DOI QR코드

DOI QR Code

An Implementation Strategy for the Physical Security Threat Meter Using Information Technology

정보통신 기술을 이용한 물리보안 위협 계수기 구현 전략

  • Kang, Koo-Hong (Dept. of Information and Communication Engineering, Seowon University)
  • 강구홍 (서원대학교 정보통신공학과)
  • Received : 2014.04.22
  • Accepted : 2014.07.04
  • Published : 2014.07.31

Abstract

In order to publicly notify the information security (Internet or Cyber) threat level, the security companies have developed the Threat Meters. As the physical security devices are getting more intelligent and can be monitored and managed through networks, we propose a physical security threat meter (PSTM) to determine the current threat level of physical security; that is a very similar compared with the one of information security. For this purpose, we investigate and prioritize the physical security events, and consider the impact of temporal correlation among multiple security events. We also present how to determine the threshold values of threat levels, and then propose a practical PSTM using the threshold based decision. In particular, we show that the proposed scheme is fully implementable through showing the block diagram in detail and the whole implementation processes with the access controller and CCTV+video analyzer system. Finally the simulation results show that the proposed PSTM works perfectly under some test scenarios.

정보보안 (인터넷 혹은 사이버) 위협 레벨을 공지하기 위해 많은 정보보안 회사들은 위협 계수기(Threat Meter)를 개발하였다. 본 논문에서는 물리보안 장치들이 지능화되고 네트워크를 통해 감시 및 제어가 가능함에 따라 물리보안의 현재 위협 수준을 결정하는 물리보안 위협 계수기(PSTM: Physical Security Threat Meter)를 제안한다. 따라서 PSTM은 정보보안에서 사용하는 위협 계수기와 유사하다. 이러한 목적을 위해 물리보안 이벤트를 분석하고 가중치를 결정하였으며 복수의 보안이벤트 발생에 따른 이벤트 간 시간 연관성 영향을 고려하였다. 또한 위협 레벨을 결정하기 위한 기준 값 설정 방법과 이들 기준 값을 이용한 실용적인 PSTM을 제안하였다. 특히 출입문 제어기와 CCTV(비디오 분석기 포함)로 구성된 실험환경에서 PSTM을 제작하기 위한 구체적인 블록도와 구현과정을 보임으로써 제안된 기법이 실현 가능함을 보였다. 마지막으로 몇몇 실험 시나리오를 대상으로 실시한 시뮬레이션 결과를 통해 제안된 PSTM이 물리보안 위협레벨을 적절히 공지함을 검증하였다.

Keywords

References

  1. McAfee, Security Advice: Threat Meter Levels, http://home.mcafee.com
  2. Symantec Corporation, DeepSight Threat Management System, http://www.symantec.com/security_response/threatconlearn.jsp
  3. AhnLab, Security Alert, http://ahnlab.co.kr
  4. Korea Emergency Response Team Coordination Center, KrCERT Internet Threat http://www.krcert.or.kr/kor/main/main.jsp
  5. DVTtel Inc, Intelligent Video System Technology, DVTEL White Paper, http://info.dvtel.com/WhitePaper.html, 2006
  6. Suprema, Introduction of Bio Star Lite, Technical Columns, http://supremainc.com, June 2001
  7. B. Shin, "Study on Technical trend of physical security and future service, " Journal of the Korea Industrial Information System Society, Vol. 15, No. 5, pp. 159-166, Dec. 2009.
  8. Y. Mehdizadeh, "Convergence of Logical and Physical Security, " SANS Institute InfoSec Reading Room, 2010. 12.
  9. K. Kang, D. Kang, J. Na, and I. Kim, "Utilization of Physical Events for the Converged Security using Analytic Hierarchy Process: focus on Information Security, " Journal of the Korea Institute of Information Security and Cryptology, Vol. 22, No. 3, pp. 553-564, June 2012.
  10. J. Han, and H. Jo, "Technical Trends of Image Security System, " Review of Korean Institute of Information Security and Cryptology, Vol. 9, No. 5, pp. 29-37, Oct. 2009.
  11. J. Kim, G. Kim, and Y. Lee, "The Concept and Approach of the Converged Security, " Review of Korean Institute of Information Security and Cryptology, Vol. 19, No. 6, pp. 68-73, Dec. 2009.
  12. T.L. Saaty, and L.G. Vargas, "Prediction Projection and Forecasting" Kluwer Academic Publishers, 1991.
  13. D.A. Kravitz, and B. Martin, "Ringelmann rediscovered: The original article" Journal of Personality and Social Psychology, Vol. 50, No. 5, pp. 936-941, May 1986. https://doi.org/10.1037/0022-3514.50.5.936
  14. Y. An, "Security Analysis and Improvements of a Biometrics-based User Authentication Scheme Using Smart Cards" Journal of the Korea Society of Computer and Information, Vol. 17, No. 2, pp. 159-166, Feb. 2012.

Cited by

  1. 리눅스 서버에서 인터렉티브 서비스 Stepping Stone 자가진단을 위한 brute-force 기법 vol.20, pp.5, 2014, https://doi.org/10.9708/jksci.2015.20.5.041