• Annual Conference of KIPS
• /
• 2022.05a
• /
• pp.531-534
• /
• 2022

승차 공유, 카풀, 렌터카의 이용률이 증가하면서 많은 사용자가 동일한 차량에 로컬 액세스 할 수 있는 시나리오가 더욱 보편화됨에 따라 차량 네트워크에 대한 공격 가능성이 커지고 있다. 차량용 CAN Bus Network에 대한 DoS(Denial of Service), Fuzzy Attack 및 Replay Attack과 같은 공격은 일부 ECU(Electronic Controller Unit) 비활성 및 작동 불능 상태를 유발한다. 에어백, 제동 시스템과 같은 필수 시스템이 작동 불가 상태가 되어 운전자에게 치명적인 결과를 초래할 수 있다. 차량 네트워크 침입 탐지를 위하여 많은 연구가 진행되고 있으나, 기존 화이트리스트를 이용한 탐지 방법은 새로운 유형의 공격이 발생하거나 희소성이 높은 공격일 때 탐지하기 어렵다. 본 논문에서는 인공신경망 기반의 CAN 버스 네트워크 침입 탐지 기법을 제안한다. 제안하는 침입 탐지 기법은 2단계로 나누어 진다. 1단계에서 정상 패킷 분포를 학습한 VAE 모형이 이상 탐지를 수행한다. 이상 패킷으로 판정될 경우, 2단계에서 인코더로부터 추출된 잠재변수와 VAE의 재구성 오차를 이용하여 공격 유형을 분류한다. 분류 결과의 신뢰점수(Confidence score)가 임계치보다 낮을 경우 학습하지 않은 공격으로 판단한다. 본 연구 결과물은 정보보호 연구·개발 데이터 첼린지 2019 대회의 차량 이상징후 탐지 트랙에서 제공하는 정상 및 3종의 차량 공격시도 패킷 데이터를 대상으로 성능을 평가하였다. 실험을 통해 자동차 제조사의 규칙이나 정책을 사전에 정의하지 않더라도 낮은 오탐율로 비정상 패킷을 탐지해 낼 수 있음을 확인할 수 있다.

• Journal of the Korea Society of Computer and Information
• /
• v.14 no.10
• /
• pp.101-110
• /
• 2009

The 6LoWPAN(IPv6 Low-power Wireless Personal Area Network) performs IPv6 header compression, TCP/UDP/IGMP header compression, packet fragmentation and re-assemble to transmit IPv6 packet over IEEE 802,15.4 MAC/PHY. However, from the point of view of security. It has the existing security threats issued by IP packet fragmenting and reassembling, and new security threats issued by 6LoWPAN packet fragmenting and reassembling would be introduced additionally. If fragmented packets are retransmitted by replay attacks frequently, sensor nodes will be confronted with the communication disruption. This paper analysis security threats introduced by 6LoWPAN fragmenting and reassembling, and proposes a re-transmission mechanism that could minimize re-transmission to be issued by replay attacks. Re-transmission procedure and fragmented packet structure based on the 6LoWPAN standard(RFC4944) are designed. We estimate also re-transmission delay of the proposed mechanism. The mechanism utilizes timestamp, nonce, and checksum to protect replay attacks. It could minimize reassemble buffer overflow, waste of computing resource, node rebooting etc., by removing packet fragmentation and reassemble unnecessary.

• Convergence Security Journal
• /
• v.12 no.1
• /
• pp.3-8
• /
• 2012

MANET composed wireless nodes without fixed infrastructure provides high flexibility, but it has weak disadvantage to various attack. It has big weakness to DDoS attack because every node perform packet forwarding especially. In this paper, packet transmission information control technique is proposed to reduce damage of DDoS attack in MANET and search location of attacker when DDoS attacks occur. Hierarchical structure using gateway node is adopted for protect a target of attack in this study. Gateway node in cluster is included like destination nodes surely when source nodes route path to destination nodes and it protects destination nodes. We confirmed efficiency by comparing proposed method in this study with CUSUM and measured the quantity consumed memory of cluster head to evaluate efficiency of information control using to location tracing.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.5
• /
• pp.939-946
• /
• 2013

This paper proposes normal behavior profiling methods for anomaly detection in IEC 61850 based substation network. Signature based security solutions, currently used primarily, are inadequate for APT attack using zero-day vulnerabilities. Recently, some researches about anomaly detection in control network are ongoing. However, there are no published result for IEC 61850 substation network. Our proposed methods includes 3-phase preprocessing for MMS/GOOSE packets and normal behavior profiling using one-class SVM algorithm. These approaches are beneficial to detect APT attacks on IEC 61850 substation network.

• Journal of the Korea Society of Computer and Information
• /
• v.8 no.1
• /
• pp.44-50
• /
• 2003

When Mobile terminal user want to contact inner-network information sever, wireless information security need for Protect hacking. For the security, Mobile terminal user could have contact to wireless network through the gateway of Wireless Firewall. In this paper, I present a design scheme of Wireless Firewall that included major function of Packet Filtering, NAT, Authentication, and auditing reports services. I would implement to Wireless Firewall that included major function of Packet Filtering, NAT, Authentication, Integrity, and auditing reports services. I would conclude that the suggest will be useful for research and development on Korean Wireless Firewall System.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.6
• /
• pp.1505-1511
• /
• 2016

Live streaming is a method to provide media service by sending recoded media to a user's video player. In order to provide video and audio contents in real-time for a large number of users simultaneously, live streaming compatible protocols such as RTMP (Real Time Messaging Protocol), HLS (Http Live Streaming), are required. In this paper, we analyzed vulnerability of paid live streaming services with the captured packets from the applications used by six major OTT (over-the-top) companies in Korea supporting live streaming services. We found that streaming channels were not encrypted and access control mechanisms were not properly used. Thus, guest users can freely use paid live streaming services.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.13 no.4
• /
• pp.3-11
• /
• 2003

It is very important to detect and remove original sources of various attacks through networks. One of the effective method to detect the sources is traceback systems. In this paper, we design and implement an agent-based traceback system that does not require the reaction of routers and administrators and does not need numerous log data. In the design, we introduce a traceback server and traceback agents in each network Using sniffing and spoofing, the server transmits a packet with a specific message. The agents detect the packet and provide the information for the server to trace back the original source.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.6
• /
• pp.1279-1290
• /
• 2021

As vehicle technology has grown, autonomous driving that does not require driver intervention has developed. Accordingly, CAN security, an network of in-vehicles, has also become important. CAN shows vulnerabilities in hacking attacks, and machine learning-based IDS is introduced to detect these attacks. However, despite its high accuracy, machine learning showed vulnerability against adversarial examples. In this paper, we propose a adversarial CAN frame generation method to avoid IDS by adding noise to feature and proceeding with feature selection and re-packet for physical attack of the vehicle. We check how well the adversarial CAN frame avoids IDS through experiments for each case that adversarial CAN frame generated by all feature modulation, modulation after feature selection, preprocessing after re-packet.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.6
• /
• pp.1411-1420
• /
• 2015

Lawful interception(LI) standard of telephone networks has technical limitations to lawfully intercept IMS/SIP-based mobile communication network subscriber who using Android and iPhone device. In addition, the technical standards related to legal interception of the IMS/SIP of the wireless network is insufficient compared to the systematic study of the development of a wireless network infrastructure. The architecture proposed in the standard of ETSI(European Telecommunications Standards Institute) for the seamless LI is insufficient to overcome the limitations of traditional voice-centric LI techniques. This paper proposes an IMS/SIP-based architecture to perform LI under 3G networks that focuses on mobility-supported environments with merging cellular networks and the Internet. We implemented the simulation to verify the efficiency of the proposed architecture, and the experimental results show that our method achieves higher lawful interception rate than that of existing interception methods.

• Journal of Korea Multimedia Society
• /
• v.14 no.11
• /
• pp.1431-1437
• /
• 2011

This paper proposes a novel watermarking algorithm that protects digital copyrights and is robust to attacks. Watermarks are embedded in the subband including the significant part of the signal such as a pitch. Generally, the subband containing the pitch has the biggest energy. In order to find this subband, wavelet packet transform is used to decompose the subbands and their energy are calculated. The signal of the selected subbands is transformed in frequency domain using FFT. The watermarks are embedded using QIM for samples higher than a certain threshold. The blind detection uses the Euclidean distance. The proposed method shows less than 5% BER in the audio watermark benchmarking.