• Journal of the Korea Convergence Society
• /
• v.7 no.4
• /
• pp.33-38
• /
• 2016

DDoS attack has been continuously utilized that caused the excessively large amount of traffic that network bandwidth or server was unable to deal with paralyzing the service. Most of the people regard NTP as the biggest cause of DDoS. However, according to recently executed DDoS attack, there have been many SSDP attack in the use of amplified technique. According to characteristics of SSDP, there is no connection for making a forgery of source IP address and amplified resources feasible. Therefore, it is frequently used for attack. Especially, as it is mostly used as a protocol for causing DDoS attack on IoT devices that constitute smart home including a wireless router, media server, webcam, smart TV, and network printer. Hereupon, it is anticipated for servers of attacks to gradually increase. This might cause a serious threat to major information of human lives, major government bodies, and company system as well as on IoT devices. This study is intended to identify DDoS attack techniques in the use of weakness of SSDP protocol occurring in IoT devices and attacking scenario and counter-measures on them.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.12 no.9
• /
• pp.4599-4617
• /
• 2018

Abusing the Simple Server Discovery Protocol (SSDP) can induce an SSDP attack (including SSDP DoS, DDoS, DRDoS) posing a significant threat to UPnP devices. Rapid and extensive developments in computer technology, especially in regards to IoT, have made Upnp devices an indispensable part of our daily lives - but also render them susceptible to a variety of SSDP attacks without suitable countermeasures. This paper proposes the Two-dimensional table scheme, which provides high security at a reasonable computational cost. The feasibility and effectiveness of the proposed scheme are also validated by comparison against four other schemes (Stateless connections, Failing-together, Cookie, and Client puzzle).

• Journal of Convergence for Information Technology
• /
• v.7 no.2
• /
• pp.1-9
• /
• 2017

Recently, the DDoS attack using the amplifier method makes it difficult to distinguish the normal traffic from the normal server and it is difficult to detect even the attack detection. Since the SSDP protocol is a common protocol widely used in IoT devices, it is used as a DDoS amplification attack. In this paper, we analyze the reflector attack of SSDP which is one of the DDoS and suggest a technical proposal to detect and defend against the attack by managing the Mac address of each device. Also, we propose a control structure to protect the reflection attack of SSDP in Home IoT. The efficiency of the proposed system has been verified by performing an experimental attack on the virtual environment.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2021.05a
• /
• pp.108-110
• /
• 2021

Since 2015, attacks using the IoT protocol have been continuously reported. Among various IoT protocols, attackers attempt DDoS attacks using SSDP(Simple Service Discovery Protocol), and as statistics of cyber shelters, Korea has about 1 million open SSDP servers. Vulnerable SSDP servers connected to the Internet can generate more than 50Gb of traffic and the risk of attack increases gradually. Until recently, distributed denial of service attacks and distributed reflective denial of service attacks have been a security issue. Accordingly, the purpose of this study is to analyze the request packet of the existing SSDP protocol to identify an amplification attack and to avoid a response when an amplification attack is suspected, thereby preventing network load due to the occurrence of a large number of response packets due to the role of traffic reflection amplification.

• Journal of the Korea Convergence Society
• /
• v.12 no.5
• /
• pp.9-16
• /
• 2021

Due to the prolonged infectious disease of COVID-19 worldwide, there are various security threats due to network attacks on Internet of Things devices that are vulnerable to telecommuting. Initially, users of Internet of Things devices were exploited for vulnerabilities in Remote Desktop Protocol, spear phishing and APT attacks. Since then, the technology of network attacks has gradually evolved, exploiting the simple service discovery protocol of Internet of Things devices, and DRDoS attacks have continued to increase. Existing SSDPs are accessible to unauthorized devices on the network, resulting in problems with information disclosure and amplification attacks on SSDP servers. To compensate for the problem with the authentication procedure of existing SSDPs, we propose a hash-based SSDP that encrypts server-specific information with hash and adds authentication fields to both Notify and M-Search message packets to determine whether an authorized IoT device is present.

• Journal of Internet of Things and Convergence
• /
• v.2 no.2
• /
• pp.15-20
• /
• 2016

MicroSoft Windows 10 IoT version, released in August 2015, successfully drew consumer interest by introducing the familiar Windows into the IoT market, and enabled an easier system construction of IoT web servers. Meanwhile, overdiagnosis has recently emerged as a controversy in medical society. Establishment of communication between IoT servers and medical devices will send treatment results to users and activate communication between hospitals, greatly reducing this problem. The IoT server, with its limited resources, utilizes lightweight protocols that do not generate traffic and are easy to use. This paper proposes IoT networks which will enable medical devices to easily provide ubiquitous environments to their users, through utilization of the lightweight Simple Service Discovery Protocol (SSDP) and the secure Extensible Messaging and Presence Protocol (XMPP).