• Title/Summary/Keyword: Recording Attack

Search Result 21, Processing Time 0.022 seconds

A Study on the DDoS Defense Algorithm using CFC based on Attack Pattern Analysis of TCP/IP Layers (TCP/IP Layer별 공격패턴 분석에 기반한 CFC를 이용한 DDoS 방어 알고리즘 연구)

  • Seo, Woo Seok;Park, Dea Woo;Jun, Moon Seog
    • Journal of Korea Society of Digital Industry and Information Management
    • /
    • v.6 no.4
    • /
    • pp.117-130
    • /
    • 2010
  • Paper is on defense for so-called internet crisis, the attack of DDoS (Distributed Denial of Service) which was targeted to the central government ministries, financial sector, and portal sites of chief counties including Korea on June 7th, 2009 as its start. By conducting attack with various DDoS attacking methods in the lab environment and dividing networks targeted by the attack by layers, this paper records and analyzes the chief information for attack, destination information of packets, defense policy setting, and the flow of packet attack with the subjects of the networks separated. This study suggests CFC system using multiple firewalls applying defense policy corresponding to the target layer for ultimate attack and tests it according to the result of analyzing the attack packet information and its amount, log analysis, access recording port, and MAC and IT information, etc. by layers. This article is meaningful in that it analyzes the attack by layers, establishes firewall policy for protecting each layer, and secures accurate mechanism for detect and defense.

XSSClassifier: An Efficient XSS Attack Detection Approach Based on Machine Learning Classifier on SNSs

  • Rathore, Shailendra;Sharma, Pradip Kumar;Park, Jong Hyuk
    • Journal of Information Processing Systems
    • /
    • v.13 no.4
    • /
    • pp.1014-1028
    • /
    • 2017
  • Social networking services (SNSs) such as Twitter, MySpace, and Facebook have become progressively significant with its billions of users. Still, alongside this increase is an increase in security threats such as cross-site scripting (XSS) threat. Recently, a few approaches have been proposed to detect an XSS attack on SNSs. Due to the certain recent features of SNSs webpages such as JavaScript and AJAX, however, the existing approaches are not efficient in combating XSS attack on SNSs. In this paper, we propose a machine learning-based approach to detecting XSS attack on SNSs. In our approach, the detection of XSS attack is performed based on three features: URLs, webpage, and SNSs. A dataset is prepared by collecting 1,000 SNSs webpages and extracting the features from these webpages. Ten different machine learning classifiers are used on a prepared dataset to classify webpages into two categories: XSS or non-XSS. To validate the efficiency of the proposed approach, we evaluated and compared it with other existing approaches. The evaluation results show that our approach attains better performance in the SNS environment, recording the highest accuracy of 0.972 and lowest false positive rate of 0.87.

Differential Power Analysis Attack on Cryptosystem adopted NAF Algorithm as a Secret Key Recoding Method (비밀키를 NAF로 사용하는 암호시스템의 차분 전력분석 공격)

  • Ahn Mahn-Ki;Ha Jae-Cheol;Lee Hoon-Jae;Moon Sang-Jae
    • Journal of Internet Computing and Services
    • /
    • v.4 no.3
    • /
    • pp.1-8
    • /
    • 2003
  • The power analysis attack is a physical attack which can be applied to the cryptosystems such as smartcard. We try to experimental attack to a smart card which implemented Elliptic Curve Cryptosystem adopting NAF algorithm as a secret key recording method. Our differential power analysis attack is a potential threat to that implementation. The attacker measures the power traces during the multiplication with secret key bits in a target smart card and the multiplication with the guessed bits in other experimental one. The comparison of these two traces gives a secret bit, which means that attacker can find all secret key bits successively.

  • PDF

Detecting a Relay Attack with a Background Noise (소리를 이용한 릴레이 공격 공격의 탐지)

  • Kim, Jonguk;Kang, Sukin;Hong, Manpyo
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.23 no.4
    • /
    • pp.617-627
    • /
    • 2013
  • Wireless communication technology such as NFC and RFID makes the data transfer between devices much easier. Instead of the irksome typing of passwords, users are able to simply authenticate themselves with their smart cards or smartphones. Relay attack, however, threatens the security of token-based, something-you-have authentication recently. It efficiently attacks the authentication system even if the system has secure channels, and moreover it is easy to deploy. Distance bounding or localization of two devices has been proposed to detect relay attacks. We describe the disadvantages and weakness of existing methods and propose a new way to detect relay attacks by recording a background noise.

Secure Human Authentication with Graphical Passwords

  • Zayabaatar Dagvatur;Aziz Mohaisen;Kyunghee Lee;DaeHun Nyang
    • Journal of Internet Technology
    • /
    • v.20 no.4
    • /
    • pp.1247-1260
    • /
    • 2019
  • Both alphanumeric and graphical password schemes are vulnerable to the shoulder-surfing attack. Even when authentication schemes are secure against a single shoulder-surfing attack round, they can be easily broken by intersection attacks, using multiple shoulder-surfing attacker records. To this end, in this paper we propose a graphical password-based authentication scheme to provide security against the intersection attack launched by an attacker who may record the user's screen, mouse clicks and keyboard input with the help of video recording devices and key logging software. We analyze our scheme's security under various threat models and show its high security guarantees. Various analysis, usability studies and comparison with the previous work highlight our scheme's practicality and merits.

Design of an Enhanced Group Keypad to Prevent Shoulder-Surfing Attacks and Enable User Convenience (어깨 너머 공격을 차단하고 사용 편의성이 가능한 개선된 그룹 키패드 설계)

  • Hyung-Jin Mun
    • Journal of Practical Engineering Education
    • /
    • v.15 no.3
    • /
    • pp.641-647
    • /
    • 2023
  • In the fintech environment, ensuring secure financial transactions with smartphones requires authenticating the device owner. Smartphone authentication techniques encompass a variety of approaches, such as passwords, biometrics, SMS authentication, and more. Among these, password-based authentication is commonly used and highly convenient for user authentication. Although it is a simple authentication mechanism, it is susceptible to eavesdropping and keylogging attacks, alongside other threats. Security keypads have been proposed to address vulnerabilities in password input on smartphones. One such innovation is a group keypad, resistant to attacks that guess characters based on touch location. However, improvements are needed for user convenience. In this study, we aim to propose a method that enhances convenience while being resistant to eavesdropping and recording attacks on the existing group keypad. The proposed method uses new signs to allow users to verify instead of the last character confirmation easily and employs dragging-to-touch for blocking recording attacks. We suggest diverse positioning methods tailored for domestic users, improving efficiency and security in password input compared to existing methods.

A Failover Method in CCTV Network Video Recording Environment (CCTV 네트워크 영상 녹화 환경에서 장애 조치 기법)

  • Yang, Sun-Jin;Park, Jae-Pyo;Yang, Seung-Min
    • The Journal of the Institute of Internet, Broadcasting and Communication
    • /
    • v.19 no.4
    • /
    • pp.1-6
    • /
    • 2019
  • CCTV video recording system is recognized as evidence value of video data, and is widely used in real life for the purpose of security of facilities or security control, and it is developing in order to process high-resolution and high-capacity data in real time through network. However, there is no description of redundancy to prevent the loss of image data due to defects of unexpected equipment or external attack, and even if the redundancy is implemented, a high-capacity video stream is transmitted through the network, network overload can not avoided. In this paper, we propose and verify a failover method based on rules that can operate the redundancy scheme without inducing network overload in CCTV network video recording environment.

Design of a Secure Keypads to prevent Smudge Attack using Fingerprint Erasing in Mobile Devices (모바일 단말기에서 지문 지우기를 활용한 스머지 공격 방지를 위한 보안 키패드 설계)

  • Hyung-Jin, Mun
    • Journal of Industrial Convergence
    • /
    • v.21 no.2
    • /
    • pp.117-123
    • /
    • 2023
  • In the fintech environment, Smart phones are mainly used for various service. User authentication technology is required to use safe services. Authentication is performed by transmitting authentication information to the server when the PIN or password is entered and touch the button completing authentication. But A post-attack is possible because the smudge which is the trace of using screen remains instead of recording attack with a camera or SSA(Shoulder Surfing Attack). To prevent smudge attacks, users must erase their fingerprints after authentication. In this study, we proposed a technique to determine whether to erase fingerprints. The proposed method performed erasing fingerprint which is the trace of touching after entering PIN and designed the security keypads that processes instead of entering completion button automatically when determined whether the fingerprint has been erased or not. This method suggests action that must erase the fingerprint when entering password. By this method, A user must erase the fingerprint to complete service request and can block smudge attack.

Vulnerability and Attacks of Bluetooth System (블루투스의 보안 취약성과 공격)

  • Rhee, In-Baum;Ryu, Dae-Hyun
    • Proceedings of the Korean Institute of Information and Commucation Sciences Conference
    • /
    • 2011.05a
    • /
    • pp.650-653
    • /
    • 2011
  • In this paper, we describe Bluetooth system and Bluetooth security. And we analyze the structure of information security and vulnerability, introduced one of Bluetooth hacking techniques. We show a demo of the attack process to inject arbitrary hands-free voice messages and save the file information, recording a conversation through hands-free device.

  • PDF

Analysis on the Dynamic Characteristics of an Optical Storage Drive (광 정보저장 드라이브의 동적 특성 해석)

  • Nam, Yoon-Su;Lim, Jong-Rak
    • Journal of the Korean Society for Precision Engineering
    • /
    • v.16 no.9
    • /
    • pp.149-158
    • /
    • 1999
  • The modern trends of optical storage devices can be characterized by high density in information recording, and high bandwidth in data input/output processing rate. These make servo engineers to face with a new barrier on control system design in much more difficult way. The first step to attack this barrier will be through a systematic modeling for the dynamic characteristics of optical storage drive. in this paper, an analytical dynamic model for an optical storage drive based on FEM is drived, and compared with experimental results. Through this comparison, a practical dynamic model on the focusing and tracking motion of optical storage drive is proposed for the initiation of real control system design problem.

  • PDF