• Convergence Security Journal
• /
• v.17 no.4
• /
• pp.17-29
• /
• 2017

Various cyber attacks against our society and the government are continuing, and cases and damages are reported from time to time. And the area of cyber attack is not limited to cyberspace, but it is expanding into physical domain and affecting it. In the military arena, we have established and implemented the principle of responding proportionally to enemy physical attacks. This proportionality principle is also required in the version where the region is expanding. In order to apply it, it is necessary to have a quantitative and qualitative countermeasure against cyber attack. However, due to the nature of cyber attacks, it is not easy to assess the damage accurately and it is difficult to respond to the proportionality principle and the proportional nature. In this study, we calculated the damage scale by quantitatively and qualitatively evaluating the cyber attack damage using the Gorden-Lobe model and the security scoring technique based on the scenario. It is expected that the calculated results will be provided as appropriate level and criterion to counteract cyber attack.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.5
• /
• pp.1071-1082
• /
• 2021

COVID-19 has changed a lot in our daily lives, where school classes and remote classes have been combined or converted to remote classes. Many students spent more time online, and cyberbullying, such as indiscriminate disclosure of their personal information, bullying of their classmates online, increased. In this paper, we propose an online education program as a countermeasure against cyberbullying. This program is designed for elementary, middle, and high school students and can also be used for informatics or ethics classes in the 2015 curriculum. The proposed program is divided into four major themes: 'Cyberbullying,' 'Information Security,' 'Cyber Crime,' and 'Language Violence,' and is divided into a total of ten topics according to its connection. It was organized to teach the topics evenly by grade. Also, the program's feasibility was verified by experts on the selection of educational contents and organizing of contents. In the future, it will be necessary to apply for this program and conduct an effectiveness analysis to measure whether it has effectively contributed to the decrease in cyberbullying rates among students and the improvement of coping skills.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.1
• /
• pp.149-164
• /
• 2019

Digital Transformation and the Fourth Industrial Revolution, electronic financial services should be provided safely in accordance with rapidly changing technology changes in the times of change. However, telecommunication finance fraud (voice phishing) accidents are currently ongoing, and various efforts are being made to eradicate accidents such as legal amendment and improvement of policy system in order to cope with continuous increase, intelligence and advancement of accidents. In addition, financial institutions are trying to prevent fraudulent accidents by improving and upgrading the abnormal financial transaction detection system, but the results are not very clear. Despite these efforts, telecommunications and financial fraud incidents have evolved to evolve against countermeasures. In this paper, we propose an intelligent over - the - counter financial transaction system modeled through scenario - based Rule model and artificial intelligence algorithm to prevent financial transaction accidents by voice phishing. We propose an implementation model of artificial intelligence abnormal financial transaction detection system and an optimized countermeasure model that can block and respond to analysis and detection results.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.14 no.1
• /
• pp.35-45
• /
• 2004

In explosively increasing internet environments, information security is one of the most important consideration. Nowadays, various security solutions are used as such problems countermeasure; IDS, Firewall and VPN. However, basically internet has much vulnerability of protocol itself. Specially, it is possible to establish a covert channel using TCP/IP header fields such as identification, sequence number, acknowledge number, timestamp and so on. In this Paper, we focus cm the covert channels using identification field of IP header and the sequence number field of TCP header. To detect such covert channels, we used Support Vector Machine which has excellent performance in pattern classification problems. Our experiments showed that proposed method could discern the abnormal cases(including covert channels) from normal TCP/IP traffic using Support Vector Machine.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.16 no.4
• /
• pp.59-68
• /
• 2006

Although the cryptographic algorithms in IC chip such as smart card are secure against mathematical analysis attack, they are susceptible to side channel attacks in real implementation. In this paper, we analyze the security of smart card using a developed experimental tool which can perform power analysis attacks and fault insertion attacks. As a result, raw smart card implemented SEED and ARIA without any countermeasure is vulnerable against differential power analysis(DPA) attack. However, in fault attack about voltage and clock on RSA with CRT, the card is secure due to its physical countermeasures.

• The Journal of Korea Institute of Information, Electronics, and Communication Technology
• /
• v.11 no.1
• /
• pp.100-106
• /
• 2018

Since the concept of virtual currency called Bitcoin was announced in 2008, the blockchain technology, which is the basis of Bitcoin, is attracting attention as an important platform technology in the era of the 4th industrial revolution that can change our society in the future. Although Existing electronic financial transactions store and manage all transaction history at a reliable central organization such as government and bank, blockchain-based electronic financial transactions are composed of a distributed structure in which all participants participating in the transaction store and manage the transaction history, it is possible to secure transaction transparency while reducing system construction and operation costs. Besides the virtual currency that started with bit coins, the technology of these blockchains has been extended in various fields such as smart contracts and document management. The key technology area of this blockchain is security based on proven cryptographic technology to make it difficult to forge and hack, but there are security risks such as security vulnerabilities in the virtual currency trading service, We will discuss security risks in using virtual currency and discuss countermeasures. Especially security accidents of virtual currency exchanges are occurring frequently recently, the damage of users who trade the virtual currency is also increasing, we propose security threats and security countermeasures against virtual currency exchanges.

• Journal of the Korea Society of Computer and Information
• /
• v.20 no.3
• /
• pp.75-80
• /
• 2015

Vulnerability management is in compliance with security policies, and then, this is to ensure the continuity and availability of the business. In this paper, the application vulnerability management and IT infrastructure of the system is that it must be identified. And a viable vulnerability management plan should be drawn from the development phase. There are many that are not defined vulnerability in the area of identification and authentication, encryption, access control in identification and classification of vulnerabilities. They define the area without missing much in technical, managerial, and operational point of view. Determining whether the response of the identified vulnerability, and to select a countermeasure for eliminating the vulnerability.

• Journal of Korea Society of Industrial Information Systems
• /
• v.12 no.2
• /
• pp.30-36
• /
• 2007

The UPnP uses the same standard protocol as SSDP and UDP based on standard internet and technology like the TCP/IP, and is independent of other physical networking product. But the structure of the UPnP has the of vulnerability to the security countermeasure for home-networking technology since it is operated on the same protocol as the SSDP and UDP. In this paper, we analyze and report against the DoS attack, where the worm virus, using the vulnerability to the UPnP, eliminates the attack of all equipments that are based on networking and eliminates the information belonging to the equipments of the home-networking or transmits the massive data.

• The KIPS Transactions:PartC
• /
• v.12C no.5 s.101
• /
• pp.633-642
• /
• 2005

Ubiquitous computing system is about networked processors, which is constructed with one or more computers interconnected by the networks. However, traditional security solution lacks a Proactive maintenance technique because of its focusing on developing the qualitative detection and countermeasure after attack. Thus, in this paper, we propose a quantitative assessment modeling technique, by which the general infrastructure can be improved and the attacks on a specific infrastructure be detected and protected. First of all, we develop the definition of survivality and modeling technique for quantitative assessment modeling with the static information on the system random information, and attack-type modeling. in addition, the survivality analysis on TCP-SYN attack and code-Red worm attack is performed for validating the proposed technique.

• Journal of Convergence Society for SMB
• /
• v.5 no.3
• /
• pp.15-20
• /
• 2015

There have been consumer needs for mobile payment system due to the rapid increase in the number of smartphones and the use of them. In tum, the market has been expanding as IT companies begin to participate in the mobile payment system business. Moreover, since the system supports better services not only covering payment service but also interworking with various apps in devices, it has been maximizing the consumer convenience. Although the convenience increased due to the mobile payment system, the vulnerability in security also increased; and smartphone users have been afraid of using the mobile payment system. This study is to examine Samsung Pay and Apple Pay, to present the vulnerability, and to suggest a countermeasure.