• Title/Summary/Keyword: Brute-Force Attack

Search Result 25, Processing Time 0.235 seconds

Analysis and Response of SSH Brute Force Attacks in Multi-User Computing Environment (다중 사용자 컴퓨팅 환경에서 SSH 무작위 공격 분석 및 대응)

  • Lee, Jae-Kook;Kim, Sung-Jun;Woo, Joon;Park, Chan Yeol
    • KIPS Transactions on Computer and Communication Systems
    • /
    • v.4 no.6
    • /
    • pp.205-212
    • /
    • 2015
  • SSH provides a secure, encrypted communication channel between two end point systems using public key encryption. But SSH brute force attack is one of the most significant attacks. This kind of attack aims to login to the SSH server by continually guessing a large number of user account and password combinations. In this paper, we analyze logs of SSH brute force attacks in 2014 and propose a failed-log based detection mechanism in high performance computing service environment.

A Countermeasure against Brute-force Attack using Digital Holography and DES Algorithm (디지털 홀로그래피와 DES 알고리즘을 이용한 전수키 공격 대응 기법)

  • Noh, Chang-Oh;Moon, In-Kyu;Cho, Beom-Joon
    • Journal of the Korea Society of Computer and Information
    • /
    • v.16 no.5
    • /
    • pp.73-78
    • /
    • 2011
  • The DES encryption algorithm employed in information security has a strong avalanche effect, and the processing speed to encrypt is also fast. However, due to the H/W advances, the secret key length of DES having 56bits is not enough so that it is easily exposed to brute force attack. In this paper, we present a new method to significantly increase the secret key length in the DES by integration of digital holography and DES algorithm. In addition, we evaluate the encryption performance of the proposed method by measuring the avalanche effect and verify the possibility of it.

The Analysis of Cipher Padding Problem for Message Recovery Security Function of Honey Encryption (허니암호의 메시지 복구보안 기능을 위한 암호패딩 문제점 분석)

  • Ji, Changhwan;Yoon, Jiwon
    • Journal of KIISE
    • /
    • v.44 no.6
    • /
    • pp.637-642
    • /
    • 2017
  • Honey Encryption (HE) is a technique to overcome the weakness of a brute-force attack of the existing password-based encryption (PBE). By outputting a plausible plaintext even if the wrong key is entered, it provides message recovery security which an attacker can tolerate even if the attacker tries a brute-force attack against a small entropy secret key. However, application of a cipher that requires encryption padding to the HE present a bigger problem than the conventional PBE method. In this paper, we apply a typical block cipher (AES-128) and a stream cipher (A5 / 1) to verify the problem of padding through the analysis of the sentence frequency and we propose a safe operation method of the HE.

RFID Mutual Authentication Protocol with Security and Performance Improvements (안전성과 성능을 개선한 RFID 상호인증 프로토콜)

  • Hong, Sung-Hyuk;Park, Jong-Hyuk;Yeo, Sang-Soo;Ha, Kyung-Jae
    • Journal of Advanced Navigation Technology
    • /
    • v.13 no.6
    • /
    • pp.876-883
    • /
    • 2009
  • In 2008, Kim-Jun proposed RFID Mutual Authentication Protocol based on One-Time Random Numbers which are strong in Eavesdropping Attack, Spoofing attack and Replay attack. However, In 2009, Yoon-Yoo proved that it was weak in Replay attack and proposed a protocol which can prevent Replay attack. But Yoon-Yoo's protocol has problems that efficiency on communication and Brute-force attack. This paper shows weak points of Yoon-Yoo's protocol and proposes an RFID mutual authentication protocol with security and performance improvements.

  • PDF

Hardware Crypto-Core Based Authentication System (하드웨어 암호코어 기반 인증 시스템)

  • Yoo, Sang-Guun;Park, Keun-Young;Kim, Tae-Jun;Kim, Ju-Ho
    • Journal of the Institute of Electronics Engineers of Korea TC
    • /
    • v.46 no.1
    • /
    • pp.121-132
    • /
    • 2009
  • Default password protection used in operating systems have had many advances, but when the attacker has physical access to the server or gets root(administrator) privileges, the attacker can steal the password information(e.g. shadow file in Unix-like systems or SAM file in Windows), and using brute force and dictionary attacks can manage to obtain users' passwords. It is really difficult to obligate users to use complex passwords, so it is really common to find weak accounts to exploit. In this paper, we present a secure authentication scheme based on digital signatures and secure key storage that solves this problem, and explain the possible implementations using Trusted Platform Module(TPM). We also make a performance analysis of hardware and software TPMs inside implementations.

Two layered Secure Password Generation with Random Number Generator (난수 발생기를 이용한 이중화 구조의 안전한 비밀번호 생성 기법)

  • Seo, Hwa-Jeong;Kim, Ho-Won
    • Journal of the Korea Institute of Information and Communication Engineering
    • /
    • v.18 no.4
    • /
    • pp.867-875
    • /
    • 2014
  • Rapid development of internet service is enabling internet banking services in anywhere and anytime. However, service access through internet can be exposed to adversary easily. To prevent, current service providers execute authentication process with user's identification and password. However, majority of users use short and simple password and do not periodically change their password. As a result of this, user's password could be exposed to attacker's brute force attack. In this paper, we presented enhanced password system which guarantee higher security even though users do not change their current password. The method uses additional secret information to replace real password periodically without replacement of real password.

Proposal and Implementation of Security Keypad with Dual Touch (이중 터치를 이용한 보안 키패드 제안 및 구현)

  • Song, Jinseok;Jung, Myung-Woo;Choi, Jung-In;Seo, Seung-Hyun
    • KIPS Transactions on Computer and Communication Systems
    • /
    • v.7 no.3
    • /
    • pp.73-80
    • /
    • 2018
  • Due to the popularity of smartphones and the simplification of financial services, the number of mobile financial services is increasing. However, the security keypads developed for existing financial services are susceptible to probability analysis attacks and have security vulnerabilities. In this paper, we propose and implement a security keypad based on dual touch. Prior to the proposal, we examined the existing types of security keypads used in the mobile banking and mobile payment systems of Korean mobile financial businesses and analyzed the vulnerabilities. In addition, we compared the security of the proposed dual touch keypad as well as existing keypads using the authentication framework and the existing keypad attack types (Brute Force Attack, Smudge Attack, Key Logging Attack, and Shoulder Surfing Attack, Joseph Bonneau). Based on the results, we can confirm that the proposed security keypad with dual touch presented in this paper shows a high level of security. The security keypad with dual touch can provide more secure financial services, and it can be applied to other mobile services to enhance their security.

Denied Log Analysis of Firewall for SSH Brute Force Attack IP Address Pre-Filtering (SSH 무작위 대입 공격 선차단을 위한 방화벽 차단 로그 분석)

  • Lee, Jae-Kook;Kim, Sung-Jun;Woo, Joon
    • Proceedings of the Korea Information Processing Society Conference
    • /
    • /
    • pp.643-645
    • /
    • 2015
  • SSH 무작위 대입 공격은 전통적인 공격기법이지만 최근까지도 공격이 끊임없이 발생되고 있다. 정상적인 접속을 가장한 은닉 공격(Stealth Attack)이 가능하므로 탐지가 어렵다. 본 논문에서는 방화벽 차단 로그를 분석하여 운영 중인 서버로 향할 수 있는 SSH 무작위 대입 공격 트래픽을 사전에 차단하는 기법을 제안하고, 제안한 기법을 적용한 결과 운영 중인 서버로 공격이 이어지는 것을 평균 46% 이상 예방하는 것을 확인한다.

Fingerprint Template Protection Using One-Time Fuzzy Vault

  • Choi, Woo-Yong;Chung, Yong-Wha;Park, Jin-Won;Hong, Do-Won
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.5 no.11
    • /
    • pp.2221-2234
    • /
    • 2011
  • The fuzzy vault scheme has emerged as a promising solution to user privacy and fingerprint template security problems. Recently, however, the fuzzy vault scheme has been shown to be susceptible to a correlation attack. This paper proposes a novel scheme for one-time templates for fingerprint authentication based on the fuzzy vault scheme. As in one-time passwords, the suggested method changes templates after each completion of authentication, and thus the compromised templates cannot be reused. Furthermore, a huge number of chaff minutiae can be added by expanding the size of the fingerprint image. Therefore, the proposed method can protect a user's fingerprint minutiae against the correlation attack. In our experiments, the proposed approach can improve the security level of a typical approach against brute-force attack by the factor of $10^{34}$.

Analysis of Security Weakness on Secure Deduplication Schemes in Cloud Storage (클라우드 스토리지에서 안전한 중복 제거 기법들에 대한 보안 취약점 분석)

  • Park, Ji Sun;Shin, Sang Uk
    • Journal of Korea Multimedia Society
    • /
    • v.21 no.8
    • /
    • pp.909-916
    • /
    • 2018
  • Cloud storage services have many advantages. As a result, the amount of data stored in the storage of the cloud service provider is increasing rapidly. This increase in demand forces cloud storage providers to apply deduplication technology for efficient use of storages. However, deduplication technology has inherent security and privacy concerns. Several schemes have been proposed to solve these problems, but there are still some vulnerabilities to well-known attacks on deduplication techniques. In this paper, we examine some of the existing schemes and analyze their security weaknesses.