• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.4
• /
• pp.637-659
• /
• 2021

Since the creation of the first Bitcoin blockchain in 2009, the number of cryptocurrency users has steadily increased. However, the number of hacking attacks targeting assets stored in these users' cryptocurrency wallets is also increasing. Therefore, we evaluate the security of the wallets currently on the market to ensure that they are safe. We first conduct threat modeling to identify threats to cryptocurrency wallets and identify the security requirements. Second, based on the derived security requirements, we utilize attack trees and Bayesian network analysis to quantitatively measure the risks inherent in each wallet and compare them. According to the results, the average total risk in software wallets is 1.22 times greater than that in hardware wallets. In the comparison of different hardware wallets, we found that the total risk inherent to the Trezor One wallet, which has a general-purpose MCU, is 1.11 times greater than that of the Ledger Nano S wallet, which has a secure element. However, use of a secure element in a cryptocurrency wallet has been shown to be less effective at reducing risks.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.14 no.2
• /
• pp.19-25
• /
• 2018

With the development of IT technology, various services such as artificial intelligence and autonomous vehicles are being introduced, and many changes are taking place in our lives. However, if secure security is not provided, it will cause many risks, so the information security becomes more important. In this paper, we analyzed the research trends of main themes of information security over time. In order to conduct the research, 'Information Security' was searched in the Web of Science database. Using the abstracts of theses published from 1991 to 2016, we derived main research topics through topic modeling and time series regression analysis. The topic modeling results showed that the research topics were Information technology, system access, attack, threat, risk management, network type, security management, security awareness, certification level, information protection organization, security policy, access control, personal information, security investment, computing environment, investment cost, system structure, authentication method, user behavior, encryption. The time series regression results indicated that all the topics were hot topics.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.17 no.11
• /
• pp.2966-2986
• /
• 2023

Climate change is a constant threat to human life, and it is important to understand the public perception of this issue. Previous studies examining climate change have been based on limited survey data. In this study, the authors used big data such as news articles and social media data, within which the authors selected specific keywords related to climate change. Using these natural language data, topic modeling was performed for discourse analysis regarding climate change based on various topics. In addition, before applying topic modeling, sentiment analysis was adjusted to discover the differences between discourses on climate change. Through this approach, discourses of positive and negative tendencies were classified. As a result, it was possible to identify the tendency of each document by extracting key words for the classified discourse. This study aims to prove that topic modeling is a useful methodology for exploring discourse on platforms with big data. Moreover, the reliability of the study was increased by performing topic modeling in consideration of objective indicators (i.e., coherence score, perplexity). Theoretically, based on the social amplification of risk framework (SARF), this study demonstrates that the diffusion of the agenda of climate change in public news media leads to personal anxiety and fear on social media.

• Journal of the Korea Society for Simulation
• /
• v.29 no.1
• /
• pp.1-9
• /
• 2020

The ballistic missile threat continues to increase with the proliferation of missile technology. In response to this threat, many kinds of interceptors have been emphasized over the years. For development of interceptor, systematic flight tests are essential. Flight tests provide valuable data that can be used to verify performance and confirm the technological progress of ballistic missile defense system including interceptor. However, during flight tests, civilians near the test region could be risk due to a lot of intercept debris. For this reason, reliable estimate of safety area for the flight tests should be preceded. In this study, prediction of safety area is performed through modeling and simulation. Firstly, behaviors of ballistic missile and interceptor are simulated for those entire phase including interception to obtain the relative intercept velocity and the relative impact angle. By using obtained data of kinetic energy, the fragment ejection velocity is calculated and fragment trajectories are simulated by considering drag, gravity and wind effects. Based on the debris field formation and hazard evaluation of debris, final safety area is calculated.

• Nuclear Engineering and Technology
• /
• v.44 no.8
• /
• pp.919-928
• /
• 2012

The applications of computers and communication system and network technologies in nuclear power plants have expanded recently. This application of digital technologies to the instrumentation and control systems of nuclear power plants brings with it the cyber security concerns similar to other critical infrastructures. Cyber security risk assessments for digital instrumentation and control systems have become more crucial in the development of new systems and in the operation of existing systems. Although the instrumentation and control systems of nuclear power plants are similar to industrial control systems, the former have specifications that differ from the latter in terms of architecture and function, in order to satisfy nuclear safety requirements, which need different methods for the application of cyber security risk assessment. In this paper, the characteristics of nuclear power plant instrumentation and control systems are described, and the considerations needed when conducting cyber security risk assessments in accordance with the lifecycle process of instrumentation and control systems are discussed. For cyber security risk assessments of instrumentation and control systems, the activities and considerations necessary for assessments during the system design phase or component design and equipment supply phase are presented in the following 6 steps: 1) System Identification and Cyber Security Modeling, 2) Asset and Impact Analysis, 3) Threat Analysis, 4) Vulnerability Analysis, 5) Security Control Design, and 6) Penetration test. The results from an application of the method to a digital reactor protection system are described.

• Journal of Navigation and Port Research
• /
• v.36 no.3
• /
• pp.261-271
• /
• 2012

The purpose of the present study is to empirically examine factors that affect the information security awareness and perceived information security risk of employees of port companies. In particular, in order to identify factors that affect the perceived information security risks, we investigated the relation of assets, threats, and vulnerabilities to it, using the risk analysis methodology. With A total of 252 valid questionnaires, we also performed the structural equation modeling analysis using AMOS. It was found that first, there was no meaningful relationship between the information assets and the perceived information security risk in the case of employees of port companies. Second, threats and vulnerabilities turned out to have positive influences on the perceived information security risk. Finally, there was a positive relationship not only between the information security awareness and the information security education, but also between the information security awareness and the intention of information security. However, there was no meaningful relationship between the information security concern and the information security awareness.

• Proceedings of the Korean Nuclear Society Conference
• /
• 1997.10a
• /
• pp.713-718
• /
• 1997

In the TMI-2 accident, approximately twenty(20) tons of molten core material drained into the lower plenum. Early advanced light water reactor (LWR) designs assumed a lower head failure and incorporated various measures for ex-vessel accident mitigation. However, one of the major findings from the TMI-2 Vessel Investigation Project was that one part of the reactor lower head wall estimated to have attained a temperature of 1100$^{\circ}C$ for about 30 minutes has seemingly experienced a comparatively rapid cooldown with no major threat to the vessel integrity. In this regard, recent empirical and analytical studies have shifted interests to such in-vessel retention designs or strategies as reactor cavity flooding, in-vessel flooding and engineered gap cooling of the vessel Accurate thermohydrodynamic and creep deformation modeling and rupture prediction are the key to the success in developing practically useful in-vessel accident/risk management strategies. As an advanced in-vessel design concept, this work presents the COrium Attack Syndrome Immunization Structures (COASIS) that are being developed as prospective in-vessel retention devices for a next-generation LWR in concert with existing ex-vessel management measures. Both the engineered gap structures in-vessel (COASISI) and ex-vessel (COASISO) are demonstrated to maintain effective heat transfer geometry during molten core debris attack when applied to the Korean Standard Nuclear Power Plant(KSNPP) reactor. The likelihood of lower head creep rupture during a severe accident is found to be significantly suppressed by the COASIS options.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.5
• /
• pp.827-846
• /
• 2023

Recently, various information technologies such as network communication and sensors have begun to be integrated into weapon systems that were previously operated in stand-alone. This helps the operators of the weapon system to make quick and accurate decisions, thereby allowing for effective operation of the weapon system. However, as the involvement of the cyber domain in weapon systems increases, it is expected that the potential for damage from cyber attacks will also increase. To develop a secure weapon system, it is necessary to implement built-in security, which helps considering security from the requirement stage of the software development process. The U.S. Department of Defense is implementing the Risk Management Framework Assessment and Authorization (RMF A&A) process, along with the introduction of the concept of cybersecurity, for the evaluation and acquisition of weapon systems. Similarly, South Korea is also continuously making efforts to implement the Korea Risk Management Framework (K-RMF). However, so far, there are no cases where K-RMF has been applied from the development stage, and most of the data and documents related to the U.S. RMF A&A are not disclosed for confidentiality reasons. In this study, we propose the method for inferring the composition of the K-RMF based on systematic threat analysis method and the publicly released documents and data related to RMF. Furthermore, we demonstrate the effectiveness of our inferring method by applying it to the naval battleship system.

• Wind and Structures
• /
• v.38 no.3
• /
• pp.171-191
• /
• 2024

Wind Driven Rain (WDR) poses a significant threat to the building environment, especially in hurricane prone regions by causing interior and content damage during tropical storms and hurricanes. The damage due to rain intrusion depends on the total amount of water that enters the building; however, owing to the use of inadequate empirical methods, the amount of water intrusion is difficult to estimate accurately. Hence, the need to achieve full-scale testing capable of realistically simulating rain intrusion is widely recognized. This paper presents results of a full-scale experimental simulation at the NHERI Wall of Wind Experimental Facility (WOW EF) aimed at obtaining realistic rain characteristics as experienced by structures during tropical storms and hurricanes. A full-scale simulation of rain in strong winds would allow testing WDR intrusion through typical building components. A study of rain intrusion through a sliding glass door is presented, which accounted for the effects of multiple wind directions, test durations and wind speeds; configurations with and without shuttering systems were also considered. The study showed that significant levels of water intrusion can occur during conditions well below current design levels. The knowledge gained through this work may enhance risk modeling pertaining to loss estimates due to WDR intrusion in buildings, and it may help quantify the potential reduction of losses due to the additional protection from shuttering systems on sliding glass doors during winds.

• Journal of the Korea Society of Computer and Information
• /
• v.25 no.8
• /
• pp.31-37
• /
• 2020

In this paper, we propose a system architecture and methodology based on cyber kill chain and MITRE ATT&CK for experiment analysis on cyber warfare simulation. Threat analysis is possible by applying various attacks that have actually occurred with continuous updates to reflect newly emerging attacks. In terms of cyber attack and defense, the current system(AS-IS) and the new system(TO-BE) are analyzed for effectiveness and quantitative results are presented. It can be used to establish proactive cyber COA(Course of Action) strategy, and also for strategic decision making. Through a case study, we presented the usability of the system architecture and methodology proposed in this paper. The proposed method will contribute to strengthening cyber warfare capabilities by increasing the level of technology for cyber warfare experiments.