• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.17 no.10
• /
• pp.732-742
• /
• 2016

This study suggests methods of defense against low-level high-bandwidth DDoS attacks by adding a solution with a time limit factor (TLF) to an existing high-bandwidth DDoS defense system. Low-level DDoS attacks cause faults to the service requests of normal users by acting as a normal service connection and continuously positioning the connected session. Considering this, the proposed method makes it possible for users to show a down-related session by considering it as a low-level DDoS attack if the abnormal flow is detected after checking the amount of traffic. However, the service might be blocked when misjudging a low-level DDoS attack in the case of a communication fault resulting from a network fault, even with a normal connection status. Thus, we made it possible to reaccess the related information through a certain period of blocking instead of a drop through blacklist. In a test of the system, it was unable to block the session because it recognized sessions that are simply connected with a low-level DDoS attack as a normal communication.

• JSTS:Journal of Semiconductor Technology and Science
• /
• v.12 no.3
• /
• pp.286-292
• /
• 2012

Scan techniques are almost mandatorily adopted in designing current System-on-a-Chip (SoC) to enhance testability, but inadvertently secret keys can be stolen through the scan test channels of crypto SoCs. An efficient scan design technique is proposed in this paper to protect the secret key of an Advanced Encryption Standard (AES) core embedded in an SoC. A new instruction is added to IEEE 1149.1 boundary scan to use a fake key instead of user key, in which the fake key is chosen with meticulous care to improve the testability as well. Our approach can be implemented as user defined logic with conventional boundary scan design, hence no modification is necessary to any crypto IP core. Conformance to the IEEE 1149.1 standards is completely preserved while yielding better performance of area, power, and fault coverage with highly robust protection of the secret user key.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.11 no.1
• /
• pp.396-413
• /
• 2017

Dynamically checking the integrity of software at run-time is always a hot and difficult spot for trusted computing. Control-flow integrity is a basic and important safety property of software integrity. Many classic and emerging security attacks who introduce illegal control-flow to applications can cause unpredictable behaviors of computer-based systems. In this paper, we present a software-based approach to checking violation of control flow integrity at run-time. This paper proposes a high-performance and low-overhead software control flow checking solution, control flow checking at virtual edges (CFCVE). CFCVE assigns a unique signature to each basic block and then inserts a virtual vertex into each edge at compile time. This together with insertion of signature updating instructions and checking instructions into corresponding vertexes and virtual vertexes. Control flow faults can be detected by comparing the run-time signature with the saved one at compile time. Our experimental results show that CFCVE incurs only 10.61% performance overhead on average for several C benchmark programs and the average undetected error rate is only 9.29%. Compared with previous techniques, CFCVE has the characteristics of both high fault coverage and low memory and performance overhead.

• Journal of Communications and Networks
• /
• v.14 no.6
• /
• pp.682-691
• /
• 2012

Key agreement protocol is a fundamental protocol in cryptography whereby two or more participants can agree on a common conference key in order to communicate securely among themselves. In this situation, the participants can securely send and receive messages with each other. An adversary not having access to the conference key will not be able to decrypt the messages. In this paper, we propose a novel identity-based authenticated multi user key agreement protocol employing a symmetric balanced incomplete block design. Our protocol is built on elliptic curve cryptography and takes advantage of a kind of bilinear map called Weil pairing. The protocol presented can provide an identification (ID)-based authentication service and resist different key attacks. Furthermore, our protocol is efficient and needs only two rounds for generating a common conference key. It is worth noting that the communication cost for generating a conference key in our protocol is only O($\sqrt{n}$) and the computation cost is only O($nm^2$), where $n$ implies the number of participants and m denotes the extension degree of the finite field $F_{p^m}$. In addition, in order to resist the different key attack from malicious participants, our protocol can be further extended to provide the fault tolerant property.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.34 no.9B
• /
• pp.867-875
• /
• 2009

The reliability of wireless body area networks is an important research issue since it may jeopardize the vital human life, unless managed properly. In this article, a new modeling and analysis of node misbehaviors in wireless body area networks is presented, in the presence of multi-type failures. First, the nodes are classified into types in accordance with routing capability. Then, the node behavior in the presence of failures such as energy exhaustion and/or malicious attacks has been modeled using a novel Semi-Markov process. The proposed model is very useful in analyzing reliability of WBANs in the presence of multi-type failures.

• Nuclear Engineering and Technology
• /
• v.52 no.12
• /
• pp.2687-2698
• /
• 2020

Most of the machine learning-based intrusion detection tools developed for Industrial Control Systems (ICS) are trained on network packet captures, and they rely on monitoring network layer traffic alone for intrusion detection. This approach produces weak intrusion detection systems, as ICS cyber-attacks have a real and significant impact on the process variables. A limited number of researchers consider integrating process measurements. However, in complex systems, process variable changes could result from different combinations of abnormal occurrences. This paper examines recent advances in intrusion detection algorithms, their limitations, challenges and the status of their application in critical infrastructures. We also introduce the discussion on the similarities and conflicts observed in the development of machine learning tools and techniques for fault diagnosis and cybersecurity in the protection of complex systems and the need to establish a clear difference between them. As a case study, we discuss special characteristics in nuclear power control systems and the factors that constraint the direct integration of security algorithms. Moreover, we discuss data reliability issues and present references and direct URL to recent open-source data repositories to aid researchers in developing data-driven ICS intrusion detection systems.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.17 no.4
• /
• pp.1258-1275
• /
• 2023

Cloud computing is a new technology that has adapted to the traditional way of service providing. Service providers are responsible for managing the allocation of resources. Selecting suitable containers and bandwidth for job scheduling has been a challenging task for the service providers. There are several existing systems that have introduced many algorithms for resource allocation. To overcome these challenges, the proposed system introduces an Optimized Task Scheduling Algorithm with Deep Learning (OTS-DL). When a job is assigned to a Cloud Service Provider (CSP), the containers are allocated automatically. The article segregates the containers as' Long-Term Container (LTC)' and 'Short-Term Container (STC)' for resource allocation. The system leverages an 'Optimized Task Scheduling Algorithm' to maximize the resource utilisation that initially inquires for micro-task and macro-task dependencies. The bottleneck task is chosen and acted upon accordingly. Further, the system initializes a 'Deep Learning' (DL) for implementing all the progressive steps of job scheduling in the cloud. Further, to overcome container attacks and errors, the system formulates a Container Convergence (Fault Tolerance) theory with high-level security. The results demonstrate that the used optimization algorithm is more effective for implementing a complete resource allocation and solving the large-scale optimization problem of resource allocation and security issues.

• The KIPS Transactions:PartA
• /
• v.12A no.5 s.95
• /
• pp.395-404
• /
• 2005

There have been large concerns about survivability defined as the capability of a system to perform a mission-critical role, in a timely manner, in the presence of attacks, failures. In particular, One of the most important core technologies required for the design of the ITS(Intrusion Tolerance System) that performs continuously minimal essential services even when the computer system is partially compromised because of intrusions is the survivability one of In included the dependability analysis of a reliability and availability etc. quantitative dependability analysis of the In. In this Paper, we applied self-healing mechanism utilizing two factors of self-healing mechanism (fault model and system response), the core technology of autonomic computing to secure the protection power of the ITS and consisted of a state transition diagram of the ITS composed of a primary server and a backup server. We also defined the survivability, availability, and downtime cost of the ITS, and then performed studies on simulation experiments and two cases of vulnerability attack. Simulation results show that intrusion tolerance capability at the initial state is more important than coping capability at the attack state in terms of the dependability enhancement.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.19 no.6
• /
• pp.185-190
• /
• 2009

As the use of RSA based on chinese remainder theorem(CRT-RSA) is being generalized, the security of CRT-RSA has been important. Since Bellcore researchers introduced the fault attacks on CRT-RSA, various countermeasures have been proposed. In 1999, Shamir firstly proposed a countermeasure using checking procedure. After Shamir's countermeasure was introduced, various countermeasures based on checking procedure have been proposed. However, Shamir's countermeasure was known to be vulnerable to the modified operand attack by Joey et al. in 2001, and the checking procedure was known to be vulnerable to the modified opcode attack by Yen et al. in 2003. Yen et al. proposed a new countermeasure without checking procedure, but their countermeasure was known to be also vulnerable to the modified operand attack by Yen and Kim in 2007. In this paper, we point out that pre, but countermeasures were vulnerable to the modified operand attack or the modified opcode attack.

• Journal of the Institute of Electronics Engineers of Korea CI
• /
• v.45 no.4
• /
• pp.41-52
• /
• 2008

Ubiquitous service environment is poor in reliability of connection and has a high probability that the intrusion and the system failure may occur. Therefore, in the environment, the capability of a system to collectively accomplish its mission in spite of active intrusions and various failure scenarios, that is, the survivability of services are needed. In this paper, we analyze the Jgroup/ARM framework that was developed in order to help the development of fault- tolerant Jini services. More importantly, we propose an intrusion-tolerant Jini service architecture to satisfy the security availability and quality of services on the basis of the analysis. The proposed architecture is able to protect a Jini system not only from faults such as network partitioning or server crash, but also from attacks exploiting flaws. It is designed to provides performance enough to show a low response latency so as to support seamless service usage. Through the experiment on a test-bed, we have confirmed that the architecture is able to provide high security and availability at the level that degraded services quality is ignorable.