• KNOM Review
• /
• v.23 no.1
• /
• pp.1-9
• /
• 2020

With the rapid development of science and technology in recent years, the network environment are growing, and a huge amount of traffic is generated. In particular, the development of 5G networks and edge computing will accelerate this phenomenon. However, according to these trends, network malicious behaviors and traffic overloads are also frequently occurring. To solve these problems, network administrators need to build a network management system to implement a high-speed network and should know exactly about the connection topology of network devices through the network management system. However, the existing network topology discovery method is inefficient because it is passively managed by an administrator and it is a time consuming task. Therefore, we proposes a method of network topology discovery according to the amount of in and out network traffic. The proposed method is applied to a real network to verify the validity of this paper.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2017.10a
• /
• pp.341-342
• /
• 2017

Control and development systems such as air traffic control systems, road traffic systems, and Korea Hydro &Nuclear Power are the infrastructure facilities of the country, and if the malicious hacking attacks proceed, the damage is beyond imagination. In fact, Korea Hydro & Nuclear Power has been subjected to a hacking attack, causing internal information to leak and causing social problems. In this study, we analyze the environment of the development control system and analyze the status of the convergence security research, which is a recent issue, and propose a strategy system for stabilizing various power generation control systems and propose countermeasures. We propose a method to normalize and integrate data types from various physical security systems (facilities), IT security systems, access control systems, to control the whole system through convergence authentication, and to detect risks through fusion control.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2015.10a
• /
• pp.740-743
• /
• 2015

The increasing complexity of integrated circuits and IP-based hardware designs have created the risk of hardware Trojans. This paper introduces a new type of threat, the coherence-exploiting hardware Trojan. This Trojan can be maliciously implanted in master components in a system, and continuously injects memory read transactions on to bus or main interconnect. The injected traffic forces the eviction of cache lines, taking advantage of cache coherence protocols. This type of Trojans insidiously slows down the system performance, incurring Denial-of-Service (DoS) attack. We used Xilinx Zynq-7000 device to implement and evaluate the coherence-exploiting Trojan. The malicious traffic was injected through the AXI ACP interface in Zynq-7000. Then, we collected the L2 cache eviction statistics with performance counters. The experiment results reveal the severe threats of the Trojan to the system performance.

• Electronics and Telecommunications Trends
• /
• v.33 no.1
• /
• pp.68-77
• /
• 2018

Data deduplication is a common used technology in backup systems and cloud storage to reduce storage costs and network traffic. To preserve data privacy from servers or malicious attackers, there has been a growing demand in recent years for individuals and companies to encrypt data and store encrypted data on a server. In this study, we introduce two cryptographic primitives, Convergent Encryption and Message-Locked Encryption, which enable deduplication of encrypted data between clients and a storage server. We analyze the security of these schemes in terms of dictionary and poison attacks. In addition, we introduce deduplication systems that can be implemented in real cloud storage, which is a practical application environment, and describes the proof of ownership on client-side deduplication.

• The Transactions of the Korea Information Processing Society
• /
• v.7 no.4
• /
• pp.1184-1192
• /
• 2000

Multicast has communication mechanism that is able to transfer voice, video for only the specific user group. As compared to unicast, multicast is more susceptive to attack such as masquerading, malicious replay, denial of service, repudiation and traffic observation, because of the multicast has much more communication links than unicast communication. Multicast-specific security threats can affect not only a group's receivers, but a potentially large proportion of the internet. In this paper, we proposed the multicast security model that is able to secure multi-group communication in CBT(Core Based Tree), which is multicast routing. And designed the multicast key distribution protocol that can offer authentication, user privacy using core (be does as Authentication Server) in the proposed model.

• Journal of Korea Multimedia Society
• /
• v.21 no.12
• /
• pp.1448-1458
• /
• 2018

Vehicular Ad-Hoc Networks (VANETs) have become one of the active areas of research, standardization, and development because they have tremendous potentials to improve vehicle and road safety, traffic efficiency, and convenience as well as comfort to both drivers and passengers. However, message trustfulness is a challenge because the propagation of false message by malicious vehicles induces unreliable and ineffectiveness of VANETs, Therefore, we need a reliable reputation method to ensure message trustfulness. In this paper, we consider a vulnerability against the Sybil attack of the previous reputation systems based on blockchain and suggest a new reputation system which resists against Sybil attack on the previous system. We propose an initial authentication process as a countermeasure against a Sybil attack and provide a reliable reputation with a cooperative message delivery to cope with message omission. In addition, we use Homomorphic Commitment to protect the privacy breaches in VANETs environment.

• Journal of Information Processing Systems
• /
• v.15 no.1
• /
• pp.203-216
• /
• 2019

The nature of wireless transmission has made wireless sensor networks defenseless against various attacks. This paper presents warning message counter method (WMC) to detect blackhole attack, grayhole attack and sinkhole attack in wireless sensor networks. The objective of these attackers are, to draw the nearby network traffic by false routing information and disrupt the network operation through dropping all the received packets (blackhole attack), selectively dropping the received packets (grayhole and sinkhole attack) and modifying the content of the packet (sinkhole attack). We have also attempted light weighted symmetric key cryptography to find data modification by the sinkhole node. Simulation results shows that, WMC detects sinkhole attack, blackhole attack and grayhole attack with less false positive 8% and less false negative 6%.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.5
• /
• pp.1169-1177
• /
• 2018

Modern society is a period of rapid digital transformation. This digital-centric business proliferation offers convenience and efficiency to businesses and individuals, but cyber threats are increasing. In particular, cyber attacks are becoming more and more intelligent and precise, and various attempts have been made to prevent these attacks from being discovered. Therefore, it is increasingly difficult to respond to such attacks. According to the cyber kill chain concept, the attacker penetrates to achieve the goal in several stages. We aim to detect one of these stages and neutralize the attack. In this paper, we propose a method to detect anomalous traffic caused by an agent attacking an external attacker, assuming that an agent executing a malicious action has been introduced in advance due to various reasons such as a system error or a user's mistake.

• The KIPS Transactions:PartC
• /
• v.12C no.6 s.102
• /
• pp.855-864
• /
• 2005

In this paper, we propose an intrusion detection system(IDS) architecture which can detect and respond against the generation of abnormal traffic such as malicious code and Internet worms. We model the system, design and implement a simulator using OPNET Modeller, for the performance analysis on the response capacity of alert information in the proposed system. At first, we model the arrival process of alert information resulted from abnormal traffic. In order to model the situation in which alert information is intensively produced, we apply the IBP(Interrupted Bernoulli Process) which may represent well the burstiness of traffic. Then we perform the simulation in order to gain some quantitative understanding of the system for our performance parameters. Based on the results of the performance analysis, we analyze factors which may hinder in accelerating the speed of security node, and would like to present some methods to enhance performance.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.5
• /
• pp.1223-1234
• /
• 2016

The Industrial control system is adopted by various industry field and national infrastructure, therefore if it received cyber attack, the serious security problems can be occured in the public sector. For this reason, security requirements of the industrial control system have been proposed, in accordance with the security guidelines of the electronic control system, and it is operated by separate from the external and the internal network. Nevertheless, cyber attack by malware (such as Stuxnet) targeting to control system have been occurred continuously, and also the real-time detection of untrusted traffic is very difficult because there are some difficulty of keeping up with quickly evolving the advent of new-variant malicious codes. In this paper, we propose the traffic analysis architecture for providing secure industrial control system based on the analyzed the security threats, the security requirements, and our proposed architecture.