• Title/Summary/Keyword: Security vulnerability

Search Result 1,113, Processing Time 0.032 seconds

Countermeasure for Prevention and Detection against Attacks to SMB Information System - A Survey (중소기업 정보시스템의 공격예방 및 탐지를 위한 대응 : 서베이)

  • Mun, Hyung-Jin;Hwang, Yooncheol;Kim, Ho-Yeob
    • Journal of Convergence Society for SMB
    • /
    • v.5 no.2
    • /
    • pp.1-6
    • /
    • 2015
  • Small and medium-sized companies lack countermeasures to secure the safety of a information system. In this circumstance, they have difficulties regarding the damage to their images and legal losses, when the information is leaked. This paper examines the information leakage of the system and hacking methods including APT attacks. Especially, APT attack, Advanced Persistent Threats, means that a hacker sneaks into a target and has a latency period of time and skims all the information related to the target, and acts in the backstage and neutralize the security services without leaving traces. Because he attacks the target covering up his traces not to reveal them, the victim remains unnoticed, which increases the damage. This study examines attack methods and the process of them and seeks a countermeasure.

  • PDF

Performance Analysis of SDR Communication System Based on MTD Technology (MTD 기법이 적용된 SDR 통신 시스템의 성능 분석)

  • Ki, Jang-Geun;Lee, Kyu-Tae
    • The Journal of the Institute of Internet, Broadcasting and Communication
    • /
    • v.17 no.2
    • /
    • pp.51-56
    • /
    • 2017
  • With the rapid increase in the number of mobile terminals, demand for wireless technologies has sharply increased these days. While wireless communication provides advantages such as ease of deployment, mobility of terminals, continuity of session, and almost comparable transmission bandwidth to the wired communication, it has vulnerability to malicious radio attacks such as eavesdropping, denial of service, session hijacking, and jamming. Among a variety of methods of preventing wireless attacks, the MTD(Moving Target Defense) is the technique for improving the security capability of the defense system by constantly changing the ability of the system to be attacked. In this paper, in order to develop a resilient software defined radio communication testbed system, we present a novel MTD approach to change dynamically and randomly the radio parameters such as modulation scheme, operating frequency, packet size. The probability of successful attack on the developed MTD-based SDR communication system has been analysed in a mathematical way and verified through simulation.

Privacy Vulnerability Analysis on Shuai et al.'s Anonymous Authentication Scheme for Smart Home Environment (Shuai등의 스마트 홈 환경을 위한 익명성 인증 기법에 대한 프라이버시 취약점 분석)

  • Choi, Hae-Won;Kim, Sangjin;Jung, Young-Seok;Ryoo, Myungchun
    • Journal of Digital Convergence
    • /
    • v.18 no.9
    • /
    • pp.57-62
    • /
    • 2020
  • Smart home based on Internet of things (IoT) is rapidly emerging as an exciting research and industry field. However, security and privacy have been critical issues due to the open feature of wireless communication channel. As a step towards this direction, Shuai et al. proposed an anonymous authentication scheme for smart home environment using Elliptic curve cryptosystem. They provided formal proof and heuristic analysis and argued that their scheme is secure against various attacks including de-synchronization attack, mobile device loss attack and so on, and provides user anonymity and untraceability. However, this paper shows that Shuai et al.'s scheme does not provide user anonymity nor untraceability, which are very important features for the contemporary IoT network environment.

Phishing Detection Methodology Using Web Sites Heuristic (웹사이트 특징을 이용한 휴리스틱 피싱 탐지 방안 연구)

  • Lee, Jin Lee;Park, Doo Ho;Lee, Chang Hoon
    • KIPS Transactions on Computer and Communication Systems
    • /
    • v.4 no.10
    • /
    • pp.349-360
    • /
    • 2015
  • In recent year, phishing attacks are flooding with services based on the web technology. Phishing is affecting online security significantly day by day with the vulnerability of web pages. To prevent phishing attacks, a lot of anti-phishing techniques has been made with their own advantages and dis-advantages respectively, but the phishing attack has not been eradicated completely yet. In this paper, we have studied phishing in detail and categorize a process of phishing attack in two parts - Landing-phase, Attack-phase. In addition, we propose an phishing detection methodology based on web sites heuristic. To extract web sites features, we focus on URL and source codes of web sites. To evaluate performance of the suggested method, set up an experiment and analyze its results. Our methodology indicates the detection accuracy of 98.9% with random forest algorithm. The evaluation of proof-of-concept reveals that web site features can be used for phishing detection.

An Access Control using SPKI Certificate in Peer-to-Peer Environment (P2P 환경에서 SPKI 인증서를 이용한 접근 제어)

  • Shin, Jung-Hwa;Lee, Young-Kyung;Lee, Kyung-Hyune
    • The KIPS Transactions:PartC
    • /
    • v.10C no.6
    • /
    • pp.793-798
    • /
    • 2003
  • The P2P service is a technology that can share their information with each other who is able to be connected ith a relating program without passing by a server. Since all personal compiters that linked to the internet under the P2P service can opetate as server or a client, they can provide and share both their information and services through the direct connection. Currently, the P2P service is giving an equal privilege to all users for sharing their resources,.Under this situation, a lot of vulnerability against the various sttacks through the Unternet is possoble, more sophisticated security services are necessary. In this paper, We propose and access control schemae using SPKI(Simple Public Key Infrastructure). The scheme designates and access and acces control by providing the certificate to users who request a connection for resource sharing and limits the resource usage of information provider according to the access right that is given to their own rights.

Simulation of Evacuation Route Scenarios Through Multicriteria Analysis for Rescue Activities

  • Castillo Osorio, Ever Enrique;Yoo, Hwan Hee
    • Journal of the Korean Society of Surveying, Geodesy, Photogrammetry and Cartography
    • /
    • v.37 no.5
    • /
    • pp.303-313
    • /
    • 2019
  • After a disaster happens in urban areas, many people need support for a quick evacuation. This work aims to develop a method for the calculation of the most feasible evacuation route inside buildings. In the methodology we simplify the geometry of the structural and non structural elements from the BIM (Building Information Modeling) to store them in a spatial database which follows standards to support vector data. Then, we apply the multicriteria analysis with the allocation of prioritization values and weight factors validated through the AHP (Analytic Hierarchy Process), in order to obtain the Importance Index S(n) of the elements. The criteria consider security conditions and distribution of the building's facilities. The S(n) is included as additional heuristic data for the calculation of the evacuation route through an algorithm developed as a variant of the $A^*$ pathfinding, The experimental results in the simulation of evacuation scenarios for vulnerable people in healthy physical conditions and for the elderly group, shown that the conditions about the wide of routes, restricted areas, vulnerable elements, floor roughness and location of facilities in the building applied in the multicriteria analysis has a high influence on the processing of the developed variant of $A^*$ algorithm. The criteria modify the evacuation route, because they considers as the most feasible route, the safest instead of the shortest, for the simulation of evacuation scenarios for people in healthy physical conditions. Likewise, they consider the route with the location of facilities for the movement of the elderly like the most feasible in the simulation of evacuation route for the transit of the elderly group. These results are important for the assessment of the decision makers to select between the shortest or safest route like the feasible for search and rescue activities.

Shoreline Changes and Erosion Protection Effects in Cotonou of Benin in the Gulf of Guinea

  • Yang, Chan-Su;Shin, Dae-Woon;Kim, Min-Jeong;Choi, Won-Jun;Jeon, Ho-Kun
    • Korean Journal of Remote Sensing
    • /
    • v.37 no.4
    • /
    • pp.803-813
    • /
    • 2021
  • Coastal erosion has been a threat to coastal communities and emerged as an urgent problem. Among the coastal communities that are under perceived threat, Cotonou located in Benin, West Africa, is considered as one of the most dangerous area due to its high vulnerability. To address this problem, in 2013, the Benin authorities established seven groynes at east of Cotonou port, and two additional intermediate groynes have recently been integrated in April 2018. However, there is no quantitative analysis of groynes so far, so it is hard to know how effective they have been. To analyze effectiveness, we used optical satellite images from different time periods, especially 2004 and 2020, and then compared changes in length, width and area of shoreline in Cotonou. The study area is divided into two sectors based on the location of Cotonou port. The difference of two areas is that Sector 2 has groynes installed while Sector 1 hasn't. As result of this study, shoreline in Sector 1 showed accretion by recovering 1.20 km2 of area. In contrast, 3.67 km2 of Sector 2 disappeared due to coastal erosion, although it has groynes. This may imply that groynes helped to lessen the rate of average erosion, however, still could not perfectly stop the coastal erosion in the area. Therefore, for the next step, we assume it is recommended to study how to maximize effectiveness of groynes.

Blockchain (A-PBFT) Based Authentication Method for Secure Lora Network (안전한 Lora 네트워크를 위한 블록체인(A-PBFT) 기반 인증 기법)

  • Kim, Sang-Geun
    • Journal of Industrial Convergence
    • /
    • v.20 no.10
    • /
    • pp.17-24
    • /
    • 2022
  • Lora, a non-band network technology of the long-distance wireless standard LPWAN standard, uses ABP and OTTA methods and AES-128-based encryption algorithm (shared key) for internal terminal authentication and integrity verification. Lora's recent firmware tampering vulnerability and shared-key encryption algorithm structure make it difficult to defend against MITM attacks. In this study, the consensus algorithm(PBFT) is applied to the Lora network to enhance safety. It performs authentication and PBFT block chain creation by searching for node groups using the GPS module. As a result of the performance analysis, we established a new Lora trust network and proved that the latency of the consensus algorithm was improved. This study is a 4th industry convergence study and is intended to help improve the security technology of Lora devices in the future.

Association between health financial capacity of local governments and health behaviors of local residents: a cross-sectional study (지방자치단체의 보건재정역량과 지역주민의 건강행태 간 관련성에 대한 단면조사연구)

  • Miyong Yon
    • Korean Journal of Community Nutrition
    • /
    • v.28 no.2
    • /
    • pp.95-103
    • /
    • 2023
  • Objectives: The budget gap in the health sector of local governments affects the supply of health services, which can cause the health gap. This study classified local governments according to their financial characteristics, such as local financial independence and health budget level. It analyzed the health behaviors and disease prevalence of local residents to examine the effect of local government financial investment on the health of local residents. Methods: To classify types according to the financial characteristics of local governments, financial independence and the health budget data for 17 local governments were collected from the local fiscal yearbook of the Ministry of Public Administration and Security. The prevalence of chronic diseases and healthy behavior was compared using the 16,333 data of adults between the ages of 30 and 65 years among the original data of the National Health and Nutrition Examination Survey (2016-2020). Results: Cluster analysis was used to classify local governments into five clusters according to the health financial capacity type. A comparison of the prevalence of local residents by cluster revealed a similar prevalence of hypertension, diabetes, and hypercholesterolemia. On the other hand, the obesity rate (P < 0.01), high-risk drinking rate (P < 0.01), aerobic physical activity rate (P < 0.001), and healthy eating practice rate (P < 0.001) were significantly different. In addition, an analysis of the odds ratio based on the Seoul area revealed a higher risk of health behavior of non-Seoul residents. Conclusions: It is necessary to review the universal health promotion project budget considering the degree of regional financial vulnerability from the viewpoint of health equity to narrow the health gap among regions.

Efficient Attack Traffic Detection Method for Reducing False Alarms (False Alarm 감축을 위한 효율적인 공격 트래픽 탐지 기법)

  • Choi, Il-Jun;Chu, Byoung-Gyun;Oh, Chang-Suk
    • Journal of the Korea Society of Computer and Information
    • /
    • v.14 no.5
    • /
    • pp.65-75
    • /
    • 2009
  • The development of IT technology, Internet popularity is increasing geometrically. However, as its side effect, the intrusion behaviors such as information leakage for key system and infringement of computation network etc are also increasing fast. The attack traffic detection method which is suggested in this study utilizes the Snort, traditional NIDS, filters the packet with false positive among the detected attack traffics using Nmap information. Then, it performs the secondary filtering using nessus vulnerability information and finally performs correlation analysis considering appropriateness of management system, severity of signature and security hole so that it could reduce false positive alarm message as well as minimize the errors from false positive and as a result, it raised the overall attack detection results.