• Title/Summary/Keyword: Brute-Force Attack

Search Result 43, Processing Time 0.025 seconds

Analysis and Response of SSH Brute Force Attacks in Multi-User Computing Environment (다중 사용자 컴퓨팅 환경에서 SSH 무작위 공격 분석 및 대응)

  • Lee, Jae-Kook;Kim, Sung-Jun;Woo, Joon;Park, Chan Yeol
    • KIPS Transactions on Computer and Communication Systems
    • /
    • v.4 no.6
    • /
    • pp.205-212
    • /
    • 2015
  • SSH provides a secure, encrypted communication channel between two end point systems using public key encryption. But SSH brute force attack is one of the most significant attacks. This kind of attack aims to login to the SSH server by continually guessing a large number of user account and password combinations. In this paper, we analyze logs of SSH brute force attacks in 2014 and propose a failed-log based detection mechanism in high performance computing service environment.

RFID Mutual Authentication Protocol with Security and Performance Improvements (안전성과 성능을 개선한 RFID 상호인증 프로토콜)

  • Hong, Sung-Hyuk;Park, Jong-Hyuk;Yeo, Sang-Soo;Ha, Kyung-Jae
    • Journal of Advanced Navigation Technology
    • /
    • v.13 no.6
    • /
    • pp.876-883
    • /
    • 2009
  • In 2008, Kim-Jun proposed RFID Mutual Authentication Protocol based on One-Time Random Numbers which are strong in Eavesdropping Attack, Spoofing attack and Replay attack. However, In 2009, Yoon-Yoo proved that it was weak in Replay attack and proposed a protocol which can prevent Replay attack. But Yoon-Yoo's protocol has problems that efficiency on communication and Brute-force attack. This paper shows weak points of Yoon-Yoo's protocol and proposes an RFID mutual authentication protocol with security and performance improvements.

  • PDF

The Analysis of Cipher Padding Problem for Message Recovery Security Function of Honey Encryption (허니암호의 메시지 복구보안 기능을 위한 암호패딩 문제점 분석)

  • Ji, Changhwan;Yoon, Jiwon
    • Journal of KIISE
    • /
    • v.44 no.6
    • /
    • pp.637-642
    • /
    • 2017
  • Honey Encryption (HE) is a technique to overcome the weakness of a brute-force attack of the existing password-based encryption (PBE). By outputting a plausible plaintext even if the wrong key is entered, it provides message recovery security which an attacker can tolerate even if the attacker tries a brute-force attack against a small entropy secret key. However, application of a cipher that requires encryption padding to the HE present a bigger problem than the conventional PBE method. In this paper, we apply a typical block cipher (AES-128) and a stream cipher (A5 / 1) to verify the problem of padding through the analysis of the sentence frequency and we propose a safe operation method of the HE.

A Countermeasure against Brute-force Attack using Digital Holography and DES Algorithm (디지털 홀로그래피와 DES 알고리즘을 이용한 전수키 공격 대응 기법)

  • Noh, Chang-Oh;Moon, In-Kyu;Cho, Beom-Joon
    • Journal of the Korea Society of Computer and Information
    • /
    • v.16 no.5
    • /
    • pp.73-78
    • /
    • 2011
  • The DES encryption algorithm employed in information security has a strong avalanche effect, and the processing speed to encrypt is also fast. However, due to the H/W advances, the secret key length of DES having 56bits is not enough so that it is easily exposed to brute force attack. In this paper, we present a new method to significantly increase the secret key length in the DES by integration of digital holography and DES algorithm. In addition, we evaluate the encryption performance of the proposed method by measuring the avalanche effect and verify the possibility of it.

Hardware Crypto-Core Based Authentication System (하드웨어 암호코어 기반 인증 시스템)

  • Yoo, Sang-Guun;Park, Keun-Young;Kim, Tae-Jun;Kim, Ju-Ho
    • Journal of the Institute of Electronics Engineers of Korea TC
    • /
    • v.46 no.1
    • /
    • pp.121-132
    • /
    • 2009
  • Default password protection used in operating systems have had many advances, but when the attacker has physical access to the server or gets root(administrator) privileges, the attacker can steal the password information(e.g. shadow file in Unix-like systems or SAM file in Windows), and using brute force and dictionary attacks can manage to obtain users' passwords. It is really difficult to obligate users to use complex passwords, so it is really common to find weak accounts to exploit. In this paper, we present a secure authentication scheme based on digital signatures and secure key storage that solves this problem, and explain the possible implementations using Trusted Platform Module(TPM). We also make a performance analysis of hardware and software TPMs inside implementations.

A Brute-force Technique for the Stepping Stone Self-Diagnosis of Interactive Services on Linux Servers (리눅스 서버에서 인터렉티브 서비스 Stepping Stone 자가진단을 위한 brute-force 기법)

  • Kang, Koo-Hong
    • Journal of the Korea Society of Computer and Information
    • /
    • v.20 no.5
    • /
    • pp.41-51
    • /
    • 2015
  • In order to hide their identities, intruders on the Internet often attack targets indirectly by staging their attacks through intermediate hosts known as stepping stones. In this paper, we propose a brute-force technique to detect the stepping stone behavior on a Linux server where some shell processes remotely logged into using interactive services are trying to connect other hosts using the same interactive services such as Telnet, Secure Shell, and rlogin. The proposed scheme can provide an absolute solution even for the encrypted connections using SSH because it traces the system calls of all processes concerned with the interactive service daemon and their child processes. We also implement the proposed technique on a CentOS 6.5 x86_64 environment by the ptrace system call and a simple shell script using strace utility. Finally the experimental results show that the proposed scheme works perfectly under test scenarios.

Quantum Cryptanalysis for DES Through Attack Cost Estimation of Grover's Algorithm (Grover 알고리즘 공격 비용 추정을 통한 DES에 대한 양자 암호 분석)

  • Jang, Kyung-bae;Kim, Hyun-Ji;Song, Gyeong-Ju;Sim, Min-Ju;Woo, Eum-Si;Seo, Hwa-Jeong
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.31 no.6
    • /
    • pp.1149-1156
    • /
    • 2021
  • The Grover algorithm, which accelerates the brute force attack, is applicable to key recovery of symmetric key cryptography, and NIST uses the Grover attack cost for symmetric key cryptography to estimate the post-quantum security strength. In this paper, we estimate the attack cost of Grover's algorithm by implementing DES as a quantum circuit. NIST estimates the post-quantum security strength based on the attack cost of AES for symmetric key cryptography using 128, 192, and 256-bit keys. The estimated attack cost for DES can be analyzed to see how resistant DES is to attacks from quantum computers. Currently, since there is no post-quantum security index for symmetric key ciphers using 64-bit keys, the Grover attack cost for DES using 64-bit keys estimated in this paper can be used as a standard. ProjectQ, a quantum programming tool, was used to analyze the suitability and attack cost of the quantum circuit implementation of the proposed DES.

Proposal and Implementation of Security Keypad with Dual Touch (이중 터치를 이용한 보안 키패드 제안 및 구현)

  • Song, Jinseok;Jung, Myung-Woo;Choi, Jung-In;Seo, Seung-Hyun
    • KIPS Transactions on Computer and Communication Systems
    • /
    • v.7 no.3
    • /
    • pp.73-80
    • /
    • 2018
  • Due to the popularity of smartphones and the simplification of financial services, the number of mobile financial services is increasing. However, the security keypads developed for existing financial services are susceptible to probability analysis attacks and have security vulnerabilities. In this paper, we propose and implement a security keypad based on dual touch. Prior to the proposal, we examined the existing types of security keypads used in the mobile banking and mobile payment systems of Korean mobile financial businesses and analyzed the vulnerabilities. In addition, we compared the security of the proposed dual touch keypad as well as existing keypads using the authentication framework and the existing keypad attack types (Brute Force Attack, Smudge Attack, Key Logging Attack, and Shoulder Surfing Attack, Joseph Bonneau). Based on the results, we can confirm that the proposed security keypad with dual touch presented in this paper shows a high level of security. The security keypad with dual touch can provide more secure financial services, and it can be applied to other mobile services to enhance their security.

A Polynomial-based Study on the Protection of Consumer Privacy (소비자 프라이버시 보호에 관한 다항식 기반 연구)

  • Piao, Yanji;Kim, Minji
    • Journal of Information Technology Services
    • /
    • v.19 no.1
    • /
    • pp.145-158
    • /
    • 2020
  • With the development and widespread application of online shopping, the number of online consumers has increased. With one click of a mouse, people can buy anything they want without going out and have it sent right to the doors. As consumers benefit from online shopping, people are becoming more concerned about protecting their privacy. In the group buying scenario described in our paper, online shopping was regarded as intra-group communication. To protect the sensitive information of consumers, the polynomial-based encryption key sharing method (Piao et al., 2013; Piao and Kim, 2018) can be applied to online shopping communication. In this paper, we analyze security problems by using a polynomial-based scheme in the following ways : First, in Kamal's attack, they said it does not provide perfect forward and backward secrecy when the members leave or join the group because the secret key can be broken in polynomial time. Second, for simultaneous equations, the leaving node will compute the new secret key if it can be confirmed that the updated new polynomial is recomputed. Third, using Newton's method, attackers can successively find better approximations to the roots of a function. Fourth, the Berlekamp Algorithm can factor polynomials over finite fields and solve the root of the polynomial. Fifth, for a brute-force attack, if the key size is small, brute force can be used to find the root of the polynomial, we need to make a key with appropriately large size to prevent brute force attacks. According to these analyses, we finally recommend the use of a relatively reasonable hash-based mechanism that solves all of the possible security problems and is the most suitable mechanism for our application. The study of adequate and suitable protective methods of consumer security will have academic significance and provide the practical implications.

A Consideration on Verification and Extension of Fermat's Factorization (페르마 인수분해 방법의 확장과 검증에 대한 고찰)

  • Jung, Seo-Hyun;Jung, Sou-Hwan
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.20 no.3
    • /
    • pp.3-8
    • /
    • 2010
  • There are some efficient brute force algorithm for factorization. Fermat's factorization is one of the way of brute force attack. Fermat's method works best when there is factor near the square-root. This paper shows that why Fermat's method is effective and verify that there are only one answer. Because there are only one answer, we can start Fermat's factorization anywhere. Also, we convert from factorization to finding square number.