• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.19 no.4
• /
• pp.51-61
• /
• 2009

Recently, the cyber-attacks using botnets are being increased, Because these attacks pursue the money, the criminal aspect is also being increased, There are spreading of spam mail, DDoS(Distributed Denial of Service) attacks, propagations of malicious codes and malwares, phishings. leaks of sensitive informations as cyber-attacks that used botnets. There are many studies about detection and mitigation techniques against centralized botnets, namely IRC and HITP botnets. However, P2P botnets are still in an early stage of their studies. In this paper, we analyzed the traffics of the Peacomm bot that is one of P2P-based storm bot by using honeynet which is utilized in active analysis of network attacks. As a result, we could see that the Peacomm bot sends a large number of UDP packets to the zombies in wide network through P2P. Furthermore, we could know that the Peacomm bot makes the scale of botnet maintained and extended through these results. We expect that these results are used as a basis of detection and mitigation techniques against P2P botnets.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.31 no.11B
• /
• pp.1005-1016
• /
• 2006

As the increment usage of Internet, the security systems's importance is emphasized. The current Internet Key Exchange protocol(IKE) which has been used for key exchange of security system, was pointed out a problem of efficiency and stability. In this research, we try to resolve those problems, and evaluate the newly designed Key Exchange protocol in the IPsec interaction test bed system environment. In this research we implemented the new Key Exchange Protocol as a recommendation of RFC proposal, so as to resolve the problem which was pointed out the key exchange complexity and the speed of authentication process. We also designed the defense mechanism against the Denial of Service attack. We improved the key exchange speed as a result of simplification of complex key exchange phase, and increased efficiency as a result of reuse the preexistence state value when it's renegotiated.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2017.04a
• /
• pp.315-318
• /
• 2017

Nowadays, Distributed Denial of Service (DDoS) attacks have gained increasing popularity and have been a major factor in a number of massive cyber-attacks. It could easily exhaust the computing and communicating resources of a victim within a short period of time. Therefore, we have to find the method to detect and prevent the DDoS attack. Recently, there have been some researches that provide the methods to resolve above problem, but it still gets some limitations such as low performance of detecting and preventing, scope of method, most of them just use on cloud server instead of network, and the reliability in the network. In this paper, we propose solutions for (1) handling multiple DDoS attacks from multiple IP address and (2) handling the suspicious attacks in the network. For the first solution, we assume that there are multiple attacks from many sources at a times, it should be handled to avoid the conflict when we setup the preventing rule to switches. In the other, there are many attacks traffic with the low volume and same destination address. Although the traffic at each node is not much, the traffic at the destination is much more. So it is hard to detect that suspicious traffic with the sampling based method at each node, our method reroute the traffic to another server and make the analysis to check it deeply.

• Journal of Digital Convergence
• /
• v.13 no.1
• /
• pp.275-281
• /
• 2015

The recent health care is growing rapidly want to receive offers users a variety of medical services, can be exploited easily exposed to a third party information on the role of the patient's hospital staff (doctors, nurses, pharmacists, etc.) depending on the patient clearly may have to be classified. In this paper, in order to ensure safe use by third parties in the health care environment, classify the attributes of patient information and patient privacy protection technique using hierarchical multi-property rights proposed to classify information according to the role of patient hospital officials The. Hospital patients and to prevent the proposed method is represented by a mathematical model, the information (the data consumer, time, sensor, an object, duty, and the delegation circumstances, and so on) the privacy attribute of a patient from being exploited illegally patient information from a third party the prevention of the leakage of the privacy information of the patient in synchronization with the attribute information between the parties.

• Journal of the Korea Society of Computer and Information
• /
• v.15 no.9
• /
• pp.99-107
• /
• 2010

This paper showed that the integrated system to fortify security was much more efficient than the respective system through the analysis of problems from Firewall and IPS system in the existing security systems. The results of problem analysis revealed that there were the delay of processing time and lack of efficiency in the existing security systems. Accordingly, their performance was evaluated by using the separated Firewall, IPS system, and the integrated system. The result of evaluation shows that the integrated security system this paper suggested is five times faster than the existing one in terms of processing speed of response. This paper demonstrated the excellence of the proposed security system is also more than fivefold in session handling per second and six times process speeding in the CPU processing performance. In addition, several security policies are applied, and it provided a fact that it gave an excellent performance when it comes to protecting from harmful traffic attacks. In conclusion, this paper emphasized that fortifying the integrated security system was more efficient than fortifying the existing one considering in various respects such as cost, management, time, space and so on.

• Journal of Industrial Convergence
• /
• v.18 no.5
• /
• pp.23-29
• /
• 2020

The Internet of things (IoT) is the extension of Internet connectivity into various devices and everyday objects. Embedded with electronics, Internet connectivity and other forms of hardware. The IoT poses significant risk to the entire digital ecosystem. This is because so many of these devices are designed without a built-in security system to keep them from being hijacked by hackers. This paper proposed a mutual authentication protocol for IoT Devices using symmetric-key algorithm. The proposed protocol use symmetric key cryptographic algorithm to securely encrypt data on radio channel. In addition, the secret key used for encryption is random number of devices that improves security by using variable secret keys. The proposed protocol blocked attacker and enabled legal deives to communicate because only authenticated devices transmit data by a mutual authentication protocol. Finally, our scheme is safe for attacks such as eavesdropping attack, location tracking, replay attack, spoofing attack and denial of service attack and we confirmed the safety by attack scenario.

• Journal of the Korea Society of Computer and Information
• /
• v.10 no.3 s.35
• /
• pp.237-247
• /
• 2005

Ubiquitous Sensor Network(USN) is the very core of a technology for the Ubiquitous environments. There is the weakness from various security attacks such that tapping of sensor informations, flowing of abnormal packets, data modification and Denial of Service(DoS) etc. And it's required counterplan with them. Especially it's restricted by the capacity of battery and computing. By reasons of theses. positively, USN security technology needs the lightweighted design for the low electric energy and the minimum computing. In this paper, we propose lightweight USN mutual authentication methology based on trust model to solve above problems. The proposed authentication model can minimize the measure of computing because it authenticates the sensor nodes based on trust information represented by subjective logic model. So it can economize battery consumption and resultingly increse the lifetime of sensor nodes.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.39B no.11
• /
• pp.743-754
• /
• 2014

Recently, Information-Centric Networking(ICN), different from traditional IP-based networking, has been highlighted. Content-Centric Networking(CCN), proposed by Van Jacobson, is a representative scheme of the ICN architectures. It can deliver messages slightly faster than the IP-based networking by focusing on the access and delivery to the content itself. However, CCN is restricted to distribute the information without transmitting the request packet in advance because it is pull-based architecture by content requester. In addition, it has a problem that the Pending Interest Table(PIT) could be overloaded easily when DDoS attack happens. In this paper, we suggest an algorithm using a push-based scheme without request packets and overcoming PIT overload situation by Interest Group Push Table(IGPT). The proposed scheme enables to transmit a large amount of content than an existing scheme during the same amount of time in terms of timely-delivery and security.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.4 no.3
• /
• pp.428-451
• /
• 2010

Traffic matrix-based anomaly detection and DDoS attacks detection in networks are research focus in the network security and traffic measurement community. In this paper, firstly, a new type of unidirectional flow called IF flow is proposed. Merits and features of IF flows are analyzed in detail and then two efficient methods are introduced in our DDoS attacks detection and evaluation scheme. The first method uses residual variance ratio to detect DDoS attacks after Recursive Least Square (RLS) filter is applied to predict IF flows. The second method uses generalized likelihood ratio (GLR) statistical test to detect DDoS attacks after a Kalman filter is applied to estimate IF flows. Based on the two complementary methods, an evaluation formula is proposed to assess the seriousness of current DDoS attacks on router ports. Furthermore, the sensitivity of three types of traffic (IF flow, input link and output link) to DDoS attacks is analyzed and compared. Experiments show that IF flow has more power to expose anomaly than the other two types of traffic. Finally, two proposed methods are compared in terms of detection rate, processing speed, etc., and also compared in detail with Principal Component Analysis (PCA) and Cumulative Sum (CUSUM) methods. The results demonstrate that adaptive filter methods have higher detection rate, lower false alarm rate and smaller detection lag time.

• Journal of the Institute of Electronics Engineers of Korea CI
• /
• v.42 no.5
• /
• pp.21-30
• /
• 2005

Recently, a mobile IPv6 binding update protocol using Address Based Keys (BU-ABK) was proposed. This protocol applies Address Based Keys (ABK), generated through identity-based cryptosystem, to enable strong authentication and secure key exchange without any global security infrastructure. However, because it cannot detect that public cryptographic parameters for ABKs are altered or forged, it is vulnerable to man-in-the-middle attacks and denial of service attacks. Furthermore, it has heavy burden of managing the public cryptographic parameters. In this paper, we show the weaknesses of BU-ABK and then propose an enhanced BU-ABK (EBU-ABK). Furthermore, we provide an optimization for mobile devices with constraint computational power. The comparison of EBU-ABK with BU-ABK shows that the enhanced protocol achieves strong security while not resulting in heavy computation overhead on a mobile node.