• Title/Summary/Keyword: Attack time

Search Result 1,152, Processing Time 0.027 seconds

Practical (Second) Preimage Attacks on the TCS_SHA-3 Family of Cryptographic Hash Functions

  • Sekar, Gautham;Bhattacharya, Soumyadeep
    • Journal of Information Processing Systems
    • /
    • v.12 no.2
    • /
    • pp.310-321
    • /
    • 2016
  • TCS_SHA-3 is a family of four cryptographic hash functions that are covered by a United States patent (US 2009/0262925). The digest sizes are 224, 256, 384 and 512 bits. The hash functions use bijective functions in place of the standard compression functions. In this paper we describe first and second preimage attacks on the full hash functions. The second preimage attack requires negligible time and the first preimage attack requires $O(2^{36})$ time. In addition to these attacks, we also present a negligible time second preimage attack on a strengthened variant of the TCS_SHA-3. All the attacks have negligible memory requirements. To the best of our knowledge, there is no prior cryptanalysis of any member of the TCS_SHA-3 family in the literature.

An Online Response System for Anomaly Traffic by Incremental Mining with Genetic Optimization

  • Su, Ming-Yang;Yeh, Sheng-Cheng
    • Journal of Communications and Networks
    • /
    • v.12 no.4
    • /
    • pp.375-381
    • /
    • 2010
  • A flooding attack, such as DoS or Worm, can be easily created or even downloaded from the Internet, thus, it is one of the main threats to servers on the Internet. This paper presents an online real-time network response system, which can determine whether a LAN is suffering from a flooding attack within a very short time unit. The detection engine of the system is based on the incremental mining of fuzzy association rules from network packets, in which membership functions of fuzzy variables are optimized by a genetic algorithm. The incremental mining approach makes the system suitable for detecting, and thus, responding to an attack in real-time. This system is evaluated by 47 flooding attacks, only one of which is missed, with no false positives occurring. The proposed online system belongs to anomaly detection, not misuse detection. Moreover, a mechanism for dynamic firewall updating is embedded in the proposed system for the function of eliminating suspicious connections when necessary.

A RTSD Mechanism for Detection of DoS Attack on TCP Network (TCP 네트워크에서 서비스거부공격의 탐지를 위한 RTSD 메커니즘)

  • 이세열;김용수
    • Proceedings of the Korean Institute of Intelligent Systems Conference
    • /
    • 2002.05a
    • /
    • pp.252-255
    • /
    • 2002
  • As more critical services are provided in the internet, the risk to these services from malicious users increases. Several networks have experienced problems like Denial of Service(DoS) attacks recently. We analyse a network-based denial of service attack, which is called SYM flooding, to TCP-based networks. It occurs by an attacker who sends TCP connection requests with spoofed source address to a target system. Each request causes the targeted system to send instantly data packets out of a limited pool of resources. Then the target system's resources are exhausted and incoming TCP port connections can not be established. The paper is concerned with a detailed analysis of TCP SYN flooding denial of service attack. In this paper, we propose a Real Time Scan Detector(RTSD) mechanism and evaluate it\`s Performance.

  • PDF

Monitoring and Tracking of Time Series Security Events using Visualization Interface with Multi-rotational and Radial Axis (멀티 회전축 및 방사축 시각화 인터페이스를 이용한 시계열 보안이벤트의 감시 및 추적)

  • Chang, Beom-Hwan
    • Convergence Security Journal
    • /
    • v.18 no.5_1
    • /
    • pp.33-43
    • /
    • 2018
  • In this paper, we want to solve the problems that users want to search the progress of attack, continuity of attack, association between attackers and victims, blocking priority and countermeasures by using visualization interface with multi-rotational axis and radial axis structure. It is possible to effectively monitor and track security events by arranging a time series event based on a multi-rotational axis structured by an event generation order, a subject of an event, an event type, and an emission axis, which is an objective time indicating progress of individual events. The proposed interface is a practical visualization interface that can apply attack blocking and defense measures by providing the progress and progress of the whole attack, the details and continuity of individual attacks, and the relationship between attacker and victim in one screen.

  • PDF

One-time Session Key based HTTP DDoS Defense Mechanisms (일회성 세션 키 기반 HTTP DDoS 공격 방어기법)

  • Choi, Sang-Yong;Kang, Ik-Seon;Kim, Yong-Min
    • Journal of the Korea Society of Computer and Information
    • /
    • v.18 no.8
    • /
    • pp.95-104
    • /
    • 2013
  • DDoS attacks have became as a social threat since 2009 7.7 DDoS turmoil. Even though defence techniques have been developing to provide against those threats, they become much more sophisticate. In recent years, the attack form of DDoS is changing from high amount of traffic attack of network layers to highly sophisticate small amount of application layers. To make matters worse, attack agent for the attack has became very intelligent so that it is difficult to be blocked since it can't be distinguished from normal PCs. In the user authentication system(such as CAPTCHA) User intervention is required to distinguish normal PCs and intelligent attack agents and in particular, in a NAT environment, IP-based blocking method can be cut off the normal users traffic at the same time. This research examined defense techniques which are able to distinguish between agent and normal PC and effectively block ways the HTTP DDoS offense applying one-time session key based authentication method using Cookie which is used in HTTP protocol to protect web sever from sophisticate application layer of DDoS.

Implement pattern lock security enhancement using thread to measure input time (입력시간을 측정하는 쓰레드를 활용한 패턴 잠금 보안 강화 구현)

  • An, Kyuhwang;Kwon, Hyeokdong;Kim, Kyungho;Seo, Hwajeong
    • Journal of the Korea Institute of Information and Communication Engineering
    • /
    • v.23 no.4
    • /
    • pp.470-476
    • /
    • 2019
  • The pattern locking technique applied to smart phones is a locking technique that many people use conveniently. However, the safety of pattern locking techniques is very low compared with other techniques. The pattern locking technique is vulnerable to a shoulder surfing attack, which is based on the user's input and can be interpreted by looking at the movement of the shoulder, and the smudge attack is also vulnerable due to fingerprint drag marks remaining on the mobile phone pad. Therefore, in this paper, we want to add a new security method to check the pressed time by using a thread in the pattern locking scheme to secure the vulnerability. It is divided into short, middle, and long click according to the pressing time at each point. When dragging using the technique, security performance enhances $3^n$ tiems. Therefore, even if dragging in the same 'ㄱ' manner, it becomes a completely different pattern depending on the pressing time at each point.

Double Sieve Collision Attack Based on Bitwise Detection

  • Ren, Yanting;Wu, Liji;Wang, An
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.9 no.1
    • /
    • pp.296-308
    • /
    • 2015
  • Advanced Encryption Standard (AES) is widely used for protecting wireless sensor network (WSN). At the Workshop on Cryptographic Hardware and Embedded Systems (CHES) 2012, G$\acute{e}$rard et al. proposed an optimized collision attack and break a practical implementation of AES. However, the attack needs at least 256 averaged power traces and has a high computational complexity because of its byte wise operation. In this paper, we propose a novel double sieve collision attack based on bitwise collision detection, and an improved version with an error-tolerant mechanism. Practical attacks are successfully conducted on a software implementation of AES in a low-power chip which can be used in wireless sensor node. Simulation results show that our attack needs 90% less time than the work published by G$\acute{e}$rard et al. to reach a success rate of 0.9.

An Improved Model Design for Traceback Analysis Time Based on Euclidean Distance to IP Spoofing Attack (IP 스푸핑 공격 발생 시 유클리드 거리 기반의 트레이스 백 분석시간 개선 모델)

  • Liu, Yang;Baek, Hyun Chul;Park, Jae Heung;Kim, Sang Bok
    • Convergence Security Journal
    • /
    • v.17 no.5
    • /
    • pp.11-18
    • /
    • 2017
  • Now the ways in which information is exchanged by computers are changing, a variety of this information exchange method also requires corresponding change of responding to an illegal attack. Among these illegal attacks, the IP spoofing attack refers to the attack whose process are accompanied by DDoS attack and resource exhaustion attack. The way to detect an IP spoofing attack is by using traceback information. The basic traceback information analysis method is implemented by comparing and analyzing the normal router information from client with routing information existing in routing path on the server. There fore, Such an attack detection method use all routing IP information on the path in a sequential comparison. It's difficulty to responding with rapidly changing attacks in time. In this paper, all IP addresses on the path to compute in a coordinate manner. Based on this, it was possible to analyze the traceback information to improve the number of traceback required for attack detection.

Vulnerable Path Attack and its Detection

  • She, Chuyu;Wen, Wushao;Ye, Quanqi;Zheng, Kesong
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.11 no.4
    • /
    • pp.2149-2170
    • /
    • 2017
  • Application-layer Distributed Denial-of-Service (DDoS) attack is one of the leading security problems in the Internet. In recent years, the attack strategies of application-layer DDoS have rapidly developed. This paper introduces a new attack strategy named Path Vulnerabilities-Based (PVB) attack. In this attack strategy, an attacker first analyzes the contents of web pages and subsequently measures the actual response time of each webpage to build a web-resource-weighted-directed graph. The attacker uses a Top M Longest Path algorithm to find M DDoS vulnerable paths that consume considerable resources when sequentially accessing the pages following any of those paths. A detection mechanism for such attack is also proposed and discussed. A finite-state machine is used to model the dynamical processes for the state of the user's session and monitor the PVB attacks. Numerical results based on real-traffic simulations reveal the efficiency of the attack strategy and the detection mechanism.

Improving an RFID Mutual Authentication Protocol using One-time Random Number (개선한 일회성 난수를 이용한 RFID 상호인증 프로토콜)

  • Yoon, Eun-Jun;Yoo, Kee-Young
    • Journal of KIISE:Information Networking
    • /
    • v.36 no.2
    • /
    • pp.90-97
    • /
    • 2009
  • In 2008, Kim-Jun proposed a RFID mutual authentication protocol using one-time random number that can withstand malicious attacks by the leakage of important information and resolve the criminal abuse problems. Through the security analysis, they claimed that the proposed protocol can withstand various security attacks including the replay attack. However, this paper demonstrates that Kim-Jun' s RFID authentication protocol still insecure to the replay attack. In addition, this paper also proposes a simply improved RFID mutual authentication protocol using one-time random number which not only provides same computational efficiency, but also withstands the replay attack.