Kim H.-G.,KISA |
Kim D.-J.,Dankook University |
Cho S.-J.,Dankook University |
Park M.,Incheon National University |
Park M.,Konkuk University
Proceedings of the 2011 ACM Research in Applied Computation Symposium, RACS 2011 | Year: 2011
Drive-by-download attacks are client-side attacks that originate from web servers that are visited by web browsers. While many web browsers are vulnerable to the drive-by-download attacks, the cost of detecting malicious web pages that launch drive-by-download attacks is expensive. High-interaction client honeypots are security devices capable of detecting malicious web pages; however, their slow and expensive operations in web page visiting have been considered as a problem. The high-interaction client honeypots employ a visitation algorithm to pinpoint which page has made an unauthorized change of system state when any unauthorized change of the system state occurred after visiting suspicious web pages. To improve the performance of the high-interaction client honeypots, we propose a new visitation algorithm, logarithmic divide-and-conquer (LDAC), for identifying malicious web pages. The LDAC algorithm is an enhanced version of the existing binary divide-and-conquer (BDAC) algorithm. If any system state is abnormally changed after having visited k suspicious web pages concurrently, our LDAC algorithm divides the buffer of k pages into [log 2k] pieces and recursively visits the pieces until the malicious page or pages are identified, while the BDAC splits the buffer into k/2 portions. Experimental results show that the LDAC has improved performance of the system up to 15 percent compared to the BDAC algorithm. © 2011 ACM.
Kim K.,Inha University |
Yie I.,Inha University |
Lim S.,Ewha Womans University |
Informatica | Year: 2011
Batch cryptography has been developed into two main branches-batch verification and batch identification. Batch verification is a method to determine whether a set of signatures contains invalid signatures, and batch identification is a method to find bad signatures if a set of signatures contains invalid signatures. Recently, some significant developments appeared in such field, especially by Lee et al., Ferrara et al. and Law et al., respectively. In this paper, we address some weakness of Lee et al.'s earlier work, and propose an identification method in an RSA-type signature. Our method is more efficient than the well known divide and conquer method for the signature scheme. We conclude this paper by providing a method to choose optimal divide and conquer verifiers. © 2011 Vilnius University.
Ji J.D.,KISA |
Jung S.W.,Mokpo National University |
Lim J.,Korea University
IEICE Transactions on Information and Systems | Year: 2012
In this paper, we propose efficient sequential AES CCM architecture for the IEEE 802.16e. In the proposed architecture, only one AES encryption core is used and the operation of the CTR and the CBC-MAC is processed concurrently within one round. With this design approach, we can design sequential AES CCM architecture having 570 Mbps@102.4MHz throughput and 1,397 slices at a Spartan3 3s5000 device. Copyright © 2012 The Institute of Electronics, Information and Communication Engineers.
Lee T.,KISA |
Cho H.,KISA |
Park H.,KISA |
Kwak J.,Ajou University
International Journal of Distributed Sensor Networks | Year: 2015
Cyber incidents are increasing continuously. More than 200,000 new malicious codes appear, with more than 30,000 malicious codes distributed each day on average. These cyber attacks are expanding gradually to the social infrastructure (nuclear energy, power, water, etc.) and smart sensor networks. This paper proposes a method of detecting malware propagation in sensor Node and botnet clustering automatically by analyzing e-mails. More than 80% of spam e-mails are generated by the Node infected with malicious code, using various methods to avoid filtering such as direct-to-MX, fake Received header, and open relay vulnerability. This paper proposes a scheme that detects those types accurately, including a clustering method that targets the URL included in the e-mail body, e-mail subject, attached file, and hosting server, to detect the botnet group infected with the same malicious code. The proposed method recorded about 85% zombie IP detection rate when spam e-mails distributed in a commercial environment were analyzed. When applied to the portal site that delivers 10 million e-mails, the proposed technology is expected to detect at least 150,000 zombie Nodes each day. If advanced measures are taken against the detected zombie Nodes, the spread of cyber attack damages can apparently be reduced. © 2015 Taejin Lee et al.
Lee S.,Kookmin University |
Jeong M.S.,Kookmin University |
Jeong H.,KISA |
Lee H.J.,KISA |
International Conference on Information Networking | Year: 2012
Due to the sensitivity of the collected data in Ubiquitous Sensor Networks, security becomes the top priority issue for the USNs to be widely deployed. To enhance the security, various key management schemes have been proposed so that the messages among the sensor nodes can be encrypted. Especially, the Polynomial based key management scheme is famous because it guarantees to establish a secure session key between two sensor nodes if the number of nodes in the system is below a threshold. In this paper, we extend the polynomial based key management scheme so that the secure transmission can be achieved in a large network. Basically, we partition the sensor nodes into multiple groups in such a way that the number of nodes in a group is less than the threshold, which guarantees secure session key establishment inside each group. We also propose to exploit structural properties such as the topology and location of the sensor networks to secure the inter-group communications. Furthermore, we introduce a session key computation scheme called Enhanced Direct Key Establishment Option to enhance the robustness against node compromise attacks. Through extensive simulations, we show that the proposed scheme can reduce the number of the compromised links by 10-30% against the node compromise attacks. © 2012 IEEE.