• Journal of Aerospace System Engineering
• /
• v.17 no.4
• /
• pp.133-143
• /
• 2023

As drones (also known as UAV) become popular with advanced information and communication technology (ICT), they have been utilized for various fields (agriculture, architecture, and so on). However, malicious attackers with advanced drones may pose a threat to critical national infrastructures. Thus, anti-drone systems have been developed to respond to drone threats. In particular, remote identification data (R-ID)-based UAV detection and identification systems that detect and identify illegal drones with R-ID broadcasted by drones have been developed, and are widely employed worldwide. However, this R-ID-based UAV detection/identification system is vulnerable to security due to wireless broadcast characteristics. In this paper, we analyze the security vulnerabilities of DJI Aeroscope, a representative example of the R-ID-based UAV detection and identification system, and propose a replay-attack-based neutralization method using the analyzed vulnerabilities. To validate the proposed method, it is implemented as a software program, and verified against four types of attacks in real test environments. The results demonstrate that the proposed neutralization method is an effective neutralization method for R-ID-based UAV detection and identification systems.

• Journal of the Korea Society of Computer and Information
• /
• v.24 no.10
• /
• pp.25-32
• /
• 2019

In this paper, we propose a method to apply the attack surface expansion through decoy traps to a protected server network. The network consists of a large number of decoys and protected servers. In the network, each protected server dynamically mutates its IP address and port numbers based on Hidden Tunnel Networking that is a network-based moving target defense scheme. The moving target defense is a new approach to cyber security and continuously changes system's attack surface to prevent attacks. And, the attack surface expansion is an approach that uses decoys and decoy groups to protect attacks. The proposed method modifies the NAT table of the protected server with a custom chain and a RETURN target in order to make attackers waste all their time and effort in the decoy traps. We theoretically analyze the attacker success rate for the protected server network before and after applying the proposed method. The proposed method is expected to significantly reduce the probability that a protected server will be identified and compromised by attackers.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.21 no.3
• /
• pp.91-98
• /
• 2021

In most hacking attacks, hackers tend to access target systems in a variety of circumvent connection methods to hide their original IP. Therefore, finding the attacker's IP(Internet Protocol) from the defender's point of view is one of important issue to recognize hackers. If an attacker uses a proxy, original IP can be obtained through a program other than web browser in attacker's computer. Unfortunately, this method has no effect on the connection through VPN(Virtual Private Network), because VPN affects all applications. In an academic domain, various IP traceback methods using network equipments such as routers have been studied, but it is very difficult to be realized due to various problems including standardization and privacy. To overcome this limitation, this paper proposes a practical way to use client's network configuration temporarily until it can detect original IP. The proposed method does not only restrict usage of network, but also does not violate any privacy. We implemented and verified the proposed method in real internet with various VPN tools.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2018.05a
• /
• pp.82-85
• /
• 2018

The purpose of this paper is to improve the authentication method for IP camera user authentication. Since existing authentication uses knowledge-based authentication method, if ID and PW are exposed to attack by attacker, IP camera becomes defenseless from attacker. The attacker can access the IP Camera and acquire and distribute real time video and voice, which can be exploited as a second crime, and there is a fear of a secret leak when a secret facility is installed. In order to compensate for this vulnerability, this paper proposes a DUI authentication method that identifies and registers a device using DUI (Device Unique Identifier), blocks access to unauthorized devices by subordinating the device to the IP Camera and authenticates only authorized devices.

• Convergence Security Journal
• /
• v.24 no.3
• /
• pp.67-79
• /
• 2024

Attackers targeting critical infrastructure, such as energy plants, conduct intelligent and sophisticated attacks that conceal their traces until their objectives are achieved. Manipulating measurement data of cyber-physical systems, which are connected to the physical environment, directly impacts human safety. Given the unique characteristics of cyber-physical systems, a differentiated approach is necessary, distinct from traditional IT environment anomaly detection and identification methods. This study proposes a methodology that integrates both recursive filtering and an entropy-based approach to identify maliciously manipulated measurement data, considering the characteristics of cyber-physical systems. By applying the proposed approach to synthesized data based on a publicly available industrial control system security dataset in our research environment, the results demonstrate its effectiveness in identifying manipulated operational data.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.2
• /
• pp.267-279
• /
• 2017

This study emulated unscheduled phishing e-mails over a long period of time by imitating the manner in which external hackers attacked a group of employees in a company. We then measured and analyzed the recipient's ability to identify and respond to phishing e-mails as training progressed. In addition, we analyzed the changes in participants' response behavior when changing the external control condition between the training. As a result of the analysis, it was confirmed that the training duration had a positive (+) relationship with the employees' ability to identify phishing e-mails and the infection rate, and more employees read emails and infected with phishing attacks using social issues and seasonal events. It was also confirmed that reinforcement of internal control policy on infected persons affects positively (+) on the phishing attack response behavior of employees. Based on these results, we would like to suggest the right training method for each organization to enhance the ability of employees to cope with phishing attacks.

• The KIPS Transactions:PartC
• /
• v.11C no.4
• /
• pp.447-454
• /
• 2004

This paper proposes unforgeable RFID variable n scheme with efficient identification. The existing schemes on privacy protection are in efficient because a server should execute identification process with all Tag ID's Information in order to identify a certain Tag. Moreover these schemes have the serious problem that an attacker can forge special tags if he can know tag's secret information stored in the server's database. Our scheme Is required only 2 times exponent computation to identify a tag. The proposed scheme is also secure against leakage of tags information stored in a database, because an attacker cannot forge special tag even if he knows secret information of the server(database).

• Review of KIISC
• /
• v.34 no.3
• /
• pp.45-51
• /
• 2024

제로트러스트 도입을 검토하고 있는 조직은 제로트러스트를 구성하는 6개 핵심요소에 대한 자신의 성숙도 수준을 측정하여 목표 수준과의 차이를 식별한 후, 목표 성숙도 수준 달성을 위한 제로트러스트 도입계획을 수립하고, 도입 후 목표 성숙도 수준의 달성정도를 정량적으로 확인할 수 있어야 한다. 이를 위한 접근법 또한 제로트러스트의 기본철학(Never Trust, Always Verify)을 준수해야 하므로, 가장 효과적인 방법은 공격자 관점의 침투시험(Penetration Test, 모의해킹)을 도입하는 것이다. 본 연구는 침투시험을 기반으로 제로트러스트 핵심요소별 성숙도를 측정하는 방법과 제로트러스트 도입 전후 보안성 향상 정도를 정량적으로 측정하는 방법을 제시한다.

• The Journal of the Korea Contents Association
• /
• v.15 no.12
• /
• pp.18-23
• /
• 2015

This paper proposes a new protection technique against deregistration attack in SIP. Although it is caused by simple spoofing the REGISTER message of a legitimate SIP UA, its impact is serious. This new protection technique identifies and protects the deregistration attack by removing a binding form the location server after delaying a certain period of time instead of removing the binding immediately after receiving deregistration message. Therefore, this technique makes it possible to establish a secure SIP environment defending the deregistraion attack without any additional overhead such as an encryption or authentication.

• Journal of Korea Multimedia Society
• /
• v.16 no.8
• /
• pp.954-961
• /
• 2013

To enhance the efficiency of network, content-centric networking (CCN), one of future Internet architectures, allows network nodes to temporally cache transmitted contents and then to directly respond to request messages which are relevant to previously cached contents. Also, since CCN uses a hierarchical content-name, not a host identity like source/destination IP address, for request/response packet routing and CCN request message does not include requester's information for privacy protection, contents-providers/ network nodes can not identify practical requesters sending request messages. So to send back relevant contents, network nodes in CCN records both a request message and its incoming interfaces on Pending Interest Table (PIT). Then the devices refer PIT to return back a response message. If PIT is exhausted, the device can not normally handle request/response messages anymore. Hence, it is needed to detect/react attack to exhaust PIT. Hence, in this paper, we propose improved detection/reaction schemes against attacks to exhaust PIT. In practice, for fine-grained control, this proposal is applied to each incoming interface. Also, we propose the message framework to control attack traffic and evaluate the performance of our proposal.