• Title/Summary/Keyword: DNS Spoofing

Search Result 12, Processing Time 0.016 seconds

A Study on Cloud Computing for Detecting Cyber Attacks (사이버공격 탐지를 위한 클라우드 컴퓨팅 활용방안에 관한 연구)

  • Lee, Jun-Won;Cho, Jae-Ik;Lee, Seok-Jun;Won, Dong-Ho
    • Journal of Advanced Navigation Technology
    • /
    • v.17 no.6
    • /
    • pp.816-822
    • /
    • 2013
  • In modern networks, data rate is getting faster and transferred data is extremely increased. At this point, the malicious codes are evolving to various types very fast, and the frequency of occurring new malicious code is very short. So, it is hard to collect/analyze data using general networks with the techniques like traditional intrusion detection or anormaly detection. In this paper, we collect and analyze the data more effectively with cloud environment than general simple networks. Also we analyze the malicious code which is similar to real network's malware, using botnet server/client includes DNS Spoofing attack.

QR-Code Based Mutual Authentication System for Web Service (웹 서비스를 위한 QR 코드 기반 상호 인증 시스템)

  • Park, Ji-Ye;Kim, Jung-In;Shin, Min-Su;Kang, Namhi
    • The Journal of Korean Institute of Communications and Information Sciences
    • /
    • v.39B no.4
    • /
    • pp.207-215
    • /
    • 2014
  • Password based authentication systems are most widely used for user convenience in web services. However such authentication systems are known to be vulnerable to various attacks such as password guessing attack, dictionary attack and key logging attack. Besides, many of the web systems just provide user authentication in a one-way fashion such that web clients cannot verify the authenticity of the web server to which they set access and give passwords. Therefore, it is too difficult to protect against DNS spoofing, phishing and pharming attacks. To cope with the security threats, web system adopts several enhanced schemes utilizing one time password (OTP) or long and strong passwords including special characters. However there are still practical issues. Users are required to buy OTP devices and strong passwords are less convenient to use. Above all, one-way authentication schemes generate several vulnerabilities. To solve the problems, we propose a multi-channel, multi-factor authentication scheme by utilizing QR-Code. The proposed scheme supports both user and server authentications mutually, thereby protecting against attacks such as phishing and pharming attacks. Also, the proposed scheme makes use of a portable smart device as a OTP generator so that the system is convenient and secure against traditional password attacks.