• Convergence Security Journal
• /
• v.21 no.2
• /
• pp.11-18
• /
• 2021

To protect tangible and intangible assets, most of the companies are conducting information protection monitoring by using various security equipment in the IT service network. As the security equipment that needs to be protected increases in the process of upgrading and expanding the service network, it is difficult to monitor the possible exposure to the attack for the entire service network. As a countermeasure to this, various studies have been conducted to detect external attacks and illegal communication of equipment, but studies on effective monitoring of the open service ports and construction of illegal communication monitoring system for large-scale service networks are insufficient. In this study, we propose a framework that can monitor information leakage and illegal communication attempts in a wide range of service networks without large-scale investment by analyzing 'Netflow statistical information' of backbone network equipment, which is the gateway to the entire data flow of the IT service network. By using machine learning algorithms to the Netfllow data, we could obtain the high classification accuracy of 94% in identifying whether the Telnet service port of operating equipment is open or not, and we could track the illegal communication of the damaged equipment by using the illegal communication history of the damaged equipment.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.19 no.2
• /
• pp.11-21
• /
• 2009

The NTRU cryptosystem proposed by Hoffstein et al. in 1990s is a public key cryptosystem based on hard lattice problems. NTRU has many advantages compared to other public key cryptosystems such as RSA and elliptic curve cryptosystems. For example, it guarantees high speed encryption and decryption with the same level of security, and there is no known quantum computing algorithm for speeding up attacks against NTRD. In this paper, we analyze the security of NTRU against the simple power analysis (SPA) attack and the statistical power analysis (STPA) attack such as the correlation power analysis (CPA) attack First, we implement NTRU operations using NesC on a Telos mote, and we show how to apply CPA to recover a private key from collected power traces. We also suggest countermeasures against these attacks. In order to prevent SPA, we propose to use a nonzero value to initialize the array which will store the result of a convolution operation. On the other hand, in order to prevent STPA, we propose two techniques to randomize power traces related to the same input. The first one is random ordering of the computation sequences in a convolution operation and the other is data randomization in convolution operation.

• Korean Security Journal
• /
• no.25
• /
• pp.27-61
• /
• 2010

This study looks at plans for the efficient functions of the current terror response system in Korea. The results are derived from by comparing and analyzing American, British, German, Japanese, and Korean terror response systems. It focuses especially on addressing some problems with Korea's terror response system and how to operate it effectively. The study will systematically compare and analyze each nation's terror countermeasure studying organizational, functional, and legal aspects as standards. This study shows that there is not an exclusive terror response center in Korea compared with other nations such as America, the United Kingdom, Germany, and Japan. Also it is difficult to expect effective and vigorous operations due to weak cooperation across the relevant organizations. The presidential directive of the state's anti-terrorism action guidelines is legally ineffective. This means that on legal grounds, it is difficult to take actions to prevent the terrorism. Therefore, keys to counteracting terrorism derived from this study are summarized below. In the first place, an integrated terror response system should be set up for expansion of information sharing which leads to emergence effect. In the second place, the superior legislative systems should be made for the cleardefinition and extent of what the terror is, rigid enforcement of investigation, immigration, and keeping an eye on the funds raised by terrorists and tracking down the terrorists, the plan for eco-terrorism. In the third place, to augment security of vital facilities and peoples' awareness of terrorism safety should be emphasized and a cooperative system between civil and government organizations need to be built. In the fourth place, system for crisis management must be provided in an effort to maximize management system of terrorism and unify a decentralized emergency countermeasures effectively.

• Convergence Security Journal
• /
• v.16 no.4
• /
• pp.17-24
• /
• 2016

Many companies and organizations are building a mobile office environment using the LTE network, the national disaster network and Air Force LTE network are built for public safety and national defense. However the recent threats on information security have been evolving from information leakage to DDoS attacks to neutralize the service. Especially, the type of device such as Smart phones, smart pad, tablet PC, and the numbers are growing exponentially and As performance of mobile device and speed of line develop rapidly, DDoS attacks in the mobile environment is becoming a threat. So far, universal countermeasure to DDoS attacks has been interception the network and server step, Yet problem regarding DDoS attack traffic on mobile network and expenditure of network resources still remains. Therefore, this paper analyzes the traffic type distributed in the private mobile network such as the National Disaster Network, and Air Force LTE network in order to preemptively detect DDoS attacks on terminal step. However, as direct analysis on traffic distributed in the National Disaster Network, and Air Force LTE network is restricted, transmission traffics in Minecraft and uploading video file upload which exhibit similar traffic information are analyzed in time series, thereby verifing its effectiveness through establishment of DDoS attacks standard in mobile network and application that detects and protects DDoS attacks

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.4
• /
• pp.905-917
• /
• 2018

The sovereign state has the right to engage in self-defense or war with the approval of the Security Council when it receives an invasion of territory from a foreign country. War is conducted under the principle of the necessity and proportionality of self-defense. In case of cyber attack, proportional countermeasure must be made through attack means and effect analysis, and cyber weapons need to be classified for this purpose. Therefore, this study aims to provide a rational and legitimate response according to the necessity and proportionality of the self - defense right by suggesting definition and classification criteria of cyber weapons. In this study, cyber weapons were defined as "means of collecting, attacking, and protecting information using cyber technology in the cyber space according to military objectives. Based on existing weapon systems and public cyber weapons cases, cyber weapons were classified as (1) cyber weapons for information gathering, (2) cyber weapons for attack, and (3) cyber weapons for protection. We suggest the considerations for applying the proportional response according to this functional classification. In order to guarantee the principle of proportionality to cyber attacks in the future, the classification study based on the cyber weapon effect should be conducted. This study has conducted an exploratory study on the classification of cyber clusters which constitutes one axis of the proportionality principle.

• Korean Security Journal
• /
• no.61
• /
• pp.235-254
• /
• 2019

This study identifies a factor structure regarding the criterion of terror awareness by using confirmatory factor analysis. The study provides information whether the criterion fits in the analysis of terror awareness in Korea or not. Data of 176 public officials working at the National Assembly collected in 「Study on the Improvement of Security in the National Assembly Building」(Choi O-Ho and others, 2016) was used in the analysis. Study results showed the fit statistics of 3 questions regarding concern in terror, 5 questions regarding cognition of terror occurrence, 3 questions regarding countermeasure of terror, and 3 questions regarding equipments against terror satisfied the standard. Also, standard regression coefficient exceeded the standard and was shown to be fit. Concern in terror, as a latent variable, was below the standard value of average variance extracted. However, focused validity was secured by obtaining other values fit. This study proceeded distinct validation test to supplement data. The test results showed that the criterion level was fit. Thus, further survey should include questions that are appropriate to measure the awareness of terror based not only on theories and previous studies but also on questions of terror awareness tested in this study. Such development in surveys will support the means of data measurement.

• Journal of the Society of Disaster Information
• /
• v.15 no.3
• /
• pp.358-366
• /
• 2019

Purpose: This paper aims to clarify the problems and to examine the improvement methods by investigating the management condition of local-designated cultural property of which management is relatively poor in comparison with state-designated cultural heritage. Method: In order to grasp the management situation of the local-designated cultural heritage, a research on cultural heritage management situation and problems will be carried out with 35 cultual heritages in Goryeong-gun. Also, the improvement methods about the property type vulnerability on the basis of interview with cultual property managers, fire-fighting officers and civil servants, etc. Results: Local cultural heritages were investigated to be very vulnerable to the fire of wooden buildings, the theft of movable cultural heritages, and the effects of wind and water damage. It is because cultural heritages are scattered over wide areas fundamentally. As the result, it has difficulty in the patrols of police officers and fire fighters, and in the situation that it lacks disaster monitoring and CCTV for countermeasures to replace them, electronic security including fire hydrant, sensors, etc and fire extinguishing facilities and so on. It is difficult for local governments managing local-designated cultural heritages to enhance their management systems directly due to their lack of budget and manpower. Conclusion: In order to strengthen disaster and safety management system for the cultural heritages designated by local governments, they have to clarify disaster countermeasure task of fire fighting, police, and cultural heritage managers prepare their manuals, and systematize them through disaster drill mainly in local autonomous governments. Also, so as to establish a surveillance system every day, they have to enhance the community for local cultural heritage manage consisting of local volunteer fire departments, local voluntary disaster prevention organizations, volunteers, etc.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.18 no.5
• /
• pp.93-101
• /
• 2008

Side channel attacks are well known as one of the most powerful physical attacks against low-power cryptographic devices and do not take into account of the target's theoretical security. As an important succeeding factor in side channel attacks (specifically in DPAs), exact time-axis alignment methods are used to overcome misalignments caused by trigger jittering, noise and even some countermeasures intentionally applied to defend against side channel attacks such as random clock generation. However, the currently existing alignment methods consider only on the position of signals on time-axis, which is ineffective for certain countermeasures based on time-axis misalignments. This paper proposes a new signal alignment method based on interpolation and decimation techniques. Our proposal can align the size as well as the signals' position on time-axis. The validity of our proposed method is then evaluated experimentally with a smart card chip, and the results demonstrated that the proposed method is more efficient than the existing alignment methods.

• Journal of the Korean Institute of Gas
• /
• v.16 no.5
• /
• pp.21-27
• /
• 2012

The loss of life and property due to accidents in the research facilities or the laboratories of the university occurs steadily and the necessity of laboratory accident prevention is proposed. Above all, the main work to laboratory accident prevention is a systematic analysis of laboratories accidents. Analyzing reports or researches on industrial accidents in Korea had been carried out but these researches or reports did not based on laboratory accidents analysis. To the establishment of the accident prevention countermeasure in laboratory, a questionnaire sheet has been developed in this study. The questionnaires to survey the accident cases were gathered by electronic mail and visit survey from the laboratories and universities. The data of accident cases from the questionnaires was analyzed and discussed on accident distribution by season, the type of accident classification, the type of occurrence, the objects that caused the accident and laboratory accident by the damage incurred etc.. These results of this study can be used as basic data to the safety security and laboratory accident prevention of the laboratory worker.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.36 no.11B
• /
• pp.1297-1304
• /
• 2011

SIP(Session Initiation Protocol) has some security vulnerability because it works on the Internet. Therefore, the proxy server can be affected by the flooding attack such as DoS and service interruption. However, traditional schemes to corresponding Denial of Service attacks have some limitation. These schemes have high complexity and cannot protect to the variety of Denial of Service attack. In this paper, we newly define the normal user who makes a normal session observed by verifier module. Our method provides continuous service to the normal users in the various situations of Denial of Service attack as constructing a whitelist using normal user information. Various types of attack/normal traffic are modeled by using OPNET simulator to verify our scheme. The simulation results show that our proposed scheme can prevent DoS attack and achieve a low false rate and fast searching time.