• Title/Summary/Keyword: Security Attacks

Search Result 2,288, Processing Time 0.024 seconds

Key Recovery Attacks on Zorro Using Related-Key Differential Characteristics, and Collision Attacks on PGV-Zorro (Zorro의 연관키 차분특성을 이용한 키 복구 공격 및 PGV-Zorro의 충돌쌍 공격)

  • Kim, Giyoon;Park, Eunhu;Lee, Jonghyeok;Jang, Sungwoo;Kim, Jihun;Kim, Hangi;Kim, Jongsung
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.28 no.5
    • /
    • pp.1059-1070
    • /
    • 2018
  • The block cipher Zorro is designed to reduce the implementation cost for side-channel countermeasure. It has a structure similar to AES, but the number of S-Boxes used is small. However, since the master key is used as the round key, it can be vulnerable to related key attacks. In this paper, we show key recovery attacks on Zorro using related-key differential characteristics. In addition, the related key differential characteristics are fatal when Zorro is used as the base block cipher of the hash function. In this paper, we describe how these characteristics can be linked to collision attacks in the PGV models.

A Study on the Interrelationship between DISC Personality Types and Cyber Security Threats : Focusing on the Spear Phishing Attacks (DISC 성격 유형과 사이버 보안 위협간의 상호 연관성에 관한 연구 : 스피어피싱 공격 사례를 중심으로)

  • Kim, Mookjung;Lee, Sangjin
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.29 no.1
    • /
    • pp.215-223
    • /
    • 2019
  • The recent trend of cyber attack threat is mainly APT (Advanced Persistent Threat) attack. This attack is a combination of hacking techniques to try to steal important information assets of a corporation or individual, and social engineering hacking techniques aimed at human psychological factors. Spear phishing attacks, one of the most commonly used APT hacking techniques, are known to be easy to use and powerful hacking techniques, with more than 90% of the attacks being a key component of APT hacking attacks. The existing research for cyber security threat defense is mainly focused on the technical and policy aspects. However, in order to preemptively respond to intelligent hacking attacks, it is necessary to study different aspects from the viewpoint of social engineering. In this study, we analyze the correlation between human personality type (DISC) and cyber security threats, focusing on spear phishing attacks, and present countermeasures against security threats from a new perspective breaking existing frameworks.

Light-weight Defense Mechanisms for application layer DDoS Attacks in the Web Services (웹서비스 대상 경량화 된 응용계층 DDoS 공격 대응 메커니즘)

  • Lee, Tai-Jin;Im, Chae-Su;Im, Chae-Tae;Jung, Hyun-Chul
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.20 no.5
    • /
    • pp.99-110
    • /
    • 2010
  • Recently, network based DDoS attacks have been changed into application layer DDoS attacks which are targeted at the web services. Specially, an attacker makes zombie PCs generate small traffic and its traffic pattern has been similar to the normal user's pattern. So, existing HTTP PPS based Threshold cannot defend the DDoS attacks effectively. In this paper, we displayed all the GET Flooding attack types and propose three DDoS attack defense mechanisms which are simple and very powerful. Proposed mechanisms can defend all the existing GET Flooding DDoS attacks and be deployed in the real environment immediately with little resource consumption.

Attack Path and Intention Recognition System for detecting APT Attack (APT 공격 탐지를 위한 공격 경로 및 의도 인지 시스템)

  • Kim, Namuk;Eom, Jungho
    • Journal of Korea Society of Digital Industry and Information Management
    • /
    • v.16 no.1
    • /
    • pp.67-78
    • /
    • 2020
  • Typical security solutions such as intrusion detection system are not suitable for detecting advanced persistent attack(APT), because they cannot draw the big picture from trivial events of security solutions. Researches on techniques for detecting multiple stage attacks by analyzing the correlations between security events or alerts are being actively conducted in academic field. However, these studies still use events from existing security system, and there is insufficient research on the structure of the entire security system suitable for advanced persistent attacks. In this paper, we propose an attack path and intention recognition system suitable for multiple stage attacks like advanced persistent attack detection. The proposed system defines the trace format and overall structure of the system that detects APT attacks based on the correlation and behavior analysis, and is designed with a structure of detection system using deep learning and big data technology, etc.

Security Analysis of Partially Hidden Password Systems Resistant to Shoulder Surfing Attacks

  • Seong, Jin-Taek
    • The Journal of Korea Institute of Information, Electronics, and Communication Technology
    • /
    • v.13 no.1
    • /
    • pp.17-26
    • /
    • 2020
  • As more users use mobile devices, shoulder surfing attacks have emerged as an important issue in security. According to research report, in fact, the result showed that about 30% of smartphone users are hit by shoulder surfing attacks. To this end, in this paper, we consider a shoulder surfing attack and propose a partially hidden password system to resistant to its attack. In order to help readers understand, we describe the proposed password system in more detail using one simple example. The core idea behind the proposed system is to place the user's password randomly in the specified grid instead of entering a password directly. As a result, even if an attacker makes a shoulder surfing attack to observe the password, the user can hide the preset password and defend against the attack. We also show how the security of the password system proposed in this paper is improved. In addition, even if there are consecutive shoulder surfing attacks, the security of the proposed password system is robust.

Fifteen Deadly Cybersecurity Threats Aimed Covid-19

  • Alaboudi, Abdulellah A.
    • International Journal of Computer Science & Network Security
    • /
    • v.21 no.12
    • /
    • pp.123-130
    • /
    • 2021
  • Cybersecurity has been vital for decades and will remain vital with upcoming ages with new technological developments. Every new day brings advancement in technology, which leads to new horizons, and at the same time, it brings new security challenges. Numerous researchers around the globe are continuously striving hard to provide better solutions for the daily basis of new arising security issues. However, the challenges are always there. These challenges become new norms during the current Covid pandemic, where most industries, small industrial enterprises, education, finance, public sectors, etc. were under several attacks and threats globally. The hacker has more opportunities during the pandemic period by shifting most of the operations live. This research enlightened the several cybersecurity attacks and threats during this pandemic time globally. It provided the best possible recommendations to avoid them using the cyber awareness and with appropriately linked training. This research can provide a guideline to the above stated sector by identifying the related attacks.

Side channel Attacks on LEA and Its Countermeasures (LEA에 대한 부채널 분석 및 대응 방법)

  • Park, Jin-Hak;Kim, Tae-Jong;An, Hyun-Jin;Won, Yoo-Seung;Han, Dong-Guk
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.25 no.2
    • /
    • pp.449-456
    • /
    • 2015
  • Recently, information security of IoT(Internet of Things) have been increasing to interest and many research groups have been studying for cryptographic algorithms, which are suitable for IoT environment. LEA(Lightweight Encryption Algorithm) developed by NSRI(National Security Research Institute) is commensurate with IoT. In this paper, we propose two first-order Correlation Power Analysis(CPA) attacks for LEA and experimentally demonstrate our attacks. Additionally, we suggest the mask countermeasure for LEA defeating our attacks. In order to estimate efficiency for the masked LEA, its operation cost is compared to operation time of masked AES.

Spear-phishing Mail Filtering Security Analysis : Focusing on Corporate Mail Hosting Services (스피어피싱 메일 필터링 보안 기능 분석 : 기업메일 호스팅 서비스 중심으로)

  • Shin, Dongcheon;Yum, Dayun
    • Convergence Security Journal
    • /
    • v.20 no.3
    • /
    • pp.61-69
    • /
    • 2020
  • Since spear-phishing mail attacks focus on a particular target persistently to collect and take advantage of information, it can incur severe damage to the target as a part of the intelligent and new attacks such as APT attacks and social engineering attacks. The usual spam filtering services can have limits in countering spear-phishing mail attacks because of different targets, goals, and methods. In this paper, we analyze mail security services of several enterprises hosted by midium and small-sized enterprises with relatively security vulnerabilities in order to see whether their services can effectively respond spear-phishing mail attacks. According to the analysis result, we can say that most of mail security hosting services lack in responding spear-phishing mail attacks by providing functions for mainly managing mails including spam mail. The analysis result can be used as basic data to extract the effective and systematic countermeasure.

Trend Analysis of Intelligent Cyber Attacks on Power Systems (전력시스템 대상 지능형 사이버공격 동향 분석)

  • Soon-Min Hong;Jung-ho Eom;Jae-Kyung Lee
    • Convergence Security Journal
    • /
    • v.23 no.3
    • /
    • pp.21-28
    • /
    • 2023
  • The development of information and communication technology in the 21st century has increased operational efficiency by providing hyper-connectivity and hyper-intelligence in the control systems of major infrastructure, but is also increasing security vulnerabilities, exposing it to hacking threats. Among them, the electric power system that supplies electric power essential for daily life has become a major target of cyber-attacks as a national critical infrastructure system. Recently, in order to protect these power systems, various security systems have been developed and the stability of the power systems has been maintained through practical cyber battle training. However, as cyber-attacks are combined with advanced ICT technologies such as artificial intelligence and big data, it is not easy to defend cyber-attacks that are becoming more intelligent with existing security systems. In order to defend against such intelligent cyber-attacks, it is necessary to know the types and aspects of intelligent cyber-attacks in advance. In this study, we analyzed the evolution of cyber attacks combined with advanced ICT technology.

How Do Children Interact with Phishing Attacks?

  • Alwanain, Mohammed I
    • International Journal of Computer Science & Network Security
    • /
    • v.21 no.3
    • /
    • pp.127-133
    • /
    • 2021
  • Today, phishing attacks represent one of the biggest security threats targeting users of the digital world. They consist of an attempt to steal sensitive information, such as a user's identity or credit and debit card details, using various methods that include fake emails, fake websites, and fake social media messages. Protecting the user's security and privacy therefore becomes complex, especially when those users are children. Currently, children are participating in Internet activity more frequently than ever before. This activity includes, for example, online gaming, communication, and schoolwork. However, children tend to have a less well-developed knowledge of privacy and security concepts, compared to adults. Consequently, they often become victims of cybercrime. In this paper, the effects of security awareness on users who are children are investigated, looking at their ability to detect phishing attacks in social media. In this approach, two Experiments were conducted to evaluate the effects of security awareness on WhatsApp application users in their daily communication. The results of the Experiments revealed that phishing awareness training has a significant positive effect on the ability of children using WhatsApp to identify phishing messages and thereby avoid attacks.