• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.35 no.2B
• /
• pp.244-251
• /
• 2010

CSD is Active RFID based Container Security Device which is proposed by the U.S Department of Home Security. It is mounted inside the container to sense opening of the container door. ConTracer is the CSD which is developed in this research whose major features are sensing door opening status as well as history inquiring on internal environment and shock to the container by mounting the temperature/humidity/shock sensors. Moreover, its RFID frequency bandwidth uses 433MHz and 2.4GHz to correspond actively to the radio regulations used by different countries. This paper introduces the development trend of CSD, compares the ConTracer which is developed thru this research and other company's CSD, and introduces CSD System which is designed and established using ConTracer. Finally, the implemented CSD System is verified by applying the demonstration service to container distribution between Korea and China.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.3
• /
• pp.725-734
• /
• 2016

SCADA(Supervisory Control and Data Acquisition) system is widely used for remote monitoring and control throughout the domestic industry. Due to a recent breach of security on SCADA systems, such as Stuxnet, the need of correctly established secure certification of a control system is growing. Currently, EDSA-CRT (Embedded Device Security Assurance-Communication Robustness Test), which tests the ability to provide core services properly in a normal/abnormal network protocol, is only focused on the testing of IP-based protocols such as IP, ARP, TCP, etc. Thus, in this paper, we propose test requirements for DNP3 protocol based on EDSA-CRT. Our analysis show that the specific test cases provide plentiful evidences that DNP3 should follow based on its functional requirements. As a result, we propose 33 specific test case for DNP3 protocol.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.3
• /
• pp.535-545
• /
• 2014

As the software industry has developed, the attacks making use of software vulnerability has become a big issue in society. In particular, because the attacks using the vulnerability of web browsers bypass Windows protection mechanism, web browsers can readily be attacked. To protect web browsers against security threat, research on fuzzing has constantly been conducted. However, most existing web browser fuzzing tools use a simple fuzzing technique which randomly mutates DOM tree. Therefore, this paper analyzed existing web browser fuzzing tools and the patterns of their already-known vulnerability to propose an event and command based fuzzing tool which can detect the latest web browser vulnerability more effectively. Three kinds of existing fuzzing tools were compared with the proposed tool. As a result, it was found that the event and command based fuzzing tool proposed was more effective.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.4
• /
• pp.869-878
• /
• 2018

Digital Evidence Data in cyberspace is easy to modify or delete, and changes are reflected in real time, so it is necessary to acquire evidence data quickly. Collecting evidence on the client side is advantageous in that data can be acquired without time delay due to additional administrative procedures, but collection of large data is likewise vulnerable to collection time delay problem. Therefore, this paper proposes an automated evidence collection method on the client side, focusing on the major web-based services in cyberspace, and enables efficient evidence collection for large volumes of data. Furthermore, we propose a digital evidence collection system in cyberspace that guarantees the integrity of the collected digital evidence until the court submission.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.1
• /
• pp.179-186
• /
• 2018

The number of devices connect to the internet is rapidly increasing with the advent of the IoT(Internet of Things). The IoT has improved the convenience of life. However, it makes security issues such as privacy violations. Therefore cybersecurity is the most important issue to be discussed nowadays. Especially, various protocols are used for same purpose due to rapidly increase of IoT market. To deal with this security threat noble vulnerability analysis is needed. In this paper, we contribute to the IoT security by proposing a new randomness-based test case evaluation methodology using variance and entropy. The test case evaluation method proposed in this paper can evaluate the test cases at a high speed regardless of the test set size, unlike the traditional technique.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.2
• /
• pp.365-375
• /
• 2019

A PLC (Programmable Logic Controller) is a highly-reliable industrial digital computer which supports real-time embedded control applications for safety-critical control systems. Real-time operating systems such as uC/OS have been used for PLCs and must meet real-time constraints. As PLCs have been widely used for industrial control systems and connected to the Internet, they have been becoming a main target of cyberattacks. In this paper, we propose an execution code sanitizer to enhance the security of PLC systems. The proposed sanitizer analyzes PLC programs developed by an IDE before downloading the program to a target PLC, and mitigates security vulnerabilities of the program. Our sanitizer can detect vulnerable function calls and illegal memory accesses in development of PLC programs using a database of vulnerable functions as well as the other database of code patterns related to pointer misuses. Based on these DBs, it detects and removes abnormal use patterns of pointer variables and existence of vulnerable functions shown in the call graph of the target executable code. We have implemented the proposed technique and verified its effectiveness through experiments.

• Journal of Platform Technology
• /
• v.9 no.1
• /
• pp.46-57
• /
• 2021

Recently, research has been actively conducted to utilize blockchain technology in various fields. In particular, blockchain-based smart contracts are applied to various automation systems that require reliability as they have the characteristics of recording data in a distributed ledger environment to verify the integrity and validity of data. However, blockchain does not provide data access control and information security because data is shared among network participants. In this paper, we propose a user dynamic access control mechanism utilizing smart contracts in blockchain environments. The proposed mechanism identifies the user's contextual information when accessing data, allocating the user's role and dynamically controlling the data access range. This can increase the security of the system and the efficiency of data management by granting data access dynamically at the time of user authentication, rather than providing the same services in roles assigned to each user group of the network system. The proposed mechanism is expected to provide flexible authentication capabilities through dynamic data access control by users to enhance the security of data stored within blockchain networks.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.15 no.2
• /
• pp.3-11
• /
• 2005

As the usage of Internet grows, we share many informations among the others and use more database systems for a various type of data. However, secure database system, which prevents the unauthorized users from modification, deletion, and access, is urgently required for sharing data in Internet. Conventional technologies of a data security are passive methods which depend on several steps with an access control, and these methods are vulnerable against the illegal attack because attacker can see the plain text that is private message. To prevent private data item for the special security from the malicious attack in web database, this paper is devoted to implement database system using steganography method, so we can protect the data item completely because attacker cannot know the secure message although he get the content of database.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.25 no.12
• /
• pp.1898-1903
• /
• 2021

Recently, the need to be wary of internal access such as internal access as well as external attackers' access to work has increased due to network expansion, cloud infrastructure expansion, and changes in working patterns due to COVID-19 situations. For this reason, a new network security model called Zero Trust is drawing attention. Zero Trust has a key principle that a trusted network does not exist, and in order to be allowed access, it must be authenticated first, and data resources can only be accessed by authenticated users and authenticated devices. In this paper, we will explain these zero trust and zero trust architectures and examine new security application strategies applicable to various companies using zero trust and the process of building a new security system based on the zero trust architecture model.

• Journal of the Korea Convergence Society
• /
• v.4 no.3
• /
• pp.15-20
• /
• 2013

Studies on the intelligent vehicles that are fused with IT and intelligent vehicle technologies are currently under active discussion. And many new service models for them are being developed. As intelligent vehicles are being actively developed, a variety of wireless services are support. As such intelligent vehicles use wireless network, they are exposed to the diverse sources of security risk. This paper aims to examine the factors to threaten intelligent vehicle, which are usually intruded through network system and propose the security solution using biometric authentication technique. The proposed security system employs biometric authentication technique model that can distinguish the physical characteristics of user.