• International Journal of Internet, Broadcasting and Communication
• /
• 제13권4호
• /
• pp.1-10
• /
• 2021

The purpose of the study is to contribute to the positive development of blockchain technology by providing data to examine security vulnerabilities and threats to blockchain-based services and review countermeasures. The findings of this study are as follows. Threats to the security of blockchain-based services can be classified into application security threats, smart contract security threats, and network (P2P) security threats. First, application security threats include wallet theft (e-wallet stealing), double spending (double payment attack), and cryptojacking (mining malware infection). Second, smart contract security threats are divided into reentrancy attacks, replay attacks, and balance increasing attacks. Third, network (P2P) security threats are divided into the 51% control attack, Sybil attack, balance attack, eclipse attack (spread false information attack), selfish mining (selfish mining monopoly), block withholding attack, DDoS attack (distributed service denial attack) and DNS/BGP hijacks. Through this study, it is possible to discuss the future plans of the blockchain technology-based ecosystem through understanding the functional characteristics of transparency or some privacy that can be obtained within the blockchain. It also supports effective coping with various security threats.

• International Journal of Advanced Culture Technology
• /
• 제11권4호
• /
• pp.34-41
• /
• 2023

The purpose of this paper is to consider the expansion of non-traditional security threats and the national-level response to the emergence of emerging security threats in ultra-uncertain VUCA situations. As a major research method for better analysis, the theoretical approach was referred to papers published in books and academic journals, and technical and current affairs data were studied through the Internet and literature research. The instability and uncertainty of the international order and security environment in the 21st century brought about a change in the security paradigm. Human security emerged as the protection target of security was expanded to individual humans, and emerging security was emerging as the security area expanded. Emerging security threatsthat have different characteristicsfrom traditionalsecurity threats are expressed in various ways, such as cyber threats, new infectious disease threats, terrorist threats, and abnormal climate threats. First, the policy and strategic response to respond to emerging security threats is integrated national crisis management based on artificial intelligence applying the concept of Foresight. Second, it is to establish network-based national crisis management smart governance. Third, it is to maintain the agile resilience of the concept of Agilience. Fourth, an integrated response system that integrates national power elements and national defense elements should be established.

• 대한전기학회:학술대회논문집
• /
• 대한전기학회 2003년도 하계학술대회 논문집 D
• /
• pp.2747-2749
• /
• 2003

Security is concerned with the protection of assets from threats, where threats are categorised as the potential for abuse of protected assets. All categories of threats should be considered, but in the domain of security greater attention is given to those threats that are related to malicious or other human activities ISO/IEC 15408 requires the TOE(Target of Evaluation) Security Environment section of a Protection Profile(PP) or Security Target(ST) to contain a list of threats about the TOE security environment or the intended usage of the TOE. This paper presents a specific physical threats should be considered in the smart card PP which developers of smart card PP must consider.

• Journal of information and communication convergence engineering
• /
• 제18권1호
• /
• pp.16-21
• /
• 2020

Owing to the convergence of the communication network with the control system and public network, security threats, such as information leakage and falsification, have become possible through various routes. If we examine closely at the security type of the current control system, the operation of the security system focuses on the threats made from outside to inside, so the study on the detection system of the security threats conducted by insiders is inadequate. Thus, this study, based on "Spotting the Adversary with Windows Event Log Monitoring," published by the National Security Agency, found that event logs can be utilized for the detection and maneuver of threats conducted by insiders, by analyzing the validity of detecting insider threats to the control system with the list of important event logs.

• 정보보호학회논문지
• /
• 제25권1호
• /
• pp.95-105
• /
• 2015

본 논문은 서버 가상화 시스템의 보안 함수를 개발하기 위해 선행해야 할, 보안 요구 사항을 제안하는 것에 그 목적을 두고 있다. 도출된 보안 요구 사항은 서버 가상화 시스템에 대한 보안 위협을 기반으로 하며, 제안 된 요구 사항이 보안 위협 사항을 방어할 수 있는 것을 보임으로써 보안 요구 사항의 타당성을 검증한다. 또한, 클라우드 컴퓨팅 보안 위협에서 서버 가상화 시스템에 가해지는 보안 위협을 도출하기 위해서, 보안 위협과 서버 가상화 시스템의 보안 이슈 사항의 관계를 분석 및 제시한다.

• International Journal of Internet, Broadcasting and Communication
• /
• 제12권4호
• /
• pp.180-187
• /
• 2020

Security threats are increasing with interest due to the mass spread of smart devices, and vulnerabilities in developed applications are being exposed while mobile malicious codes are spreading. The government and companies provide various applications for the public, and for reliability and security of applications, security checks are required during application development. In this paper, among the security threats that can occur in the mobile service environment, we set up the vulnerability analysis items to respond to security threats when developing Android-based applications. Based on the set analysis items, vulnerability analysis was performed by examining three applications of public institutions and private companies currently operating as mobile applications. As a result of application security checks used by three public institutions and companies, authority management and open module stability management were well managed. However, it was confirmed that many security vulnerabilities were found in input value verification, outside transmit data management, and data management. It is believed that it will contribute to improving the safety of mobile applications through the case of vulnerability analysis for Android application security.

• International Journal of Fuzzy Logic and Intelligent Systems
• /
• 제11권4호
• /
• pp.229-237
• /
• 2011

As smart phones have become widely adopted, they have brought about changes in individual lifestyles, as well as significant changes in the industry. As the mobile technology of smart phones has become associated with all areas of industry, it is not only accelerating innovation in other industries such as shopping, healthcare service, education, and finance, but is also creating new markets and business opportunities. The preparation of thorough security measures for smart phones is increasing in demand. While offering excellent mobility and convenience, smart phones can be exposed to a range of violation threats. In particular, it is necessary to make efforts to develop a security system that can preemptively cope with potential security threats in the banking service area, which requires a high level of reliability. This paper suggests a security reference model that is considered for the smart phone-based joint mobile banking development project being undertaken by the Bank of Korea in 2010. The purpose of this study is to make a security reference model for a reliable smart phone-based mobile financial service, by recognizing the specific security threats directed toward smart phones, and providing countermeasures to these security threats. The proposed mobile banking security reference model is useful in improving system security by systematically analyzing information security threats to the mobile financial service, and by presenting the guideline for the preparation of countermeasures.

• 한국멀티미디어학회논문지
• /
• 제19권1호
• /
• pp.51-59
• /
• 2016

Physical security protecting people from physical threats, such as a person or vehicle, has received a great attention. However, it has many risks of hacking and other security threats because it is highly dependent on automated management systems. In addition, a representative system of physical security, a CCTV control system has a high risk of hacking, such as video interceptions or video modulation. So physical security needs urgent security measures in accordance with these threats. In this paper, we examine the case of security threats that have occurred in the past, prevent those from threatening the physical security, and analyze the security problem with the threats. Then we study the countermeasures to prevent these security threats based on the problems found in each case. Finally we study for the method to apply these countermeasures.

• International Journal of Internet, Broadcasting and Communication
• /
• 제9권3호
• /
• pp.9-16
• /
• 2017

Recently, more users have been using IoT embedded systems. Since the wireless network function is a basic and core function in most embedded systems, new security threats and weaknesses are expected to occur. In order to resolve these threats, it is necessary to investigate the security issues in the development stages according to the Security Development Lifecycle (SDL). This study analyzes the vulnerabilities of the embedded systems equipped with the wireless network function, and derives possible security threats and how dangerous such threats are. We present security risks including bypassing the authentication stage required for accessing to the embedded system.

• 정보화정책
• /
• 제24권2호
• /
• pp.20-42
• /
• 2017

본 논문은 인터넷 뱅킹 서비스의 안전성을 평가하기 위한 보안위협을 분류하고 보안 요구사항을 제안하는데 그 목적이 있다. 분류한 보안위협은 기존에 발생하였던, 그리고 발생이 가능한 보안위협을 기반으로 분석하였으며, 이를 통하여 보안 요구사항을 제안하기 위한 기반을 다질 것으로 사료된다. 보안위협 도출을 위하여 인터넷 뱅킹 서비스의 구조를 금융기관 구간과 네트워크 구간, 사용자 구간으로 분류하였으며, 각 구간에서 발생하는 보안위협을 도출하였다. 특히, 사용자 구간이 상대적으로 취약하기 때문에 전체 서비스의 안전성을 확보하기 어려운 상황이므로 이를 중점적으로 분석하였다. 분석한 보안위협을 토대로 안전한 인터넷 뱅킹 서비스를 구성할 수 있을 것으로 예상된다.