• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.4
• /
• pp.695-707
• /
• 2013

DHT(Distributed Hash Table) networks such as Kademlia are vulnerable to the ID mapping attack caused by the voluntary DHT mapping structure where the location of a node is solely determined by itself on the network topology. This causes security problems such as eclipse, DRDoS and botnet C&C on DHT networks. To prevent ID mapping attacks, we propose a non-voluntary DHT mapping scheme and perform analysis on NAT compatibility, attack resistance, and network dynamicity. Analysis results show that our approach may have an equivalent level of attack resistance comparing with other defense mechanisms and overcome their limitations including NAT compatibility and network dynamicity.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2021.05a
• /
• pp.108-110
• /
• 2021

Since 2015, attacks using the IoT protocol have been continuously reported. Among various IoT protocols, attackers attempt DDoS attacks using SSDP(Simple Service Discovery Protocol), and as statistics of cyber shelters, Korea has about 1 million open SSDP servers. Vulnerable SSDP servers connected to the Internet can generate more than 50Gb of traffic and the risk of attack increases gradually. Until recently, distributed denial of service attacks and distributed reflective denial of service attacks have been a security issue. Accordingly, the purpose of this study is to analyze the request packet of the existing SSDP protocol to identify an amplification attack and to avoid a response when an amplification attack is suspected, thereby preventing network load due to the occurrence of a large number of response packets due to the role of traffic reflection amplification.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.30 no.11B
• /
• pp.689-697
• /
• 2005

The IETF has created the v6ops Working Group to assist IPv6 transition and propose technical solutions to achieve it. But it's quite problem which security consideration for a stage of IPv4/IPv6 transition and co-existence. There are new security problem threat that it caused by the characteristics of heterogeneity. In this paper, we describe IPv6 transition mechanisms and analyze security problem for IPv6 transition mechanism. also we propose security consideration and new security mechanism. We analyzed DoS and DRDoS in 6to4 environment and presented a address sanity check as a solution. We also showed an attack of address exhaustion in address allocation server. To solve this problem, we proposed challenge-response mechanism in DSTM.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2022.10a
• /
• pp.143-145
• /
• 2022

With the spread of the Internet around the world, devices connected to the Internet are gradually increasing. In addition, the number of distributed reflection service attacks (DrDoS), an attack that maliciously requests large responses by deceiving IPs as if the attacker was a victim, using vulnerabilities in application protocols such as DNS, NTP, and CLDAP, is increasing rapidly. It is believed that the security threat of distributed reflection service attacks will not disappear unless ISPs establish appropriate countermeasures to IP Spoofing. Therefore, this paper describes the security threat and response status of distributed reflection service attacks based on IP Spoofing.

• Journal of the Korea Convergence Society
• /
• v.12 no.5
• /
• pp.9-16
• /
• 2021

Due to the prolonged infectious disease of COVID-19 worldwide, there are various security threats due to network attacks on Internet of Things devices that are vulnerable to telecommuting. Initially, users of Internet of Things devices were exploited for vulnerabilities in Remote Desktop Protocol, spear phishing and APT attacks. Since then, the technology of network attacks has gradually evolved, exploiting the simple service discovery protocol of Internet of Things devices, and DRDoS attacks have continued to increase. Existing SSDPs are accessible to unauthorized devices on the network, resulting in problems with information disclosure and amplification attacks on SSDP servers. To compensate for the problem with the authentication procedure of existing SSDPs, we propose a hash-based SSDP that encrypts server-specific information with hash and adds authentication fields to both Notify and M-Search message packets to determine whether an authorized IoT device is present.