• 기술사
• /
• 제44권5호
• /
• pp.26-30
• /
• 2011

The hacking attacks as a DDoS attack on a telecommunications network has depleted the network resources. When hacking attack occurs a user can not access to the network and can not use the telecommunication services. Professional Engineers with expertise and experience in the field of Information and communication could play an important role to respond to the hacking attacks. Professional Engineers will build the information and communication network system for the hacking countermeasures.

• 전기학회논문지
• /
• 제63권11호
• /
• pp.1571-1574
• /
• 2014

In this paper, we propose a unidirectional transmission of critical information obtained by keyboard hacking or kernel and keyboard driver hacking even though the computer is not connected to the external network. We show the hacking can be attempted in the proposed method to show the way preventing such attempts in advance. Firewalls and other various methods are used to prevent the hacking from the external network but the hacking is also attempted in various ways to detour the firewall. One of the most effective way preventing from the hacking attack is physically disconnect the internal intranet systems from the external internet and most of the government systems, military systems and big corporate systems are using this way as on one of the protection method. In this paper, we show the feasibility of transmission of security codes, etc via the short message to the external network on the assumption that a hacking program such as Trojan Horse is installed on the computer systems separated from the external network. Previous studies showed that the letters on the monitor can be hijacked by electromagnetic analysis on the computer to obtain the information even though the system is not connected ti the network. Other studies showed that the security code hint can obtained by analyzing the power consumption distribution of CPU. In this paper, the power consumption distribution of externally accessible power line is analyzed to obtain the information and the information can be transmitted to the external network. Software controlling the CPU and GPU usage is designed to control the power supply of computer. The sensors such as the Rogowski coils can be used on the external power line to collect the data of power consumption change rates. To transmit the user password by short message, due to the capacitive components and the obstacle from other power supply, A very slow protocol are used.

• 한국정보시스템학회지:정보시스템연구
• /
• 제29권2호
• /
• pp.221-242
• /
• 2020

Purpose This study collects data of the recently activated online black market and analyzes it to present a specific method for preparing for a hacking attack. This study aims to make safe from the cyber attacks, including hacking, from the perspective of individuals and businesses by closely analyzing hacking methods and tools in a situation where they are easily shared. Design/methodology/approach To prepare for the hacking attack through the online black market, this study uses the routine activity theory to identify the opportunity factors of the hacking attack. Based on this, text mining and social network techniques are applied to reveal the most dangerous areas of security. It finds out suitable targets in routine activity theory through text mining techniques and motivated offenders through social network analysis. Lastly, the absence of guardians and the parts required by guardians are extracted using both analysis techniques simultaneously. Findings As a result of text mining, there was a large supply of hacking gift cards, and the demand to attack sites such as Amazon and Netflix was very high. In addition, interest in accounts and combos was in high demand and supply. As a result of social network analysis, users who actively share hacking information and tools can be identified. When these two analyzes were synthesized, it was found that specialized managers are required in the areas of proxy, maker and many managers are required for the buyer network, and skilled managers are required for the seller network.

• 한국정보통신학회논문지
• /
• 제21권1호
• /
• pp.61-71
• /
• 2017

ARP 스푸핑은 2계층 MAC 주소를 속여 통신의 흐름을 왜곡시키는 스니핑의 근간이 되는 핵심 해킹 기술이다. 본 논문에서는 스위치 네트워크 환경의 원격지 서버들의 스니핑을 위한 효율적인 공격방법 '위조 ARP 응답 유니캐스트 스푸핑'을 제안하였다. 위조 ARP 응답 유니캐스트 스푸핑은 클라이언트와 서버 간의 송수신 패킷을 모두 스니핑할 수 있고, 스니핑 절차가 간결하여 해킹 프로그램을 단순화할 수 있다. 본 논문에서는 제안한 ARP 스푸핑 공격을 구현하여 다양한 서버 유형별 네트워크 해킹방법에 관해 연구하였고, 이의 구현기술에 관해 연구하였다. Telnet/FTP 서버의 Root ID와 PW, MySQL DB 서버의 Root ID와 PW, 웹 서버 포탈의 ID와 PW, 웹 뱅킹서버의 계좌번호와 비밀번호 및 거래정보 해킹 등 다양한 서버 유형별 해킹 기술에 관해 연구하였고, 핵심 해킹 프로그램들을 분석하여 이의 구현기술에 관해 연구하였다.

• 융합보안논문지
• /
• 제16권6_2호
• /
• pp.99-107
• /
• 2016

이 연구의 목적은 Bluetooth를 활용한 자동차의 내부망 통신네트워크를 해킹공격으로부터 예방하기 위한 대응방안을 제시하기 위함이다. 이를 위해 2장에서는 자동차 통신네트워크의 정의와 내부망 통신네트워크의 종류에 대해서 살펴보았다. 3장에서는 자동차 내부망 통신네트워크 해킹위험성을 분석하기 위해 Bluetooth에 의한 해킹범죄사례를 살펴보았다. 4장에서는 본 연구의 결과로서 첫째, "자동차안전기준에 관한 규칙" 개정이 이루어져야 한다. 동법에서는 전자제어시스템의 정의 및 기준사항과 안전운행을 위한 제작 및 정비를 규정해 놓았음에도 불구하고 전자제어시스템을 대상으로 한 해킹범죄 예방 및 방어와 관련된 보안프로그램 혹은 펌웨어 등의 제작과 관련된 규정이 없는 실정이다. 둘째, 자동차의 전자제어시스템 기술의 복잡성에 기인된 자동차 통신네트워크를 보호하고자 자동차 통신네트워크 보호 법률이 신설되어야 한다.

• Journal of information and communication convergence engineering
• /
• 제10권2호
• /
• pp.156-161
• /
• 2012

An increasing number of people who use a smart phone or tablet PC are accessing wireless networks in public facilities including cafes and shopping centers. For example, iPhones and Android Phones have been available since 2010. However, security incidents may occur through all sorts of malicious code infection of users' personal information during the use of an insecure wireless network. In this paper, we will describe the Wi-Fi protected access (WPA) and WPA2 encryption systems used to access a wireless network from a smart phone and tablet PC, and demonstrate the access point (AP) hacking process in a wireless network to which a password is applied on the basis of the analyzed WPA and WPA2 passwords. We will analyze the method of successful AP hacking and propose an approach to enhancing wireless LAN security. This study will contribute to enhancing the security and stability of wireless networks.

• 제어로봇시스템학회:학술대회논문집
• /
• 제어로봇시스템학회 2003년도 ICCAS
• /
• pp.2101-2105
• /
• 2003

Recently the number of Internet users has very sharply increased, and the number of intrusions has also increased very much. Consequently, security products are being developed and adapted to prevent systems and networks from being hacked and intruded. Even if security products are adapted, however, hackers can still attack a system and get a special authorization because the security products cannot prevent a system and network from every instance of hacking and intrusion. Therefore, the researchers have focused on an active hacking prevention method, and they have tried to develop a traceback system that can find the real location of an attacker. At present, however, because of the characteristics of Internet - diversity, anonymity - the real-time traceback is very difficult. To over-come this problem the Network-based Real-Time Connection Traceback System (NRCTS) was proposed. But there is a security problem that the victim system can be hacked during the traceback. So, in this paper, we propose modified NRCTS with connection redirection technique. We call this traceback system as Connection Redirected Network-based Real-Time Connection Traceback System (CR-NRCTS).

• 융합보안논문지
• /
• 제19권1호
• /
• pp.19-30
• /
• 2019

최근 4차 산업혁명이 화두로 등장하면서 자율주행자동차의 중요성과 관심이 높아지고 있다. 전 세계적으로 시험 운행이 늘어나면서 자율주행자동차와 관련된 사고도 발생하고 있으며, 이에 대한 사이버 해킹 위협 가능성도 높아지고 있다. 미국, 영국, 독일을 포함한 여러 국가들은 이러한 추세를 반영하여 자율주행자동차의 사이버 해킹에 대응하기 위한 가이드라인을 만들거나 기존의 법률을 개정하고 있다. 국내의 경우 자율주행자동차의 제한적인 임시운행이 이루어지고 있으나, 자율주행자동차 해킹으로 인한 사고 발생 시 적용할 법제가 미흡한 상태이다. 본고에서는 기존의 관련 법률 체계를 분석하고 이를 바탕으로 자율주행자동차 사이버 해킹으로 인한 민사, 형사, 행정 책임 문제를 살펴보면서, 자율주행자동차 특성에 맞는 사고 책임 관련 법률체계를 제안하고 각 법제의 구성요소에 대해서 분석하여 이슈사항을 도출하며, 추가적으로 간략한 개선방안도 제시한다.

• 한국융합학회논문지
• /
• 제3권1호
• /
• pp.7-11
• /
• 2012

지능형 자동차의 최종 목표는 사고 위험이 전혀 없는 무인 자동차이다. 지능형 자동차의 구현을 위해서는 무선 네트워크 데이터 통신 기술이 중요하다. 본 논문에서는 데이터 통신 기술이 구현이 되었을 때를 가정하여 네트워크 침입 기술에 대해 알아보고, 사용자 인증 및 데이터 위 변조시 그에 따른 보안 취약점과 그에 따른 대응기법을 생체인식 알고리즘 통해 적용하고자 한다. 확실한 사용자 인증 기법과 데이터 전송 기술에 대한 암호화를 통해 더욱 더 안전한 대응 기법을 제안하고자 한다.

• International Journal of Computer Science & Network Security
• /
• 제23권6호
• /
• pp.169-175
• /
• 2023

Ethical hackers are using different tools and techniques to encounter malicious cyber-attacks generated by bad hackers. During the software development process, development teams typically bypass or ignore the security parameters of the software. Whereas, with the advent of online web-based software, security is an essential part of the software development process for implementing secure software. Security features cannot be added as additional at the end of the software deployment process, but they need to be paid attention throughout the SDLC. In that view, this paper presents a new, Ethical Hacking - Software Development Life Cycle (EH-SDLC) introducing ethical hacking processes and phases to be followed during the SDLC. Adopting these techniques in SDLC ensures that consumers find the end-product safe, secure and stable. Having a team of penetration testers as part of the SDLC process will help you avoid incurring unnecessary costs that come up after the data breach. This research work aims to discuss different operating systems and tools in order to facilitate the secure execution of the penetration tests during SDLC. Thus, it helps to improve the confidentiality, integrity, and availability of the software products.