• Title/Summary/Keyword: Fake Session

Search Result 3, Processing Time 0.018 seconds

An active intrusion-confronting method using fake session and Honeypot (거짓 세션과 허니팟을 이용한 능동적 침입 대응 기법)

  • 이명섭;신경철;박창현
    • The Journal of Korean Institute of Communications and Information Sciences
    • /
    • v.29 no.7C
    • /
    • pp.971-984
    • /
    • 2004
  • In the coming age of information warfare, information security patterns need to be changed such as to the active approach using offensive security mechanisms rather than traditional passive approach just protecting the intrusions. In an active security environment, it is essential that, when detecting an intrusion, the immediate confrontation such as analysing the intrusion situation in realtime, protecting information from the attacks, and even tracing the intruder. This paper presents an active intrusion-confronting system using a fake session and a honeypot. Through the fake session, the attacks like Dos(Denial of Service) and port scan can be intercepted. By monitoring honeypot system, in which the intruders are migrated from the protected system and an intrusion rule manager is being activated, new intrusion rules are created and activated for confronting the next intrusions.

A FAST ASYMMETRIC KEY ENCRYPTION ALGORITHM FOR BULK DATA

  • Shin, Sang-Uk;Rhee, Kyung-Hyune
    • Journal of applied mathematics & informatics
    • /
    • v.8 no.3
    • /
    • pp.943-957
    • /
    • 2001
  • In this paper, we propose an efficient encryption algorithm, without exchanging session keys of a symmetric cryptosystem. The proposed scheme, called as the FAKE(Fast Asymmetric Key Encryption), first scrambles an entire input message and then encrypts small parts of the scrambled message using an asymmetric key encryption scheme. We use the all-or-nothing transform based on the hash function as a scrambling function, which was proposed by Shin, et al. Furthermore, the proposed scheme can additionally provide a digital signature service with only small overhead.

Cryptanalysis of an 'Efficient-Strong Authentiction Protocol (E-SAP) for Healthcare Applications Using Wireless Medical Sensor Networks'

  • Khan, Muhammad Khurram;Kumari, Saru;Singh, Pitam
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.7 no.5
    • /
    • pp.967-979
    • /
    • 2013
  • Now a day, Wireless Sensor Networks (WSNs) are being widely used in different areas one of which is healthcare services. A wireless medical sensor network senses patient's vital physiological signs through medical sensor-nodes deployed on patient's body area; and transmits these signals to devices of registered medical professionals. These sensor-nodes have low computational power and limited storage capacity. Moreover, the wireless nature of technology attracts malicious minds. Thus, proper user authentication is a prime concern before granting access to patient's sensitive and private data. Recently, P. Kumar et al. claimed to propose a strong authentication protocol for healthcare using Wireless Medical Sensor Networks (WMSN). However, we find that P. Kumar et al.'s scheme is flawed with a number of security pitfalls. Information stored inside smart card, if extracted, is enough to deceive a valid user. Adversary can not only access patient's physiological data on behalf of a valid user without knowing actual password, can also send fake/irrelevant information about patient by playing role of medical sensor-node. Besides, adversary can guess a user's password and is able to compute the session key shared between user and medical sensor-nodes. Thus, the scheme looses message confidentiality. Additionally, the scheme fails to resist insider attack and lacks user anonymity.