• Title/Summary/Keyword: cloud computing attack

Search Result 70, Processing Time 0.033 seconds

Study on the physical vulnerability factors in the convergence IT environment (융합 IT 환경의 물리적 취약요인에 관한 연구)

  • Jeon, Jeong Hoon;Ahn, Chang Hoon;Kim, Sang Choon
    • Convergence Security Journal
    • /
    • v.16 no.1
    • /
    • pp.59-68
    • /
    • 2016
  • Recently, many domestic and foreign industries is increasing gradually in the importance of security such as the emergence of a Convergence Information Technology(internet of things, cloud computing service, big data etc). Among these techniques, the industrial security market is expected to grow gradually and the evolution of security technologies, as well as vulnerabilities are also expected to increase. Therefore, an increase in physical vulnerability factors it is no exaggeration to standards that are determining the security of industrial security. In this paper will be analyzed to the physical security technology and case study, physical vulnerability factor. Thereby this is expected to be utilized as a basis for the countermeasure of physical corresponding infringement and attack in a future.

Event Log Analysis Framework Based on the ATT&CK Matrix in Cloud Environments (클라우드 환경에서의 ATT&CK 매트릭스 기반 이벤트 로그 분석 프레임워크)

  • Yeeun Kim;Junga Kim;Siyun Chae;Jiwon Hong;Seongmin Kim
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.34 no.2
    • /
    • pp.263-279
    • /
    • 2024
  • With the increasing trend of Cloud migration, security threats in the Cloud computing environment have also experienced a significant increase. Consequently, the importance of efficient incident investigation through log data analysis is being emphasized. In Cloud environments, the diversity of services and ease of resource creation generate a large volume of log data. Difficulties remain in determining which events to investigate when an incident occurs, and examining all the extensive log data requires considerable time and effort. Therefore, a systematic approach for efficient data investigation is necessary. CloudTrail, the Amazon Web Services(AWS) logging service, collects logs of all API call events occurring in an account. However, CloudTrail lacks insights into which logs to analyze in the event of an incident. This paper proposes an automated analysis framework that integrates Cloud Matrix and event information for efficient incident investigation. The framework enables simultaneous examination of user behavior log events, event frequency, and attack information. We believe the proposed framework contributes to Cloud incident investigations by efficiently identifying critical events based on the ATT&CK Framework.

Enhancement of Security Monitoring & Control System in Zero Trust Security Models (제로트러스트 보안 모델에서 보안관제 시스템 강화 연구)

  • Wonhyung Park
    • Convergence Security Journal
    • /
    • v.22 no.2
    • /
    • pp.51-57
    • /
    • 2022
  • Recently, the concept of zero trust has been introduced, and it is necessary to strengthen the security elements required for the next-generation security control system. Also, the security paradigm in the era of the 4th industrial revolution is changing. Cloud computing and the cybersecurity problems caused by the dramatic changes in the work environment due to the corona 19 virus continue to occur. And at the same time, new cyber attack techniques are becoming more intelligent and advanced, so a future security control system is needed to strengthen security. Based on the core concept of doubting and trusting everything, Zero Trust Security increases security by monitoring all communications and allowing strict authentication and minimal access rights for access requesters. In this paper, we propose a security enhancement plan in the security control field through a zero trust security model that can understand the problems of the existing security control system and solve them.

The Design of Authentication Model based on Symmetric Key Encryption for Improving Network Availability in Cloud Environment (클라우드 환경에서 네트워크 가용성 개선을 위한 대칭키 암호화 기반 인증 모델 설계)

  • Baek, Yong-Jin;Hong, Suk-Won;Kim, Sang-Bok
    • Convergence Security Journal
    • /
    • v.19 no.5
    • /
    • pp.47-53
    • /
    • 2019
  • Network-based sharing of information has evolved into a cloud service environment today, increasing its number of users rapidly, but has become a major target for network-based illegal attackers.. In addition, IP spoofing among attackers' various attack techniques generally involves resource exhaustion attacks. Therefore, fast detection and response techniques are required. The existing detection method for IP spoofing attack performs the final authentication process according to the analysis and matching of traceback information of the client who attempted the connection request. However, the simple comparison method of traceback information may require excessive OTP due to frequent false positives in an environment requiring service transparency. In this paper, symmetric key cryptography based on traceback information is used as mutual authentication information to improve this problem. That is, after generating a traceback-based encryption key, mutual authentication is possible by performing a normal decryption process. In addition, this process could improve the overhead caused by false positives.

A Message Communication for Secure Data Communication in Smart Home Environment Based Cloud Service (클라우드 서비스 기반 스마트 홈 환경에서 안전한 데이터 통신을 위한 메시지 통신 프로토콜 설계)

  • Park, Jung-Oh
    • Journal of Convergence for Information Technology
    • /
    • v.11 no.7
    • /
    • pp.21-30
    • /
    • 2021
  • With the development of IoT technology, various cloud computing-based services such as smart cars, smart healthcare, smart homes, and smart farms are expanding. With the advent of a new environment, various problems continue to occur, such as the possibility of exposure of important information such as personal information or company secrets, financial damage cases due to hacking, and human casualties due to malicious attack techniques. In this paper, we propose a message communication protocol for smart home-based secure communication and user data protection. As a detailed process, secure device registration, message authentication protocol, and renewal protocol were newly designed in the smart home environment. By referring to the security requirements related to the smart home service, the stability of the representative attack technique was verified, and as a result of performing a comparative analysis of the performance, the efficiency of about 50% in the communication aspect and 25% in the signature verification aspect was confirmed.

Neural Network and Cloud Computing for Predicting ECG Waves from PPG Readings

  • Kosasih, David Ishak;Lee, Byung-Gook;Lim, Hyotaek
    • Journal of Multimedia Information System
    • /
    • v.9 no.1
    • /
    • pp.11-20
    • /
    • 2022
  • In this paper, we have recently created self-driving cars and self-parking systems in human-friendly cars that can provide high safety and high convenience functions by recognizing the internal and external situations of automobiles in real time by incorporating next-generation electronics, information communication, and function control technologies. And with the development of connected cars, the ITS (Intelligent Transportation Systems) market is expected to grow rapidly. Intelligent Transportation System (ITS) is an intelligent transportation system that incorporates technologies such as electronics, information, communication, and control into the transportation system, and aims to implement a next-generation transportation system suitable for the information society. By combining the technologies of connected cars and Internet of Things with software features and operating systems, future cars will serve as a service platform to connect the surrounding infrastructure on their own. This study creates a research methodology based on the Enhanced Security Model in Self-Driving Cars model. As for the types of attacks, Availability Attack, Man in the Middle Attack, Imperial Password Use, and Use Inclusive Access Control attack defense methodology are used. Along with the commercialization of 5G, various service models using advanced technologies such as autonomous vehicles, traffic information sharing systems using IoT, and AI-based mobility services are also appearing, and the growth of smart transportation is accelerating. Therefore, research was conducted to defend against hacking based on vulnerabilities of smart cars based on artificial intelligence blockchain.

A study on the effective method of detecting denial of service attack to protect Guest OS in paravirtualization (반가상화 환경 Guest OS 보호를 위한 효율적인 서비스 거부 공격 탐지 방법에 관한 연구)

  • Shin, Seung-Hun;Jung, Man-Hyun;Moon, Jong-Sub
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.22 no.3
    • /
    • pp.659-666
    • /
    • 2012
  • Recently, cloud computing service has become a rising issue in terms of utilizing sources more efficiently and saving costs. However, the service still has some limitations to be popularized because it lacks the verification towards security safety. In particular, the possibility to induce Denial of service is increasing as it is used as Zombie PC with exposure to security weakness of Guest OS's. This paper suggests how cloud system, which is implemented by Xen, detects intrusion caused by Denial of service using hypercall. Through the experiment, the method suggested by K-means and EM shows that two data, collected for 2 mins, 5 mins, 10mins and 20mins each, are distinguished 90% when collected for 2mins and 5mins while collected over 10mins are distinguished 100% successfully.

Container Vulnerability Intruder Detection Framework based on Memory Trap Technique (메모리 트랩기법을 활용한 컨테이너 취약점 침입 탐지 프레임워크)

  • Choi, Sang-Hoon;Jeon, Woo-Jin;Park, Ki-Woong
    • The Journal of Korean Institute of Next Generation Computing
    • /
    • v.13 no.3
    • /
    • pp.26-33
    • /
    • 2017
  • Recently container technologies have been receiving attention for efficient use of the cloud platform. Container virtualization technology has the advantage of a highly portable, high density when compared with the existing hypervisor. Container virtualization technology, however, uses a virtualization technology at the operating system level, which is shared by a single kernel to run multiple instances. For this reason, the feature of container is that the attacker can obtain the root privilege of the host operating system internal the container. Due to the characteristics of the container, the attacker can attack the root privilege of the host operating system in the container utilizing the vulnerability of the kernel. In this paper, we propose a framework for efficiently detecting and responding to root privilege attacks of a host operating system in a container. This framework uses a memory trap technique to detect changes in a specific memory area of a container and to suspend the operation of the container when it is detected.

A Design of User Authentication Protocol using Biometric in Mobile-cloud Environments (모바일 클라우드 환경에서 생체인식을 이용한 사용자 인증 프로토콜 설계)

  • Kim, Hyung-Uk;Kim, Bumryong;Jun, Moon-Seog
    • Journal of the Korea Academia-Industrial cooperation Society
    • /
    • v.18 no.1
    • /
    • pp.32-39
    • /
    • 2017
  • Recently, usage of mobile cloud services has been increasing. In particular, beyond the constraints of a single cloud computing service, studies on the multi-cloud have been actively pursued. A user must authenticate multiple cloud service providers to use additional cloud services in a multi-cloud. In previous studies, an authentication method using single sign-on (SSO) was not available in all cloud services. Cloud services will not be available when the SSO server is not available due to malicious attacks, because all authentication is done via the SSO server. Additionally, using a broker, there is a vulnerability that can expose authentication information for the service provider to a user who did not sign up. In this paper, we propose a secure user authentication protocol using biometric authentication that does not expose user information when using additional cloud services. The proposed protocol can use a single biometric authentication for multi-cloud services without storing authentication information in each cloud service. In terms of key stability (to ensure stability through the key agreement process and the key area), by disabling various attack methods, such as man-in-the-middle attacks and replay attacks, we provide secure mobile cloud services.

JMP+RAND: Mitigating Memory Sharing-Based Side-Channel Attack by Embedding Random Values in Binaries (JMP+RAND: 바이너리 난수 삽입을 통한 메모리 공유 기반 부채널 공격 방어 기법)

  • Kim, Taehun;Shin, Youngjoo
    • KIPS Transactions on Computer and Communication Systems
    • /
    • v.9 no.5
    • /
    • pp.101-106
    • /
    • 2020
  • Since computer became available, much effort has been made to achieve information security. Even though memory protection defense mechanisms were studied the most among of them, the problems of existing memory protection defense mechanisms were found due to improved performance of computer and new defense mechanisms were needed due to the advent of the side-channel attacks. In this paper, we propose JMP+RAND that embedding random values of 5 to 8 bytes per page to defend against memory sharing based side-channel attacks and bridging the gap of existing memory protection defense mechanism. Unlike the defense mechanism of the existing side-channel attacks, JMP+RAND uses static binary rewriting and continuous jmp instruction and random values to defend against the side-channel attacks in advance. We numerically calculated the time it takes for a memory sharing-based side-channel attack to binary adopted JMP+RAND technique and verified that the attacks are impossible in a realistic time. Modern architectures have very low overhead for JMP+RAND because of the very fast and accurate branching of jmp instruction using branch prediction. Since random value can be embedded only in specific programs using JMP+RAND, it is expected to be highly efficient when used with memory deduplication technique, especially in a cloud computing environment.