• International Journal of Computer Science & Network Security
• /
• 제24권9호
• /
• pp.85-92
• /
• 2024

Information Security is the foremost concern for IoT (Internet of things) devices and applications. Since the advent of IoT, its applications and devices have experienced an exponential increase in numerous applications which are utilized. Nowadays we people are becoming smart because we started using smart devices like a smartwatch, smart TV, smart home appliances. These devices are part of the IoT devices. The IoT device differs widely in capacity storage, size, computational power, and supply of energy. With the rapid increase of IoT devices in different IoT fields, information security, and privacy are not addressed well. Most IoT devices having constraints in computational and operational capabilities are a threat to security and privacy, also prone to cyber-attacks. This study presents a CIA triad-based information security implementation for the four-layer architecture of the IoT devices. An overview of layer-wise threats to the IoT devices and finally suggest CIA triad-based security techniques for securing the IoT devices..Make sure that the abstract is written as one paragraph.

• 스마트미디어저널
• /
• 제6권3호
• /
• pp.95-102
• /
• 2017

A large volume of research has been devoted to the development of security tools for protecting the Smart Grid systems, however the most of them have not taken the Availability, Integrity, Confidentiality (AIC) security triad model, not like CIA triad model in traditional Information Technology (IT) systems, into account the security measures for the electricity control systems. Thus, this study would propose a novel security framework, an abnormal behavior detection system, to maximize the availability of the control systems by considering a unique set of characteristics of the systems.

• 융합보안논문지
• /
• 제14권1호
• /
• pp.11-21
• /
• 2014

한국은 과거처럼 국제관계의 예속자가 아니라 명실상부한 중견국으로서, 북한의 핵과 재래전 도발위협을 극복하고 동북아지역의 평화를 유지하는 '균형자' 역할을 할 수 있도록 군사력을 건설해야 한다. 군사력 건설을 통해 다양한 안보위협에 대한 억제력 발휘가 가능하다. 군사적 억제력 발휘를 위해 첫 번째로 '선제적 억제'(deterrence by preemptive)와 '응징적 억제'(deterrence by punishment)는 현재와 미래의 위협에 대비하여 '감시정찰체계와 지휘통제체계'(C41SR)를 공통전력으로 공격무기체계를 결합한 '공격체계 축'을 건설함으로써 달성할 수 있다. 두 번째로 '거부적 억제'(deterrence by denial)는 공통전력과 방어무기체계를 결합한 '방어체계 축'을 건설함으로써 달성할 수 있다. 마지막으로 자주적으로 첨단전력을 개발하기 위해서는 기존의 방위산업과 연구개발 역량을 통합하여 '인프라 축'을 구축해야 한다. 우리는 미래 한국군의 군사력을 건설함에 있어서 정부의 균형자 역할에 대한 국가적 비젼, 이에 대한 국민적 합의를 토대로 본고에서 제시한 군사력 건설 모형에 따른 일관성 있는 정책적인 노력과 신념이 반드시 필요하다.

• 인터넷정보학회논문지
• /
• 제23권6호
• /
• pp.15-26
• /
• 2022

사이버 공격을 수행하는 주체와 그 목적이 점차 다양화되고 고도화되고 있다. 과거 사이버 공격은 개인 혹은 집단의 자신감 표출을 위해 수행되었지만, 최근에는 국가 단위의 후원을 받은 정치적, 경제적 목적의 공격도 활발히 이루어지고 있다. 이에 대응하고자 시그니처 기반의 악성코드 패밀리 분류, 공격 주체 분류 등이 이루어졌지만 공격 주체가 의도적으로 방어자를 속일 수 있다는 단점이 있다. 또한 공격의 주체, 방법, 목적과 목표가 다양해짐에 따라, 공격의 모든 과정을 분석하는 것은 비효율적이다. 따라서 방어자 관점에서 사이버 공격의 최종 목표를 식별해 유연하게 대응할 필요가 있다. 사이버 공격의 근본적인 목표는 대상의 정보보안을 훼손하는 것이다. 정보보안은 정보자산의 기밀성, 무결성, 가용성을 보존함으로써 달성된다. 이에 본 논문에서는 MITRE ATT&CK® 매트릭스에 기반하여 공격자의 목표를 정보보안의 3요소 관점에서 재정의하고, 이를 머신러닝 모델과 딥러닝 모델을 통해 예측하였다. 실험 결과 최대 80%의 정확도로 예측하는 것을 확인할 수 있었다.

• 정보보호학회논문지
• /
• 제23권3호
• /
• pp.445-457
• /
• 2013

본 논문은 제어시스템에서 사이버 위협과 취약성을 평가하기 위한 정량적 모델링에 관한 연구이다. SCADA(supervisory control and data acquisition) 시스템은 대표적인 제어시스템이고 전력계통에서 가장 큰 규모를 형성하고 있다. SCADA 시스템은 초기에는 지역적으로 고립된 시스템이었으나 통신 및 제어기술이 발전하면서 광역으로 확대되어 왔다. 스마트그리드는 에너지 시스템과 IT 시스템을 통합하는 것이며, 이러한 통합의 과정에서 IT 시스템 상에서 존재하던 위협이 제어시스템으로 옮겨오게 된다. 전력시스템은 실시간 특성이 강하게 요구되며, 이는 전력시스템의 사이버 위협을 IT 시스템에 비해 보다 복잡하고 치명적으로 만드는 요인이 된다. 예를 들어, 기밀성이 IT시스템에서 가장 중요한 요소인데 반해 가용성은 제어시스템에서 가장 중요한 고려 사안이다. 이러한 맥락에서, 보다 체계적인 방식으로 전력시스템의 사이버 위험을 평가하는 과정이 요구된다. 일반적인 관점에서 위험이란, 위협, 취약성, 자산의 곱으로 산출되며 본 연구는 전력시스템 구성요소 별로 위험을 정량적으로 분석할 수 있는 프레임워크를 제안한다.

• International Journal of Computer Science & Network Security
• /
• 제21권12호
• /
• pp.45-52
• /
• 2021

The article proves the relevance of developing conceptual frameworks for managing the quality assurance of logistics activities in the context of socio-economic interaction of their participants. It is established that the fundamental difference of the logistic approach in management from traditional approaches is the allocation of a single management function of previously separated, disparate material flows, as well as economic, technological, information integration of chain links into a single system capable of effective management of these flows. It is substantiated that the functioning of the enterprise as a logistics system can be represented in the form of a triad of logistics components, namely: supply logistics, production logistics, sales logistics. Management of quality assurance processes of logistics activities in the context of socio-economic interaction of their participants is a functional component of the entire logistics system due to the quality of work and interaction of all participants in the implementation of certain activities. The quality of logistics activities will affect the level of economic potential, rationalization and optimization of all logistics flows. It is proved that the management of quality assurance processes of logistics activities in the context of socio-economic interaction of their participants involves the following main areas: the introduction of a quality system of logistics processes; development and implementation of the general strategy of quality improvement at the enterprise; internal integration; controlling. Management of quality assurance processes of logistics activities in the context of socio-economic interaction of its participants requires compliance with the following requirements: systematic and comprehensive management of all flow processes; coordination of criteria and indicators for assessing the effectiveness of the entire logistics system; dissemination of the use and application of information technology; ensuring partnerships and close interaction of all participants in sales networks.

• Strategy21
• /
• 통권31호
• /
• pp.57-84
• /
• 2013

North Korea's continuous threats and provocative behaviors have aggravated tension on the Korean peninsula particularly with the recent nuclear weapons test. South Korea's best way to cope with this situation is to maintain the balance among three policy directions: dialogue, sanctions, and deterrence. Among the three, I argue that deterrence should be prioritized. There are different sources of deterrence such as military power, economic power, and diplomatic clouts. States can build deterrence capability independently. Alternatively, they may do so through relations with other states including alliances, bilateral relations, or multilateral relations in the international community. What South Korea needs most urgently is to maintain deterrence against North Korea's local provocations through the enhancement of independent military capability particularly by addressing the asymmetric vulnerability between militaries of the South and the North. Most of all, the South Korean government should recognize the seriousness of the negative consequences that North Korea's 'Nuclear shadow strategy' would bring about for the inter-Korea relations and security situations in Northeast Asia. Based on this understanding, it should develop an 'assertive deterrence strategy' that emphasizes 'multi-purpose, multi-stage, and tailored deterrence whose main idea lies in punitive retaliation.' This deterrence strategy requires a flexible targeting policy and a variety of retaliatory measures capable of taking out all targets in North Korea. At the same time, the force structures of the army, the air force, and the navy should be improved in a way that maximizes their deterrence capability. For example, the army should work on expanding the guided missile command and the special forces command and reforming the reserve forces. The navy and the air force should increase striking capabilities including air-to-ground, ship-to-ground, and submarine-to-ground strikes to a great extent. The marine corps can enhance its deterrence capability by changing the force structure from the stationary defense-oriented one that would have to suffer some degree of troop attrition at the early stage of hostilities to the one that focuses on 'counteroffensive landing operations.' The government should continue efforts for defense reform in order to obtain these capabilities while building the 'Korean-style triad system' that consists of advanced air, ground, and surface/ subsurface weapon systems. Besides these measures, South Korea should start to acquire a minimum level of nuclear potential within the legal boundary that the international law defines. For this, South Korea should withdraw from the Nuclear Non-proliferation Treaty. Moreover, it should obtain the right to process and enrich uranium through changing the U.S.-South Korea nuclear cooperation treaty. Whether or not we should be armed with nuclear weapons should not be understood in terms of "all or nothing." We should consider an 'in-between' option as the Japanese case proves. With regard to the wartime OPCON transition, we need to re-consider the timing of the transition as an effort to demonstrate the costliness of North Korea's provocative behaviors. If impossible, South Korea should take measures to make the Strategic Alliance 2015 serve as a persisting deterrence system against North Korea. As the last point, all the following governments of South Korea should keep in mind that continuing reconciliatory efforts should always be pursued along with other security policies toward North Korea.