• Title/Summary/Keyword: information security system

Search Result 6,598, Processing Time 0.039 seconds

Analysis of U.S. Supply Chain Security Management System (미국 공급망 보안 관리 체계 분석)

  • Son, Hyo-hyun;Kim, Kwang-jun;Lee, Man-hee
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.29 no.5
    • /
    • pp.1089-1097
    • /
    • 2019
  • An era of smart manufacturing is coming through the rapid development of information and communication technology. As a result, many companies have begun to utilize a variety of hardware and software for the efficient business of the manufacturing process. At this time, the hardware and software used are supplied through manufacturing and distribution processes. These supply processes are exposed to a variety of security threats. As the recent cases of supply chain attacks have increased, foreign countries are establishing supply chain management systems and managing supply chain risks. In Korea, on the other hand, there was research on supply chain risk management in some fields. In this paper, we emphasizes the necessity of supply chain risk management through supply chain attack cases. In addition, we analyze trends of foreign supply chain management system and explains the necessity of domestic supply chain security strategy.

A Study on State Estimation Based Intrusion Detection in Power Control Systems Using DNP3 over TCP/IP (DNP3 over TCP/IP 환경 전력 제어시스템에서의 상태추정 기반 침입 탐지 연구)

  • Hyeonho Choi;Junghee Lee
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.34 no.4
    • /
    • pp.615-627
    • /
    • 2024
  • With the evolution of power systems and advancements in IT technology, there is an increasing demand to shift from serial-based communication to TCP/IP-based communication. However, TCP/IP communication entails various security threats, necessitating extensive consideration from an information security perspective. Security measures such as authentication and encryption cannot be rapidly implemented due to issues like the replacement of Remote Terminal Units (RTUs) and the performance requirements of encryption algorithms. This paper proposes a state estimation-based intrusion detection model to identify and effectively detect threats to power control systems in such a context. The proposed model, in addition to signature detection methods, verifies the validity of acquired data, enabling it to detect attacks that are difficult to identify using traditional methods, such as data tampering.

A Study on Vulnerability Assessment for the Digital Assets in NPP Based on Analytical Methods (분석적 방법을 적용한 원전디지털자산 취약점 평가 연구)

  • Kim, In-kyung;Kwon, Kook-heui
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.28 no.6
    • /
    • pp.1539-1552
    • /
    • 2018
  • The necessity of establishing a more secure cyber security system is emerging to protect NPP against cyber attacks as nuclear facilities become increasingly reliant on digital system. Proper security measures should be established through periodic analysis and evaluation of vulnerabilities. However, as Nuclear facilities has safety characteristics as their top priority and it requires a lot of time and cost to construct regarding the activities for vulnerability analysis, it is difficult to apply the existing vulnerability analysis environment and analysis tools. In this study, We propose a analytical vulnerability assessment method to overcome the limitations of existing vulnerability analysis methods through analysis the existing vulnerability analysis methods and the issues to be considered when applying the vulnerability analysis method.

SIEM OWASP-ZAP and ANGRY-IP Vulnerability Analysis Module and Interlocking (SIEM과 OWASP-ZAP및ANGRY-IP취약점분석모듈과 연동구현)

  • Yoon, Jong Moon
    • Convergence Security Journal
    • /
    • v.19 no.2
    • /
    • pp.83-89
    • /
    • 2019
  • In accordance with information security compliance and security regulations, there is a need to develop regular and real-time concepts for cyber-infringement attacks against network system vulnerabilities in branch and periodic forms. Vulnerability Analysis Analysis It is judged that it will be a countermeasure against new hacking attack in case of concept validation by interworking with TOOL. Vulnerability check module is standardized in event attribute management and ease of operation. Opening in terms of global sharing of vulnerability data, owasp zap / Angry ip Etc. were investigated in the SIEM system with interlocking design implementation method. As a result, it was proved that the inspection events were monitored and transmitted to the SIEM console by the vulnerability module of web and network target. In consideration of this, ESM And SIEM system In this paper, we propose a new vulnerability analysis method based on the existing information security consultation and the results of applying this study. Refer to the integrated interrelationship analysis and reference Vulnerability target Goal Hacking It is judged to be a new active concept against invasion attack.

Implementation of a security system using the MITM attack technique in reverse

  • Rim, Young Woo;Kwon, Jung Jang
    • Journal of the Korea Society of Computer and Information
    • /
    • v.26 no.6
    • /
    • pp.9-17
    • /
    • 2021
  • In this paper, we propose a reversely using the "Man In The Middle Attack" attack technique as a way to introduce network security without changing the physical structure and configuration of the existing network, a Virtual Network Overlay is formed with only a single Ethernet Interface. Implementing In-line mode to protect the network from external attacks, we propose an integrated control method through a micro network security sensor and cloud service. As a result of the experiment, it was possible to implement a logical In-line mode by forming a Virtual Network Overlay with only a single Ethernet Interface, and to implement Network IDS/IPS, Anti-Virus, Network Access Control, Firewall, etc.,. It was possible to perform integrated monitor and control in the service. The proposed system in this paper is helpful for small and medium-sized enterprises that expect high-performance network security at low cost, and can provide a network security environment with safety and reliability in the field of IoT and embedded systems.

Enhancing Installation Security for Naval Combat Management System through Encryption and Validation Research

  • Byeong-Wan Lee
    • Journal of the Korea Society of Computer and Information
    • /
    • v.29 no.1
    • /
    • pp.121-130
    • /
    • 2024
  • In this paper, we propose an installation approach for Naval Combat Management System(CMS) software that identifies potential data anomalies during installation. With the popularization of wireless communication methods, such as Low Earth Orbit(LEO) satellite communications, various utilization methods using wireless networks are being discussed in CMS. One of these methods includes the use of wireless network communications for installation, which is expected to enhance the real-time performance of the CMS. However, wireless networks are relatively more vulnerable to security threats compared to wired networks, necessitating additional security measures. This paper presents a method where files are transmitted to multiple nodes using encryption, and after the installation of the files, a validity check is performed to determine if there has been any tampering or alteration during transmission, ensuring proper installation. The feasibility of applying the proposed method to Naval Combat Systems is demonstrated by evaluating transmission performance, security, and stability, and based on these evaluations, results sufficient for application to CMS have been derived.

Designing a system to defend against RDDoS attacks based on traffic measurement criteria after sending warning alerts to administrators (관리자에게 경고 알림을 보낸 후 트래픽 측정을 기준으로 RDDoS 공격을 방어하는 시스템 설계)

  • Cha Yeansoo;Kim Wantae
    • Journal of Korea Society of Digital Industry and Information Management
    • /
    • v.20 no.1
    • /
    • pp.109-118
    • /
    • 2024
  • Recently, a social issue has arisen involving RDDoS attacks following the sending of threatening emails to security administrators of companies and institutions. According to a report published by the Korea Internet & Security Agency and the Ministry of Science and ICT, survey results indicate that DDoS attacks are increasing. However, the top response in the survey highlighted the difficulty in countering DDoS attacks due to issues related to security personnel and costs. In responding to DDoS attacks, administrators typically detect anomalies through traffic monitoring, utilizing security equipment and programs to identify and block attacks. They also respond by employing DDoS mitigation solutions offered by external security firms. However, a challenge arises from the initial failure in early response to DDoS attacks, leading to frequent use of detection and mitigation measures. This issue, compounded by increased costs, poses a problem in effectively countering DDoS attacks. In this paper, we propose a system that creates detection rules, periodically collects traffic using mail detection and IDS, notifies administrators when rules match, and Based on predefined threshold, we use IPS to block traffic or DDoS mitigation. In the absence of DDoS mitigation, the system sends urgent notifications to administrators and suggests that you apply for and use of a cyber shelter or DDoS mitigation. Based on this, the implementation showed that network traffic was reduced from 400 Mbps to 100 Mbps, enabling DDoS response. Additionally, due to the time and expense involved in modifying detection and blocking rules, it is anticipated that future research could address cost-saving through reduced usage of DDoS mitigation by utilizing artificial intelligence for rule creation and modification, or by generating rules in new ways.

A Development of the Unified Object-Oriented Analysis and Design Methodology for Security-Critical Web Applications Based on Object-Relational Database - Forcusing on Oracle11g - (웹 응용 시스템 개발을 위한 보안을 고려한 통합 분석·설계 방법론 개발 - Oracle11g를 중심으로 -)

  • Joo, Kyung-Soo;Woo, Jung-Woong
    • Journal of the Korea Society of Computer and Information
    • /
    • v.17 no.12
    • /
    • pp.169-177
    • /
    • 2012
  • In the development process of application systems, the most important works are analysis and design. Most of the application systems are implemented on database system. So, database design is important. Also, IT System are confronted with more and more attacks by an increase interconnections between IT systems. Therefore security-related processes belong to a very important process. Security is a complex non-functional requirement that can interaction of many parts in the system. But Security is considered in the final stages of development. Therefore, Their increases the potential for the final product to contain vulnerabilities. Accordingly, Early in development related to security analysis and design process is very important. J2EE gives a solution based on RBAC((Role Based Access Control) for security and object-relational database also has RBAC for security. But there is not a object-oriented analysis and design methodology using RBAC of J2EE and object-relational database for security. In this paper, the unified object-oriented analysis and design methodology is developed for security-critical web application systems based on J2EE and object-relational database. We used UMLsec and RBAC of object-relational database and J2EE for this methodology.

Design and Implementation of Cyber Attack Simulator based on Attack Techniques Modeling

  • Kang, Yong Goo;Yoo, Jeong Do;Park, Eunji;Kim, Dong Hwa;Kim, Huy Kang
    • Journal of the Korea Society of Computer and Information
    • /
    • v.25 no.3
    • /
    • pp.65-72
    • /
    • 2020
  • With the development of information technology and the growth of the scale of system and network, cyber threats and crimes continue to increase. To cope with these threats, cybersecurity training based on actual attacks and defenses is required. However, cybersecurity training requires expert analysis and attack performance, which is inefficient in terms of cost and time. In this paper, we propose a cyber attack simulator that automatically executes attack techniques. This simulator generates attack scenarios by combining attack techniques modeled to be implemented and executes the attack by sequentially executing the derived scenarios. In order to verify the effectiveness of the proposed attack simulator, we experimented by setting an example attack goal and scenarios in a real environment. The attack simulator successfully performed five attack techniques to gain administrator privileges.

How to Cope with Ransomware in the Healthcare Industry (의료산업에서의 랜섬웨어 대응 방법)

  • Jeon, In-seok;Kim, Dong-won;Han, Keun-hee
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.28 no.1
    • /
    • pp.155-165
    • /
    • 2018
  • As medical healthcare industry is growing up rapidly these days, providing various new healthcare service is considered carefully. Health information is considered to be more important than financial information; therefore, protecting health information becomes a very significant task. Ransomware is now targeting industry groups that have high information value. Especially, ransomware has grown in various ways since entering maturity in 2017. Healthcare industry is highly vulnerable to ransomeware since most healthcare organizations are configured in closed network with lack of malware protection. Only meeting the security criteria is not the solution. In the case of a successful attack, restoration process must be prepared to minimize damages as soon as possible. Ransomware is growing rapidly and becoming more complex that protection must be improved much faster. Based on ISO 27799 and 27002 standard, we extract and present security measures against advanced ransomware to maintain and manage healthcare system more effectively.