• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.6
• /
• pp.1043-1052
• /
• 2020

Signature-based malicious code detection methods share a common limitation; it is very hard to detect modified malicious codes or new malware utilizing zero-day vulnerabilities. To overcome this limitation, many studies are actively carried out to classify malicious codes using N-gram. Although they can detect malicious codes with high accuracy, it is difficult to identify malicious codes that uses very short codes such as Spectre. We propose a function level N-gram comparison algorithm to effectively identify the Spectre binary. To test the validity of this algorithm, we built N-gram data sets from 165 normal binaries and 25 malignant binaries. When we used Random Forest models, the model performance experiments identified Spectre malicious functions with 99.99% accuracy and its f1-score was 92%.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.6
• /
• pp.1365-1373
• /
• 2019

Meltdown and Spectre are vulnerabilities that exploit out-of-order execution and speculative execution techniques to read memory regions that are not accessible with user privileges. OS patches were released to prevent this attack, but older systems without appropriate patches are still vulnerable. Currently, there are some research to detect Meltdown and Spectre attacks, but most of them proposed dynamic analysis methods. Therefore, this paper proposes a binary signature that can be used to detect Meltdown and Spectre malware without executing them. For this, we collected 13 malicious codes from GitHub and performed binary pattern analysis. Based on this, we proposed a static detection method for Meltdown and Spectre malware. Our results showed that the method identified all the 19 attack files with 0.94% false positive rate when applied to 2,317 normal files.

• Review of KIISC
• /
• v.30 no.1
• /
• pp.55-60
• /
• 2020

2018년 1월, Meltdown, Spectre와 같은 마이크로아키텍처의 취약점을 이용하는 부채널 공격이 등장하면서 전 세계적으로 부채널 공격에 관한 관심이 증가하였다. 또한, 소모 전력 분석, 전파 분석 등 전통적 부채널 공격과는 달리 캐시의 상태변화를 이용하는 공격인 캐시 부채널 공격이 Meltdown, Spectre에 이용되면서 이에 관한 다양한 연구가 진행되고 있다. 이러한 유형의 공격은 완벽하게 방어할 수 있는 대응 패치가 존재하지 않고 일부 공격에 대응할 수 있는 대응 패치도 모든 시스템에 적용할 수 없은 경우가 많으므로 완벽한 대응이 매우 힘든 실정이다. 특히 캐시 부채널 공격을 이용하여 SGX와 같은 TEE(Trusted Execution Environment)를 공격할 수 있다는 것이 드러나면서 TEE를 공격하기 위한 다양한 공격 도구로 이용되고 있다. 본 논문에서는 Meltdown과 Spectre 및 다양한 캐시 부채널 공격에 대한 동향을 살펴보고자 한다.

• Journal of IKEEE
• /
• v.24 no.4
• /
• pp.1162-1166
• /
• 2020

In this paper Low Drop-Out (LDO) regulator that improved load regulation characteristics due to the feedback detection structure. The proposed feedback sensing circuit is added between the output of the LDO's internal error amplifier and the input of the pass transistor to improve the regulation of the delta value coming into the output. It has a voltage value with improved load regulation characteristics than existing LDO regulator. The proposed LDO structure was analyzed in Samsung 0.13um process using Cadence's Virtuoso, Spectre simulator.

• Journal of the Institute of Electronics Engineers of Korea TC
• /
• v.44 no.1
• /
• pp.69-78
• /
• 2007

A Frequency synthesizer for T-DMB and mobile-DTV applications was designed using $0.18{\mu}m$ CMOS process with 1.8V supply. PMOS transistors were chosen for VCO core to reduce phase noise. The VCO range is 920MHz-2100MHz using switchable inductors, capacitors and varactors. Varactor biases that improve varactor acitance characteristics were minimized as two, and $K_{VCO}$(VCO gain) value was aintained by switchable varactor. Additionally, VCO was designed that VCO gain and the interval of VCO gain were maintained using VCO gain compensation logic. VCO, PFD, CP and LF were verified by Cadence Spectre, and divider was simulated using Matlab Simulink, ModelSim and HSPICE. VCO consumes 10mW power, and is 56.3% tuning range. VCO phase noise is -127dBc/Hz at 1MHz offset for 1.58GHz output frequency. Total power consumption of the frequency synthesizer is 18mW, and lock time is about $140{\mu}s$.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.6
• /
• pp.1237-1246
• /
• 2020

Recently, several cache side channel attacks have been proposed to extract secret information by exploiting design flaws of the microarchitecture. The Flush+Reload attack, one of the cache side channel attack, can be applied to malicious application attacks due to its properties of high resolution and low noise. In this paper, we proposed a detection system, which detects the cache-based attacks using the PCM(Performance Counter Monitor) for monitoring CPU cache activity. Especially, we observed the variation of each counter value of PCM in case of two kinds of attacks, Spectre attack and secret recovering attack during AES encryption. As a result, we found that four hardware counters were sensitive to cache side channel attacks. Our detector based on machine learning including SVM(Support Vector Machine), RF(Random Forest) and MLP(Multi Level Perceptron) can detect the cache side channel attacks with high detection accuracy.

• Journal of the Institute of Electronics Engineers of Korea SD
• /
• v.47 no.6
• /
• pp.7-12
• /
• 2010

A semi-empirical organic schottky diode model is proposed for circuit simulation. We have set up a full custom design environment for organic schottky diode circuit using Spectre AHDL, which is widely used commercial EDA tool. We measured frequency response from fabricated rectifier, and it was compared to circuit simulation results using the AHDL model. The frequency response of the fabricated rectifier circuit is not sufficient for 13.56MHz RFID, however, it is enough for 135kHz-band RFID.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.16 no.2
• /
• pp.319-324
• /
• 2012

This paper introduces a 2-dimensional touch screen panel driver based on an improved capacitive sensing circuit. The improved capacitive sensing circuit based on charge pump can eliminate the remaining charges of the intermediate nodes, which may cause output voltage drift. The touch screen panel driver with mixed-mode circuits was built and simulated using Cadence Spectre. Verilog-A models the digital circuits effectively and enables them to interface with analog circuits easily. From the simulation results, we can verify the reliable operations of the simple structured touch screen panel driver based on the improved capacitive sensing circuit offering no voltage drift.

• Journal of IKEEE
• /
• v.24 no.2
• /
• pp.598-603
• /
• 2020

In this paper present a Low Drop-Out(LDO) regulator that improves load transient characteristics due to the push-pull pass transistor structure is proposed. Improved load over the existing LDO regulator by improving the overshoot and undershoot entering the voltage line by adding the proposed push-pull circuit between the output stage of the error amplifier inside the LDO regulator and the gate stage of the pass transistor and the push-pull circuit at the output stage. It has a delta voltage value of transient characteristics. The proposed LDO structure was analyzed in Samsung 0.13um process using Cadence's Virtuoso, Spectre simulator.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2011.10a
• /
• pp.875-877
• /
• 2011

This paper introduces a touch screen panel driver using modified charge pump circuit. The touch screen panel driver is composed of an analog circuit part which senses a touch and a digital circuit which analyse the sensed signal. To verify the functions the touch screen panel driver, a mixed-mode circuit was built and simulated using Cadence Spectre. The digital circuits were modeled with Verilog-A in order to interface with the analog circuits and verify the functionalities of the driver with less simulation time. From the simulation results, we can verify the reliable operations of the simple structured touch screen panel driver which does not include an ADC.