• Convergence Security Journal
• /
• v.19 no.1
• /
• pp.19-30
• /
• 2019

As the 4th industrial revolution has recently become a hot topic, the importance of autonomous vehicles has increased and interest has been increasing worldwide, and accidents involving autonomous vehicles have also occurred. With the development of autonomous vehicles, the possibility of a cyber-hacking threat to the car network is increasing. Various countries, including the US, UK and Germany, have developed guidelines to counter cyber-hacking of autonomous vehicles, In the case of Korea, limited temporary operation of autonomous vehicles is being carried out, but the legal system to be applied in case of accidents caused by vehicle network hacking is insufficient. In this paper, based on the existing legal system, we examine the civil liability caused by the cyber hacking of the autonomous driving car, while we propose a law amendment suited to the characteristics of autonomous driving car and a legal system improvement plan that can give sustainable trust to autonomous driving car.

• Journal of the Korea Convergence Society
• /
• v.9 no.6
• /
• pp.33-38
• /
• 2018

In this study, we try to detect new attacks for vehicle by learning only one class. We use Car-Hacking dataset, an intrusion detection dataset, which is used to evaluate classification performance. The dataset are created by logging CAN (Controller Area Network) traffic through OBD-II port from a real vehicle. The dataset have four attack types. One class classification is one of unsupervised learning methods that classifies attack class by learning only normal class. When using unsupervised learning, it difficult to achieve high efficiency because it does not use negative instances for learning. However, unsupervised learning has the advantage for classifying unlabeled data, which are new attacks. In this study, we use one class classifier to detect new attacks that are difficult to detect using signature-based rules on network intrusion detection system. The proposed method suggests a combination of parameters that detect all new attacks and show efficient classification performance for normal dataset.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2011.05a
• /
• pp.650-653
• /
• 2011

In this paper, we describe Bluetooth system and Bluetooth security. And we analyze the structure of information security and vulnerability, introduced one of Bluetooth hacking techniques. We show a demo of the attack process to inject arbitrary hands-free voice messages and save the file information, recording a conversation through hands-free device.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.14 no.4
• /
• pp.17-26
• /
• 2018

Connected car plays an important role on Intelligent Transport System (ITS). ITS is able to secure drivers' convenience and safety, however, the overall system can be threatened by hacking attempt. Blockchain is one strong candidate of the remedy to promote the security of the ITS network. However, there will be many challenges to adopt previously proposed blockchain technologies to ITS. This work presents a new ITS structure based on blockchain technology. Proposed scheme includes three major layers. The first layer is central manager which is initiated once to register a certain connected car. The third layer is RSU (Road Side Unit) layer which exploits PoS (Proof of Stake) for consortium blockchains and retains real-time information. In addition, this layer performs block expiration based on timers to maintain manageable block length. In the second layer, the generated blocks of the third layer without expiration are housed as private blockchains. We finally demonstrate possible merits of newly proposed scheme.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.11 no.2
• /
• pp.865-882
• /
• 2017

To improve passenger convenience and safety, today's vehicle is evolving into a "connected vehicle," which mounts various sensors, electronic control devices, and wired/wireless communication devices. However, as the number of connections to external networks via the various electronic devices of connected vehicles increases and the internal structures of vehicles become more complex, there is an increasing chance of encountering issues such as malfunctions due to various functional defects and hacking. Recalls and indemnifications due to such hacking or defects, which may occur as vehicles evolve into connected vehicles, are becoming a new risk for automakers, causing devastating financial losses. Therefore, automakers need to make voluntary efforts to comply with security ethics and strengthen their responsibilities. In this study, we investigated potential security issues that may occur under a connected vehicle environment (vehicle-to-vehicle, vehicle-to-infrastructure, and internal communication). Furthermore, we analyzed several case studies related to automaker's legal risks and responsibilities and identified the security requirements and necessary roles to be played by each player in the automobile development process (design, manufacturing, sales, and post-sales management) to enhance their responsibility, along with measures to manage their legal risks.

• Journal of Multimedia Information System
• /
• v.9 no.1
• /
• pp.33-42
• /
• 2022

In this paper, we have recently created self-driving cars and self-parking systems in human-friendly cars that can provide high safety and high convenience functions by recognizing the internal and external situations of automobiles in real time by incorporating next-generation electronics, information communication, and function control technologies. And with the development of connected cars, the ITS (Intelligent Transportation Systems) market is expected to grow rapidly. Intelligent Transportation System (ITS) is an intelligent transportation system that incorporates technologies such as electronics, information, communication, and control into the transportation system, and aims to implement a next-generation transportation system suitable for the information society. By combining the technologies of connected cars and Internet of Things with software features and operating systems, future cars will serve as a service platform to connect the surrounding infrastructure on their own. This study creates a research methodology based on the Enhanced Security Model in Self-Driving Cars model. As for the types of attacks, Availability Attack, Man in the Middle Attack, Imperial Password Use, and Use Inclusive Access Control attack defense methodology are used. Along with the commercialization of 5G, various service models using advanced technologies such as autonomous vehicles, traffic information sharing systems using IoT, and AI-based mobility services are also appearing, and the growth of smart transportation is accelerating. Therefore, research was conducted to defend against hacking based on vulnerabilities of smart cars based on artificial intelligence blockchain.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.2
• /
• pp.411-421
• /
• 2015

These days, a conversion of the fast-advancing ICT (Information and Communications Technologies) and the IoT (Internet of Things) has been in progress. However, these conversion Technology could lead to many of the security threat existing in the ICT environment. The security threats of car in the IoT environment could cause the property damage and casualty. There are the inadequate preparations for the car security and the difficulty of detection for the security threats by itself. In this paper, we proposed the decision-making framework for the anomaly detection and found out what are the threats of car in the IoT environment. The discrimination of the factor, path and type of threats from the attack against the car should take priority over the self-inspection and the swift handling of the attack on control system.

• Journal of Digital Convergence
• /
• v.20 no.5
• /
• pp.637-642
• /
• 2022

Self-authentication technology using electrocardiogram (ECG) signals is drawing attention as a self-authentication technology that can replace existing bio-authentication. A device that recognizes a digital electronic key can be mounted on a vehicle to wirelessly exchange data with a car, and a function that can lock or unlock a car door or start a car by using a smartphone can be controlled through a smartphone. However, smart keys are vulnerable to security, so smart keys applied with bio-authentication technology were studied to solve this problem and provide driver convenience. A personal authentication algorithm using electrocardiogram was mounted on a watch-type wearable device to authenticate bio, and when personal authentication was completed, it could function as a smart key of a car. The certification rate was 95 per cent achieved. Drivers do not need to have a smart key, and they propose a smart key as an alternative that can safely protect it from loss and hacking. Smart keys using personal authentication technology using electrocardiogram can be applied to various fields through personal authentication and will study methods that can be applied to identification devices using electrocardiogram in the future.

• Journal of the Korean Society of Industry Convergence
• /
• v.20 no.2
• /
• pp.177-186
• /
• 2017

With the latest developments in ICT(Information Communication Technology) technology, research on Intelligent Car, Connected Car that support autonomous driving or services is actively underway. It is true that the number of inputs linked to external connections is likely to be exposed to a malicious intrusion. I studied possible security issues that may occur within the Connected Car. A variety of security issues may arise in the use of CAN, the most typical internal network of vehicles. The data can be encrypted by encrypting the entire data within the CAN network system to resolve the security issues, but can be time-consuming and time-consuming, and can cause the authentication process to be carried out in the event of a certification procedure. To resolve this problem, CAN network system can be used to authenticate nodes in the network to perform a unique authentication of nodes using nodes in the network to authenticate nodes in the nodes and By encoding the ID, identifying the identity of the data, changing the identity of the ID and decryption algorithm, and identifying the cipher and certification techniques of the external invader, the encryption and authentication techniques could be detected by detecting and verifying the external intruder. Add a monitoring node to the CAN network to resolve this. Share a unique ID that can be authenticated using the server that performs the initial certification of nodes within the network and encrypt IDs to secure data. By detecting external invaders, designing encryption and authentication techniques was designed to detect external intrusion and certification techniques, enabling them to detect external intrusions.

• Journal of Information Technology Services
• /
• v.15 no.4
• /
• pp.41-62
• /
• 2016

In Internet of Things (IoT) era, more diverse types of information are collected and the environment of information usage, distribution, and processing is changing. Recently, there have been a growing number of cases involving breach and infringement of personal information in IoT services, for examples, including data breach incidents of Web cam service or drone and hacking cases of smart connected car or individual monitoring service. With the evolution of IoT, concerns on personal information protection has become a crucial issue and thus the risk analysis and management method of personal information should be systematically prepared. This study shows risk factors in IoT regarding possible breach of personal information and infringement of privacy. We propose "a risk analysis framework of protecting personal information in IoT environments" consisting of asset (personal information-type and sensitivity) subject to risk, threats of infringement (device, network, and server points), and social impact caused from the privacy incident. To verify this proposed framework, we conducted risk analysis of IoT services (smart communication device, connected car, smart healthcare, smart home, and smart infra) using this framework. Based on the analysis results, we identified the level of risk to personal information in IoT services and suggested measures to protect personal information and appropriately use it.