• Review of KIISC
• /
• v.29 no.2
• /
• pp.29-35
• /
• 2019

CPS(Cyber Physical System)에 대한 사이버 공격이 다양해지고 고도화됨에 따라 시그니쳐에 기반한 악성행위 탐지는 한계가 있어 기계학습 기반의 정상행위 학습을 통한 비정상행위 탐지 기법이 많이 연구되고 있다. 그러나 CPS 보안 연구는 보안상의 이유로 CPS 데이터가 주로 외부에 공개되지 않으며 또한 실제 비정상행위를 가동 중인 CPS에 실험하는 것이 불가능하여 개발 기법의 검증이 어려운 문제가 있다. 이를 해결하기 위해 2015년 SUTD(Singapore University of Technology and Design)의 iTrust 연구소에서 SWaT(Secure Water Treatment) 테스트베드를 구성하고 36가지의 공격을 수행한 데이터셋을 공개하였다. 이후 국 내외에서 SWaT 테스트베드 데이터를 사용하여 다양한 보안 기법을 검증한 연구결과가 발표되고 있으며 CPS 보안에 기여하고 있다. 따라서 본 논문에서는 SWaT 테스트베드 데이터 및 SWaT 테스트베드 데이터에 기반한 비정상행위 탐지 연구를 분석한 내용을 설명하고, 이를 통해 CPS 비정상행위 탐지 설계의 주요 요소를 분석하여 제시하고자 한다.

• Smart Media Journal
• /
• v.7 no.4
• /
• pp.79-89
• /
• 2018

In recent years, falls among elderly people have gained serious attention as a major cause of injuries. Falls often lead to fatal consequences due to lack of prompt response and rescue. Therefore, a more accurate fall detection system and an effective feature extraction technique are required to prevent and reduce the risk of such incidents. In this paper, we proposed an efficient feature extraction technique based on multiple sliding windows and validated it through a series of experiments using supervised learning algorithms. The experiments were conducted using the public datasets obtained from tri-axial accelerometers. The results depicted that extraction of the feature from adjacent sliding windows led to high accuracy in supervised machine learning-based fall detection. Also, the experiments conducted in this study suggested that the best accuracy can be achieved by keeping the window size as small as 2 seconds. With the kNN classifier and dataset from wearable sensors, the experiments achieved accuracy rates of 94%.

• Review of KIISC
• /
• v.29 no.2
• /
• pp.36-47
• /
• 2019

4차 산업혁명이 본격화됨에 따라 스마트 제조 환경으로 변화하면서 제조 공장은 설비제어가 자동화되고 산업용 이더넷과 TCP/IP 기반으로 네트워크 연결되어 통합 운영되고 있으며 본사 비즈니스망의 MES, ERP, PLM 등과 연계되면서 랜섬웨어 등 악성코드 유입 및 외부 사이버 공격으로부터의 보안 위협이 높아지고 있다. 본 논문에서스마트 제조 공장에 대한 사이버 침입을 탐지하고 대응하기 위해 스마트 제조 환경에서의 이상징후 탐지 기술 현황을 분석한다. 먼저 ICS(Industrial Control System)에 대한 이상징후 탐지를 위해 ICS 위협 경로를 분석하고 스마트 제조 네트워크에서 사용되는 산업용 이더넷 프로토콜을 살펴본다. 다음으로 국내 제어망 이상징후 탐지 체계 구축 동향을 분석하고 제어망 이상징후 탐지 기술을 분류한다. 마지막으로 (주)앤앤에스피에서 과학기술정보통신부 과제로 수행하고 있는 "선제적인 제조공정 이상징후 인지" 연구과제의 수행 현황을 살펴본다.

• Review of KIISC
• /
• v.33 no.4
• /
• pp.47-55
• /
• 2023

자동차 산업에서 전자제어장치 (Electronic Controller Unit, ECU)를 활용한 혁신으로 운전자들은 안전하고 편리한 운전경험을 누리고 있다. 그러나 이와 동시에, 차량 내부 ECU 간의 통신을 지원하는 CAN (Controller Area Network)을 대상으로 한 악의적인 침입과 사이버 공격의 위협 역시 증가하고 있다. 이러한 문제에 대응하기 위해 많은 연구가 진행 중이며, 특히 자동차 침입 탐지 시스템 (Intrusion Detection System, IDS)의 발전이 주목받고 있다. 그러나 대부분의 IDS는 주로 공격을 탐지하는 데 집중되어 있으며, 실제 악의적인 메시지를 전송한 ECU를 정확히 식별하는 데에는 한계점이 있다. 악의적인 ECU를 식별하는 기술은 공격 ECU를 격리시키거나 펌웨어 업데이트 등의 보안 패치를 적용하는데 필수적인 기술이다. 본 고에서는 현재까지 제안된 CAN에서의 악의적인 ECU를 식별하기 위한 기술들에 대해 살펴보고, 비교 분석 및 한계점에 대해 분석하고자 한다.

• Review of KIISC
• /
• v.33 no.4
• /
• pp.57-63
• /
• 2023

Industry 4.0의 진행으로 이기종의 IoT 장비들 간의 통신을 위해 다양한 산업용 통신 미들웨어들이 등장했다. 그 중 Robotics 분야에서 활발히 사용되는 Robot Operating System (ROS)는 개발자 커뮤니티와 로봇 개발 도구들을 기반으로 지속적인 시장 점유율 증가세를 보이고 있다. 초기 발표된 ROS1의 경우 보안이 전혀 고려되지 않은 설계로 Packet Injection 공격등의 사이버 보안 위협에 취약했지만, ROS2의 경우 통신 미들웨어인 Data Distribution Service (DDS) 통신규격을 전송 계층에 적용하여 메시지 전송에 대한 보안 기능을 제공하고 있다. 그러나 최근 연구에서는 DDS와 관련된 ROS2 취약점이 발표되고 있다. 따라서 본 논문에서는 DDS와 관련된 ROS2의 공격 기술 동향을 소개한다.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.19 no.3
• /
• pp.1-7
• /
• 2018

The IoT environment provides an infinite variety of services using many different devices and networks. The development of the IoT environment is directly proportional to the level of security that can be provided. In some ways, lightweight cryptography is suitable for IoT environments, because it provides security, higher throughput, low power consumption and compactness. However, it has the limitation that it must form a new cryptosystem and be used within a limited resource range. Therefore, it is not the best solution for the IoT environment that requires diversification. Therefore, in order to overcome these disadvantages, this paper proposes a method suitable for the IoT environment, while using the existing block cipher algorithm, viz. the lightweight cipher algorithm, and keeping the existing system (viz. the sensing part and the server) almost unchanged. The proposed BCL architecture can perform encryption for various sensor devices in existing wire/wireless USNs (using) lightweight encryption. The proposed BCL architecture includes a pre/post-processing part in the existing block cipher algorithm, which allows various scattered devices to operate in a daisy chain network environment. This characteristic is optimal for the information security of distributed sensor systems and does not affect the neighboring network environment, even if hacking and cracking occur. Therefore, the BCL architecture proposed in the IoT environment can provide an optimal solution for the diversified IoT environment, because the existing block cryptographic algorithm, viz. the lightweight cryptographic algorithm, can be used.

• Journal of KIISE:Computer Systems and Theory
• /
• v.33 no.3
• /
• pp.178-192
• /
• 2006

The buffer overflow attack is the single most dominant and lethal form of security exploits as evidenced by recent worm outbreaks such as Code Red and SQL Stammer. In this paper, we propose microarchitectural techniques that can detect and recover from such malicious code attacks. The idea is that the buffer overflow attacks usually exhibit abnormal behaviors in the system. This kind of unusual signs can be easily detected by checking the safety of memory references at runtime, avoiding the potential data or control corruptions made by such attacks. Both the hardware cost and the performance penalty of enforcing the safety guards are negligible. In addition, we propose a more aggressive technique called corruption recovery buffer (CRB), which can further increase the level of security. Combined with the safety guards, the CRB can be used to save suspicious writes made by an attack and can restore the original architecture state before the attack. By performing detailed execution-driven simulations on the programs selected from SPEC CPU2000 benchmark, we evaluate the effectiveness of the proposed microarchitectural techniques. Experimental data shows that enforcing a single safety guard can reduce the number of system failures substantially by protecting the stack against return address corruptions made by the attacks. Furthermore, a small 1KB CRB can nullify additional data corruptions made by stack smashing attacks with only less than 2% performance penalty.

• Journal of the Institute of Electronics Engineers of Korea SD
• /
• v.42 no.6 s.336
• /
• pp.31-38
• /
• 2005

In this paper, we proposed an optical security system based on a gray-image exclusive-OR encryption using multi-phase separation and phase-wrapping method. For encryption, a gray image is sliced into binary images, which have the same pixel value, and these images are encrypted by modified XOR rules with binary random images. The XORed images and the binary images respectively combined and converted into full phase images, called an encrypted image and a key image. For decryption, when the encrypted image and key image are used as inputs on optical elements, Practically due to limited controllability of phase range in optical elements, the original gray image cannot be efficiently reconstructed by these optical elements. Therefore, by decreasing the phase ranges of the encrypted image and key image using a phase-wrapping method and separating these images into low-level phase images using multi-phase separation, the gray image can be reconstructed by optical elements which have limited control range. The decrytion process is simply implemented by interfering a multiplication result of encrypted image and key image with reference light. The validity of proposed scheme is verified and the effects, which are caused by phase limitation in decryption process, is analyzed by using computer simulations.

• Journal of Korean Society of Transportation
• /
• v.24 no.1 s.87
• /
• pp.85-94
• /
• 2006

Currently, when the military performs military operations in wartime and peace time, it is important for him to obtain repeatedly updated traffic information for security of the military supply support. The purpose of this study is to present an acquisition way of the repeatedly updated traffic information which the military is available. To achieve this Purpose, firstly, this paper finded types of traffic information which the military demanded and limitations caused by an connection of traffic information network between the military and associated government agencies. Also. grasped ITS(Intelligent Transportation systems) equipment operation by associated government agencies (Ministry Construction & Transportation, Korea Highway Corporation, Seoul Metropolitan Government, National Police Agency, Korea Institute of Construction Technology) and connection situations of traffic information network among associated government agencies. On the basis of these materials, this study presented the most efficient connection method in the field of the space and the contents of traffic information between the military and associated government agencies and ITS connection system between the military and associated government agencies was contrived. Throughout the upper processes, this paper showed a method which is available for acquiring ITS traffic information of associated government agencies. In addition to the connection method of ITS traffic information network, resolutions for the problems caused by connection of ITS network were come up with. But the more deep study for this matter is needed since resolutions for the problems of the ITS network connection, which this paper presented, were very restricted.

• The Journal of Society for e-Business Studies
• /
• v.13 no.1
• /
• pp.21-32
• /
• 2008

RFID systems provide technologies of automatic object identification through wireless communications in invisible ranges and adaptability against various circumstances. These advantages make RFID systems to be applied in various fields of industries and individual life. However, it is difficult to use tags with distinction as tags are increasingly used in life because a tag usually stores only one object identifier in common RFID applications. In addition, RFID systems often make serious violation of privacy caused by various attacks because of their weakness of radio frequency communication. Therefore, information sharing methods among applications are necessary for expansive development of RFID systems. In this paper, we propose efficient RFID scheme. At first, we design a new RFID tag structure which supports many object identifiers of different applications in a tag and allows those applications to access them simultaneously. Secondly, we propose an authentication protocol to support the proposed tag structure. The proposed protocol is designed by considering of robustness against various attacks in low cost RFID systems. Especially, the proposed protocol is focused on efficiency of authentication procedure by considering security levels of applications. In the proposed protocol, each application goes through one of different authentication procedures according to their security levels. Finally, we prove efficiency of th proposed scheme compared with the other schemes through experiments and evaluation.