Jae-Hyun Seo

Experiments and Countermeasures of Security Vulnerabilities on Next Generation Network

IPv6 is the next generation protocol designed by the IETF to replace the current version Internet protocol, IPv4. It is difficult to translate immediately from IPv4 to IPv6 because of financial and technical problems. So mixed IPv4/IPv6 network is expected to be formed. IPv6 is more secure than IPv4, but IPv6 still has many security vulnerabilities that are not only the same on IPv4 but also the new. This paper describes the security vulnerabilities on IPv6 and IPv4/IPv6 network that are difference and new features in comparison to IPv4, and some possible solutions for security vulnerabilities on IPv6 and mixed IPv4/IPv6 network. Finally, this paper describes the scenarios of security vulnerabilities about the routing header and fragment header of IPv6, and source spoofing on DSTM, also the result of the experiments that are firewall evasion, DoS on native IPv6 network and DoS on DSTM.

A privacy protection model in ID management using access control

The problem of privacy of the Identity Management System (IMS) is the most pressing concern of ordinary users. Uncertainty about privacy keeps many users away from utilizing IMS. Most privacy-enhancing technologies such P3P, E-P3P and EPAL use purposes or policies to ensure privacy that is set by users. Access control is arguably the most fundamental and pervasive security mechanism in use. This paper proposes a privacy protection model using access control for IMS. The proposed model protects privacy using access control techniques with privacy policies in a single circle of trust. We address characteristics of components for the proposed model and describe access control procedures. After that, we show protection architecture and XML-based schema for privacy policies.

Auto-generation of detection rules with tree induction algorithm

A generation of rule for detecting an attack from enormous network data is very difficult, and this is commonly required an experts experiences. An auto-generation of detection rules cut down on maintenance or management expenses of intrusion detection systems, but the problem is accuracy for the time being. In this paper, we propose an automatic generation method of detection rules with a tree induction algorithm that is adequate to search special rules based on entropy theory. While we progress the experiment on rule generation and detection with extracted information from network session data, we found a problem in selecting measures. To solve the problem, we present a method of converting the continuous measures into categorical measures and a method of choosing a good measure according to the accuracy of the generated detection rules. As the result, the detection rules for each attack are automatically generated without any help of the experts. Also, the correctness of detection improves according to the selection of network measures.

Network anomaly behavior detection using an adaptive multiplex detector

Due to the diversified threat elements of resources and information in computer network system, the research on a biological immune system is becoming one way for network security. Inspired by adaptive immune system principles of artificial immune system, we proposed an anomaly detection algorithm using a multiplex detector. In this algorithm, the multiplex detector is created by applying negative selection, positive selection and clonal selection to detect anomaly behaviors in network. Also the multiplex detector gives an effective method and dynamic detection. In this paper, the detectors are classified by K-detector, memory detector, B-detector, and T-detector for achieving multi level detection. We apply this algorithm in intrusion detection and, to be sure, it has a good performance.

Regional CRL Distribution Based on the LBS for Vehicular Networks

To protect the members of the vehicular networks from malicious users and malfunctioning equipments, certificate revocation list (CRL) should be distributed as quickly and efficiently as possible without over-burdening the network. The common theme among existing methods in the literature to reduce distribution time is to reduce the size of the CRL, since smaller files can be distributed more quickly. Our proposal has been concerned with the problem of how to reduce the size of CRL effectively. We propose a regional CRL distribution method that introduces partitioned CRLs corresponding to certificate authority (CA) administrative regions. A regional CRL includes only neighbouring vehicle’s revoked certificates and distributed to vehicles within one CA region. Consequently, since there is no need to process full CRLs by all vehicles, the method can reduce computational overhead, long authentication delay, message signature and verification delay, and processing complexity imposed by full CRL distribution methods.

A security architecture for adapting multiple access control models to operating systems

In this paper, we propose a new security architecture for adapting multiple access control models to operating systems. As adding a virtual access control system to a proposed security architecture, various access control models such as MAC, DAC, and RBAC are applied to secure operating systems easily. Also, the proposed was designed to overcome the deficiencies of access control in standard operating systems, makes secure OS more available by combining access control models, and apply them to secure OS in runtime.

An effective method for analyzing intrusion situation through IP-Based classification

Due to a false alert or mass alerts by current intrusion detection systems, the system administrators have difficulties in real-time analysis of an intrusion. In order to solve this problem, it has been studied to analyze the intrusion situation or correlation. However, the existing situation analysis method is grouping with the similarity of measures, and it makes hard to respond appropriately to an elaborate attack. Also, the result of the method is so abstract that the raw information before reduction must be analyzed to realize the intrusion. In this paper, we reduce the number of alerts using the aggregation and correlation and classify the alerts by IP addresses and attack types. Through this method, our tool can find a cunningly cloaked attack flow as well as general attack situation, and more, they are visualized. So an administrator can easily understand the correct attack flow.