• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.6 no.10
• /
• pp.2731-2749
• /
• 2012

Sybil attack has been proved effective in mitigating the P2P botnet, but the impacts of some important parameters were not studied, and no model to estimate the effectiveness was proposed. In this paper, taking Kademlia-based botnets as the example, the model which has the upper and lower bound to estimate the mitigating performance of the Sybil attack is proposed. Through simulation, how three important factors affect the performance of the Sybil attack is analyzed, which is proved consistent with the model. The simulation results not only confirm that for P2P botnets in large scale, the Sybil attack is an effective countermeasure, but also imply that the model can give suggestions for the deployment of Sybil nodes to get the ideal performance in mitigating the P2P botnet.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.13 no.1
• /
• pp.273-278
• /
• 2013

Recently, user authentication schemes using smart cards for multi-server environment have been proposed for practical applications. In 2009, Liao-Wang proposed a secure dynamic ID based remote user authentication scheme for multi-server environment that can withstand the various possible attacks and provide user anonymity. In this paper, we analyze the security of Liao-Wang's scheme, and we show that Liao-Wang's scheme is still insecure against the forgery attack, the password guessing attack, the session key attack, and the insider attack. In addition, Liao-Wang's scheme does not provide user anonymity between the user and the server.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.6 no.8
• /
• pp.1946-1963
• /
• 2012

Hummingbird is a lightweight encryption and message authentication primitive published in RISC'09 and WLC'10. In FSE'11, Markku-Juhani O.Saarinen presented a differential divide-and-conquer method which has complexity upper bounded by $2^{64}$ operations and requires processing of few megabytes of chosen messages under two related nonces (IVs). The improved version, Hummingbird-2, was presented in RFIDSec 2011. Based on the idea of differential collision, this paper discovers some weaknesses of the round function WD16. Combining with the simple key loading algorithm, a related-key chosen-IV attack which can recover the full secret key is proposed. Under 15 pairs of related keys, the 128 bit initial key can be recovered, requiring $2^{27}$ chosen IV and the computational complexity is $O(2^{27})$. In average, the attack needs several minutes to recover the full 128-bit secret key on a PC. The experimental result corroborates our attack. The result shows that the Hummingbird-2 cipher can't resist related key attack.

• Journal of Internet Computing and Services
• /
• v.6 no.1
• /
• pp.13-25
• /
• 2005

Distributed Denial-of-Service(DDoS) attack prevent users from accessing services on the target network by spoofing its origin source address with a large volume of traffic. The objective of IP Traceback is to determine the real attack sources, as well as the full path taken by the attack packets. Existing IP Traceback methods can be categorized as proactive or reactive tracing. Existing PPM based tracing scheme(such as router node appending, sampling and edge sampling) insert traceback information in IP packet header for IP Traceback. But, these schemes did not provide enhanced performance in DDoS attack. In this paper, we propose a 'TTL based advanced Packet Marking' mechanism for IP Traceback. Proposed mechanism can detect and control DDoS traffic on router and can generate marked packet for reconstructing origin DDoS attack source, by which we can diminish network overload and enhance traceback performance.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.13 no.11
• /
• pp.5354-5369
• /
• 2019

Sensor networks are deployed in unheeded environment to monitor the situation. In view of the unheeded environment and by the nature of their communication channel sensor nodes are vulnerable to various attacks most commonly malicious packet dropping attacks namely blackhole, grayhole attack and sinkhole attack. In each of these attacks, the attackers capture the sensor nodes to inject fake details, to deceive other sensor nodes and to interrupt the network traffic by packet dropping. In all such attacks, the compromised node advertises itself with fake routing facts to draw its neighbor traffic and to plunge the data packets. False routing advertisement play vital role in deceiving genuine node in network. In this paper, behavior based routing misbehavior detection (BRMD) is designed in wireless sensor networks to detect false advertiser node in the network. Herein the sensor nodes are monitored by its neighbor. The node which attracts more neighbor traffic by fake routing advertisement and involves the malicious activities such as packet dropping, selective packet dropping and tampering data are detected by its various behaviors and isolated from the network. To estimate the effectiveness of the proposed technique, Network Simulator 2.34 is used. In addition packet delivery ratio, throughput and end-to-end delay of BRMD are compared with other existing routing protocols and as a consequence it is shown that BRMD performs better. The outcome also demonstrates that BRMD yields lesser false positive (less than 6%) and false negative (less than 4%) encountered in various attack detection.

• Journal of Internet Computing and Services
• /
• v.5 no.1
• /
• pp.85-97
• /
• 2004

Distributed Denial-of-Service(DDoS) attack prevent users from accessing services on the target network by spoofing its origin source address with a large volume of traffic. The objective of IP Traceback is to determine the real attack sources, as well as the full path taken by the attack packets. Existing IP Traceback methods can be categorized as proactive or reactive tracing. Proactive tracing(such as packet marking and messaging) prepares information for tracing when packets are in transit. Reactive tracing starts tracing after an attack is detected. In this paper, we propose a "advanced ICMP Traceback" mechanism. which is based on the modified push back system. Proposed mechanism can detect and control DDoS traffic on router and can generate ICMP Traceback message for reconstructing origin attack source.ck source.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2014.05a
• /
• pp.578-581
• /
• 2014

Blackhole attack, a kinds of attacks to routing function, can cause critical effects to network transmission function, Especially, on MANET(Mobile Ad-hoc Network) which it is not easy to prepare functions to respond malicious intrusion, transmission functions of entire networks could be degraded. In this paper, effects of blackhole attack to network transmission performance is analyzed on lattice structured MANET. Specially, performance is measured for various location of blackhole attack on lattice MANET, and compared with the performance of random structured MANET. This paper is done with computer simulation, VoIP(Voice over Internet Protocol) traffic is used in simulation. The results of this paper can be used for data to deal with blackhole attack.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.15 no.11
• /
• pp.4224-4243
• /
• 2021

Cognitive radio (CR) is a feasible intelligent technology and can be used as an effective solution to spectrum scarcity and underutilization. As the key function of CR, cooperative spectrum sensing (CSS) is able to effectively prevent the harmful interference with primary users (PUs) and identify the available spectrum resources by exploiting the spatial diversity of multiple secondary users (SUs). However, the open nature of the cognitive radio networks (CRNs) framework makes CSS face many security threats, such as, the malicious user (MU) launches Byzantine attack to undermine CRNs. For this aim, we make an in-depth analysis of the motive and purpose from the MU's perspective in the interweave CR system, aiming to provide the future guideline for defense strategies. First, we formulate a dynamic Byzantine attack model by analyzing Byzantine behaviors in the process of CSS. On the basis of this, we further make an investigation on the condition of making the fusion center (FC) blind when the fusion rule is unknown for the MU. Moreover, the throughput and interference to the primary network are taken into consideration to evaluate the impact of Byzantine attack on the interweave CR system, and then analyze the optimal strategy of Byzantine attack when the fusion rule is known. Finally, theoretical proofs and simulation results verify the correctness and effectiveness of analyses about the impact of Byzantine attack strategy on the throughput and interference.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.8 no.3
• /
• pp.1144-1156
• /
• 2014

In Internet, IP multicast has been used successfully to provide an efficient, best-effort delivery service for group communication applications. However, applications such as multiparty private conference, distribution of stock market information, pay per view and other subscriber services may require secure multicast to protect integrity and confidentiality of the group traffic, and validate message authenticity. Providing secure multicast for group communication is problematic without a robust group key management. In this paper, we propose a group key management scheme based on the secret sharing technology to require each member by itself to generate the group key when receiving a rekeying message multicast by the group key distributor. The proposed scheme enforces mutual authentication between a member and the group key distributor while executing the rekeying process, and provides forward secrecy and backward secrecy properties, and resists replay attack, impersonating attack, group key disclosing attack and malicious insider attack.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.11 no.11
• /
• pp.5556-5573
• /
• 2017

As a main component of Internet of Things (IoTs), the wireless sensor networks (WSNs) have been widely applied to various areas, including environment monitoring, health monitoring of human body, farming, commercial manufacture, reconnaissance mission in military, and calamity alert etc. Meanwhile, the privacy concerns also arise when the users are required to get the real-time data from the sensor nodes directly. To solve this problem, several user authentication and key agreement schemes with a smart card and a password have been proposed in the past years. However, these schemes are vulnerable to some attacks such as offline password guessing attack, user impersonation attack by using attacker's own smart card, sensor node impersonation attack and gateway node bypassing attack. In this paper, we propose an improved scheme which can resist a wide variety of attacks in WSNs. Cryptanalysis and performance analysis show that our scheme can solve the weaknesses of previously proposed schemes and enhance security requirements while maintaining low computational cost.