Young-Jun Heo

A design of unidirectional security gateway for enforcement reliability and security of transmission data in industrial control systems

Recently, targeted attacks are increased against industrial control system facilities. In order to protect these facilities from attacks, defence-in-depth strategy can be applied to industrial control systems. It separates control network and business network, and uses a one-way data transmission technology for data transfer between higher security area and lower security area. But most of the current unidirectional security gateway system is just only data transmission without considering the reliability and security. In this paper, to guarantee the reliability and security of transmitted data, we design a unidirectional security gateway system, UNIWAY, which provides forward error correction, session management, packet sequence number, IP/Port filter, content filter, and protocol break.

Development of unidirectional security gateway appliance using intel 82580EB NIC interface

Recently, cyber-attacks are increasingly targeting industrial control system facilities such as Stuxnet, Duke, and Flame. In order to protect these facilities from attacks, they separate industrial control systems from business network, and use a one-way data transmission technology for data transfer between each other systems. In this paper, we develop a unidirectional security gateway system, UNIWAY, which provides session management, packet loss prevention, access control, and malware detection for ensuring reliability and security of transfer data. To easily applying one-way technology, we use commercial Intel 82580EB NIC interface, and show 1Gbps data transfer throughput.

Towards Automatically Generating Double-Free Vulnerability Signatures Using Petri Nets

With the increased popularity of polymorphic and register spring attacks, exploit signatures intrusion detection systems (IDS) can no longer rely only on exploit signatures. Vulnerability signatures that pattern match based on properties of the vulnerability instead of the exploit should be employed. Recent research has proposed three classes of vulnerability signatures but its approach cannot address complex vulnerabilities such as the ASN.1 Double-Free. Here we introduce Petri nets as a new class of vulnerability signature that could potentially be used to detect other types of vulnerabilities. Petri nets can be automatically generated and are represented as a graph making it easier to understand and debug. We analyzed it along side the three other classes of vulnerability signatures in relation to the Windows ASN.1 vulnerability. The results were very promising due to the very low false positive rate and 0% false negative rate. We have shown that Petri nets are a very efficient, concise, and effective way of describing signatures (both vulnerability and exploit). They are more powerful than regular expressions and still efficient enough to be practical. Comparing with the other classes, only Turing machines provided a better identification rate but they incur significant performance overhead.

Efficient architecture for exponentiation and division in GF(2 m ) using irreducible AOP

The important arithmetic operations over finite fields include exponentiation, division, and inversion. An exponentiation operation can be implemented using a series of squaring and multiplication operations over GF(2m) using a binary method, while division and inversion can be performed by the iterative application of an AB2 operation. Hence, it is important to develop a fast algorithm and efficient hardware for squaring, multiplication, and AB2 operations. The current paper presents new architectures for the simultaneous computation of multiplication and squaring operations, and the computation of an AB2 operation over GF(2m) generated by an irreducible AOP of degree m. The proposed architectures offer a significant improvement in reducing the hardware complexity compared with previous architectures, and can also be used as a kernel circuit for exponentiation, division, and inversion architectures. Furthermore, since the proposed architectures include regularity, modularity and concurrency, they can be easily designed on VLSI hardware and used in IC cards.

A memory-based learning approach to reduce false alarms in intrusion detection

Signature-based IDS is known to have acceptable accuracy but suffers from high rates of false alarms. We show a behavior based alarm reduction by using a memory-based machine learning technique - instance based learner. Our extended form of IBL (XIBL) examines SNORT alarm signals if that signal is worthy sending signals to security manager. A preliminary experiment shows that these exists an apparent difference between true alarms and false alarms with respect to XIBL behavior and the full experiment successfully exhibits the power of hybrid system is there is a rich set of analyzed data such as DARPA 1998 data set we used