• Title/Summary/Keyword: Malicious Application

Search Result 192, Processing Time 0.032 seconds

Efficient Source Authentication Protocol for IPTV Based on Hash Tree Scheme (해쉬 트리 기반의 효율적인 IPTV 소스 인증 프로토콜)

  • Shin, Ki-Eun;Choi, Hyoung-Kee
    • The KIPS Transactions:PartC
    • /
    • v.16C no.1
    • /
    • pp.21-26
    • /
    • 2009
  • Presently, the demand for IPTV, to satisfy a variety of goals, is exploding. IPTV is coming into the spotlight as a killer application in upcoming IP convergence networks such as triple play which is the delivery of voice, internet, and video service to a subscriber. IPTV utilizes CAS, which controls the subscriber access to content for a profit. Although the current CAS scheme provides access control via subscriber authentication, there is no authentication scheme for the content transmitted from service providers. Thus, there is a vulnerability of security, through which an adversary can forge content between the service provider and subscribers and distribute malicious content to subscribers. In this paper, based on a hash tree scheme, we proposed efficient and strong source authentication protocols which remove the vulnerability of the current IPTV system. We also evaluate our protocol from a view of IPTV requirements.

A Study on Smart EDR System Security Development (Smart EDR 시스템구축을 위한 보안전략과 발전방안)

  • Yoo, Seung Jae
    • Convergence Security Journal
    • /
    • v.20 no.1
    • /
    • pp.41-47
    • /
    • 2020
  • In the corporate information system environment, detecting and controlling suspicious behaviors occurring at the end point of the actual business application is the most important area to secure the organization's business environment. In order to accurately detect and block threats from inside and outside, it is necessary to be able to monitor all areas of all terminals in the organization and collect relevant information. In other words, in order to maintain a secure business environment of a corporate organization from the constant challenge of malicious code, everything that occurs in a business terminal such as a PC beyond detection and defense-based client security based on known patterns, signatures, policies, and rules that have been universalized in the past. The introduction of an EDR solution to enable identification and monitoring is now an essential element of security. In this study, we will look at the essential functions required for EDR solutions, and also study the design and development plans of smart EDR systems based on active and proactive detection of security threats.

A Study on the Countermeasure of Cyber Attacks Using Anonymous Network (익명네트워크를 이용한 사이버공격에 대한 대응방안 연구)

  • Lee, Jung-Hyun;Ahn, Kwan-Joon;Park, Won-Hyung;Lim, Jong-In
    • Convergence Security Journal
    • /
    • v.11 no.3
    • /
    • pp.31-37
    • /
    • 2011
  • Recently on tile network to ensure the anonymity of Mixed networking has been actively researched. It uses encrypted communications between Nodes and communications path is changed often to the attacker traceback and response, including the difficult thing is the reality. National institutions and infrastructure in these circumstances, the attack on the national level, if done on a large scale can be disastrous in. However, an anonymous network technology to cover up their own internet communication, it malicious form of Internet use by people who enjoy being continually updated and new forms of technology being developed is a situation continuously. In addition, attacks in the future application of these technologies is expected to continue to emerge. However, this reality does not deserve this thesis is prepared. In this paper, anonymously using a network to respond effectively to a cyber attack on the early detection research is to proceed.

Context cognition technology through integrated cyber security context analysis (통합 사이버 보안 상황분석을 통한 관제 상황인지 기술)

  • Nam, Seung-Soo;Seo, Chang-Ho;Lee, Joo-Young;Kim, Jong-Hyun;Kim, Ik-Kyun
    • Journal of Digital Convergence
    • /
    • v.13 no.1
    • /
    • pp.313-319
    • /
    • 2015
  • As the number of applications using the internet the rapidly increasing incidence of cyber attacks made on the internet has been increasing. In the equipment of L3 DDoS attack detection equipment in the world and incomplete detection of application layer based intelligent. Next-generation networks domestic product in high-performance wired and wireless network threat response techniques to meet the diverse requirements of the security solution is to close one performance is insufficient compared to the situation in terms of functionality foreign products, malicious code detection and signature generation research primarily related to has progressed malware detection and analysis of the research center operating in Window OS. In this paper, we describe the current status survey and analysis of the latest variety of new attack techniques and analytical skills with the latest cyber-attack analysis prejudice the security situation.

Relative Location based Risk Calculation to Prevent Identity Theft in Electronic Payment Systems (전자지불거래에서 상대위치와 연동한 도용 위험성 산출방법)

  • Suh, Hyo-Joong;Hwang, Hoyoung
    • The Journal of the Convergence on Culture Technology
    • /
    • v.6 no.1
    • /
    • pp.455-461
    • /
    • 2020
  • Electronic payment system using Internet banking is a very important application for users of e-commerce environment. With rapidly growing use of fintech applications, the risk and damage caused by malicious hacking or identity theft are getting significant. To prevent the damage, fraud detection system (FDS) calculates the risk of the electronic payment transactions using user profiles including types of goods, device status, user location, and so on. In this paper, we propose a new risk calculation method using relative location of users such as SSID of wireless LAN AP and MAC address. Those relative location information are more difficult to imitate or copy compared with conventional physical location information like nation, GPS coordinates, or IP address. The new method using relative location and cumulative user characteristics will enable stronger risk calculation function to FDS and thus give enhanced security to electronic payment systems.

Semi-Fragile Image Watermarking for Authentication Using Wavelet Packet Transform Based on The Subband Energy (부대역 에너지 기반 웨이블릿 패킷 변환을 이용한 인증을 위한 세미 프레자일 영상 워터마킹)

  • Park, Sang-Ju;Kwon, Tae-Hyeon
    • The KIPS Transactions:PartB
    • /
    • v.12B no.4 s.100
    • /
    • pp.421-428
    • /
    • 2005
  • A new method of Semi-fragile image watermarking which ensures the integrity of the contents of digital image is presented. Proposed watermarking scheme embeds watermark in the form of quantization noise on the wavelet transform coefficients in a specific mid frequency subbands selected from a wavelet packet decomposition based on energy distribution of wavelet transform coefficients. By controlling the strength of embedded watermark using HVS (Human Visual System) characteristic, it is imperceptible by a human viewer while robust against non-malicious attack such as compression for storage and/or transmission. When an attack is applied on the original image, it is highly probable that wavelet transform coefficients not only at the exact attack positions but also the neighboring ones are modified. Therefore, proposed authentication method utilizes whether both current coefficient and its neighbors are damaged. together. So it can efficiently detect and accurately localize attacks inflicted on the content of original image. Decision threshold for authentication can be user controlled for different application areas as needed.

Robust Anti Reverse Engineering Technique for Protecting Android Applications using the AES Algorithm (AES 알고리즘을 사용하여 안드로이드 어플리케이션을 보호하기 위한 견고한 역공학 방지기법)

  • Kim, JungHyun;Lee, Kang Seung
    • Journal of KIISE
    • /
    • v.42 no.9
    • /
    • pp.1100-1108
    • /
    • 2015
  • Classes.dex, which is the executable file for android operation system, has Java bite code format, so that anyone can analyze and modify its source codes by using reverse engineering. Due to this characteristic, many android applications using classes.dex as executable file have been illegally copied and distributed, causing damage to the developers and software industry. To tackle such ill-intended behavior, this paper proposes a technique to encrypt classes.dex file using an AES(Advanced Encryption Standard) encryption algorithm and decrypts the applications encrypted in such a manner in order to prevent reverse engineering of the applications. To reinforce the file against reverse engineering attack, hash values that are obtained from substituting a hash equation through the combination of salt values, are used for the keys for encrypting and decrypting classes.dex. The experiments demonstrated that the proposed technique is effective in preventing the illegal duplication of classes.dex-based android applications and reverse engineering attack. As a result, the proposed technique can protect the source of an application and also prevent the spreading of malicious codes due to repackaging attack.

A Study on the Improvement of the Intelligent Robots Act

  • Park, Jong-Ryeol;Noe, Sang-Ouk
    • Journal of the Korea Society of Computer and Information
    • /
    • v.24 no.1
    • /
    • pp.217-224
    • /
    • 2019
  • The intelligent robot industry is a complex which encompasses all fields of science and technology, and its marketability and industrial impact are remarkable. Major countries in the world have been strengthening their policies to foster the intelligent robot industry, but discussions on liability issues and legal actions that are accompanied by the related big or small accidents are still insufficient. In this study, therefore, the patent law by artificial intelligence robots and the legislation for relevant legal actions at the criminal law level are presented. Patent law legislation by artificial intelligence robots should comply with the followings. First, the electronic human being other than humans ought to be given legal personality, which is the subject of patent infringement. Even if artificial intelligence has legal personality, legal responsibility will be varied depending on the judgment of whether the accident has occurred due to the malfunction of the artificial intelligence itself or due to the human intervention with malicious intention. Second, artificial intelligence as a subject of actors and responsibility should be distinguished strictly; in other words, the injunction is the responsibility of the intelligent robot itself, but the financial repayment is the responsibility of the owner. In the criminal law legislation, regulations for legal punishment of intelligent robot manufacturing companies and manufacturers should be prepared promptly in case of legal violation, by amending the scope of application of Article 47 (Penal Provisions) of the Intelligent Robots Development and Distribution Promotion Act. In this way, joint penal provisions, which can clearly distinguish the responsibilities of the related parties, should be established to contribute to the development of the fourth industrial revolution.

Identification of Counterfeit Android Malware Apps using Hyperledger Fabric Blockchain (블록체인을 이용한 위변조 안드로이드 악성 앱 판별)

  • Hwang, Sumin;Lee, Hyung-Woo
    • Journal of Internet Computing and Services
    • /
    • v.20 no.2
    • /
    • pp.61-68
    • /
    • 2019
  • Although the number of smartphone users is continuously increasing due to the advantage of being able to easily use most of the Internet services, the number of counterfeit applications is rapidly increasing and personal information stored in the smartphone is leaked to the outside. Because Android app was developed with Java language, it is relatively easy to create counterfeit apps if attacker performs the de-compilation process to reverse app by abusing the repackaging vulnerability. Although an obfuscation technique can be applied to prevent this, but most mobile apps are not adopted. Therefore, it is fundamentally impossible to block repackaging attacks on Android mobile apps. In addition, personal information stored in the smartphone is leaked outside because it does not provide a forgery self-verification procedure on installing an app in smartphone. In order to solve this problem, blockchain is used to implement a process of certificated application registration and a fake app identification and detection mechanism is proposed on Hyperledger Fabric framework.

CRL Distribution Method based on the T-DMB Data Service for Vehicular Networks (차량통신에서 T-DMB 데이터 서비스에 기반한 인증서 취소 목록 배포 기법)

  • Kim, Hyun-Gon
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.21 no.4
    • /
    • pp.161-169
    • /
    • 2011
  • There is a consensus in the field of vehicular network security that public key cryptography should be used to secure communications. A certificate revocation list (CRL) should be distributed quickly to all the vehicles in the network to protect them from malicious users and malfunctioning equipment as well as to increase the overall security and safety of vehicular networks. Thus, a major challenge in vehicular networks is how to efficiently distribute CRLs. This paper proposes a CRL distribution method aided by terrestrial digital multimedia broadcasting (T-DMB). By using T-DMB data broadcasting channels as alternative communication channels, the proposed method can broaden the network coverage, achieve real-time delivery, and enhance transmission reliability. Even if roadside units are not deployed or only sparsely deployed, vehicles can obtain recent CRLs from the T-DMB infrastructure. A new transport protocol expert group (TPEG) CRL application was also designed for the purpose of broadcasting CRLs over the T-DMB infrastructure.