• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.37C no.10
• /
• pp.949-964
• /
• 2012

Our PC have been under constant threat of malicious codes and viruses today. As many new ways of cyber attacks are being developed, such as zero-day-attack, nobody's PC is guaranteed to be safe from the attacks. In case where a user uses the existing verification protocol on a unsecured PC, the user's verification information may well be threatened by sniffing or man-in-the-middle attack. Especially, deadly attacks like memory hacking would give hard time for users to even recognize any symptom of virus infection. Therefore, this paper designs secured QR-Login user verification protocol for smart devices that are ready to communicate with QR-Code and proposes a way to keep critical data safe when using the internet. This way, user would be able to safeguard his/her critical data even when under attack by unknown attacks and safely carry out extremely sensitive task, like financial trading, on the device.

• Journal of KIISE:Software and Applications
• /
• v.32 no.4
• /
• pp.290-299
• /
• 2005

Stealing the source code of a program is a serious problem not only in a moral sense but also in a legal sense. However, it is not clear whether the code of a program is copied from another or not. There was a program similarity checker detecting code-copy by comparing the syntax trees of programs. However this method has a limitation that it cannot detect the code-copy attacks when the attacker modifies the syntax of the program on purpose. We propose a program similarity check by program control graph, which reveals not only syntax information but also control dependancy. Our method can detect the code-copy attacks that do not change control dependancy Moreover, we define what code-copy means and establish the connection between code-copy and similarity of program control graph: we prove that two programs are related by copy congruence if and only if the program control graphs of these programs are equivalent. We implemented our method on a functional programming language, nML. The experimental results show us that the suggested method can detect code similarity that is not detected by the existing method.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.39B no.4
• /
• pp.207-215
• /
• 2014

Password based authentication systems are most widely used for user convenience in web services. However such authentication systems are known to be vulnerable to various attacks such as password guessing attack, dictionary attack and key logging attack. Besides, many of the web systems just provide user authentication in a one-way fashion such that web clients cannot verify the authenticity of the web server to which they set access and give passwords. Therefore, it is too difficult to protect against DNS spoofing, phishing and pharming attacks. To cope with the security threats, web system adopts several enhanced schemes utilizing one time password (OTP) or long and strong passwords including special characters. However there are still practical issues. Users are required to buy OTP devices and strong passwords are less convenient to use. Above all, one-way authentication schemes generate several vulnerabilities. To solve the problems, we propose a multi-channel, multi-factor authentication scheme by utilizing QR-Code. The proposed scheme supports both user and server authentications mutually, thereby protecting against attacks such as phishing and pharming attacks. Also, the proposed scheme makes use of a portable smart device as a OTP generator so that the system is convenient and secure against traditional password attacks.

• Journal of Software Assessment and Valuation
• /
• v.10 no.1
• /
• pp.19-26
• /
• 2014

In this paper, we propose a method for protecting Android applications against reverse engineering attacks. In this method, the server encrypts the original executable code (DEX) included in an APK file, inserts into the APK file a stub code that decrypts the encrypted DEX later at run-time, and distributes the modified APK file. The stub code includes an integrity validation code to detect attacks on itself. When a user installs and executes the APK file, the stub code verifies the integrity of itself, decrypts the encrypted DEX, and loads it dynamically to execute. Since the original DEX is distributed as an encrypted one, we can effectively protect the intellectual property. Further, by verifying the integrity of the stub code, we can prevent malicious users from bypassing our method. We applied the method to 15 Android apps, and evaluated its effectiveness. We confirmed that 13 out of them operates normally.

• Journal of Industrial Convergence
• /
• v.16 no.2
• /
• pp.25-31
• /
• 2018

An APT attack is a new hacking technique that continuously attacks specific targets and is called an APT attack in which a hacker exploits various security threats to continually attack a company or organization's network. Protect employees in a specific organization and access their internal servers or databases until they acquire significant assets of the company or organization, such as personal information leaks or critical data breaches. Also, APT attacks are not attacked at once, and it is difficult to detect hacking over the years. This white paper examines ongoing APT attacks and identifies, educates, and proposes measures to build a security management system, from the executives of each organization to the general staff. It also provides security updates and up-to-date antivirus software to prevent malicious code from infiltrating your company or organization, which can exploit vulnerabilities in your organization that could infect malicious code. And provides an environment to respond to APT attacks.

• ETRI Journal
• /
• v.40 no.1
• /
• pp.133-145
• /
• 2018

Robustness, payload, and imperceptibility of audio watermarking algorithms are contradictory design issues with high-level security of the watermark. In this study, the major issue in achieving high payload along with adequate robustness against challenging signal-processing attacks is addressed. Moreover, a security code has been strategically used for secure transmission of data, providing tamper detection at the receiver end. The high watermark payload in this work has been achieved by using the complementary features of third-level detailed coefficients of discrete wavelet transform where the human auditory system is not sensitive to alterations in the audio signal. To counter the watermark loss under challenging attacks at high payload, Daubechies wavelets that have an orthogonal property and provide smoother frequencies have been used, which can protect the data from loss under signal-processing attacks. Experimental results indicate that the proposed algorithm has demonstrated adequate robustness against signal processing attacks at 4,884.1 bps. Among the evaluators, 87% have rated the proposed algorithm to be remarkable in terms of transparency.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.13 no.5
• /
• pp.2610-2628
• /
• 2019

Advanced persistent threats (APTs) are constant attacks of specific targets by hackers using intelligent methods. All current internal infrastructures are constantly subject to APT attacks created by external and unknown malware. Therefore, information security officers require a framework that can assess whether information security systems are capable of detecting and blocking APT attacks. Furthermore, an on-line evaluation of information security systems is required to cope with various malicious code attacks. A regular evaluation of the information security system is thus essential. In this paper, we propose a dynamic updated evaluation framework to improve the detection rate of internal information systems for malware that is unknown to most (over 60 %) existing static information security system evaluation methodologies using non-updated unknown malware.

• International Journal of Computer Science & Network Security
• /
• v.22 no.1
• /
• pp.276-282
• /
• 2022

One of the most essential foundations upon which big institutions rely in delivering cloud computing and hosting services, as well as other kinds of multiple digital services, is the security of infrastructures for digital and information services throughout the world. Distributed denial-of-service (DDoS) assaults are one of the most common types of threats to networks and data centers. Denial of service attacks of all types operates on the premise of flooding the target with a massive volume of requests and data until it reaches a size bigger than the target's energy, at which point it collapses or goes out of service. where it takes advantage of a flaw in the Transport Control Protocol's transmitting and receiving (3-way Handshake) (TCP). The current study's major focus is on an architecture that stops DDoS attacks assaults by producing code for DDoS attacks using a cloud controller and calculating Round-Tripe Time (RTT).

• Journal of KIISE:Computer Systems and Theory
• /
• v.33 no.3
• /
• pp.178-192
• /
• 2006

The buffer overflow attack is the single most dominant and lethal form of security exploits as evidenced by recent worm outbreaks such as Code Red and SQL Stammer. In this paper, we propose microarchitectural techniques that can detect and recover from such malicious code attacks. The idea is that the buffer overflow attacks usually exhibit abnormal behaviors in the system. This kind of unusual signs can be easily detected by checking the safety of memory references at runtime, avoiding the potential data or control corruptions made by such attacks. Both the hardware cost and the performance penalty of enforcing the safety guards are negligible. In addition, we propose a more aggressive technique called corruption recovery buffer (CRB), which can further increase the level of security. Combined with the safety guards, the CRB can be used to save suspicious writes made by an attack and can restore the original architecture state before the attack. By performing detailed execution-driven simulations on the programs selected from SPEC CPU2000 benchmark, we evaluate the effectiveness of the proposed microarchitectural techniques. Experimental data shows that enforcing a single safety guard can reduce the number of system failures substantially by protecting the stack against return address corruptions made by the attacks. Furthermore, a small 1KB CRB can nullify additional data corruptions made by stack smashing attacks with only less than 2% performance penalty.

• Journal of Industrial Convergence
• /
• v.16 no.4
• /
• pp.47-52
• /
• 2018

WebShell is a web script file created by a hacker to remotely commands to a web server. The hacker can bypass the security system using the web shell, access the system, control the system such as file modification, copying and deletion, install malicious code in the web source code, attack the user's PC, And so on. There are many types of WebShell attack, but we study about attacks on PHP and JSP based web server which are used as representative ones. And we propose the method of web page management, method of development, and several other methods. By using these countermeasures, it is possible to effectively prevent damage caused by WebShell attacks.