• Journal of Communications and Networks
• /
• 제18권6호
• /
• pp.948-961
• /
• 2016

Internet protocol (IP) spoofing is a serious problem on the Internet. It is an attractive technique for adversaries who wish to amplify their network attacks and retain anonymity. Many approaches have been proposed to prevent IP spoofing attacks; however, they do not address a significant deployment issue, i.e., filtering inefficiency caused by a lack of deployment incentives for adopters. To defeat attacks effectively, one mechanism must be widely deployed on the network; however, the majority of the anti-spoofing mechanisms are unsuitable to solve the deployment issue by themselves. Each mechanism can work separately; however, their defensive power is considerably weak when insufficiently deployed. If we coordinate partially deployed mechanisms such that they work together, they demonstrate considerably superior performance by creating a synergy effect that overcomes their limited deployment. Therefore, we propose a universal anti-spoofing (UAS) mechanism that incorporates existing mechanisms to thwart IP spoofing attacks. In the proposed mechanism, intermediate routers utilize any existing anti-spoofing mechanism that can ascertain if a packet is spoofed and records this decision in the packet header. The edge routers of a victim network can estimate the forgery of a packet based on this information sent by the upstream routers. The results of experiments conducted with real Internet topologies indicate that UAS reduces false alarms up to 84.5% compared to the case where each mechanism operates individually.

• Journal of information and communication convergence engineering
• /
• 제12권3호
• /
• pp.154-160
• /
• 2014

The address resolution protocol (ARP) provides dynamic mapping between two different forms of addresses: the 32-bit Internet protocol (IP) address of the network layer and the 48-bit medium access control (MAC) address of the data link layer. A host computer finds the MAC address of the default gateway or the other hosts on the same subnet by using ARP and can then send IP packets. However, ARP can be used for network attacks, which are one of the most prevalent types of network attacks today. In this study, a new ARP algorithm that can prevent IP spoofing attacks is proposed. The proposed ARP algorithm is a broadcast ARP reply and an ARP notification. The broadcast ARP reply was used for checking whether the ARP information was forged. The broadcast ARP notification was used for preventing a normal host's ARP table from being poisoned. The proposed algorithm is backward compatible with the current ARP protocol and dynamically prevents any ARP spoofing attacks. In this study, the proposed ARP algorithm was implemented on the Linux operating system; here, we present the test results with respect to the prevention of ARP spoofing attacks.

• 한국정보통신학회:학술대회논문집
• /
• 한국정보통신학회 2022년도 추계학술대회
• /
• pp.143-145
• /
• 2022

전 세계적인 인터넷의 보급으로 인터넷과 연결된 기기들이 점차 늘어나고 있다. 이에 더불어 DNS, NTP, CLDAP 와 같이 응용 프로토콜의 취약점을 이용하여, 공격자가 피해자인 것처럼 아이피를 속여, 다량의 응답을 악의적으로 요청하는 공격인 분산 반사 서비스 거부 공격(DRDoS)이 급격하게 늘어나는 추세이다. ISP 들이 IP Spoofing에 대한 적절한 대비책을 수립하지 않으면 분산 반사 서비스 공격의 보안 위협은 사라지기 어려울 것으로 사료된다. 따라서 본 논문에서는 IP Spoofing에 기반한 분산 반사 서비스 공격의 보안 위협과 대응 실태에 관해 기술한다.

• Journal of Positioning, Navigation, and Timing
• /
• 제7권3호
• /
• pp.127-138
• /
• 2018

Spoofing attacks including meaconing can provide a bogus position to a victim GPS receiver, and those attacks are notably difficult to detect at the point of view on the receiver. Several countermeasure techniques have been studied to detect, classify, and cancel the spoofing signals. Based on the countermeasure techniques, we have developed an anti-spoofing equipment that detects and mitigates or eliminates the spoofing signal based on raw measurements. Although many anti-spoofing techniques have been studied in the literatures, the evaluation test system is not deeply studied to evaluate the anti-spoofing equipment, which includes detection, mitigation, and elimination of spoofing signals. Each study only has a specific test method to verify its anti-spoofing technique. In this paper, we propose the performance evaluation test system that includes both spoofing signal injection system and its injection scenario with the constraints of stand-alone anti-spoofing techniques. The spoofing signal injection scenario is designed to drive a victim GPS receiver that moves to a designed position, where the mitigation and elimination based anti-spoofing algorithms can be successively evaluated. We evaluate the developed anti-spoofing equipment and a commercial GPS receiver using our proposed performance evaluation test system. Although the commercial one is affected by the test system and moves to the designed position, the anti-spoofing equipment mitigates and eliminates the injected spoofing signals as planned. We evaluate the performance of anti-spoofing equipment on the position error of the circular error probability, while injecting spoofing signals.

• Journal of Positioning, Navigation, and Timing
• /
• 제5권4호
• /
• pp.165-172
• /
• 2016

A Global Navigation Satellite System (GNSS), which is typically exemplified by the Global Positioning System (GPS), employs a open signal structure so it is vulnerable to spoofing electronic attack using a similar malicious signal with that used in the GPS. It is necessary to require a spoofing test evaluation environment to check the risk of spoofing attack and evaluate the performance of a newly developed anti-spoofing technique against spoofing attacks. The present paper proposed a simulation method of spoofing environment based on simulator that can be implementable in a test room and analyzed the spoofing simulation performance using commercial GPS receivers. The implemented spoofing simulation system ran synchronized two GPS simulator modules in a single scenario to generate both of spoofing and GPS signals simultaneously. Because the signals are generated in radio frequency, a commercial GPS receiver can be tested using this system. Experimental test shows the availability of this system, and anti-spoofing performance of a commercial GPS receiver has been analyzed.

• 융합보안논문지
• /
• 제6권1호
• /
• pp.45-53
• /
• 2006

해시 체인 기반의 여러 RFID 인증 프로토콜들이 제안되었다. 상태기반 인증 프로토콜과 시도 응답기반 인증 프로토콜은 위치추적 공격, 스푸핑 공격, 재전송 공격, 트래픽 분석 공격에는 안전하지만 DoS 공격에는 취약하고, 위치 추적과 서비스 거부 공격에 강한 RFID 인증 프로토콜은 위치추적 공격, 스푸핑 공격, 재전송 공격, DoS 공격에는 안전하지만 트래픽 분석 공격에는 취약하다. 본 논문에서는 이런 문제점들을 보완하기 위해 해시체인 인증 프로토콜과 위치 추적과 서비스 거부 공격에 강한 RFID 인증 프로토콜의 장점을 결합하여 좀 더 안정적이며 경량화된 RFID 인증 프로토콜을 제안한다. 제안 프로토콜의 보안성을 분석한 결과 위치추적 공격, 스푸핑 공격, 재전송 공격, 트래픽 분석 공격, DoS 공격 측면에서 안전한 것으로 나타나며 이외의 서버와 태그 내부에서의 연산량이 경량화된 RFID 인증 프로토콜임을 보인다.

• Journal of information and communication convergence engineering
• /
• 제7권2호
• /
• pp.157-163
• /
• 2009

With the wide usage of internet in many fields, networks are being exposed to many security threats, such as DDoS attack and worm/virus. For enterprise network, prevention failure of network security causes the revealing of commercial information or interruption of network services. In this paper, we propose a method of prevention of DDoS attacks for enterprise network based on traceback and network traffic analysis. The model of traceback implements the detection of IP spoofing attacks by the cooperation of trusted adjacent host, and the method of network traffic analysis implements the detection of DDoS attacks by analyzing the traffic characteristic. Moreover, we present the result of the experiments, and compare the method with other methods. The result demonstrates that the method can effectively detect and block DDoS attacks and IP spoofing attacks.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제13권2호
• /
• pp.892-911
• /
• 2019

Biometric recognition systems have been widely used for information security. Among the most popular biometric traits, there are fingerprint and face due to their high recognition accuracies. However, the security system that uses face recognition as the login method are vulnerable to face-spoofing attacks, from using printed photo or video of the valid user. In this study, we propose a fast and robust method to detect face-spoofing attacks based on the analysis of spatial frequency differences between the real and fake videos. We found that the effect of a spoofing attack stands out more prominently in certain regions of the 2D Fourier spectra and, therefore, it is adequate to use the information about those regions to classify the input video or image as real or fake. We adopt a divide-conquer-aggregate approach, where we first divide the frequency domain image into local blocks, classify each local block independently, and then aggregate all the classification results by the weighted-sum approach. The effectiveness of the methodology is demonstrated using two different publicly available databases, namely: 1) Replay Attack Database and 2) CASIA-Face Anti-Spoofing Database. Experimental results show that the proposed method provides state-of-the-art performance by processing fewer frames of each video.

• 정보보호학회논문지
• /
• 제15권5호
• /
• pp.35-45
• /
• 2005

최근 증가하고 있는 피싱 공격은 사용자의 실수를 유발해 개인정보를 공격자에게 노출시켜 공격자가 경제적 이득을 취하는 공격이다 유사 메일이나 유사 주소로 사용자를 속이던 이 기법은, 메일주소 위조, 도메인 주소 위조 등으로 점점 다양해지며 기술적으로 발전해 왔다. 최근에 이르러서는 몇몇 웹 브라우저에서 발생한 취약점, 정상적인 스크립트, HTML, DNS 스니핑 등을 이용한 RUL 스푸핑 공격을 피싱 공격에 이용하면서 그 피해가 크게 늘고 있다. 본 논문에서는 피싱 공격에 사용되는 고도화된 기법인 URL 스푸핑을 이용한 피싱 공격에 대해서 논의하고 이에 대한 검사방법과 예방책, 더 나아가 피싱 공격을 근본적으로 제한할 수 있는 스킴을 제안한다.

• Journal of Communications and Networks
• /
• 제14권4호
• /
• pp.396-409
• /
• 2012

With the proliferation of diverse wireless devices, there is an increasing concern about the security of location information which can be spoofed or disrupted by adversaries. This paper investigates the characterization and detection of location spoofing attacks, specifically those which are attempting to falsify (degrade) the position estimate through signal strength based attacks. Since the physical-layer approach identifies and assesses the security risk of position information based solely on using received signal strength (RSS), it is applicable to nearly any practical wireless network. In this paper, we characterize the impact of signal strength and beamforming attacks on range estimates and the resulting position estimate. It is shown that such attacks can be characterized by a scaling factor that biases the individual range estimators either uniformly or selectively. We then identify the more severe types of attacks, and develop an attack detection approach which does not rely on a priori knowledge (either statistical or environmental). The resulting approach, which exploits the dissimilar behavior of two RSS-based estimators when under attack, is shown to be effective at detecting both types of attacks with the detection rate increasing with the severity of the induced location error.