Daegeon Kim

Daegeon Kim, Hyeonho Lee

With the development of the fourth industrial revolution technology, the type and scope of use of drones are rapidly increasing. As interest in drones increases, research on related security vulnerabilities is actively being conducted, and discussions on security measures have also been developed to prevent them. Military has established and applied various security measures for this, and in particular, drones equipped with KCMVP-certified cryptographic modules are required to be introduced as a way to protect data on the drone's wireless channels. However, despite being equipped with such a certified cryptographic module, the drone's operating environment and structural properties have the potential to expose it to several security vulnerabilities. In this paper, we present a theoretical model for these security vulnerabilities and measures to complement them.

Daegeon Kim, Do Hyung Gu, Huy Kang Kim

National disasters can threaten national security and require several organizations to integrate the functionalities to correspond to the event. Many countries are constructing a nationwide mobile communication network infrastructure to share information and promptly communicate with corresponding organizations. Public Safety Long-Term Evolution (PS-LTE) is a communication mechanism adopted in many countries to achieve such a purpose. Organizations can increase the efficiency of public protection and disaster relief (PPDR) operations by securely connecting the services run on their legacy networks to the PS-LTE infrastructure. This environment allows the organizations to continue facilitating the information and system functionalities provided by the legacy network. The vulnerabilities in the environment, which differ from commercial LTE, need to be resolved to connect the network securely. In this study, we propose a security model design framework to derive the system architecture and the security requirements targeting the restricted environment applied by certain technologies for a particular purpose. After analyzing the PPDR operation environment's characteristics under the PS-LTE infrastructure, we applied the framework to derive the security model for organizations using PPDR services operated in their legacy networks through this infrastructure. Although the proposed security model design framework is applied to the specific circumstance in this research, it can be generally adopted for the application environment.

Daegeon Kim, Huy Kang Kim

Due to the ability to overcome the geospatial limitations and to the possibility to converge the various information communication technologies, the application domains and the market size of drones are increasing internationally. Public authorities in South Korean are investing for the domestic drone industry and the technological advancement as a power of innovation and growth of the country. They are also increasing the utilization of drones for various purposes. The South Korean government ensures the security of IT equipment introduced to the public authorities by enforcing policies such as security compatibility verification and CCTV security certification. Considering the increase of the needs of drones and the possible security effects to the organization operating them, the government needs to develop the security requirements during introducing drones, but there are no such requirements yet. In this paper, we inspect the vulnerabilities of drones by analyzing the applications of commercial drones made by 4 manufacturers. We also propose the minimum security requirements to resolve the vulnerabilities. We expect our work contributes to the security improvements of drones operated in public authorities.

Daegeon Kim, Huy Kang Kim

The objectives of cyberattacks are becoming sophisticated, and attackers are concealing their identity by masquerading as other attackers. Cyber threat intelligence (CTI) is gaining attention as a way to collect meaningful knowledge to better understand the intention of an attacker and eventually predict future attacks. A systemic threat analysis based on data acquired from actual cyber incidents is a useful approach to generating intelligence for such an objective. Developing an analysis technique requires a high volume and fine quality data. However, researchers can become discouraged by an inaccessibility to data because organizations rarely release their data to the research community. Owing to a data inaccessibility issue, academic research tends to be biased toward techniques that develope steps of the CTI process other than analysis and production. In this paper, we propose an automated dataset generation system called CTIMiner. The system collects threat data from publicly available security reports and malware repositories. The data are stored in a structured format. We released the source codes and dataset to the public, including approximately 640,000 records from 612 security reports published from January 2008 to June 2019. In addition, we present a statistical feature of the dataset and techniques that can be developed using it. Moreover, we demonstrate an application example of the dataset that analyzes the correlation and characteristics of an incident. We believe our dataset will promote collaborative research on threat analysis for the generation of CTI.