• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.14 no.4
• /
• pp.25-37
• /
• 2004

A certificate is expected to use for its entire validity period. However, a false information record of user and compromise of private key may cause a certificate to become invalid prior to the expiration of the validity period. The CA needs to revoke the certificate. The CA periodically updates a signed data structure called a certificate revocation list(CRL) at directory server. but as CA updates a new CRL at directory server. the user can use a revoked certificate. Not only does this paper analyzes a structure of CRL and a characteristic of certificate status conviction, OCSP method but also it proposes a new certificate status verification method adding an observer information in handshake process between user and server.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.21 no.1
• /
• pp.39-52
• /
• 2011

An application-layer attack can effectively achieve its objective with a small amount of traffic, and detection is difficult because the traffic type is very similar to that of legitimate users. We have discovered a unique characteristic that is produced by a difference in client intention: Both a legitimate user and DDoS attacker establish a session through a 3-way handshake over the TCP/IP layer. After a connection is established, they request at least one HTTP service by a Get request packet. The legitimate HTTP user waits for the server's response. However, an attacker tries to terminate the existing session right after the Get request. These different actions can be interpreted as a difference in client intention. In this paper, we propose a detection algorithm for application layer DDoS attacks based on this difference. The proposed algorithm was simulated using traffic dump files that were taken from normal user networks and Botnet-based attack tools. The test results showed that the algorithm can detect an HTTP-Get flooding attack with almost zero false alarms.

• KIPS Transactions on Computer and Communication Systems
• /
• v.12 no.6
• /
• pp.197-208
• /
• 2023

In the coming future, anyone using the Internet will have more than one NFT. Unlike FT, NFT can specify the owner, and tracking management is easier than FT. Even in the 2022 survey, WPA2 is the most widely used wireless protocol worldwide to date. As it is a protocol that came out in 2006, it is a protocol with various vulnerabilities at this time. In order to use WPA2-EAP or WPA3 (2018), which were released to compensate for the vulnerabilities of WPA2, additional equipment upgrades are required for STA (station) and AP (access point, router), which are connected devices. The use of expensive router equipment solves the security part, but it is economically inefficient to be introduced in Small Office Home Office (SOHO). This paper uses NFT as a means of authentication and uses the existing WPA2 as it is without equipment upgrade, defend crack tools of WPA2 that have been widely used so far and compared to the existing WPA2, it was shown that it was not difficult to actually use them in SOHO.

• Journal of the Institute of Electronics Engineers of Korea TC
• /
• v.43 no.11 s.353
• /
• pp.118-127
• /
• 2006

The wireless transmission medium inherently broadcasts a signal to all neighbor nodes in the transmission range. Existing asynchronous MAC protocols do not provide a concrete solution for reliable broadcast in link layer. This mainly comes from that an omnidirectional broadcasting causes to reduce the network performance due to the explosive collisions and contentions. This paper proposes a directional broadcast protocol by using neighborhood information in the link layer based o,1 directional antennas, named MNDB (MAC protocol with Neighborhood for reliable Directional Broadcast). This protocol makes use of neighborhood information and DMACA (Directional Multiple Access and Collision Avoidance) scheme through 4-way handshake to support a reliable directional broadcast. To analyze its performance, MNDB protocol si compared with $RMDB^{[1]}$, the protocol 2 of reference [3], and IEEE 802.11 $protocol^{[9]}$, in terms of the number of collisions, the number of dropped packets, the number of redundant packets, and broadcast delay.

• Journal of KIISE:Computer Systems and Theory
• /
• v.37 no.4
• /
• pp.226-238
• /
• 2010

OpenSSL is an open-source library implementing SSL that is a secure communication protocol. However, the library has a severe vulnerability that its security information can be easily exposed to malicious software when the library is used in a form of shared library on Linux and UNIX operating systems. We propose a scheme to attack the vulnerability of the OpenSSL library. The scheme injects codes into a running client program to execute the following attacks on the vulnerability in a SSL handshake. First, when a client sends a server a list of cryptographic algorithms that the client is willing to support, our scheme replaces all algorithms in the list with a specific algorithm. Such a replacement causes the server to select the specific algorithm. Second, the scheme steals a key for data encryption and decryption when the key is generated. Then the key is sent to an outside attacker. After that, the outside attacker decrypts encrypted data that has been transmitted between the client and the server, using the specified algorithm and the key. To show that our scheme is realizable, we perform an experiment of collecting encrypted login data that an ftp client using the OpenSSL shared library sends its server and then decrypting the login data.

• The Journal of Society for e-Business Studies
• /
• v.22 no.2
• /
• pp.169-185
• /
• 2017

Juliano Rizzo and Thai Duong, the authors of the BEAST attack [11, 12] on SSL, have proposed a new attack named CRIME [13] which is Compression Ratio Info-leak Made Easy. The CRIME exploits how data compression and encryption interact to discover secret information about the underlying encrypted data. Repeating this method allows an attacker to eventually decrypt the data and recover HTTP session cookies. This security weakness targets in SPDY and SSL/TLS compression. The attack becomes effective because the attacker is enable to choose different input data and observe the length of the encrypted data that comes out. Since Transport Layer Security (TLS) ensures integrity of data transmitted between two parties (server and client) and provides strong authentication for both parties, in the last few years, it has a wide range of attacks on SSL/TLS which have exploited various features in the TLS mechanism. In this paper, we will discuss about the CRIME and other versions of SSL/TLS attacks along with countermeasures, implementations. We also present direction for SSL/TLS attacks resistance in practice.

• Journal of KIISE:Information Networking
• /
• v.33 no.1
• /
• pp.16-27
• /
• 2006

The wireless transmission medium inherently broadcasts a signal to all neighbor nodes in the transmission range. Existing asynchronous MAC protocols do not provide a concrete solution for reliable broadcast in link layer. This mainly comes from that an omni-directional broadcasting causes to reduce the network performance due to the explosive collisions and contentions. This paper proposes a reliable broadcast protocol in link taller based on directional antennas, named MDB(MAC protocol for Directional Broadcasting). This protocol makes use of DAST(Directional Antennas Statement Table) information and D-MACA(Directional Multiple Access and Collision Avoidance) scheme through 4-way handshake to resolve the many collision problem wit]1 omni-directional antenna. To analyze its performance, MDB protocol is compared with IEEE 802.11 DCF protocol [9] and the protocol 2 of reference [3], in terms of the success rate of broadcast and the collision rate. As a result of performance analysis through simulation, it was confirmed that the collision rate of the MDB protocol is lower than those of IEEE 802.11 and the protocol 2 of reference [3], and that the completion rate of broadcast of MDB protocol is higher than those of IEEE 802.11 and the protocol 2 of reference [3].