• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.3
• /
• pp.591-605
• /
• 2022

As drones are widely used, attack attempts using drone vulnerabilities are increasing, and drone security is growing in importance. This paper derives security requirements for reconnaissance drone delivered to government office through threat modeling. Threats are analyzed by the data flow of the drone and collecting possible vulnerabilities. Attack tree is built by analyzed threats. The security requirements were derived from the attack tree and compared with the security requirements suggested by national organizations. Utilizing the security requirements derived from this paper will help in the development and evaluation of secure drones.

• Journal of the Korea Institute of Military Science and Technology
• /
• v.17 no.1
• /
• pp.41-49
• /
• 2014

In this paper, we consider a method to access the number of aircraft requirement which is a strategic variable in national security. This problem becomes more important considering the F-X and KF-X project in ROKAF. Traditionally, ATO(Air Tasking Order) and fighting power index have been used to evaluate the number of aircrafts required in ROKAF. However, those methods considers static aspect of aircraft requirement. This paper deals with a model to accommodate dynamic feature of aircraft requirement using absorbing Markov chain. In conclusion, we suggest a dynamic model to evaluate the number of aircrafts required with key decision variables such as destroying rate, failure rate and repair rate.

• Informatization Policy
• /
• v.24 no.2
• /
• pp.20-42
• /
• 2017

In this paper, we focus on classification of security threats and definitions of security requirements for Internet banking service. Threats are classified based on the past and potential incidents, based upon which we will be able to propose security requirements. In order to identify security threats, the structure of the Internet banking service is classified into three sections - the financial institutions, the network, and the user-terminal - and we defined arising threats for each section. We focused the analysis especially on the user-terminal section, which is relatively vulnerable, causing difficulties in securing stability of the service as a whole. The analyzed security threats are expected to serve the foundation for safe configuration of various Internet banking services.

• Journal of the Korea Safety Management & Science
• /
• v.9 no.3
• /
• pp.103-109
• /
• 2007

Payment and security requirement are playing an increasingly critical role in RFID system, allegedly the core of the ubiquitous, especially in logistics. Therefore, security technology has been playing essential role gradually unlike the past when only the perception of equipment was considered important technology. The current encoding system allows the access only to the user who has the secret key. Many encoding algorithm has been studied to ensure the security of secret key. Security protocol is the most typical way to authorize appropriate user perception by using the data and secret key to proceed the encoding and transmit it to the system in order to confirm the user. However, RFID system which transmits more than dozens of data per second cannot be used if the algorithm and protocol of the existing wired system are used because the performance will degrade as a consequence. Security protocol needs to be designed in consideration of property of RFID and hardware. In this paper, a protocol was designed using SNEP(Sensor Network Encryption Protocol), the security protocol used for the sensor similar to RFID- not the current system used in wired environment- and ECC (Elliptic Curve Cryptography: oval curve encoding), the encoding algorithm.

• The Journal of the Korea Contents Association
• /
• v.10 no.6
• /
• pp.156-165
• /
• 2010

ESM(Enterprise Security Management) is representing domestic security management, and there is requirement to enhance it. This paper will evaluate quality of ESM products, understand its quality level, and derive method to improvement so as to develop security evaluation model and test methodology which can support quality enhancement. In addition, it presented the performance test cases and evaluation method to measure product's security quality, and to perform research on the judgement method for the results based on appropriate criteria. Developed quality evaluation model is expected perform important role in evaluating and enhancing the quality of intrusion prevention system.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.8 no.2
• /
• pp.646-663
• /
• 2014

Scrum is one of the most popular and efficient agile development methods. However, like other agile methods such as Extreme Programming (XP), Feature Driven Development (FDD), and the Dynamic Systems Development Method (DSDM), Scrum has been criticized because of lack of support to develop secure software. Thus, in 2011, we published research proposing the idea of a security backlog (SB). This paper represents the continuation of our previous research, with a focus on the evaluation in industry-based case study. Our findings highlight an improved agility in Scrum after the integration of SB. Furthermore, secure software can be developed quickly, even in situations involving requirement changes of software. Based on our experimental findings, we noticed that, when integrating SB, it is quite feasible to develop secure software using an agile Scrum model.

• Journal of Information Technology Services
• /
• v.18 no.5
• /
• pp.53-70
• /
• 2019

As information security becomes more important as the fourth industrial revolution gradually emerges, an efficient and effective way to find vulnerabilities in information systems is becoming an essential requirement of information security. As the point of the protection of current information and the protection of the future industry, the Korean government has paid attention to the bug bounty, which has been recognized for its efficiency and effectiveness and has implemented through the Korea Internet Security Agency's S/W vulnerability bug bounty program. However, there are growing problems about the S/W vulnerability bug bounty program of the Korea Internet Security Agency, which has been operating for about 7 years. The purpose of this study is to identify the problems in Korean bug bounty policies through the characteristics of the bug bounty program, and to suggest the direction of the government's policy to activate the bug bounty like changes in the government's approach utilizing the market.

• Review of KIISC
• /
• v.26 no.6
• /
• pp.42-50
• /
• 2016

Critical infrastructure (CI) such as the electrical grid, transportation systems and water resource systems are controlled by Industrial Control and SCADA (Supervisory Control and Data Acquisition) networks. During the last few years, cyber attackers have increasingly targeted such CI systems. This is of great concern because successful attacks have wide ranging impact and can cause widespread destruction and loss of life. As a result, there is a critical requirement to develop enhanced algorithms and tools to detect cyber threats for SCADA networks. Such tools have key differences with the tools utilized to detect cyber threats in regular IT networks. This paper discusses key factors which differentiate network security for SCADA networks versus regular IT networks. The paper also presents various approaches used for SCADA security and some of the advancements in the area.

• Journal of information and communication convergence engineering
• /
• v.9 no.5
• /
• pp.562-566
• /
• 2011

As telecommunication technologies in telemedicine services are developed, the expeditious development of wireless and mobile networks has stimulated wide applications of mobile electronic healthcare systems. However, security is an essential system requirement since many patients have privacy concerns when it comes to releasing their personal information over the open wireless channels. Due to the invisible feature of mobile signals, hackers have easier access to hospital networks than wired network systems. This may result in several security incidents unless security protocols are well prepared. In this paper, we analyzed authentication and authorization procedures for healthcare system architecture to apply secure M-health systems in the hospital environment. From the analyses, we estimate optimal requirements as a countermeasure to its vulnerabilities.

• Journal of Applied Reliability
• /
• v.14 no.2
• /
• pp.108-113
• /
• 2014

The demand against the risk analysis and information security of system from the companies or the agencies which operate an information system is increasing. ISO/IEC 27001 was established by ISO (International Organization for Standardization) and IEC (International Electrotechnical Commission). Also this standard is international and authoritative standard of ISMS (Information Security Management System). This paper is to review how the ISO 27001 ISMS Requirement has been established and improved, and to communicate the significant changes from ISO27001 : 2005 to ISO 27001 : 2013 focusing on reasons for revisions. Additionally, This paper shows case study for understanding ISO 27001 : 2013 implementation.