Shortcoming of Google Blogger

다른 건 다 참을 수 있겠는데 파일 업로드가 불가능한 걸 참을 수 없다.

하지만 이해는 간다.
그로 인한 보안상의 문제가 무지막지하니 구글로서는 아마 이런 수밖에 없었나 싶다.
(뭐 나의 추측이지만...)

어쨌거나 너무 불편해...
메일처럼 exe를 제외한 파일포맷은 허용하던가..

CT :: Ch1. Regular Language

1. Finite Automata

 1) Definition of FA

 Define FA M = (Q, ∑, δ, q0, F)

 Q : a finite set of states

 ∑ : a finite set of alphabets

 δ : transition function ( Q x ∑ -> Q )

 q0: start state

 F : the set of accept states

2. Language and Machine

 1) Relation of Language and Machine

  Let A is the set of all strings that machine M accepts,

  <-> A is the language of machine M

  <-> L(M) = A

  <-> M recognizes A

  <-> A = { w | M accepts w}

 2) Acceptability

 M accepts w

  <-> a sequence of states r0, r1 … r(n) is 

      Q exists with 3 conditions:

     1) r0 = q0

     2) Delta( r(i), w(i+1) ) = r(i+1)

     3) r(n) ∈ F

  ※ How can we prove the fact that Automata A equals Automata B?

   : prove that L(A) = L(B) like this.

     …

3. Regular Language

 1) Definition of RL

  Language A is a regular language if some FA recognizes it

  (Exam) Design FA that recognizes given regular language. 

 2) Operations:

  Let A, B be regular languages,

  (1) Union:   A ∪ B = { x | x ∈ A or x ∈ B }

  (2) Concatenation:  A ∘ B = { xy | x ∈ A and y ∈ B }

  (3) Star:   A* = { x₁x₂ … x(k) | k ≥ 0, x(i) ∈ A }

        = A₀ ∪ A₁ ∪ A₂ ∪ …

 3) Closed under the union operator?

  <-> if A, B are RLs then so is A ∪ B

  (proof)

  Let A, B be RLs,

     L(M1) = A, L(M2) = B,

     M1 = (Q1, ∑, δ1, q1, F1),

     M2 = (Q2, ∑, δ2, q2, F2)

 Define M’ = (Q, ∑, δ, q0, F).

 Q = { (r1, r2) | r1 ∈ Q1 and r2 ∈ Q2 }

 δ = δ( (r1, r2) , a ) = ( δ(r1, a) , δ(r2, a) )

 q0= (q1, q2)

 F = (F1 x Q2) ∪ (Q1 x F2) = { (r1, r2) | r1 ∈ F1 or r2 ∈ F2 }

  

 Since FA M’ which recognizes A ∪ B is defined,

 so by RL definition, A ∪ B is RL.

 4) Closed under the concatenation operator?

 <-> if A, B are RLs then so is A ∘ B.

 (Problem) Where should we break its input into 2 pieces? 

           We don’t know …

4. Nondeterminism

 1) Characteristics

 δ: a state may have 0, 1, more arrows for each alphabet symbol

 ∑: a state may have arrows labeled with the alphabet or ε

 Acceptability: if anyone of transition paths acceptable, 

                NFA accepts the input

 2) Definition of NFA

 NFA N = (Q, ∑, δ, q0, F)

 Q : a finite set of states

 ∑ : a finite set of alphabets

 δ : transition function ( Q x ∑ε -> P(Q) )

 q0: start state

 F : the set of accept states

 3) Equivalence of NFAs and DFAs

 (proof by induction)

 Let  A be RL

  NFA N = (Q, ∑, δ, q0, F)

  DFA M = (Q’, ∑, δ’, q0’, F’)

 - Basis

   : 만약 N이 ε을 accept할 때, 
     q0로부터 ε으로 transition가능한 state집합을 E(q0)라고 하면,

     q0’ = E(q0)이고 for r ∈ q0’, r ∈ F, thus q0’ ∈ F’,

     so that, M accept ε.

     또한 N이 symbol x를 accept할 때, 
     q0로부터 x로 transition가능한 state집합을 E(q1)라고 하면,

     q1’ = E(q1)이고 q1’의 r ∈ q1’, r ∈ F, thus q1’ ∈ F’
     so that, M accepts every string w whose length is 1.

 - Steps:

   : 만약 N이 w ∈ A(n)를 accept한다면, 
     M이 w ∈ A(n)를 accept한다고 가정하자.

     그리고 w가 n번째 symbol일때,
     N이 도착한 state를 q(n), M이 도착한 state를 r(n)이라 하자.

     이 때, 만약 NFA N이 |v| = n+1인 v를 accept한다면, 

     NFA N이 q(n)까지 오는 동안 n개에 대해 transition하고,

     q(n)에서 마지막 symbol 1개에 대한 transition을 accept한다.

  
     그리고 가정에서 n개 이하의 길이에 대해
     N이 accept하면 M도 accept하므로,

     DFA M도 r(n)까지 오는 동안 n개에 대해 transition하고,

     r(n)에서 마지막 symbol 1개에 대한 transition을 accept한다.

     즉, NFA N이 w ∈ A(n)를 accept할 때, M이 w ∈ A(n)를 accept하고,

     NFA N이 |v| = n+1인 v를 accept할 때, DFA M도 v를 accept한다.

     그러므로 만약 N이 w’ ∈ A(n+1)를 accept한다면, 
     M도 w’ ∈ A(n+1)를 accept한다.

 - Conclusion:

   : By Basis and Steps, L(N)-> L(M),

     and L(M)->L(N)

     ∴ NFA = DFA (동치)

 4) Relation of Regular Language and NFA

 : A is a RL if and only if there exist NFA recognizes A

 (proof)

 NFA can be converted into an equivalent DFA

 Therefore, there exist DFA recognizes A

5. Closure under the Regular Operation (3)

 1) Union    ∪

 If L1, L2 be RLs, (L1 ∪ L2) is a RL

 Let N1, N2 are NFAs such that L1 = L(N1), L2 = L(N2)

 (proof)

 <->  there exist NFA N recognizes (L1 ∪ L2)

 Let N1 = (Q1, ∑, δ1, q1, F1)

     N2 = (Q2, ∑, δ2, q2, F2)

 Construct N = (Q, ∑, δ, q0, F) to recognize (L1 ∪ L2)

 Q = Q1 U Q2 U {q0}

 δ = δ1(q, a)  if q ∈ Q1

     δ2(q, a)  if q ∈ Q2

     {q1, q2}  if q = q0 and a ∈ ε

     ∅         if q = q0 and a ∉ ε

 F = F1 U F2

 1) Concatenation ∘ 

 If L1, L2 be RLs, (L1 ∘ L2) is a RL

 Let N1, N2 are NFAs such that L1 = L(N1), L2 = L(N2)

 (proof)

 <->  there exist NFA N recognizes (L1 ∘ L2)

 Let N1 = (Q1, ∑, δ1, q1, F1)

     N2 = (Q2, ∑, δ2, q2, F2)

 Construct N = (Q, ∑, δ, q1, F2) to recognize (L1 ∘ L2)

 Q = Q1 U Q2

 δ = δ1(q, a)         if q ∈ Q1, q ∉ F1

     δ1(q, a)         if q ∈ F1, a ∉ ε

     δ1(q, a) U {q2}  if q ∈ F1, a ∈ ε

     δ2(q, a)         if q ∈ Q2

 1) Kleene Star *

 If L1 be a RL, L1* is a RL

 Let N are NFAs such that L1 = L(N)

 (proof)

 <->  there exist NFA N recognizes L1*

 Let N1 = (Q1, ∑, δ1, q1, F1)

 Construct N = (Q, ∑, δ, q0, F1) to recognize L1*

 Q = Q1 U {q0}

 δ = δ1(q, a)         if q ∈ Q1, q ∉ F1

     δ1(q, a)         if q ∈ F1, a ∉ ε

     δ1(q, a) U {q1}  if q ∈ F1, a ∈ ε

     {q1}             if q = q0, a ∈ ε

     ∅                if q = q0, a ∉ ε

6. Regular Expression

 1) Definition of RE

    : R is a regular expression if R is

  (1) symbol a for some a in the alphabet ∑,

  (2) ε,

  (3) ∅,

  (4) (R1 U R2), where R1 and R2 are REs,

  (5) (R1 ∘ R2), where R1 and R2 are REs,

  (6) R1*, where R1 is a RE.

 2) Equivalence between RE with FA

    A is a RL if and only if there exists a RE describes it

    (proof: two direction)

  (1) If A is described by a RE, then A is a RL

     (proof by case-by-case)

     if R = a, ➝◯─a➝◎

     if R = ε, ➝◎

     if R = ∅, ➝◯

     if R = R1 U R2

     if R = R1 ∘ R2

     if R = R1*

  (2) If A is a RL, there exists a RE describes it

     (concept: converting from DFA to GNFA, from GNFA to RE)

7. Non-Regular Language

   *Pumping Lemma: Technique for proving non-regularity 

    If A is a RL, 

    s is any string in A, |s| >= p,

    which may be divided into three pieces, s = xyz,

    satisfying the following 3 conditions:

    1. for each i >= 0, x(y^i)z ∈ A,

    2. |y| > 0, 

    3. |xy| <= p.

    (proof concept)

    There exist a FA accepting finite every input string.

    About infinite length, 

    Let total number of states be p.

    

    If length of string s is p, necessary amount is p+1.

    Thus, by pigeonhole principle, 

    at least one state is duplicated.

    

    About duplicated 2 state, 

    Let the state be q1, q2.

    

    We can think that string of q0~q1 be x,

                      string of q1~q2 be y,

                      string of q2~q(p+1) be z.

    and since q1 = q2,

    1. for i >= 0, x(y^i)z ∈ A

    2. |y| = q1~q2 > 0 (at least 1, because between 2 states)

    3. |xy| = q0~q2 <= p (maximum p, because max-length is p) 

Moon on the water (Beck OST)

난 조용한 노래가 좋나봐

Virtualbox 기본설정

host OS : Mac OS X

guest OS : Ubuntu (Linux)

step 1 : 게스트확장 설치

step 2 : 터미널에서 다음의 명령어 수행

        > mount -t vboxsf Shared /shared        //mount (type) (option?) (공유폴더 이름) (마운트할 경로)

예전에 네이버 블로그 쓸때 기록했던건데,

나중을 위해 백업해두기.

sizeof(short) == 2

매번 char, int, string, ... 만 다루다가 이 단순한 것 때문에 2시간을 욕봤네.

이더넷 헤더출력을 구현하다가 분명히 제대로 코딩했다고 생각했는데

프로토콜 필드가 IP든, ARP든 모두 IP로 출력되는 것이 이상하고 또 이상했다.

wireshark와도 비교하면서 왜 그런지 계속- 고민하다가

이미 짜여진 샘플코드와 정말 하나하나 비교하면서 찾아낸 것이,

struct ether_header {

    u_char ether_dhost[...];

    u_char ether_shost[...];

    u_short ether_type;

}

라고 해야할 것을 나는,

struct ether_header {

    u_char ether_dhost[...];

    u_char ether_shost[...];

    u_char ether_type;

}

라고 해버렸던 것이다.

ip에 대한 프로토콜 필드값이 0x0800,

arp에 대한 프로토콜 필드값이 0x0806이고,

char가 1byte, short가 2byte인 것을 생각해봤을때,

char는 1byte로서 08만 받아서 앞에 1byte만 비교를 하니

당연히 처음 비교하는 ip와 매칭이 되서 계속 ip를 출력하고 있었던 것이다.

아.. 내 아까운 2시간.. 시험공부도 해야하는데 -.-

그래도 이러고나면 나중에 까먹진 않겠지? 설마~

마지막으로 짚고 넘어갈 것은 이더넷 헤더는 상위 헤더와는 다르게 

destination addr가 source addr보다 앞에 나오더라.

IP 시험공부할 때도 몰랐는데 이제라도 알았으니 다행..

Wireshark 구현 :: cygwin & winpcap 설정부터 컴파일까지

link: cafe.naver.com/sec/
reference: 시스템 해킹의 원리와 이해, p.6, p.20



1. cygwin 설치: cafe.naver.com/sec/2445

2. WinPcap_4_1_2.exe 설치: http://www.winpcap.org/install/default.htm

3. WpdPack_4_1_2.zip 압축풀기: http://www.winpcap.org/devel.htm

4. 압축 푼 WpdPack/lib 디렉토리의 libpacket.a, libwpcap.a를 c:\cygwin\lib\ 에 복사

5. c:\cygwin\usr\include\pcap 디렉토리 생성하고 이 안에

6. 압축 푼 WpdPack/include 디렉토리 내의 모든 파일를 복사

7. cygwin 정상설치 확인법: 아래와 같이 나오면 정상

$ which packet.dll
/cygdrive/c/WINDOWS/system32/packet.dll
$ which wpcap.dll
/cygdrive/c/WINDOWS/system32/wpcap.dll

8. 컴파일하기: 컴파일에 앞서 파일권한을 변경(chmod a+x ...)

$ /gcc -I /usr/include/pcap -c basic_dump.c
$ /gcc -I /usr/include/pcap -o basic_dump.exe basic_dump.c -lwpcap -lwsock32



-끝-

IS :: Security in Networks (Ch7)

1.  Threat & Control

 1) Snooping

: Eavesdropping on a dialog (Interception)

: Encryption for Confidentiality

 2) Spoofing

: Impersonation (Fake src address, why?)

: Hop Count Filtering using TTL

 3) Alternation

: Message modification

: Use Secure Dialog System

 4) Replay Attack

: Retransmit same(authenticated) packets continually that an attacker intercepted

: Time Stamp(fresh packet), Sequence Number(duplication check)

 5) DoS (Denial of Service)

: Disrupt normal services by consuming all available resources

: Connection Flooding

  - Smurf

  - Syn Flooding (preprocess for IP Spoofing)

  - DNS Attack

  - Echo-Chargen, Ping of Death, Traffic Redirection

: EASY TO BE BLOCKED ABOUT LIMITED VOLUME -> DDoS

(1) DDos (Distributed Denial of Service)

: DoS attack by many machines called by zombies(Botnet) 

(2) Amplification Attack

: Attacker - Botnet - Reflector - Victim

: DNS Amplification(DNS query), Broadcasting Ping(Smurf)

(3) Complexity Attack

: more severe according to a target

: such as NIDS(Network-based Intrusion Detection System)

(4) Algorithmic Complexity Attack

: Send carefully chosen messages for the worst-case execution

: Legitimated high traffic volume - “slash-dotted” or “flash crowd”

: Defense

  - Before: Prevention & Preemption (Need good incident response plan)

  - During: Detection & Filtering (Have network monitor and IDS)

  - After: Source Traceback & Identification

2. Attack Prevention

 1) Block Spoofed Src Address: 자신의 주소를 가지지 않은 패킷을 차단(서브넷 라우터 단에서 가능)

 2) Rate Control in upstream: on Specific Packet Type

 3) Use modified TCP connection handling: SYN Cookies (when table full)

 4) Block IP directed broadcasts

 5) Use CAPTCHA: “puzzle” to be solved by only human

 6) Use Mirror Site

3. Firewall

 1) Packet Filter Firewall: checking all packet TCP/IP headers

 2) Application (Proxy) Firewall: use history

4. Intrusion Detection

 1) IDS (Intrusion Detection System)

: detect & report intrusions

 2) IDS Principles

(1) Observe deviations from past history

(2) Parameter = Evaluation Criteria

  - Anomaly Detection: 유저 행동분석 - Threshold Detection(time), Profile based(behavior)

  - Signature Detection: 공격 패턴정의 - Pattern Matching corresponding to a attack type

(3) Problems

  - False Positives(FP): 실제로는 비정상인데 정상으로 잘못 판단하는 경우

  - False negatives(FN): 실제로는 정상인데 비정상으로 잘못 판단하는 경우

  - Must Compromise

   

  * False Positive Rate(FPR) = FP / Total N = FP / (FP + TN)

  * False Negative Rate(FNR) = FN / Total T = FN / (FN + TP)

  * Removing Ambiguity

  True positive는 결과가 Positive이면서 실제 사실과 맞으니까 True이다. 그래서 TP

  True negative는 결과가 Negative이면서 실제 사실과 맞으니까 True이다. 그래서 TN

  False positive는 결과가 Positive인데 잘못된 결과도출이다. 그래서 FP

  False negative는 결과가 Negative인데 잘못된 결과도출이다. 그래서 FN

(4) Location

1) NIDS: Network-based Intrusion Detection System

2) HIDS: Host-based Intrusion Detection System

5. Why Security?

 1) Speed: 보안에 신경쓰다보면 속도에 문제가 쓰이므로 이 방법을 개선해야 함

 2) Ubiquity: 계속해서 새로운 네트워크 환경이 만들어지므로 그러한 환경에서의 보안문제를 개척해야 함

IS :: Security Problems in Computing (Ch1)

1. What does “secure” means?

 1) protecting valuables - HW, SW, data

2. Objectives

 1) understanding security problems

 2) understanding methods available to deal with such problems

3. Terms

 1) Vulnerability: weakness in a system

 2) Threat: circumstances that has the potential for violation of security

 3) Risk: possibility[probability] that a threat results in a loss

 4) Control: mechanism[countermeasure] that removes vulnerability

 5) Attack: perpetrating conduct for a human to exploit a vulnerability

 6) Harm: damage occurred when a threat is realized

 7) Example

    water flooding = Threat

    crack = Vulnerability

    finger = Control

    height = Risk

4. What is “computer Security”?

 : many many various opinions…

5. Basic Security Components (CIA)

 1) Confidentiality: prevention of unauthorized disclosure of information (VISIBILITY)

 2) Integrity: prevention of unauthorized modification of information (MODIFY)

 3) Availability: prevention of unauthorized withholding of information (ACCESS)

6. Security Attacks

 1) Interruption: interrupt data transmission, attack on \A, DDoS

 2) Interception: intercept data passively, attack on \C, Snipping

 3) Modification: modify original data, attack on \I, BOF

 4) Fabrication: fabricate certain data, attack on \CIA, Spoofing

 - Passive Attack: difficult to detect, easy to prevent

 - Active Attack: possible to detect, difficult to prevent

7. Attack Methods

 1) Physical Access Attack: vandalism

 2) Dialog Attack: eavesdropping(도청)

 3) Penetration Attack: DoS, Malware, Virus, Worm

 4) Social Engineering: password theft

8. MOM (necessary condition to attack)

 1) Method: skill, knowledge, tool

 2) Opportunity: time, access

 3) Motive: reason - attractive, easy, anonymity

9. Defense (Control)

 1) way: prevent, deter, deflect, detect

 2) SW control: Access limitation in OS, DB

 3) HW control: Smart Card

 4) Secure Policy: frequent change of passwords

 5) Physical control: limited access to machine rooms

 6) Social Engineering Defense: training, punishment

 7) Dialog Attack Defense: Cryptography

 - Multiple Controls: Layered approach to secure