• Annual Conference of KIPS
• /
• 2024.05a
• /
• pp.181-182
• /
• 2024

IoT(Internet of Things) 기기의 수가 급격히 증가하면서 무선 네트워크로 펌웨어와 데이터를 다운받아 업데이트하는 FOTA(Firmware Over-The-Air) 기술이 중요해지고 있다. 그러나, 종래 퍼징 기술은 펌웨어 취약점을 탐지할 때 요구되는 컴퓨팅 파워와 메모리가 커서 한정적인 자원을 지닌 IoT 기기에 적합하지 않다. 따라서 본 연구에서는 펌웨어 업데이트 파일에서 기존에 검증된 부분을 제외하고 업데이트된 부분만을 퍼징하는 부분 퍼징(Partial fuzzing) 기법을 제안한다. 실험 결과에 따르면 제안한 부분 퍼징 기법이 종래의 기법 대비 3 분 더 빨리 11 개의 크래시를 찾았고, 10 분의 퍼징 시간 동안 평균 1,044 (2 unique) 크래시를 추가로 발견했으며 평균 메모리 사용량을 232(KIB) 줄일 수 있었다.

• Journal of Digital Convergence
• /
• v.15 no.3
• /
• pp.175-180
• /
• 2017

In accordance with the development of IT industry worldwide, software industry has also grown tremendously, and it is exerting influence on the general society starting from daily life to financial organizations and public institutions. However, various security threats that can inflict serious threat to provided services in proportion to the growing software industry, have also greatly increased. In this thesis, we suggest a smart fuzzing system combined with black box and white box testing that can effectively detectxdistinguish software vulnerability which take up a large portion of the security incidents in application programs.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.34 no.4
• /
• pp.651-666
• /
• 2024

Android devices employ lock screens with various authentication methods to protect user data. However, even with the lock screen active, the device can be accessed via the Android Debug Bridge(ADB), a powerful development tool that controls devices connected through USB. In this paper, we explore methods to bypass the lock screen security mechanism by leveraging the characteristics of ADB. To achieve this, we analyze ADB commands to categorize those that can severely impact the Android system and propose LockPickFuzzer, a fuzzing test tool that automatically explores ways to combine these commands to disable lock screen security. To demonstrate LockPickFuzzer's ability to detect security vulnerabilities using ADB, we conducted experiments on the Galaxy S23 and Pixel 8, both running Android 14. The results revealed two ADB command combinations that could either steal authentication information or bypass the lock screen. We submitted a report on these discovered vulnerabilities to the Samsung security team and received official acknowledgment (SVE-2023-1344) from Samsung Electronics for one ADB command combination that can be reproduced on user devices. LockPickFuzzer is a practical tool that operates automatically without user intervention and is expected to contribute to the effective detection of security vulnerabilities caused by ADB command combinations on Android devices.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.39C no.4
• /
• pp.362-369
• /
• 2014

A railway SCADA system is a control systems that provide the trains with the electricity. A railway SCADA system sends commands to the RTUs(remote terminal unit) and then it gathers status information of the field devices in the RTUs or controls field devices connected with the RTUs. The RTU can controls input output modules directly, gathers the status information of the field devices connected with it, and send the information to the control center. In this way, a railway SCADA system monitors and controls the electricity power for running trains. The cyber attackers may use some vulnerabilities in the railway SCADA system software to attack critical infrastructures. The vulnerabilities might be created in the railway software development process. Therefore it need to detect and remove the vulnerabilities in the control system. In this paper we propose a new control protocol fuzzing method to detect the vulnerabilities in the DNP3 protocol based application running on VxWorks in RTU(Remote Terminal Unit) that is a component of the centralized traffic control system for railway. Debug-channel based fuzzing method is required to obtain process status information from the VxWorks.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.5
• /
• pp.847-857
• /
• 2020

As IoT equipment is commercialized, Bluetooth or wireless networks will be built into general living devices such as IP cameras, door locks, cars and TVs. Security for IoT equipment is becoming more important because IoT equipment shares a lot of information through the network and collects personal information and operates the system. In addition, web-based attacks and application attacks currently account for a significant portion of cyber threats, and security experts are analyzing the vulnerabilities of cyber attacks through manual analysis to secure them. However, since it is virtually impossible to analyze vulnerabilities with only manual analysis, researchers studying system security are currently working on automated vulnerability detection systems, and Firm-AFL, published recently in USENIX, proposed a system by conducting a study on fuzzing processing speed and efficiency using a coverage-based fuzzer. However, the existing tools were focused on the fuzzing processing speed of the firmware, and as a result, they did not find any vulnerability in various paths. In this paper, we propose IoTFirmFuzz, which finds more paths, resolves constraints, and discovers more crashes by strengthening the mutation process to find vulnerabilities in various paths not found in existing tools.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.12 no.9
• /
• pp.4248-4270
• /
• 2018

This research aims at a new practical Intent fuzzing tool for detecting Intent vulnerabilities of Android apps causing the robustness problem. We proposed two new ideas. First, we designed an Intent specification language to describe the structure of Intent, which makes our Intent fuzz testing tool flexible. Second, we proposed an automatic tally method classifying unique failures. With the two ideas, we implemented an Intent fuzz testing tool called Hwacha, and evaluated it with 50 commercial Android apps. Our tool offers an arbitrary combination of automatic and manual Intent generators with executors such as ADB and JUnit due to the use of the Intent specification language. The automatic tally method excluded almost 80% of duplicate failures in our experiment, reducing efforts of testers very much in review of failures. The tool uncovered more than 400 unique failures including what is unknown so far. We also measured execution time for Intent fuzz testing, which has been rarely reported before. Our tool is practical because the whole procedure of fuzz testing is fully automatic and the tool is applicable to the large number of Android apps with no human intervention.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2016.05a
• /
• pp.749-751
• /
• 2016

Internet technology is universal, news from the Web browser, shopping, search, etc., various activities have been carried out. Its size becomes large, increasing the scale of information security incidents, as damage to this increases the safety for the use of the Internet is emphasized. IE browser is ASLR, such as Isolated Heap, but has been continually patch a number of vulnerabilities, such as various protection measures, this vulnerability, have come up constantly. And, therefore, in order to prevent security incidents, it is necessary to be removed to find before that is used to exploit this vulnerability. Therefore, in this paper, we introduce the purge is a technique that is used in the discovery of the vulnerability, we describe the automation technology related thereto. And utilizing the known vulnerabilities, and try to show any of the typical procedures for the analysis of the vulnerability.

• Annual Conference of KIPS
• /
• 2020.05a
• /
• pp.272-274
• /
• 2020

최근 컴퓨터 프로그램의 크기가 증가하고 목적이 다양해지면서 프로그램의 취약점에 대한 위험이 증가하고 있다. 공격자 보다 먼저 프로그램 취약점을 찾아내기 위한 여러 기법들이 있다. 그 중 프로그램의 취약점을 보다 효율적으로 찾아내기 위한 기법 중 하나인 퍼징 (Fuzzing) 은 프로그램에 무작위로 입력 데이터를 입력하여 프로그램의 정의되지 않은 영역을 검증하는 기법이다. 이러한 입력 데이터를 최대한 적은 시간과 자원을 소모하여 생성하기 위해 인공지능과 퍼징을 결합하는 연구가 활발히 진행 중이다. 본 논문에서는 퍼징의 개념 및 종류에 대해 설명하고 퍼징과 인공지능이 결합된 최신 연구에 대해 서술한다.

• Annual Conference of KIPS
• /
• 2024.05a
• /
• pp.497-499
• /
• 2024

Fuzzing Test 와 같은 자동화된 소프트웨어 테스트 기법이 점차 출현함에 따라, 소프트웨어 테스트의 시간적 효율성과 성능의 상충을 조절하여 최적의 테스트를 진행하려는 시도가 발생하고 있다. 본 연구는 이러한 소프트웨어 테스트 기법을 하드웨어 단위에서 지원할 수 있는 기능을 확률 기반 명령어 생략 구조를 통해 제시하였다.

• Annual Conference of KIPS
• /
• 2024.10a
• /
• pp.236-238
• /
• 2024

본 논문은 ROS2 환경에서 사용 가능한 다양한 퍼징 도구들을 조사함으로써, 이 분야의 연구 동향을 분석하고자 한다. 최근 로보틱스의 활용 범위가 확대됨에 따라 ROS 보안 취약점에 대한 우려 또한 증가하고 있다. 이에 따라, ROS2 환경에 특화된 다양한 퍼징 테스트 도구들의 기능, 효율성 및 적용 사례를 비교 분석하여 ROS2 의 보안 강화에 기여할 수 있는 방안을 모색한다. 또한, 현존하는 퍼징 도구들의 한계를 진단하고, 이를 개선한 새로운 퍼징 도구 개발의 필요성에 대해 논의한다.