• Title/Summary/Keyword: network attacks

Search Result 1,170, Processing Time 0.025 seconds

Smartphone Content Security Scheme for Protect Malware Attacks (멀웨이 공격을 예방하기 위한 스마트폰 콘텐츠 보호 기법)

  • Jeong, Yoon-Su
    • Journal of Digital Convergence
    • /
    • v.12 no.4
    • /
    • pp.327-333
    • /
    • 2014
  • Recently, smartphone are increasing in Internet-enabled applications to install and delete benefits as well as internet through various interfaces such as 3G network, Wi-Fi, Wibro without the constraints of time and place. However, the prevalence of smartphones and the activity was generated from an existing PC smartphone security threats are causing a ripple in a society. In this paper, we serve live content services on the first and last content by creating an electronic signature is the signature of either the loss of any Content provided by both authentication and non-repudiation content protection scheme is proposed. The proposed method of secure smartphone users to download and install the content or an application for downloading content over the content for secure authentication.

A survey and categorization of anomaly detection in online games (온라인 게임에서의 이상 징후 탐지 기법 조사 및 분류)

  • Kwak, Byung Il;Kim, Huy Kang
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.25 no.5
    • /
    • pp.1097-1114
    • /
    • 2015
  • As the online game market grows, illegal activities such as cheating play using game bots or game hack programs, running private servers, hacking game companies' system and network, and account theft are also increasing. There are various security measures for online games to prevent illegal activities. However, the current security measures are not enough to prevent all highly evolving game attacks and frauds. Some security measure can do harm game players usability, game companies need to develop usable security measure that is well fit to game genre and contents design. In this study, we surveyed the recent trend of various security measure applied in online games. This research also classified illegal activities and their related countermeasure for detection and prevention.

An Efficient and Secure Authentication Scheme Preserving User Anonymity

  • Kim, Mi Jin;Lee, Kwang Woo;Kim, Seung Joo;Won, Dong Ho
    • Journal of Korea Society of Digital Industry and Information Management
    • /
    • v.6 no.3
    • /
    • pp.69-77
    • /
    • 2010
  • Authentication and key establishment are fundamental procedures to establish secure communications over public insecure network. A password-based scheme is common method to provide authentication. In 2008, Khan proposed an efficient password-based authentication scheme using smart cards to solve the problems inherent in Wu-Chieu's authentication scheme. As for security, Khan claimed that his scheme is secure and provides mutual authentication between legal users and a remote server. In this paper, we demonstrate Khan's scheme to be vulnerable to various attacks, i. e., password guessing attack, insider attack, reflection attack and forgery attack. Our study shows that Khan's scheme does not provide mutual authentication and is insecure for practical applications. This paper proposes an improved scheme to overcome these problems and to preserve user anonymity that is an issue in e-commerce applications.

A User Anonymous Mutual Authentication Protocol

  • Kumari, Saru;Li, Xiong;Wu, Fan;Das, Ashok Kumar;Odelu, Vanga;Khan, Muhammad Khurram
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.10 no.9
    • /
    • pp.4508-4528
    • /
    • 2016
  • Widespread use of wireless networks has drawn attention to ascertain confidential communication and proper authentication of an entity before granting access to services over insecure channels. Recently, Truong et al. proposed a modified dynamic ID-based authentication scheme which they claimed to resist smart-card-theft attack. Nevertheless, we find that their scheme is prone to smart-card-theft attack contrary to the author's claim. Besides, anyone can impersonate the user as well as service provider server and can breach the confidentiality of communication by merely eavesdropping the login request and server's reply message from the network. We also notice that the scheme does not impart user anonymity and forward secrecy. Therefore, we present another authentication scheme keeping apart the threats encountered in the design of Truong et al.'s scheme. We also prove the security of the proposed scheme with the help of widespread BAN (Burrows, Abadi and Needham) Logic.

Issues and Tasks of Personal Information Protection Liability Insurance (개인정보 손해배상책임 보장제도의 쟁점과 과제)

  • Lee, Suyeon;Kwon, Hun-Yeong
    • Journal of Information Technology Services
    • /
    • v.19 no.1
    • /
    • pp.37-53
    • /
    • 2020
  • Today, our society is exposed to cyber threats, such as the leakage of personal information, as various systems are connected and operated organically with the development of information and communication technology. With the impact of these cyber risks, we are experiencing damage from the virtual world to the physical world. As the number of cases of damage caused by cyber attacks has continued to rise, social voices have risen that the government needs to manage cyber risks. Thus, information and telecommunication service providers are now mandatory to have insurance against personal information protection due to amendment of "the Act on Promotion of Information and Communication Network Utilization and Information Protection". However, the insurance management system has not been properly prepared, with information and communication service providers selecting the service operators based on sales volume rather than selecting them based on the type and amount of personal information they store and manage. In order for the personal information protection liability insurance system to be used more effectively in line with the legislative purpose, effective countermeasures such as cooperation with the government and related organizations and provision of benefits for insured companies should be prepared. Thus, the author of this study discuss the current status of personal information protection liability insurance system and the issues raised in the operation of the system. Based on the results of this analysis, the authors propsoe tasks and plans to establish an effective personal information protection liability insurance system.

End-to-end Transmission Performance of VoIP Traffics based on Mobility Pattern over MANET with IDS (IDS가 있는 MANET에서 이동패턴에 기반한 VoIP 트래픽의 종단간 전송성능)

  • Kim, Young-Dong
    • The Journal of the Korea institute of electronic communication sciences
    • /
    • v.9 no.7
    • /
    • pp.773-778
    • /
    • 2014
  • IDS(Intrusion Detection System) can be used as a countermeasure for blackhole attacks which cause degrade of transmission performance by causing of malicious intrusion to routing function of networks. In this paper, effects of IDS for transmission performance based on mobility patterns is analyzed for MANET(Mobile Ad-hoc Networks), a suggestion for effective countermeasure is considered. Computer simulation based on NS-2 is used in performance analysis, VoIP(Voice over Internet Protocol) as an application service is chosen for performance measure. MOS(Mean Opinion Score), call connection ratio and end-to-end delay is used as performance parameter.

Security Analysis of AMI Using ACT (ACT를 이용한 AMI 보안 분석)

  • Wi, Miseon;Kim, Dong Seong;Park, Jong Sou
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.23 no.4
    • /
    • pp.639-653
    • /
    • 2013
  • Smart grid is a network of computers and power infrastructure that monitor and manage energy usage efficiently. Recently, the smart grid demonstration projects around the world, including the United States, Europe, Japan, and the technology being developed. The protection of the many components of the grid against cyber-threats has always been critical, but the recent Smart grid has been threatened by a variety of cyber and physical attacks. We model and analyze advanced metering infrastructure(AMI) in smart grid. Using attack countermeasure tree(ACT) we show qualitative and probabilistic security analysis of AMI. We implement using SHARPE(Symbolic Hierarchical Automated Reliability and Performance Evaluator) tool and calculate probability, ROA, ROI, Structure Importance, Birnbaum Importance.

Implementation of Instruction-Level Disassembler Based on Power Consumption Traces Using CNN (CNN을 이용한 소비 전력 파형 기반 명령어 수준 역어셈블러 구현)

  • Bae, Daehyeon;Ha, Jaecheol
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.30 no.4
    • /
    • pp.527-536
    • /
    • 2020
  • It has been found that an attacker can extract the secret key embedded in a security device and recover the operation instruction using power consumption traces which are some kind of side channel information. Many profiling-based side channel attacks based on a deep learning model such as MLP(Multi-Layer Perceptron) method are recently researched. In this paper, we implemented a disassembler for operation instruction set used in the micro-controller AVR XMEGA128-D4. After measuring the template traces on each instruction, we automatically made the pre-processing process and classified the operation instruction set using a deep learning model CNN. As an experimental result, we showed that all instructions are classified with 87.5% accuracy and some core instructions used frequently in device operation are with 99.6% respectively.

New Mobile Terminated Protocol for User Privacy Protection in Mobile Communication Environments (이동통신 환경에서 사용자 프라이버시 보호를 위한 새로운 이동 착호프로토콜)

  • Kim, Soon-Seok
    • Journal of the Korea Institute of Information and Communication Engineering
    • /
    • v.10 no.12
    • /
    • pp.2193-2201
    • /
    • 2006
  • In related to mobile communication environment. Kesdogan and Pfitzmann[1,2,3] proposed solutions using temporary pseudonym identification, called TP(Temporary Pseudonym) to solve the problems concerning current locations of mobile users and exposure of their movements in the privacy aspect. After that, we proposed more improved method protecting mobile users from active attacks of network providers in [4]. But it is the case that mobile users are located in only home domain. As a more extended method. we propose new mobile terminated protocol protecting user privacy in case of moving from the home domain to the remote domain and analyze its security.

A Study on the Direction of the Formulation of "Safe Country" Laws and Regulations due to the Development of Information Technology (정보사회에 있어서 '안전국가' 법규의 정립방향에 관한 소고)

  • Kim, Hyun-Kyung
    • Journal of Information Technology Services
    • /
    • v.12 no.3
    • /
    • pp.151-163
    • /
    • 2013
  • It is no doubt that information technology is the key factor of national safety. Information technology is positively useful for national security such as crime prevention and detection, criminal investigation, disaster management, and national defense. However, it might be a threat to the security as we saw in the examples such as '3.4 DDoS attacks' and 'Nong-hyup Computer Network Failure.' Although the effect that information technology makes upon the national security is immense, the current legal system does not reflect these changes well. National security should be kept during 'prevention-response-recovery' process regardless it is in the online on offline. In addition, public administration for national security should be based on laws. However, the current legal system is lack of legislative basis on cyber and physical disaster, and the laws on the response to disaster might cause confusing. Therefore, this study examines the limitation of the current legal system on national security, and suggests directions for the development of the system based on the new establishment of the legal concept for 'national security'.