• Journal of Digital Contents Society
• /
• v.19 no.6
• /
• pp.1185-1195
• /
• 2018

Industrial Control System (ICS) is a system that carry out monitoring and controls of industrial control process and is applied in infrastructure such as water, power, and gas. Recently, cyber attacks such as Brutal Kangaroo, Emotional Simian, and Stuxnet 3.0 have been continuously increasing in ICS, and these security risks cause damage of human life and massive financial losses. Attacks on the control layer among the attack methods for ICS can malfunction devices of the field device layer by manipulating control commands. Therefore, in this paper, we propose a mechanism that apply the SDN between the control layer and the field device layer in the industrial control system and to determine whether the control command is legitimate or not and we show simulation results on a simply composed control system.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.5
• /
• pp.1129-1140
• /
• 2017

Unidirectional data transmission system, which allows physical one way transmission, removes the backward link physically to prevent the intrusion from the outside through the network. However, the system is difficult to apply to the environment requiring either backward transmissions or bi-directional communications. In this paper, we proposed Limited Two-way communications system, called as LimTway, which only allows outbound TCP two-way communications. LimTway uses two one-way links(forward, backward). While the forward one-way link is staying to be activated so that an allowed outbound UDP traffic could be transmitted one-way always, the backward one-way link is activated while allowed outbound TCP sessions are established. In order to prevent the intrusion from the outside during the period, the software of LimTway is designed to allow only the transmissions of both outbound TCP two-way communication traffics and outbound UDP traffics.

• Journal of Internet Computing and Services
• /
• v.20 no.5
• /
• pp.57-65
• /
• 2019

Creative works such as webtoon and web novel are part of property rights. However, illegal copies of them are distributed on the internet easily, which raises social issues in today's society. In order to tackle these problems, this paper proposes and presents a blockchain based copyright management system that ensures forgery prevention, robust security features, improving trading performance, cost-effective, and enhanced visibility. The system allows a user to register creative works formally just the same as before registration and also to register simple creative ideas just anytime. In the latter case, if an idea or a thought flashes across through somebody's mind, he or she can register it to the system immediately without formal registration process and afterward, can utilize a way to prove its originality through the system. Regarding large size images and video files of creative works, the system reduces data size and storage volume sharply to be processed by network entities by storing original creative works separately and including only the hash result of creative works to the transactions.

• Journal of the Korea Convergence Society
• /
• v.7 no.6
• /
• pp.237-247
• /
• 2016

This study analyzed quantitative effects of ISMS certification. To measure the company value change the stock data was used and the methodology of event study was also applied. Event study methodology is a method of analyzing the effects of information or public announcement about certain events on the stock market through abnormal return of stock price. First, ISMS certification was acquired followed by the measurement of abnormal excess return of company. Based on the increase or decrease of abnormal excess return, the group was classified. There are 3 types of groups("Increase", "Reduce", "Maintain"). Next, the cluster analysis was performed for each group. Cluster analysis or clustering is the task of grouping a set of objects in such a way that objects in the same group (called a cluster) are more similar (in some sense or another) to each other than to those in other groups(clusters). The purpose of this study is to have a quantitative measurement of performance of ISMS certification. So, the result of this study will be promoted a company's ISMS certification acquisition. And it would further be beneficial to your company's information security activities.

• Journal of the Korea Society of Computer and Information
• /
• v.21 no.6
• /
• pp.89-96
• /
• 2016

Damage and attack size of cyber terror is growing to the national size. Not only targeting at a certain companies or individuals but number of cyber terror targeting government bodies or unspecific people is increasing. This is because compared to traditional weapon, input cost is very cheap but ripple effect and shock are much stronger, affecting not only certain groups but also each individuals. 'Anti-terror measurement for protection of nation and public safety' passed last month is one of the renowned measurement passed regardless of objection from opposition party. The opposition party went against this through filibuster for 192 hours but this finally passed National Congress due to lack of oppositions. Korean government is taking post actions after passage of anti-terror measurement. Legislation of enforcement ordinance and regulations is due by 6th of next month. This regulation will be executed from June 4th after legislation. Whenever there is any security issues such as hacking of Korea Hydro and Nuclear Power and National Intelligence Service happens, lot of attention is made to those hackers. However, social recognition or management of those hackers need lot more improvement. Especially, as market of internet of things is increasing, there is an increased anxiety on information security. But as we only rely on security solutions, this problems are keep happening. Therefore, active investment on nurturing hackers who play the role of 'spear and shield' shall be made. Government should put more efforts to allow white hackers to show their abilities. We should have a policy for supporting high-quality programs such as BoB. To make information protection industry into future growth engine, it is necessary to nurture professionals for information protection and white hackers through special programs. Politicians should make related regulations as soon as possible to remove factors that prevent swift management of cyber attack due to lack of legislation. Government should pay lot more financial investment to nurturing professional manpower than now. Protecting life and asset of nation is responsibility and duty of our government. We all should recognize that controlling cyber attack is a part of national defense.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.10 no.3
• /
• pp.572-578
• /
• 2009

Bindu et al. pointed out that Chein et al. scheme is insecure insider attack and man-in-middle attack. And then they proposed new one. In the paper, However, Bindu et al's scheme also have some problems; It is strong masquerading server/user attack and restricted reply attack. Hence we proposed improved scheme. finally, we completely had evaluated the one's security on strong masquerading server/user attack, Insider attack, Restricted attack, Stolen-verifier attack and forward secrecy. In this paper, although proposed scheme includes more operation than Bindu et al. scheme, our scheme overcomes problems of Bindu et al. scheme by the operation that is light as not to influence on modern computing technology.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2014.10a
• /
• pp.521-524
• /
• 2014

Because of the development of computers and networks, the use of the internet has been rapidly increased. The smart devices, such as smart phones and tablet PCs, have made an epoch-making changes, which have brought people's daily lives to the cyber world and life values have been improved. The cyber world not only just changed individual's lives, but also affected all areas and the world. The recent global trends reside mainly in protection of energy sources, and nation's dependency of the information system such as politic, economic and national security. Since major national infrastructure becomes a stragic attack target, the importance of cyber warfare has rised as an effective way to attact enermy. This article explores the concept of cyber warfare and national cyber capability, and then figure out the plan of reaction to minimize damages with best protection when cyber warfare occurs.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.4
• /
• pp.921-928
• /
• 2016

Over the past few years, Smishing attacks such as malicious url and malicious application have been emerged as a major problem in South Korea since it caused big problems such as leakage of personal information and financial loss. Users are susceptible to Smishing attacks due to the fact that text message may contain curios content. Because of that reason, user could follow the url, download and install malicious APK file without any doubt or verification process. However currently Anti-Smishing App that adopted post-processing method is difficult to respond quickly. Users need a system that can determine whether the modification of the APK file and malicious url in real time because the Smishing can cause financial damage. This paper present the cloud-based system for verifying malicious url and malicious APK file in user device to prevent secondary damage such as smishing attacks and privacy information leakage.

• Journal of Electrical Engineering and Technology
• /
• v.12 no.1
• /
• pp.19-28
• /
• 2017

False data injection attacks have recently been introduced as one of important issues related to cyber-attacks on electric power grids. These attacks aim to compromise the readings of multiple power meters in order to mislead the operation and control centers. Recent studies have shown that if a malicious attacker has complete knowledge of the power grid topology and branch admittances, s/he can adjust the false data injection attack such that the attack remains undetected and successfully passes the bad data detection tests that are used in power system state estimation. In this paper, we investigate that a practical false data injection attack is essentially a cyber-attack with uncertain information due to the attackers lack of knowledge with respect to the power grid parameters because the attacker has limited physical access to electric facilities and limited resources to compromise meters. We mathematically formulated a method of identifying the most vulnerable locations to false data injection attack. Furthermore, we suggest minimum topology changes or phasor measurement units (PMUs) installation in the given power grids for mitigating such attacks and indicate a new security metrics that can compare different power grid topologies. The proposed metrics for performance is verified in standard IEEE 30-bus system. We show that the robustness of grids can be improved dramatically with minimum topology changes and low cost.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.35 no.2B
• /
• pp.296-301
• /
• 2010

Radio frequency identification(RFID) system can identify an object using wireless transmission. RFID applications are numerous and far reaching. The most interesting and widely used applications are supply chain management for companies. Currently, RFID tags must be detached or killed for security and privacy reasons when tagged objects are purchased. In this paper, we present a new architecture that transfers information about products from the electronic product code information services (EPCIS) server of a company to an individual's personal purchases management (PPM) server when products with RFID codes are sold. It solves the security and privacy issues without detaching the tag. Moreover, the PPM server described in this paper allows customers to handle the expiration dates, updates, location management, and group management of products.