• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.7 no.8
• /
• pp.1989-2009
• /
• 2013

How to discover router vulnerabilities effectively and automatically is a critical problem to ensure network and information security. Previous research on router security is mostly about the technology of exploiting known flaws of routers. Fuzzing is a famous automated vulnerability finding technology; however, traditional Fuzzing tools are designed for testing network applications or other software. These tools are not or partly not suitable for testing routers. This paper designs a framework of discovering router protocol vulnerabilities, and proposes a mathematical model Two-stage Fuzzing Test Cases Generator(TFTCG) that improves previous methods to generate test cases. We have developed a tool called RPFuzzer based on TFTCG. RPFuzzer monitors routers by sending normal packets, keeping watch on CPU utilization and checking system logs, which can detect DoS, router reboot and so on. RPFuzzer' debugger based on modified Dynamips, which can record register values when an exception occurs. Finally, we experiment on the SNMP protocol, find 8 vulnerabilities, of which there are five unreleased vulnerabilities. The experiment has proved the effectiveness of RPFuzzer.

• The KIPS Transactions:PartC
• /
• v.14C no.4
• /
• pp.313-320
• /
• 2007

In this paper, we propose a method to analyze security vulnerabilities of MS word-processor by checking the validation of its input files. That is, this study is to detect some vulnerabilities in the input file of the word processor by analyzing the header information of its input file. This validation test can not be conducted by the existing software fault injection tools including Holodeck and CANVAS. The proposed method can be also applied to identify the input file vulnerabilities of Hangul and Microsoft Excel which handle a data file with a header as an input. Moreover, our method can provide a means for assessing the fault tolerance and trustworthiness of the target software.

• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 2001.11a
• /
• pp.453-458
• /
• 2001

악의의 침입자로부터 시스템을 보호하기 위한 첫 번째 단계는 시스템의 취약점을 분석하는 일이다. 기존의 시스템 취약점 분석 방법은 주로 네트워크 기반 취약점 점검 도구에 의존해 왔다. 하지만, 네트워크 기반 취약점 점검 도구는 대상 시스템의 제한된 정보만을 이용하여 취약점을 점검하기 때문에 시스템의 모든 취약점에 대한 검사가 불가능하다는 단점이 있다. 호스트 기반 취약점 점검 도구를 사용하면 시스템 내부의 모든 정보를 이용할 수 있지만, 시스템의 OS 종류나 버전에 따라 각기 다른 호스트 기반 취약점 점검 도구를 개발해야 한다는 단점이 있다. 또한, 호스트 기반 취약점 점검 도구들은 많은 호스트들을 동시에 점검하기 힘들다는 점이 문제로 지적되고 있다. 본 논문에서는 호스트 기반 취약점 점검 도구를 에이전트로 구현하여 대상 시스템에 설치하고, 하나의 관리 프로그램에서 여러 에이전트들을 관리함으로써 동시에 많은 호스트의 취약점들을 관리할 수 있는 모델인 ISMAEL을 제시한다. 또한 ISMAEL은 OS에 맞는 여러 호스트 기반 취약점 점검 도구들을 개발해야 하는 문제를 해결하기 위해 OS에 독립인 부분만을 뽑아내고, 그 외 OS에 종속된 부분은 Library 형태로 제공하여, OS에 독립인 부분에서 이 Library를 참조하여 특정 취약점 점검 코드를 자동 생성하고 이를 실행하여 취약성 여부를 판단할 수 있는 구조를 채택하고 있다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.20 no.3
• /
• pp.135-140
• /
• 2010

The computation using Chinese Remainder Theorem in RSA cryptosystem is well suited in the digital signature or decryption processing due to its low computational load compared to the case of general RSA without CRT. Since the RSA-CRT algorithm is vulnerable to many fault insertion attacks, some countermeasures against them were proposed. Among several countermeasures, Yen et al. proposed two schemes based on fault propagation method. Unfortunately, a new vulnerability was founded in FDTC 2006 conference. To improve the original schemes, Kim et al. recently proposed a new countermeasure in which they adopt the AND operation for fault propagation. In this paper, we show that the proposed scheme using AND operation without checking procedure is also vulnerable to fault insertion attack with chosen messages.

• Convergence Security Journal
• /
• v.18 no.3
• /
• pp.37-44
• /
• 2018

Today we live in a flood of web sites and access numerous websites through the Internet to obtain various information. However, unless the security of the Web site is secured, Web site security can not be secured from various malicious attacks. Hacking attacks, which exploit Web site security vulnerabilities for various reasons, such as financial and political purposes, are increasing. Various attack techniques such as SQL-injection, Cross-Site Scripting(XSS), and Drive-By-Download are being used, and the technology is also evolving. In order to defend against these various hacking attacks, it is necessary to remove the vulnerabilities from the development stage of the website, but it is not possible due to various problems such as time and cost. In order to compensate for this, it is important to identify vulnerabilities in Web sites through web vulnerability checking and take action. In this paper, we investigate web vulnerabilities and diagnostic techniques and try to understand the priorities of vulnerabilities in the development stage according to the actual status of each case through cases of actual web vulnerability diagnosis.

• Journal of KIISE:Computer Systems and Theory
• /
• v.36 no.5
• /
• pp.380-386
• /
• 2009

It is most important that identifying security threats(or vulnerabilities) of critical IT assets and checking the propriety of related security countermeasures in advance for enhancing security level. In this paper, we present a new security risk evaluation scheme based on critical assets and threats for this. The presented scheme provides the coverage and propriety of the countermeasures(e.g., intrusion detection rules and vulnerability scan rules, etc.), and the quantitative risk level of identified assets and threats. So, it is expected that the presented scheme will be utilized in threat management process efficiently compared to previous works.

• Proceedings of the Korean Society of Computer Information Conference
• /
• 2016.01a
• /
• pp.101-102
• /
• 2016

사물인터넷(Internet of Things)의 도래와 함께, 무선공유기(wireless access point)들의 보안이 심각한 문제로 대두되고 있다. 연구진은 대부분의 무선공유기들이 제공하는 웹 기반 관리 인터페이스들에 웹 어플리케이션 취약점(web application vulnerability)들이 존재할 수 있다는 점을 착안, 국내 주요 무선공유기들에 대한 웹 어플리케이션 취약점 점검을 수행하였으며, 악용이 가능한 여러 취약점들이 존재함을 확인하였다. 본 논문에서는 연구진이 무선공유기 대상 웹 어플리케이션 취약점 점검에 보조적으로 사용하기 위하여 개발한 3종의 모바일 앱(mobile app)들을 설명한다.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2014.04a
• /
• pp.387-390
• /
• 2014

본 논문은 MS-SQL 데이터베이스의 환경과 C++ 환경을 이용하여 데이터베이스 사용자 계정이 만료 되었는지의 여부를 점검한다. 패스워드 혹은 사용자 설정이 변경된 시간을 체크함으로써 사용자 계정이 만료되었거나 오랫동안 패스워드를 변경하지 않았으면 보안 취약점이 존재하는 것으로 판단한다. 이것은 제 3의 악의적인 사용자가 해킹 등을 하는 것을 방지, 예방을 한다. 최근에는 정보자산이 더욱 중요시 여기게 되는 상황에서 데이터베이스의 정보 손실이 일어나게 된다면 큰 피해를 입게 된다. 본 논문은 MS-SQL 데이터베이스의 사용자 계정 만료 유무와 오랫동안 패스워드 혹은 사용자 설정이 변경되지 않은 사용자 정보를 모듈로 개발하여 보안취약점 점검을 함으로써 악의적인 사용자가 데이터 베이스에 접근을 할 수 없도록 한다.

• Journal of KIISE:Software and Applications
• /
• v.37 no.10
• /
• pp.773-778
• /
• 2010

OWASP announced most of vulnerabilities result from the data injection by user in 2010 after 2007. Because the contaminated input data is determined at runtime, those data should be checked dynamically. To analyze data and its flow at runtime, dynamic analysis method usually inserts instrument into source code. Intermediate code insertion makes it difficult to manage and extend the code so that the instrument code would be spreaded out according to increase of analysis coverage and volume of code under analysis. In addition, the coupling gets strong between instrument modules and target modules. Therefore developers will struggle against modify or extend the analysis code as instrument. To solve these problem, this paper defines vulnerabilities as a concern using AOP, and suggest the flexible and extensible analysis method to insertion and deletion without increase of coupling.

• Journal of KIISE:Software and Applications
• /
• v.31 no.9
• /
• pp.1218-1225
• /
• 2004

S/KEY system was proposed to guard against intruder's password replay attack. But S/KEY system has vulnerability that if an attacker derive passphrase from his dictionary file, he can acquire one-time password required for user authentication. In this paper, we propose a correct S/KEY system mixed with EKE to solve the problem. Also, we specify a new S/KEY system with Casper and CSP, verify its secrecy and authentication requirements using FDR model checking tool.