Hyeokchan Kwon

Public Key Management Framework for Two-tier Super Peer Architecture

Many Internet applications use public key infrastructure (PKI) to enable the secure transaction of confidential messages. However, the use of PKI is not consistent with the ideas of peer-to-peer networks. In this paper, we propose public key management framework to distribute public key safely without PKI infrastructure for two-tier super peer architecture. In this framework, each peer self-generates and distributes public/private key pairs. In general case, this kind of mechanism is vulnerable to man-in-the- middle attack during the public key distribution process. But the proposed mechanism can easily avoid this kind of attack.

Efficient Mobile Device Management Scheme Using Security Events from Wireless Intrusion Prevention System

In this paper, we present an efficient mobile device management scheme using security events from wireless intrusion prevention system. In this scheme, mobile device management (MDM) system utilizes the wireless security events such as rogue access point connection information, room-level indoor location of the managed device and other WLAN attack information from the wireless intrusion prevention system (WIPS) in its mobile device management. So, it is possible to provide a better way to secure and manage wireless LAN and large-scale deployments of mobile devices.

The Secure Routing Mechanism for DHT-based Overlay Network

For routing and lookup efficiency, DHT-based overlay network has been developed. The representative DHT-based overlay networks are Kad, Chord, Pastry and CAN. And Several applications such as file sharing, distributed storage system have been developed on the DHT-baed overlay network. But there exist several security attacks on the DHT-based overlay network: Peer ID attack, Attacks on message routing, Rapid join/leave attack, DoS attack and so on. In this paper, we propose secure routing mechanism against message routing attacks for DHT-based overlay network. The proposed mechanism ensures that when a normal peer sends a lookup messages using a key, the messages delivered to the peer which is owner of the key with very high probability.

Detection of Rogue Devices in WLAN by Analyzing RF Features and Indoor Location of the Device

In this paper, we present rogue device detection mechanism in WLAN Wireless Local Area Network by analyzing radio frequency RF features and estimating indoor location of the device. The presented mechanism analyzes error vector magnitude EVM as a RF feature and it also utilizes indoor location to improve detection rates. To estimate location, we use the triangulation method with Gauss---Seidel iterative technique to find approximate coordinate. We developed the proposed mechanism in the wireless sensor hardware and wireless intrusion prevention server platform, and we provide experimental results.

Protecting IPTV Service Network against Malicious Rendezvous Point

In this paper, we present security mechanism to protect IPTV service network from malicious Rendezvous Point. The IPTV service network considered in this paper is overlay network that is constructed in application layer. The overlay-based IPTV service network has several advantages such as cost-effectiveness, dynamicity and scalability. However, there are several security threats against overlay network such as malicious rendezvous point attack, routing interference attack, DoS(Denial of Service) attack and so on. In this paper we analyze the security threats of overlay-based IPTV service network, and we present the brief security guidelines against it. And we present detailed security mechanisms to protect IPTV service network from malicious Rendezvous Point. For this, we design the security mechanism to guarantee trust of rendezvous point and distribute security keys such as self-generated public key of each node and group key of rendezvous point safely manner. This approach is very simple, lightweight and implementation friendly.

Random Visitor: Defense against Identity Attacks in P2P Networks

Various advantages of cooperative peer-to-peer networks are strongly counterbalanced by the open nature of a distributed, serverless network. In such networks, it is relatively easy for an attacker to launch various attacks such as misrouting, corrupting, or dropping messages as a result of a successful identifier forgery. The impact of an identifier forgery is particularly severe because the whole network can be compromised by attacks such as Sybil or Eclipse. In this paper, we present an identifier authentication mechanism called random visitor, which uses one or more randomly selected peers as delegates of identity proof. Our scheme uses identity-based cryptography and identity ownership proof mechanisms collectively to create multiple, cryptographically protected indirect bindings between two peers, instantly when needed, through the delegates. Because of these bindings, an attacker cannot achieve an identifier forgery related attack against interacting peers without breaking the bindings. Therefore, our mechanism limits the possibility of identifier forgery attacks efficiently by disabling an attackers ability to break the binding. The design rationale and framework details are presented. A security analysis shows that our scheme is strong enough against identifier related attacks and that the strength increases if there are many peers (more than several thousand) in the network.

Design and Implementation of Security Threat Detection and Access Control System for Connected Car

Security vulnerabilities are also increasing as connectivity increases to provide driving stability and convenience for automobiles. In this paper, we design a white list-based access control system to detect and block malicious attempts to access an in-vehicle network through an infotainment device in a connected car environment, and present the implementation results.

Time-Resolved Observations of Photo-Generated Charge Carrier Dynamics in Sb2Se3 Photocathodes for Photoelectrochemical Water Splitting

Solar-energy conversion by photoelectrochemical (PEC) devices is driven by the separation and transfer of photogenerated charge carriers. Thus, understanding carrier dynamics in a PEC device is essential to realizing efficient solar-energy conversion. Here, we investigate time-resolved carrier dynamics in emerging low-cost Sb2Se3 nanostructure photocathodes for PEC water splitting. Using terahertz spectroscopy, we observed an initial mobility loss within tens of picoseconds due to carrier localization and attributed the origin of carrier localization to the rich surface of Sb2Se3 nanostructures. In addition, a possible recombination at the interface between Sb2Se3 and the back contact is elucidated by time-resolved photoluminescence analysis. We also demonstrated the dual role of the RuO x co-catalyst in reducing surface recombination and enhancing charge transfer in full devices using intensity-modulated spectroscopy. The relatively low onset potential of the Sb2Se3 photocathode is attributed to the sluggish charge transfer at a low applied bias rather than to fast surface recombination. We believe that our insights on carrier dynamics would be an important step toward achieving highly efficient Sb2Se3 photocathodes.

Secure Number Theoretic Transform and Speed Record for Ring-LWE Encryption on Embedded Processors.

Compact implementations of the ring variant of the Learning with Errors (Ring-LWE) on the embedded processors have been actively studied due to potential quantum threats. Various Ring-LWE implementation works mainly focused on optimization techniques to reduce the execution timing and memory consumptions for high availability. For this reason, they failed to provide secure implementations against general side channel attacks, such as timing attack. In this paper, we present secure and fastest Ring-LWE encryption implementation on low-end 8-bit AVR processors. We targeted the most expensive operation, i.e. Number Theoretic Transform (NTT) based polynomial multiplication, to provide countermeasures against timing attacks and best performance among similar implementations till now. Our contributions for optimizations are concluded as follows: (1) we propose the Look-Up Table (LUT) based fast reduction techniques for speeding up the modular coefficient multiplication in regular fashion, (2) we use the modular addition and subtraction operations, which are performed in constant timing. With these optimization techniques, the proposed NTT implementation enhances the performance by 18.3–22% than previous works. Finally, our Ring-LWE encryption implementations require only 680,796 and 1,754,064 clock cycles for 128-bit and 256-bit security levels, respectively.

Smart media service using secure virtual machine

The ultimate goal of smart media service is to provide the consolidate user experiences in a seamless and secure manner. To this end, the user-side software in which the smart media is consumed should satisfy the runtime consistency as well as the media security. In this paper, we discuss the critical requirements with respect to the two subjects and then propose a secure virtual machine based distribution framework for smart media services.