2014

Due to the increase in size of the computer network, the network security systems such as a firewall, IDS, IPS generate much more vast amount of information related to network security. So detecting signs of hidden security threats has become more difficult. Security personnels' 'Network Security Situational Awareness(NSSA)' is effectively determining the security situation of overall computer network on the basis of the relation between the security events that occur in the several views. The process of situational awareness is divided into three stages of the 'identification,' 'understanding' and 'prediction'. And 'identification' and 'understanding' are prerequisites for 'predicting' and the following appropriate responses. But 'identification' and 'understanding' in the vast amount of information became more difficult. In this paper, we propose Honeycomb security situational awareness visualization system that is designed to help NSSA in large-scale networks by using visualization techniques known effective to the 'identification' and 'understanding' stages. And we identified the empirical effects of this system on the basis of the 'VAST Challenge 2012' data.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.6
• /
• pp.1355-1369
• /
• 2018

As smart bands make life more convenient and provide a positive lifestyle, many people are now using them. Since smart bands deal with private information, security design and implementation for smart band system become necessary. To make a trustworthy smart band, we must derive the security requirements of the system first, and then design the system satisfying the security requirements. In this paper, we apply threat modeling techniques such as Data Flow Diagram, STRIDE, and Attack Tree to the smart band system to identify threats and derive security requirements accordingly. Through threat modeling, we found the vulnerabilities of the smart band system and successfully exploited smart bands with them. To defend against these threats, we propose security measures and verify that they are secure by using Scyther which is a tool for automatic verification of security protocol.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.6
• /
• pp.1315-1324
• /
• 2012

Security visualization is a form of the data visualization techniques in the field of network security by using security-related events so that it is quickly and easily to understand network traffic flow and security situation. In particular, the security visualization that detects the abnormal situation of network visualizing connections between two endpoints is a novel approach to detect unknown attack patterns and to reduce monitoring overhead in packets monitoring technique. However, the session-based visualization doesn't notice a difference between normal traffic and attacks that they are composed of similar connection pattern. Therefore, in this paper, we propose an efficient session-based visualization method for analyzing and detecting between normal server activities and attacks by using the IP address splitting and port attributes analysis. The proposed method can actually be used to detect and analyze the network security with the existing security tools because there is no dependence on other security monitoring methods. And also, it is helpful for network administrator to rapidly analyze the security status of managed network.

• Journal of the Korea Convergence Society
• /
• v.7 no.5
• /
• pp.29-34
• /
• 2016

Recently, with the development of high-tech industry, the use of the drones in various aspects of daily life is rapidly advancing. With technical and functional advancements, drones have an advantage of being easy to be utilized in the areas of use according to various lifestyles. In addition, through the diversification of the drone service converged with image processing medium such as camera and CCTV, an automated security system that can replace humans is expected to be introduced. By designing these unmanned security technology, a new convergence security drone service techniques that can strengthen the previous drone application technology will be proposed. In the proposed techniques, a biometric authentication technology will be designed as additional authentication methods that can determine the safety incorporated with security by selecting the search and areas of an object focusing on the objects in the initial windows and search windows through OpenCV technology and CAM-Shift algorithm which are an object tracking algorithm. Through such, a highly efficient security drone convergence service model will be proposed for performing unmanned security by using the drones that can continuously increase the analysis of technology on the mobility and real-time image processing.

• Korean Security Journal
• /
• no.29
• /
• pp.223-249
• /
• 2011

In modern society, citizens' quality of life aspects of safety and crime prevention activities are actively considering the incidence of crime prevention in advance. It also can be quite important elicit the interest of who community members through effective crime prevention strategies. For crime prevention policies and techniques over time as more scientific and advanced methods are made. Today, A typical crime prevention strategies is private security zones and Crime Prevention Through Environmental Design (CPTED) is a corresponding to the new strategy. CPTED is a diversification can be called a crime prevention approach that emphasizes the principle of natural surveillance, access control, territoriality, activity support, maintenance and management. The defensible space of the space area related to crime prevention setting the activities of private security and CPTED determine. Also, the reality of crime prevention and protection should be considered space. The emphasis on proactive prevention of crime in modern society for the prevention of crime how to approach differing perspectives and disparate aspects of private security and CPTED. Technical and professional areas that overlap to some extent in a homogeneous aspect. Ultimately, CPTED is a crime prevention through space and environmental approach for crime. In addition, Ultimate goal of convergence, crime prevention, with the same or higher is required to study for the area after looking for the characteristics and limitations of private security and CPTED.

• Journal of Advanced Navigation Technology
• /
• v.15 no.6
• /
• pp.1220-1227
• /
• 2011

According to the development of IT technology, life itself is becoming the change to Knowledge-based systems or information-based systems. However, the development of IT technology, the cyber attack techniques are improving. And DDoS a crisis occurs frequently, such as cyber terrorism has become a major data leakage. In addition, the various paths of attack from malicious code entering information in the system to work for your company for loss and damage to information assets is increasing. In this environment, the need to preserve the organization and users of information assets to perform ongoing inspections risk management processes within the organization should be established. Processes and managerial, technical, and physical systems by establishing an information security management system should be based. Also, we should be introduced information security product for protecting internal assets from the threat of malicious code incoming to inside except system and process establishment. Therefore we proposed enterprise and government information security enhancement scheme through the introduction of information security management system and information security product in this paper.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.2
• /
• pp.347-355
• /
• 2012

A biometric hardware security module is a physical device that comes in the form of smartcard or some other USB type security token is composed with biometric sensor and microcontroller unit (MCU). These modules are designed to process key generation and electronic signature generation inside of the device (so that the security token can safely save and store confidential information, like the electronic signature generation key and the biometric sensing information). However, the existing model is not consistent that can be caused by the disclosure of an ID and password, which is used by the existing personal authentication technique based on the security token, and provide a high level of security and personal authentication techniques that can prevent any intentional misuse of a digital certificate. So, this paper presents a model that can provide high level of security by utilizing the biometric security token and Public Key Infrastructure efficiently, presenting a model for privacy preserving personal authentication that links the biometric security token and the digital certificate.

• Convergence Security Journal
• /
• v.23 no.4
• /
• pp.33-41
• /
• 2023

In recent years, advanced persistent threat (APT) attack organizations have exploited various vulnerabilities and attack techniques to target companies and institutions with national core technologies, distributing ransomware and demanding payment, stealing nationally important industrial secrets and distributing them on the black market (dark web), selling them to third countries, or using them to close the technology gap, requiring national-level security preparations. In this paper, we analyze the attack methods of attack organizations such as Kimsuky and Lazarus that caused industrial secrets leakage damage through APT attacks in Korea using the MITRE ATT&CK framework, and derive 26 cybersecurity-related administrative, physical, and technical security requirements that a company's security system should be equipped with. We also proposed a security framework and system configuration plan to utilize the security requirements in actual field. The security requirements presented in this paper provide practical methods and frameworks for security system developers and operators to utilize in security work to prevent leakage of corporate industrial secrets. In the future, it is necessary to analyze the advanced and intelligent attacks of various APT attack groups based on this paper and further research on related security measures.