• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.20 no.12
• /
• pp.76-82
• /
• 2019

The development of Internet technology and the deployment of smart devices provide a convenient environment for people, and this is becoming common with the technology called the Internet of Things (IoT). But the development of, and demand for, IoT technology is causing various problems, such as personal information leaks due to the attacks of hackers who exploit it. A number of devices are connected to a network, and network attacks that have been exploited in the existing PC environment are occurring in the IoT environment. When it comes to IP cameras, security incidents (such as distributed denial of service [DDoS] attacks, hacking someone's personal information, and monitoring without consent) are occurring. However, it is difficult to install and implement existing security solutions because memory space and power are limited owing to the characteristics of small devices in the IoT environment. Therefore, this paper proposes a security protocol that can look at and prevent IoT security threats. A security assessment verified that the proposed protocol is able to respond to various security threats that could arise in a network. Therefore, it is expected that efficient operation of this protocol will be possible if it is applied to the IoT environment.

• Convergence Security Journal
• /
• v.15 no.5
• /
• pp.71-76
• /
• 2015

Financial Intelligence Unit Law doesn't include investigation on important cases that could influence the security and existence of the nation that are the core jobs of national intelligence agency. So the agency has a difficulty to investigate the international crime of North Korea and other security incidents. It is also difficult to catch an international crime organization working in Korea. It also produces problems such as difficulty in investigating the illegal leak of strategic materials and investigating people related to illegal funding to international terrorism. So it is urgently needed to revise Financial Intelligence Law as soon as possible. Foreign intelligence agencies use the information of financial intelligence unit in many different ways. National Security Agency of China and Australian Security Intelligence Organization freely use the information of financial intelligence unit based on their own laws and systems. Central Intelligence Agency and Federal Bureau of Investigation of USA and Secret Intelligence Service and Security Service of Britain request financial intelligence units to supply them with the information of financial intelligence unit. But the national intelligence agency of Korea isn't able to approach to FIU and can't share the FIU information with foreign intelligence agencies. To solve the problem, they should revise Financial Intelligence Unit Law so that national intelligence agency can receive or request information from Korean Financial Intelligence Unit.

• Journal of Korea Port Economic Association
• /
• v.40 no.1
• /
• pp.1-14
• /
• 2024

The port industry has been actively adopting Fourth Industrial Revolution technologies, leading to transformations in port infrastructure, such as automated and smart ports. While these changes have improved port efficiency, they have also increased the potential for Cyber Security incidents, including data leaks and disruptions in terminal operations due to ransomware attacks. Recognizing the need to prioritize Cyber Security measures, a study was conducted, focusing on Busan Port's rapidly automating container terminal in South Korea. The results of the Eisenhower Matrix analysis identified legal and regulatory factors as a top priority in the first quadrant, with educational systems, workforce development, network infrastructure, and policy support in the third quadrant. Subsequently, a Borich Needs Analysis revealed that the highest priority was given to legal improvements in security management systems, while the development of Cyber Security professionals ranked lowest. This study provides foundational research for enhancing Cyber Security in domestic container terminals and offers valuable insights into their future direction.

• Korean Security Journal
• /
• no.33
• /
• pp.197-228
• /
• 2012

The private security industry in Korea has rapidly proliferated. While the industry has grown quickly, though, private security officers have recently been implicated in incidents involving violence, demonstrating an urgent need for systematic reform and regulation of private security practices in Korea. Due to its quasi-public service character, the industry also risks losing the public's favor if it is not quickly disciplined and brought under legitimate government regulation: the industry needs professional standards for conduct and qualification for employment of security officers. This paper shares insights for the reform of the Korean private security industry through a study of the licensing and training requirements for private security businesses in the United States, mainly focusing on the Private Security Officer Employment Authorization Act (hereinafter the PSOEAA) and the California system. According to the PSOEAA, aspiring security officers shall submit to a criminal background check (a check of the applicants' criminal records). Applicants' criminal records should include not only felony convictions but also any other moral turpitude offenses (involving dishonesty, false statement, and information on pending cases). The PSOEAA also allows businesses to do background checks of their employees every twelve months, enabling the employers to make sure that their employees remain qualified for their security jobs during their employment. It also must be mentioned that the state of California, for effective management of its private security sector, has established a professional government authority, the Bureau of Security and Investigative Services, a tacit recognition that the private security industry needs to be thoroughly, professionally, and actively managed by a professional government authority. The American system provides a workable model for the Korean private security industry. First, this paper argues that the Korean private security industry should implement a more strict criminal background check system similar to that required by the PSOEAA. Second, it recommends that an independent professional government authority be established to oversee and enforce regulation of Korea's private security industry. Finally, this article suggests that education and training course be implemented to provide both diverse training as well as specialization and phasing.

• Journal of the Korean Institute of Intelligent Systems
• /
• v.20 no.3
• /
• pp.422-427
• /
• 2010

Korean Game industry, especially MMORPG(Massively Multiplayer Online Game) has been rapidly expanding in these days. But As game industry is growing, lots of online game security incidents have also been increasing and getting prevailing. One of the most critical security incidents is 'Game Bots', which are programs to play MMORPG instead of human players. If player let the game bots play for them, they can get a lot of benefic game elements (experience points, items, etc.) without any effort, and it is considered unfair to other players. Plenty of game companies try to prevent bots, but it does not work well. In this paper, we propose a behavior pattern model for detecting bots. We analyzed behaviors of human players as well as bots and identified six game features to build the model to differentiate game bots from human players. Based on these features, we made a Naive Bayesian classifier to reasoning the game bot or not. To evaluated our method, we used 10 game bot data and 6 human Player data. As a result, we classify Game bot and human player with 88% accuracy.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.19 no.10
• /
• pp.8-15
• /
• 2018

This article investigates intelligent security integrated platform for real-time crime response and preventive crime prevention. This study analyzed intelligent crime prevention platform elements by analyzing crime prevention system/platform research, intelligent crime prevention research, and case study of municipality integrated operation center crime prevention system. Through this, we developed a practical intelligent security platform, and suggested a linkage with existing municipalities and smart city integrated platform system considering scalability. This enables CCTV monitoring, which is used only for existing post processing, to cope with real-time crime. It is expected that it will be able to solve the incidents in golden-time by grasping the precise position of the complainant not only in the outdoor but also indoors. It is also possible to provide citizen-centered crime-prevention social safety net information sharing service by enhancing citizen participation as well as improving control efficiency. The intelligent security platform has advantages that it is easy to spread the municipality because it is developed considering existing municipal system, smart city integration platform, and linkage and expansion with other security services.

• KIPS Transactions on Computer and Communication Systems
• /
• v.5 no.4
• /
• pp.79-86
• /
• 2016

About 75% of software security incidents are caused by software vulnerability. In addition, the after-market repairing cost of the software is higher by more than 30 times than that in the design stage. In this background, the secure coding has been proposed as one of the ways to solve this kind of maintenance problems. Various institutions have addressed the weakness patterns of the standard software. A new Korean programming language Saesark has been proposed to resolve the security weakness on the language level. However, the previous study on Saesark can not resolve the security weakness caused by the API. This paper proposes a way to resolve the security weakness due to the API. It adopts a static analyzer inspecting dangerous methods. It classifies the dangerous methods of the API into two groups: the methods of using tainted data and those accepting in-flowing tainted data. It analyses the security weakness in four steps: searching for the dangerous methods, configuring a call graph, navigating a path between the method for in-flowing tainted data and that uses tainted data on the call graph, and reporting the security weakness detected. To measure the effectiveness of this method, two experiments have been performed on the new version of Saesark adopting the static analysis. The first experiment is the comparison of it with the previous version of Saesark according to the Java Secure Coding Guide. The second experiment is the comparison of the improved Saesark with FindBugs, a Java program vulnerability analysis tool. According to the result, the improved Saesark is 15% more safe than the previous version of Saesark and the F-measure of it 68%, which shows the improvement of 9% point compared to 59%, that of FindBugs.

• Korean Security Journal
• /
• no.13
• /
• pp.507-528
• /
• 2007

June 2006, five korean oil workers, three who worked for Daewoo and two for Korea Gas, released after being held hostage by separatist militants in Nigeria. The kidnapping was happened in the Niger Delta where armed separatists are demanding a larger share in oil revenues and compensation for environmental destruction due to oil exploration. Seven months later, nine Korean pipeline workers of Daewoo together with a Nigerian were kidnapped again and safely released thanks to the efforts of the company and the Korean government. These two kidnapping incidents have shown that companies engaged in the overseas business are not safe any more from the terrorist attacks and has given an invaluable lesson that the company having an intention to go abroad for business should take all possible anti and counter-measures against terrorism. The main purpose of this study is to suggest a guideline for the establishment of counter-terrorism and security strategy against terrorist attacks on the private companies at the overseas. In order to foster a better understanding of the problem, a brief history of terrorism is presented in the first part. In addition, this study analyses and describes the variations of terrorist attacks against private companies together with the terrorism related environment of Korea. Based on the outcome of the study, this paper takes a global view and perspectives of terrorist attacks against private companies and suggests consideration for the future.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2015.05a
• /
• pp.277-280
• /
• 2015

Smishing, Phishing personal privacy caused by Incident accidents such as Phishing information security has become a hot topic. Such incidents have privacy in personal information management occurs due to a lack of user awareness. This paper is based on the existing structure of the XML Tag question bank used a different Key-Value Structure-based JSON. JSON is an advantage that does not depend on the language in the text-based interchange format. The proposed system is divided into information security sector High, Middle and Low grade. and Provides service to the user through the free space and the smart device and the PC to the constraints of time. The use of open source Apache Load Balancing technology for reliable service. It also handles the user's web page without any training sessions Require server verification result of the training(training server). The result is sent to the training server using jQuery Ajax. and The resulting data are stored in the database based on the user ID. Also to be used as a training statistical indicators. In this paper, we design a level training system to enhance the user's information security awareness.

• The KIPS Transactions:PartC
• /
• v.18C no.3
• /
• pp.143-150
• /
• 2011

The adoption of VoIP is continuously increasing in public institutions, private enterprises and households due to cheaper cost and various supplementary services. Also, it is expected to spread widely the use of VoIP in mobile environment through the increasing use of smartphone. With the growing concern over the incidents of VoIP service while the VoIP service has become increasingly. Especially eavesdropping, it is possible to invade user privacy and drain the secret of company. So, it is important to adopt the protocols for VoIP secure communication. VoIP security protocols are already adopted in public institutions, but it is not adopted in private enterprises and households. In addition, it is necessary to verify whether the VoIP security protocol could be adopted or not in mobile VoIP due to its limited computing power. This paper compared the VoIP security protocol under fixed network and mobile network through performance evaluation. Finally, we found that it is possible to adopt the VoIP security protocols in mobile network.