• Convergence Security Journal
• /
• v.12 no.4
• /
• pp.9-15
• /
• 2012

In recently years, repackaged malwares are becoming increased rapidly in Android smartphones. The repackaging is a technique to disassemble an app in a market, modify its source code, and then re-assemble the code, so that it is commonly used to make malwares by inserting malicious code in an app. However, it is impossible to collect all the apps in many android markets including too many apps. To solve the problem, we propose RePAD (RePackaged App Detector) scheme that is composed of a client and a remote server. In the smartphone-side, the client extracts the information of an app with low CPU overhead when a user installs the app. The remote server analyzes the information to decide whether the app is repackaged or not. Thus, the scheme reduces the time and cost to decide whether apps are repackaged. For the experiments, the client and server are implemented as an app on Galaxy TAB and PC respectively. We indicated that seven pairs of apps among ones collected in official and unofficial market are repackaged. Furthermore, RePAD only increases the average of CPU overhead of 1.9% and the maximum memory usage of 3.5 MB in Galaxy TAB.

• Convergence Security Journal
• /
• v.6 no.4
• /
• pp.161-169
• /
• 2006

According to the development of information system, many information system and application soft-ware are develop. However, cyber attack and incident have more increased to the development of them. To defend from cyber attack and incident, many organizations has run information security systems, such as Intrusion Detection System, Firewall, VPN etc, and employed information Security person till now But they have many difficulty in operating these information security component because of the lack of organizational management and analysis of each role. In this paper, We propose the formal Cause-Effect Model related with the information security system and administrative mission per each security. In this model, we regard information system and information system operator as one information component. It is possible to compose the most suitable information component, such as information system, human resource etc., according to the analysis of Cause-Effect Model in this paper. These analysis and approaching methodology can make effective operation of each limited resource in organization and effective defense mechanism against many malicious cyber attack and incident.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2008.10a
• /
• pp.728-731
• /
• 2008

Recently demands in construction of the stand-alone networks and interconnection between convergence devices have led an increase in research on IETF MANET working group, Bluetooth, and HomeRF working group and much attention has been paid to the application of MANET as a Ubiquitous network which is growing fast. With performance both as hosts and routers, easy network configuration, and fast response, mobile nodes participating in MANET are suitable for Embedded computing, but have vulnerable points, such as lack of network scalability and dynamic network topology due to mobility, passive attacks, active attacks, which make continuous security service impossible. For perfect MANET setting, routing is required which can guarantee security and efficiency through secure routing. In routing in this study, hashed AODV is used to protect from counterfeiting messages by malicious nodes in the course of path 'finding and setting, and disguising misrouted messages as different mobile nodes and inputting them into the network.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.39B no.6
• /
• pp.397-405
• /
• 2014

Software-Defined Networking (SDN), which separates the control plane from the data plane and manages data planes in a centralized way, is now considered as a future networking technology, and many researchers and practitioners have dived into this area to devise new network applications, such new routing methods. Likewise, network security applications could be redesigned with SDN, and some pioneers have proposed several interesting network security applications with SDN. However, most approaches have just reimplemented some well-known network security applications, although SDN provides many interesting features, They didn't effectively use them. To investigate if we can use SDN in realizing sophisticated network security applications, we have designed and implemented an advanced network security application, Reflectornet, which redirects malicious or suspicious network trials to other security monitoring points (e.g., honeypot). In addition, we have tested its performance and practicability in diverse angles. Our findings and some insights will encourage other researchers to design better or intelligent network security applications with SDN.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.11 no.1
• /
• pp.536-551
• /
• 2017

With the advancement and deployment of leading-edge telecommunication technologies for sensing and collecting, computing related information, Cloud of Things (CoTs) has emerged as a typical application platform that is envisioned to revolutionize the daily activities of human society, such as intelligent transportation, modern logistics, food safety, environmental monitoring, etc. To avoid any possible malicious attack and resource abuse, employing hash functions is widely recognized as one of the most effective approaches for CoTs to achieve message integrity and data authentication. The Whirlpool hash function has served as part of the joint ISO/IEC 10118-3 International Standard by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). In this paper, we propose an effective differential fault analysis on Whirlpool in the byte-oriented random fault model. The mathematical analysis and experimental results show that 8 random faults on average are required to obtain the current 512-bit message input of whirlpool and the secret key of HMAC-Whirlpool. Our work demonstrates that Whirlpool and HMAC-Whirlpool are both vulnerable to the single byte differential fault analysis. It provides a new reference for the security analysis of the same structure of the hash functions in the CoTs.

• Smart Media Journal
• /
• v.4 no.4
• /
• pp.80-85
• /
• 2015

As the number of applications using the internet the rapidly increasing incidence of cyber attacks made on the internet has been increasing. In the equipment of L3 DDoS attack detection equipment in the world and incomplete detection of application layer based intelligent. Next-generation networks domestic product in high-performance wired and wireless network threat response techniques to meet the diverse requirements of the security solution is to close one performance is insufficient compared to the situation in terms of functionality foreign products, malicious code detection and signature generation research primarily related to has progressed malware detection and analysis of the research center operating in Window OS. In this paper, we describe the current status survey and analysis of the latest variety of new attack techniques and analytical skills with the latest cyber-attack analysis prejudice the security situation.

• Journal of Communications and Networks
• /
• v.17 no.5
• /
• pp.453-462
• /
• 2015

Body area networks (BANs) have emerged as an enabling technique for e-healthcare systems, which can be used to continuously and remotely monitor patients' health. In BANs, the data of a patient's vital body functions and movements can be collected by small wearable or implantable sensors and sent using shortrange wireless communication techniques. Due to the shared wireless medium between the sensors in BANs, it may be possible to have malicious attacks on e-healthcare systems. The security and privacy issues of BANs are becoming more and more important. To provide secure and correct association of a group of sensors with a patient and satisfy the requirements of data confidentiality and integrity in BANs, we propose a novel enhanced secure sensor association and key management protocol based on elliptic curve cryptography and hash chains. The authentication procedure and group key generation are very simple and efficient. Therefore, our protocol can be easily implemented in the power and resource constrained sensor nodes in BANs. From a comparison of results, furthermore, we can conclude that the proposed protocol dramatically reduces the computation and communication cost for the authentication and key derivation compared with previous protocols. We believe that our protocol is attractive in the application of BANs.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.42 no.1
• /
• pp.250-256
• /
• 2017

Recently, the use of mobile devices has increased in order to provide a variety of services, and thus there has been a surge in the number of application malicious attacks on the Android platform. To resolve the problem, the domestic financial sector has been introducing the app anti-tamper solution based on cryptographic algorithms. However, since the capacity of apps installed in smartphones continues to increase and environments with limited resources as wearables and IoTs spread, there are limitations to the processing speed of the anti-tamper solutions. In this paper, we propose a novel anti-tamper solution by using lightweight hash function LEA and LSH. We also present the test results of a simulation program that implements this method and compare the performance with anti-tamper solutions based on the previous cryptographic algorithms.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.1
• /
• pp.29-37
• /
• 2020

Work to improve network throughput has been focused on network coding as the utilization of IoT-based application services increases and network usage increases rapidly. In network coding, nodes transform packets received from neighboring nodes into a combination of encoded packets for transmission and decoding at the destination. This scheme is based on trust among nodes, but in the IoT environment where nodes are free to join, a malicious node can fabricate the packet if it legally participates in the configuration. It is difficult to identify the authenticity of the encoded packet since the packet received at destination is not a single source but a combination of packets generated by several nodes. In this paper, we propose a method to detect "look-like-valid" packets that have been attacked and disguised in packets received at destination, and to identify valid messages in the reconstructions. This method shows that network coding performance is significantly improved because the destination can reconstruct a valid message with only received packets without retransmission with a high probability, despite the presence of disguised packets.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2013.10a
• /
• pp.1037-1040
• /
• 2013

Based on easy construction and operation compared with infra-structure communication netowrks, and rapid spreading of smart phone having high powered calculation ability and Wi/Fi function, usage of MANET(Mobile Ad-Hoc Network), which is configured with simply several terminals, is increased in applications of emergency communications, leisure, explorations. However, because of supporting difficulty of communication infra-structure makes some defects of malicious information intrusion like as hacking. In this paper, effects of transmission performance caused by information intrusion is analyzed. The results of published studies is based on environment of continuous intrusions, but this paper assumed intermittent attacking condition. In this paper, blackhole attack is used for intrusion type to MANET, voice traffic is used as a application traffic. Compuer simulation, based on NS-2, is used for measuring of performance parameters, and the analysis for the simulation results is shown as considerations of this paper.