• KIPS Transactions on Computer and Communication Systems
• /
• v.4 no.6
• /
• pp.205-212
• /
• 2015

SSH provides a secure, encrypted communication channel between two end point systems using public key encryption. But SSH brute force attack is one of the most significant attacks. This kind of attack aims to login to the SSH server by continually guessing a large number of user account and password combinations. In this paper, we analyze logs of SSH brute force attacks in 2014 and propose a failed-log based detection mechanism in high performance computing service environment.

• Journal of Advanced Navigation Technology
• /
• v.13 no.6
• /
• pp.876-883
• /
• 2009

In 2008, Kim-Jun proposed RFID Mutual Authentication Protocol based on One-Time Random Numbers which are strong in Eavesdropping Attack, Spoofing attack and Replay attack. However, In 2009, Yoon-Yoo proved that it was weak in Replay attack and proposed a protocol which can prevent Replay attack. But Yoon-Yoo's protocol has problems that efficiency on communication and Brute-force attack. This paper shows weak points of Yoon-Yoo's protocol and proposes an RFID mutual authentication protocol with security and performance improvements.

• Journal of KIISE
• /
• v.44 no.6
• /
• pp.637-642
• /
• 2017

Honey Encryption (HE) is a technique to overcome the weakness of a brute-force attack of the existing password-based encryption (PBE). By outputting a plausible plaintext even if the wrong key is entered, it provides message recovery security which an attacker can tolerate even if the attacker tries a brute-force attack against a small entropy secret key. However, application of a cipher that requires encryption padding to the HE present a bigger problem than the conventional PBE method. In this paper, we apply a typical block cipher (AES-128) and a stream cipher (A5 / 1) to verify the problem of padding through the analysis of the sentence frequency and we propose a safe operation method of the HE.

• Journal of the Korea Society of Computer and Information
• /
• v.16 no.5
• /
• pp.73-78
• /
• 2011

The DES encryption algorithm employed in information security has a strong avalanche effect, and the processing speed to encrypt is also fast. However, due to the H/W advances, the secret key length of DES having 56bits is not enough so that it is easily exposed to brute force attack. In this paper, we present a new method to significantly increase the secret key length in the DES by integration of digital holography and DES algorithm. In addition, we evaluate the encryption performance of the proposed method by measuring the avalanche effect and verify the possibility of it.

• Journal of the Institute of Electronics Engineers of Korea TC
• /
• v.46 no.1
• /
• pp.121-132
• /
• 2009

Default password protection used in operating systems have had many advances, but when the attacker has physical access to the server or gets root(administrator) privileges, the attacker can steal the password information(e.g. shadow file in Unix-like systems or SAM file in Windows), and using brute force and dictionary attacks can manage to obtain users' passwords. It is really difficult to obligate users to use complex passwords, so it is really common to find weak accounts to exploit. In this paper, we present a secure authentication scheme based on digital signatures and secure key storage that solves this problem, and explain the possible implementations using Trusted Platform Module(TPM). We also make a performance analysis of hardware and software TPMs inside implementations.

• Journal of the Korea Society of Computer and Information
• /
• v.20 no.5
• /
• pp.41-51
• /
• 2015

In order to hide their identities, intruders on the Internet often attack targets indirectly by staging their attacks through intermediate hosts known as stepping stones. In this paper, we propose a brute-force technique to detect the stepping stone behavior on a Linux server where some shell processes remotely logged into using interactive services are trying to connect other hosts using the same interactive services such as Telnet, Secure Shell, and rlogin. The proposed scheme can provide an absolute solution even for the encrypted connections using SSH because it traces the system calls of all processes concerned with the interactive service daemon and their child processes. We also implement the proposed technique on a CentOS 6.5 x86_64 environment by the ptrace system call and a simple shell script using strace utility. Finally the experimental results show that the proposed scheme works perfectly under test scenarios.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.6
• /
• pp.1149-1156
• /
• 2021

The Grover algorithm, which accelerates the brute force attack, is applicable to key recovery of symmetric key cryptography, and NIST uses the Grover attack cost for symmetric key cryptography to estimate the post-quantum security strength. In this paper, we estimate the attack cost of Grover's algorithm by implementing DES as a quantum circuit. NIST estimates the post-quantum security strength based on the attack cost of AES for symmetric key cryptography using 128, 192, and 256-bit keys. The estimated attack cost for DES can be analyzed to see how resistant DES is to attacks from quantum computers. Currently, since there is no post-quantum security index for symmetric key ciphers using 64-bit keys, the Grover attack cost for DES using 64-bit keys estimated in this paper can be used as a standard. ProjectQ, a quantum programming tool, was used to analyze the suitability and attack cost of the quantum circuit implementation of the proposed DES.

• KIPS Transactions on Computer and Communication Systems
• /
• v.7 no.3
• /
• pp.73-80
• /
• 2018

Due to the popularity of smartphones and the simplification of financial services, the number of mobile financial services is increasing. However, the security keypads developed for existing financial services are susceptible to probability analysis attacks and have security vulnerabilities. In this paper, we propose and implement a security keypad based on dual touch. Prior to the proposal, we examined the existing types of security keypads used in the mobile banking and mobile payment systems of Korean mobile financial businesses and analyzed the vulnerabilities. In addition, we compared the security of the proposed dual touch keypad as well as existing keypads using the authentication framework and the existing keypad attack types (Brute Force Attack, Smudge Attack, Key Logging Attack, and Shoulder Surfing Attack, Joseph Bonneau). Based on the results, we can confirm that the proposed security keypad with dual touch presented in this paper shows a high level of security. The security keypad with dual touch can provide more secure financial services, and it can be applied to other mobile services to enhance their security.

• Journal of Information Technology Services
• /
• v.19 no.1
• /
• pp.145-158
• /
• 2020

With the development and widespread application of online shopping, the number of online consumers has increased. With one click of a mouse, people can buy anything they want without going out and have it sent right to the doors. As consumers benefit from online shopping, people are becoming more concerned about protecting their privacy. In the group buying scenario described in our paper, online shopping was regarded as intra-group communication. To protect the sensitive information of consumers, the polynomial-based encryption key sharing method (Piao et al., 2013; Piao and Kim, 2018) can be applied to online shopping communication. In this paper, we analyze security problems by using a polynomial-based scheme in the following ways : First, in Kamal's attack, they said it does not provide perfect forward and backward secrecy when the members leave or join the group because the secret key can be broken in polynomial time. Second, for simultaneous equations, the leaving node will compute the new secret key if it can be confirmed that the updated new polynomial is recomputed. Third, using Newton's method, attackers can successively find better approximations to the roots of a function. Fourth, the Berlekamp Algorithm can factor polynomials over finite fields and solve the root of the polynomial. Fifth, for a brute-force attack, if the key size is small, brute force can be used to find the root of the polynomial, we need to make a key with appropriately large size to prevent brute force attacks. According to these analyses, we finally recommend the use of a relatively reasonable hash-based mechanism that solves all of the possible security problems and is the most suitable mechanism for our application. The study of adequate and suitable protective methods of consumer security will have academic significance and provide the practical implications.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.20 no.3
• /
• pp.3-8
• /
• 2010

There are some efficient brute force algorithm for factorization. Fermat's factorization is one of the way of brute force attack. Fermat's method works best when there is factor near the square-root. This paper shows that why Fermat's method is effective and verify that there are only one answer. Because there are only one answer, we can start Fermat's factorization anywhere. Also, we convert from factorization to finding square number.