• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.6
• /
• pp.1205-1214
• /
• 2021

Edge Computing is used as a solution to the cost problem and transmission delay problem caused by network bandwidth consumption that occurs when IoT/CPS devices are integrated into the cloud by performing artificial intelligence (AI) in an environment close to the data source. Since edge computing runs on devices that provide high-performance computation and network connectivity located in the real world, it is necessary to consider application integrity so that it is not exploited by cyber terrorism that can cause human and material damage. In this paper, we propose a technique to protect the integrity of edge computing applications implemented in a script language that is vulnerable to tampering, such as Python, which is used for implementing artificial intelligence, as container images and then digitally signed. The proposed method is based on the integrity protection technology (Docker Contents Trust) provided by the open source container technology. The Docker Client was modified and used to utilize the whitelist for container signature information so that only containers allowed on edge computing devices can be operated.

• Journal of the Society of Disaster Information
• /
• v.18 no.3
• /
• pp.487-494
• /
• 2022

Purpose: This study proposes a Metaverse-based police education and training model that can efficiently improve the performance of various police activities according to changes in the environment of the times. Method: The structure of this system can generate Avatar Controller expressed using HMD and haptic technology, access the Network Interface, and educate and train individually or on a team basis through the command control module, education and training content module, and analysis module. Result: In the proposed model of this study, the command and control module was incorporated into individual or team-based education and training, enabling organic collaborative training among team members by monitoring the overall situation of terrorism or crime in real time. Conclusion: Metaverses-based individual or team-based police education and training can provide a more efficient and safe education and training environment based on immersion, interaction, and rapid judgment in various situations.

• KNOM Review
• /
• v.22 no.1
• /
• pp.11-19
• /
• 2019

As technology develops, the latest security threats on the network applied to users are increasing. By attacking industrial or corporate systems with malicious purposes, hackers cause many social problems such as confidential information leakage, cyber terrorism, infringement of information assets, and financial damage. Due to the complex and diversified threats, the current security personnel alone are not enough to detect and analyze all threats. In particular, the Supervisory Control And Data Acquisition (SCADA) used in industrial infrastructures that collect, analyze, and return static data 24 hours a day, 265 days a year, is very vulnerable to real-time security threats. This paper introduces security information and event management (SIEM), a powerful integrated security management system that can monitor the state of the system in real time and detect security threats. Next, we compare SIEM solutions from various companies with the open source SIEM (OSSIM) from AlienVault, which is distributed as an open source, and present cases using the OSSIM and how to utilize it.

• Journal of Korea Multimedia Society
• /
• v.15 no.1
• /
• pp.93-100
• /
• 2012

Recently, the security monitoring and control systems based on spatial information in various field are operated and being developed according to evolve the spatial information technology. Especially, the CCTV monitoring and control system can be used in various field as a typical system. However, the security vulnerability problems have become an issue because the system connected by computer network and getting bigger than before. Therefore we studied security vulnerabilities of CCTV monitoring and control system which is being developed and operated. In addition, it is important to consider disaster and terrorism with unauthorized changes on location information. Therefore we analyzed the performance of observation when the cameras are break down as a result by hacking to CCTV monitoring and control system.

• Journal of Digital Contents Society
• /
• v.18 no.6
• /
• pp.1009-1015
• /
• 2017

Recently, video surveillance is becoming more and more common as many camera are installed due to crime, terrorism, traffic and security. And systems that control cameras are becoming increasingly general. Video input from the installed camera is monitored by the multiscreen at the central control center, it is essential to simultaneously monitor multiscreen in real-time to quickly respond to situations or dangers. However, monitoring of multiscreen in a mobile environment such as a smart phone is not applied to hardware specifications or network bandwidth problems. For resolving these problems, in this paper, we propose a system that can monitor multiscreen in real-time in mobile-phone environment. We reconstruct the desired multiscreen through transcoding, it is possible to monitor continuously video streaming of multiple cameras, and to have the advantage of being mobile in mobile-phone environment.

• Proceedings of the Korea Contents Association Conference
• /
• 2006.05a
• /
• pp.337-341
• /
• 2006

Spam email is an electronic mail sent to a large number of netizen who do not want it. Criminals have been to take an advantage of this tool easily through harmful activities such as phishing. Recently the spam mail containing commercial information is broadly accepted as an illegal commitment to endangering the network. According some report, it could cause real damages. For the better policy on controlling spam mail we need new Efficient Countermeasure. Several laws have been enacted in Korea for controlling spam mail. The most important acts is the Using and Protecting Communication Act. Main targets of this law is virus spreading, computer hacking, cyber pornography, intellectual property breaching, private or public information abusing and cyber terrorism. But the Using and Protecting Communication Act is insufficient to control spam mail. For the better policy on controlling spam mail we need new Efficient Countermeasure. Therefore, this research wishes to present way to control for efficient spam mail through enactment of conversion, induction of clash action system degree, special law of national regulation form for spam mail.

• Journal of Convergence for Information Technology
• /
• v.8 no.1
• /
• pp.139-145
• /
• 2018

Ransomeware is a kind of malware. Computers infected with Ransomware have limited system access. It is a malicious program that must provide a money to the malicious code maker in order to release it. On May 12, 2017, with the largest Ransomware attack ever, concerns about the Internet security environment are growing. The types of Ransomware and countermeasures to prevent cyber terrorism are discussed. Ransomware, which has a strong infectious nature and has been constantly attacked in recent years, is typically in the form of Locky, Petya, Cerber, Samam, and Jigsaw. As of now, Ransomware defense is not 100% free. However, it can counter to Ransomware through automatic updates, installation of vaccines, and periodic backups. There is a need to find a multi-layered approach to minimize the risk of reaching the network and the system. Learn how to prevent Ransomware from corporate and individual users.

• The Journal of Society for e-Business Studies
• /
• v.25 no.2
• /
• pp.99-108
• /
• 2020

Unlike a general IT environment, an industrial control system is an environment where stability and continuity are more important than security. In the event of a security accident in the industrial control system, physical motion can be controlled, so physical damage can occur and physical damage can even result in personal injury. Cyber attacks on industrial control systems are not simply cyber damage, but terrorism. However, the security of industrial control systems has not been strengthened yet, and many vulnerabilities are actually occurring. This paper shows that the PLC can be remotely controlled by analyzing the connection process and packets for the PLC protocol used in the industrial control system and bypassing the security mechanism existing in the protocol. Through this, we intend to raise the security awareness of the industrial control system.

• The Journal of the Korea Contents Association
• /
• v.13 no.4
• /
• pp.389-398
• /
• 2013

This study aims to support rational security investment decision making through prioritizing on operational level of management measures strategically, in carrying out industrial security activities. For this, AHP survey is conducted against industrial security professionals and analyzed. Thereafter, the importance and the priority of industrial security management measures are determined. As a result, in a comparison evaluation among the criteria, 'ICT service management' represents the highest weight (0.54). And the sub-criteria could be divided into three groups (Group I, II, III), depending on their importance. The sensitivity analysis results show that if the weight of the criterion, 'ICT systems/networks access control' is doubled, the sub-criteria, 'O/S access control', 'application access control', and 'wired/wireless network access control' are enter into top rank group. In case of the criterion, 'physical/environmental security' is doubled, the sub-criteria, 'protection zoning/access control' and 'disaster prevention on business equipment/counter-terrorism' are enter into the top rank group, 'securing utilities' is enter into the mid rank group.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2011.10a
• /
• pp.245-248
• /
• 2011

Voice over Internet protocol(VoIP) is call's contents using the existing internet. Thus, in common with the Internet service has the same vulnerability. In addition, unlike traditional PSTN remotely without physical access to hack through the eavesdropping is possible. Cyber terrorism by anti-state groups take place when the agency's computer network and telephone system at the same time work is likely to get upset. In this paper is penetration testing for security threats(Call interception, eavesdropping, misuse of services) set out in the NIS in the VoIP. In addition, scenario writing and penetration testing, hacking through the Voice over Internet protocol at the examination center will study discovered vulnerabilities. Vulnerability discovered in Voice over Internet protocol presents an attack and defense plan.