• Title/Summary/Keyword: Reverse Engineering Attack

Search Result 24, Processing Time 0.026 seconds

Security-Reverse-Attack Engineering Life-cycle Model for Attack System and Attack Specification Models (공격시스템을 위한 보안-역-공격공학 생명주기 모델과 공격명세모델)

  • Kim, Nam-Jeong;Kong, Mun-Soo;Lee, Gang-Soo
    • Journal of the Korea Convergence Society
    • /
    • v.8 no.6
    • /
    • pp.17-27
    • /
    • 2017
  • Recently, as cyber attacks have been activated, many such attacks have come into contact with various media. Research on security engineering and reverse engineering is active, but there is a lack of research that integrates them and applies attack systems through cost effective attack engineering. In this paper, security - enhanced information systems are developed by security engineering and reverse engineering is used to identify vulnerabilities. Using this vulnerability, we compare and analyze lifecycle models that construct or remodel attack system through attack engineering, and specify structure and behavior of each system, and propose more effective modeling. In addition, we extend the existing models and tools to propose graphical attack specification models that specify attack methods and scenarios in terms of models such as functional, static, and dynamic.

A study on the vulnerability of OTP implementation by using MITM attack and reverse engineering (MITM 공격과 리버스 엔지니어링을 이용한 OTP 적용환경의 취약점 연구)

  • Kang, Byung-Tak;Kim, Huy-Kang
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.21 no.6
    • /
    • pp.83-99
    • /
    • 2011
  • OTP (One Time Password) is widely used for protecting accounts on Internet banking, portal services and online game services in Korea. OTP is very strong method for enforcing account security but there are several ways for exploiting vulnerabilities caused by implementation errors. These attacks can work because of the weakness from OTP enabled system's vulnerabilities, not for OTP's algorithm itself. In this paper, we present the known attack scenarios such as MITM (Man-in-the-Middle) attack and various reverse engineering techniques; also, we show the test result of the attacks and countermeasures for these attacks.

Robust Anti Reverse Engineering Technique for Protecting Android Applications using the AES Algorithm (AES 알고리즘을 사용하여 안드로이드 어플리케이션을 보호하기 위한 견고한 역공학 방지기법)

  • Kim, JungHyun;Lee, Kang Seung
    • Journal of KIISE
    • /
    • v.42 no.9
    • /
    • pp.1100-1108
    • /
    • 2015
  • Classes.dex, which is the executable file for android operation system, has Java bite code format, so that anyone can analyze and modify its source codes by using reverse engineering. Due to this characteristic, many android applications using classes.dex as executable file have been illegally copied and distributed, causing damage to the developers and software industry. To tackle such ill-intended behavior, this paper proposes a technique to encrypt classes.dex file using an AES(Advanced Encryption Standard) encryption algorithm and decrypts the applications encrypted in such a manner in order to prevent reverse engineering of the applications. To reinforce the file against reverse engineering attack, hash values that are obtained from substituting a hash equation through the combination of salt values, are used for the keys for encrypting and decrypting classes.dex. The experiments demonstrated that the proposed technique is effective in preventing the illegal duplication of classes.dex-based android applications and reverse engineering attack. As a result, the proposed technique can protect the source of an application and also prevent the spreading of malicious codes due to repackaging attack.

A Strengthened Android Signature Management Method

  • Cho, Taenam;Seo, Seung-Hyun
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.9 no.3
    • /
    • pp.1210-1230
    • /
    • 2015
  • Android is the world's most utilized smartphone OS which consequently, also makes it an attractive target for attackers. The most representative method of hacking used against Android apps is known as repackaging. This attack method requires extensive knowledge about reverse engineering in order to modify and insert malicious codes into the original app. However, there exists an easier way which circumvents the limiting obstacle of the reverse engineering. We have discovered a method of exploiting the Android code-signing process in order to mount a malware as an example. We also propose a countermeasure to prevent this attack. In addition, as a proof-of-concept, we tested a malicious code based on our attack technique on a sample app and improved the java libraries related to code-signing/verification reflecting our countermeasure.

Syntheses of chlorine resistant reverse osmosis membranes

  • Kim, Nowon;Lee, Yong-Taek
    • Proceedings of the Membrane Society of Korea Conference
    • /
    • 2004.05a
    • /
    • pp.170-174
    • /
    • 2004
  • Most of thin film composite reverse osmosis membranes include amide linkages, which are susceptible to chlorine attack resulting in N-chloro derivatives. This study examined a new method based on post-treatment of reverse osmosis membrane with various silane derivatives to improve chlorine resistance. The silane derivatives contain one alkyl group and three alkoxy groups such as trifluoromethyltrimethoxysilane, 3-aminopropylmethoxydiethoxysilane and 3, 3, 3-trifluoropropyltrimethoxysilane. Compared to commercial membranes, silane derivatives coated membranes showed significantly enhanced chlorine durability.

  • PDF

Pruning for Robustness by Suppressing High Magnitude and Increasing Sparsity of Weights

  • Cho, Incheon;Ali, Muhammad Salman;Bae, Sung-Ho
    • Journal of Broadcast Engineering
    • /
    • v.26 no.7
    • /
    • pp.862-867
    • /
    • 2021
  • Although Deep Neural Networks (DNNs) have shown remarkable performance in various artificial intelligence fields, it is well known that DNNs are vulnerable to adversarial attacks. Since adversarial attacks are implemented by adding perturbations onto benign examples, increasing the sparsity of DNNs minimizes the propagation of errors to high-level layers. In this paper, unlike the traditional pruning scheme removing low magnitude weights, we eliminate high magnitude weights that are usually considered high absolute values, named 'reverse pruning' to ensure robustness. By conducting both theoretical and experimental analyses, we observe that reverse pruning ensures the robustness of DNNs. Experimental results show that our reverse pruning outperforms previous work with 29.01% in Top-1 accuracy on perturbed CIFAR-10. However, reverse pruning does not guarantee benign samples. To relax this problem, we further conducted experiments by adding a regularization term for the high magnitude weights. With adding the regularization term, we also applied conventional pruning to ensure the robustness of DNNs.

Implementation of an Obfuscator for Visual C++ Source Code (비주얼 C++소스 코드를 위한 obfuscator 구현)

  • Chang, Hye-Young;Cho, Seong-Je
    • Journal of KIISE:Software and Applications
    • /
    • v.35 no.2
    • /
    • pp.59-69
    • /
    • 2008
  • Automatic obfuscation is known to be the most viable method for preventing reverse engineering intentional1y making code more difficult to understand for security purposes. In this paper, we study and implement an obfuscation method for protecting MS Visual C++ programs against attack on the intellectual property in software like reverse engineering attack. That is, the paper describes the implementation of a code obfuscator, a tool which converts a Visual C++ source program into an equivalent one that is much harder to understand. We have used ANTLR parser generator for handling Visual C++ sources, and implemented some obfuscating transformations such as 'Remove comments', 'Scramble identifiers', 'Split variables', 'Fold array', 'Insert class', 'Extend loop condition', 'Add redundant operands', and 'Insert dead code'. We have also evaluated the performance and effectiveness of the obfuscator in terms of potency, resilience, and cost. When the obfuscated source code has been compared with the original source code, it has enough effectiveness for software protection though it incurs some run-time overheads.

Security Implementation using Flexible Keypad (Flexible Keypad를 활용한 보안 구현)

  • An, Kyuhwang;Kwon, Hyeokdong;Kwon, Yongbin;Seo, Hwajeong
    • Journal of the Korea Institute of Information and Communication Engineering
    • /
    • v.23 no.5
    • /
    • pp.613-621
    • /
    • 2019
  • In the case of door locks most widely used in the market, the most used area as a one-dimensional problem is worn out, and a worn area which does not use a special attack method enables password guessing. To solve this problem, various methods such as a keypad for randomly displaying numbers are introduced, but this is also not completely safe. The common feature of all the solutions so far is that the keypad area is fixed. In this paper, we consider that point in reverse and create a new area smaller than the entire area in the entire area of the keypad, making the keypad of the new area move randomly, thereby preventing the password from being deduced. When using this technique, a new type of keypad is proposed for the first time because of the impossibility of a shoulder surfing attack even though the number of keypad is left as it is.

NUMERICAL AERODYNAMIC ANALYSIS OF A TRANSONIC COMMERCIAL AIRPLANE ACCORDING TO THE ANGLE OF ATTACK AND MACH NUMBER (천음속 여객기의 받음각과 마하수에 따른 공력 해석)

  • Kim, Y.K.;Kim, S.C.;Choi, J.W.;Kim, J.S.
    • Journal of computational fluids engineering
    • /
    • v.13 no.4
    • /
    • pp.66-71
    • /
    • 2008
  • This research computes the viscous flow field and aerodynamics around the model of a commercial passenger airplane, Boeing 747-400, which cruises in transonic speed. The configuration was realized through the reverse engineering based on the photo scanning measurement. In results, the pressure coefficients at the several wing section on the wing surface of the airplane was described and discussed to obtain the physical meaning. The lift coefficient increased almost linearly up to $17^{\circ}$. Here the maximum lift occurred at $18^{\circ}$ according to the angle of attack. And the minimum drag is expected at $-2^{\circ}$. The maximum lift coefficient occurred at the Mach number 0.89, and the drag coefficient rapidly increased after the Mach number of 0.92. Also shear-stress transport model predicts slightly lower aerodynamic coefficients than other models and Chen's model shows the highest aerodynamic values. The aerodynamic performance of the airplane elements was presented.

Reverse Engineering of Deep Learning Network Secret Information Through Side Channel Attack (부채널 분석을 이용한 딥러닝 네트워크 신규 내부 비밀정보 복원 방법 연구)

  • Park, Sujin;Lee, Juheon;Kim, HeeSeok
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.32 no.5
    • /
    • pp.855-867
    • /
    • 2022
  • As the need for a deep learning accelerator increases with the development of IoT equipment, research on the implementation and safety verification of the deep learning accelerator is actively. In this paper, we propose a new side channel analysis methodology for secret information that overcomes the limitations of the previous study in Usenix 2019. We overcome the disadvantage of limiting the range of weights and restoring only a portion of the weights in the previous work, and restore the IEEE754 32bit single-precision with 99% accuracy with a new method using CPA. In addition, it overcomes the limitations of existing studies that can reverse activation functions only for specific inputs. Using deep learning, we reverse activation functions with 99% accuracy without conditions for input values with a new method. This paper not only overcomes the limitations of previous studies, but also proves that the proposed new methodology is effective.