• Annual Conference of KIPS
• /
• 2024.05a
• /
• pp.20-22
• /
• 2024

이 논문은 시스템의 안전성을 강화하는 안티퍼징을 우회하는 방법을 제안한다. 먼저, 안티퍼징을 우회하기 위해 가짜 Basic Block 을 효과적으로 식별하는 방법을 제안한다. 이를 통해 공격자가 시스템의 취약점을 파악하고 이를 이용하는 것이 가능하게 할 수 있다. 또한, 이 논문은 안티퍼징 메커니즘을 우회하기 위해 커널의 Syscall signal 을 수정하여 프로그램이 크래시가 발생할 때 정상적으로 종료되지 않도록 하는 방법을 제시한다. 이를 통해 시스템이 안티퍼징 메커니즘을 우회하고 퍼징 공격을 가능하게 한다. 이러한 연구 결과는 향후 보다 안전하고 안정적인 시스템 보호를 위한 중요한 연구 방향을 제시하고자 한다.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.30 no.1C
• /
• pp.25-34
• /
• 2005

Girault proposed a key agreement protocol based on his new idea of self-certified public key. Later Rueppel and Oorschot showed variants of the Girault scheme. All of these key agreement protocols inherit positive features of self-certified public key so that they can provide higher security and smaller communication overhead than key agreement protocols not based on self-certified public key. Even with such novel features, rigorous security analysis of these protocols has not been made clear yet. In this paper, we give rigorous security analysis of key agreement protocols based on self-certified public key. We use reduction among functions for security analysis and consider several kinds of active attacker models such as active impersonation attack, key-compromise impersonation attack, forward secrecy and known key security.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.39A no.11
• /
• pp.660-674
• /
• 2014

RFID system has been used in a variety of services. So, a lot of attacks like a free ride on the service, leakage of property or personal information are known. Therefore, the solutions that address these attacks have been proposed. Among the attacks, mafia fraud, a kind of relay attack, can not be addressed by common authentication protocol. So, Hancke and Kuhn used distance bounding protocol for RFID authentication. After that, Munilla and Peinado modified HK protocol by adding void challenge. So the mafia fraud success probability of adversary is lower than probability of HK protocol. Ahn et al. proposed a protocol that reduces number of a hash computation and traffic than MP protocol. Here, we show that MP protocol can not defend the terrorist fraud and is vulnerable to noise. And we show that also AYBN protocol is vulnerable to mafia fraud and key leakage. Moreover, we propose a new protocol and our experimental results show that our protocol is secure to terrorist and mafia fraud.

• The Journal of the Korea Contents Association
• /
• v.3 no.1
• /
• pp.21-30
• /
• 2003

Retracing schemes using packet marking are currently being studied to protect network resources by isolating DDoS attack. One promising solution is the probabilistic packet marking (PPM). However, PPM can't use ICMP by encoding a mark into the IP identification field. Likewise, it can't identify the original source through a hash function used to encode trace information and reduce the mark size. In addition, the retracing problem overlaps with the result from the XOR operation. An algorithm is therefore proposed to pursue the attacker's source efficiently. The source is marked in a packet using a router ID, with marking information abstracted.

• Convergence Security Journal
• /
• v.20 no.1
• /
• pp.49-57
• /
• 2020

It is no exaggeration to say that we live with cyber threats every day. Nevertheless, it is difficult for us to obtain objective information about cyber threats and attacks because it is difficult to clearly identify the attacker, the purpose of attack, and the range of damage, and rely on information from a single source. In the preceding research of this study, we proposed the new approach for establishing Database (DB) for cyber attacks using Open Source Intelligence(OSINT). In this research, we present the evaluation factors for cyber threats among cyber attack DB and analyze the priority of those factors in oder to quantify cyber threats. We select the purpose of attack, attack category, target, ease of attack, attack persistence, frequency of OSINT DB, and factors of the lower layer for each factor as the evaluation factors for cyber threats. After selection, the priority of each factor is analyzed using the Analytic Hierarchy Process(AHP).

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2021.05a
• /
• pp.108-110
• /
• 2021

Since 2015, attacks using the IoT protocol have been continuously reported. Among various IoT protocols, attackers attempt DDoS attacks using SSDP(Simple Service Discovery Protocol), and as statistics of cyber shelters, Korea has about 1 million open SSDP servers. Vulnerable SSDP servers connected to the Internet can generate more than 50Gb of traffic and the risk of attack increases gradually. Until recently, distributed denial of service attacks and distributed reflective denial of service attacks have been a security issue. Accordingly, the purpose of this study is to analyze the request packet of the existing SSDP protocol to identify an amplification attack and to avoid a response when an amplification attack is suspected, thereby preventing network load due to the occurrence of a large number of response packets due to the role of traffic reflection amplification.

• The KIPS Transactions:PartD
• /
• v.15D no.5
• /
• pp.713-720
• /
• 2008

Fingerprinting scheme uses digital watermarks to trace originator of unauthorized or pirated copies, however, multiple users may collude and escape identification by creating an average or median of their individually watermarked copies. Previous research works are based on ACC (anti-collusion code) for identifying each user, however, ACC are shown to be resilient to average and median attacks, but not to LCCA and cannot support large number of users. In this paper, we propose a practical SACC (scalable anti-collusion code) scheme and its angular decoding strategy to support a large number of users from basic ACC (anti-collusion code) with LCCA (linear combination collusion attack) robustness. To make a scalable ACC, we designed a scalable extension of ACC codebook using a Gaussian distributed random variable, and embedded the resulting fingerprint using human visual system based watermarking scheme. We experimented with standard test images for colluder identification performance, and our scheme shows good performance over average and median attacks. Our angular decoding strategy shows performance gain over previous decoding scheme on LCCA colluder set identification among large population.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.37 no.2C
• /
• pp.132-139
• /
• 2012

In 2011, Woosik Bae proposed a NLMAP(New Low-cost Mutual Authentication Protocol) in RFID based on hash function. They argued that minimize computation such as random number generation. In addition, NLMAP is safe against replay attack, spoofing attack, traffic analysis and eavesdropping attack due to using mutual authentication. So, when applied to RFID system has advantage such as providing a high level of security at a lower manufacturing cost. However, unlike their argue, attacker can obtain Tag's hash computed unique identification information. This paper proves possible the location tracking and spoofing attack using H(IDt) by attacker. In addition, we propose the improved a mutual authentication protocol in RFID based on hash function and CRC code. Also, our protocol is secure against various attacks and suitable for efficient RFID systems better than NLMAP.

• Proceedings of the Korean Society of Computer Information Conference
• /
• 2018.07a
• /
• pp.63-66
• /
• 2018

스팸 스미싱 SMS의 차단을 위하여 지금까지 다양한 차단기법이 개발되어 사용되고 있다. 그 중에서도 대부분을 차지하는 방법들이 기계학습을 통한 내용 기반의 차단과 사용자의 스팸신고를 통한 송신자 차단 방법이다. 그러나 이러한 방법들은 공통적으로 스팸 스미싱을 식별하기 위해 학습 데이터가 필요하다는 문제점을 갖고 있기 때문에, 신종 스팸 공격들은 차단이 불가능하여 차단율의 한계를 보인다. 본 논문에서는 오늘날 사용되고 있는 스팸 스미싱 차단 기법들의 근본적인 문제점들을 규명하고, 이를 해결할 수 있는 스팸차단 기법 중 하나인 송신자 자가인증 기법을 소개한다. 그리고 송신자 자가인증 기법을 적용한 안드로이드애플리케이션의 구현 및 동작과정을 설명한다.

• Proceedings of the Korean Information Science Society Conference
• /
• 2007.06d
• /
• pp.7-10
• /
• 2007

최근 정보화 수준이 고도화 되고 대외 기술 교류가 활발해짐에 따라 기업 정보 유출에 의한 피해 사례가 급증하고 있고, 자료 유출 사례 중 전 현직 종사원인 내부자에 의해 발생되는 건이 80%이상을 차지하고 있어 내부정보 유출 방지체계에 대한 구축이 절실히 요구되고 있다. 내부 정보 유출 방지체계는 침입탐지시스템이나 방화벽 같은 외부 공격자에 대한 방어 대책으로는 한계가 있어 새로운 정보보호 체계가 필요하다. 본 논문은 내부정보 유통 구조에 내재되어 있는 내부정보 유출 취약점을 분석하고 이에 대한 대책으로서 정보보호 모델을 제안하며, 제안된 정보보호 모델을 구현하는 한 방법으로서 DRM 기술을 적용한 정보보호 기술구조를 제안하고 구현 시 고려사항을 기술한다. 제안된 기술구조는 조직에서 운용하고 있는 정보체계와 정보기기들을 관리영역으로 식별하는 방법을 제공하며 관리영역에서 비 관리영역으로의 자료 유통을 근본적으로 통제하는 장점을 갖고 있다.