• International Journal of Computer Science & Network Security
• /
• v.21 no.9
• /
• pp.91-98
• /
• 2021

Peer to Peer Networks play an increasing role in today's networks, also it's expected that this type of communication networks evolves more in the future. Since the number of users that is involved in Peer to Peer Networks is huge and will be increased more in the future, security issues will appear and increase as well. Thus, providing a sustainable solution is needed to ensure the security of Peer to Peer Networks. This paper is presenting a new protocol called Malicious Trust Managers Identification (MTMI). This protocol is used to ensure anonymity of trust manager, that computes and stores the trust value for another peer. The proposed protocol builds a secure connection between trust managers by using public key infrastructure. As well as experimental testing has been conducted to validate the proposed protocol.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.31 no.4C
• /
• pp.451-457
• /
• 2006

A peer-to-peer(P2P) network is inherently vulnerable to malicious attacks from participating peers because of its open, flat, and autonomous nature. This paper addresses the problem of effectively defending from active attacks of malicious peers at bootstrapping phase and at online phase, respectively. We propose a secure membership handling protocol to protect the assignment of ID related things to a newly joining peer with the aid of a trusted entity in the network. The trusted entities are only consulted when new peers are joining and are otherwise uninvolved in the actions of the P2P networks. For the attacks in online phase, we present a novel message structure applied to each message transmitted on the P2P overlay. It facilitates the detection of message alteration, replay attack and a message with wrong information. Taken together, the proposed techniques deter malicious peers from cheating and encourage good peers to obey the protocol of the network. The techniques assume a basic P2P overlay network model, which is generic enough to encompass a large class of well-known P2P networks, either unstructured or not.

• Convergence Security Journal
• /
• v.12 no.4
• /
• pp.3-8
• /
• 2012

Smartphones have all the recent technology integration and NFC (Near Field Communication) Technology is one of them and become an essential these days. Despite using smartphones with NFC technology widely, not many security vulnerabilities have been discovered. This paper attempts to identify characteristics and various services in NFC technology, and to present a wide range of security vulnerabilities, prevention, and policies especially in NFC Contactless technology. We describe a security vulnerability and an possible threat based on human vulnerability and traditional malware distribution technic using Peer-to-Peer network on NFC-Enabled smartphones. The vulnerability is as follows: An attacker creates a NFC tag for distributing his or her malicious code to unspecified individuals and apply to hidden spot near by NFC reader in public transport like subway system. The tag will direct smartphone users to a certain website and automatically downloads malicious codes into their smartphones. The infected devices actually help to spread malicious code using P2P mode and finally as traditional DDoS attack, a certain target will be attacked by them at scheduled time.

• The KIPS Transactions:PartA
• /
• v.13A no.7 s.104
• /
• pp.599-606
• /
• 2006

As the P2P service does not have any administration authorities that are able to manage the behavior of participants and control the malicious users, malicious user can give harm to legitimate users for the benefit of themselves. To perform the secure transaction with new members who did not have past experiences on transaction, service users can differentiate malicious users and legitimate users by referring to the reputation information that provided by users having past experience. However, users can intentionally give false evaluation to other users on Performed transaction. We call these users as 'liar'. In this Paper, we propose a new reputation system for liar reduction to guarantee an accuracy on reputation information.

• Journal of Arbitration Studies
• /
• v.28 no.2
• /
• pp.165-178
• /
• 2018

Exchanging information with a person without credentials over the Internet does not pose any problems. A decentralized system based on blockchain technology enables the user to exchange new value(currency) with other uncredited users. The blockchain technology creates a new paradigm in which the distribution system can be founded on trust. Various applied distribution systems are being developed based on this paradigm. This study analyzed the problems between an institute's grading system and the central administration system. The limitations of an institute's current central management system were presented through actual cases. To improve the problem, a decentralized system based on block chain technology was presented in order to overcome the fundamental limitations by utilizing blockchain technology, peer-to-peer network, and the distribution system. In the central system, a malicious moderator could create a malicious edit that becomes the cause of a dispute, but in a decentralized system, a problem cannot be created even if there were to be a malicious moderator. However, it is difficult for a single college institute to create a distribution system in order to actualize an effective system. Comparatively, it would be possible to create a decentralized system in which all educational institutes in Korea (elementary schools, middle schools, high schools, colleges) took part in. The application of a decentralized system would improve the public transparency and reliability of educational institutes.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.10 no.5
• /
• pp.2203-2217
• /
• 2016

To prevent structured peer to peer (P2P) overlay networksfrom being attacked by malicious nodes, a symmetric lookup-based routing algorithm referred to as Symmetric-Chord is proposed in this paper. The proposed algorithm determines the precision of routing lookup by constructing multiple paths to the destination. The selective routing algorithm is used to acquire information on the neighbors of the root. Authenticity of the root is validated via consistency shown between the information ascertained from the neighbors and information from the yet-to-be-verified root, resulting in greater efficiency of resource lookup. Simulation results demonstrate that Symmetric-Chordhas the capability of detecting malicious nodes both accurately and efficiently, so as to identify which root holds the correct key, and provides an effective approach to the routing security for the P2P overlay network.

• International Journal of Computer Science & Network Security
• /
• v.21 no.12spc
• /
• pp.399-408
• /
• 2021

Information security reports four types of basic attacks on information. One of the attacks is named as fabrication. Even though mobile devices and applications are showing its maturity in terms of performance, security and ubiquity, location-based applications still faces challenges of quality of service, privacy, integrity, authentication among mobile devices and hence mobile users associated with the devices. There is always a continued fear as how location information of users or IoT appliances is used by third party LB Service providers. Even adversary or malicious attackers get hold of location information in transit or fraudulently hold this information. In this paper, location information fabrication scenarios are presented after knowing basic model of information attacks. Peer-to-Peer broadcast model of location privacy is proposed. This document contains introduction to fabrication, solutions to such threats, management of fabrication mitigation in collaborative or peer to peer location privacy and its cost analysis. There are various infrastructure components in Location Based Services such as Governance Server, Point of interest POI repository, POI service, End users, Intruders etc. Various algorithms are presented and analyzed for fabrication management, integrity, and authentication. Moreover, anti-fabrication mechanism is devised in the presence of trust. Over cost analysis is done for anti-fabrication management due to nature of various cryptographic combinations.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.22 no.9
• /
• pp.1264-1270
• /
• 2018

Blockchain is a technology that directly connects each node to P2P method, except for the central server. A public blockchain is one of the blockchain types, anyone can participate without any restriction. If some node find nonce, which node can broadcasted data to all nodes. At this time, if a node that finds a nonce hides malicious code in the block, all nodes participating in the chain may be infected with malicious code due to the characteristics of the decentralization system of the blockchain. In this paper, to solve the problem that hackers can participate as an any node, we propose that a user with malicious intent can not participate as a node through a firewall with AI technology. This will improve the reliability of the propagated data over existing data.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.10 no.2
• /
• pp.77-83
• /
• 2010

Vehicular Ad Hoc Networks are self-organizing Peer-to-Peer networks that typically have highly mobile vehicle nodes, moving at high speeds, very short-lasting and unstable communication links. VANETs are formed without fixed infrastructure, central administration, and dedicated routing equipment, and network nodes are mobile, joining and leaving the network over time. So, VANET-security is very vulnerable for the intrusion of malicious and misbehaving nodes in the network, since VANETs are mostly open networks, allowing everyone connect, without centralized control. In this paper, we propose a rough set based anomaly detection method that efficiently identify malicious behavior of vehicle node activities in these VANETs, and the performance of a proposed scheme is evaluated by a simulation in terms of anomaly detection rate and false alarm rate for the threshold ${\epsilon}$.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.4 no.6
• /
• pp.1311-1326
• /
• 2010

Peer-to-peer (P2P) networks consume the most bandwidth in the current Internet and file sharing accounts for the majority of the P2P traffic. Thus it is important for a P2P file sharing application to be efficient in bandwidth consumption. Bandwidth consumption as much as downloaded file sizes is inevitable, but those in file search and bad downloads, e.g. wrong, corrupted, or malicious file downloads, are overheads. In this paper, we target to reduce these overheads even in the presence of high volume of malicious users and their bad files. Sybil attacks are the example of such hostile environment. Sybil attacker creates a large number of identities (Sybil nodes) and unfairly influences the system. When a large portion of the system is subverted, either in terms of the number of users or the number of files shared in the system, the overheads due to the bad downloads rapidly increase. We propose ELiSyR, a file search protocol that can tolerate such a hostile environment. ELiSyR uses social networks for P2P file search and finds benign files in 71% of searches even when more than half of the users are malicious. Furthermore, ELiSyR provides similar success with less bandwidth than other general efforts against Sybil attacks. We compare our algorithm to SybilGuard, SybilLimit and EigenTrust in terms of bandwidth consumption and the likelihood of bad downloads. Our algorithm shows lower bandwidth consumption, similar chances of bad downloads and fairer distribution of computation loads than these general efforts. In return, our algorithm takes more rounds of search than them. However the time required for search is usually much less than the time required for downloads, so the delay in search is justifiable compared to the cost of bad downloads and subsequent re-search and downloads.