Jae-Pyo Park

An analysis on secure coding using symbolic execution engine

Business’ dependency on a software or computer program is getting higher. In such an environment, eliminating security vulnerabilities have become increasingly important and difficult as programs are more complicated and have greater impacts on businesses. We analyzed the security vulnerabilities of code using a symbolic execution engine that tracks data which would kill or might make the program vulnerable. We also present smart fuzzing using the data from the symbolic execution engine, an effective software vulnerability-finding testing that automatically generates inputs that crash or penetrate the program. By using symbolic execution engine, we can produce the automatically-generated data that are strong against vulnerability issues. In the case when program verification tools fail to verify a program, either the program is buggy or the report is a false alarm. In this case, the burden is put on users in manually classifying the report, which is a time-consuming, error-prone task and it does not utilize facts already proven by the analysis. We present a new technique for assisting users in classifying error reports. Our technique computes small, relevant queries presented to a user, which capture exact information that the analysis misses to either discharge or validate the error. In this paper, a methodology proper to detecting the security vulnerability is suggested by engrafting the symbol-based engine into the secure coding. Also, its effect was verified through the security vulnerability inspection test using the suggested symbolic execution engine. A notion of symbolically executing the program has been presented, which is closely related to the normal notion of program execution. It offers the advantage that one symbolic execution may represent a large, usually infinite, class of normal executions. This can be used for great advantages in the program inspecting and debugging.

Design The User Authentication Framework Using u-health System

OTP(One Time Password) is for user authentication of Internet banking and users should carry their security card or OTP generator to use OTP. If they lost their security card or OTP generator, there is at risk for OTP leak. This paper suggests a new User Authentication Framework using personal health information from diverse technology of u-Health. It will cover the problem of OTP loss and illegal reproduction A User Authentication Framework is worthy of use because it uses various combinations of user`s physical condition which is inconstant. This protocol is also safe from leaking information due to encryption of reliable institutes. Users don`t need to bring their OTP generator or card when they use bank, shopping mall, and game site where existing OTP is used.

A study of analysis and improvement of security vulnerability in Bluetooth for data transfer

Abstract During data transmissions via Bluetooth networks, data to be encrypted, or plain text between the application layer and the device layer, can be hacked similar to a key-logger by the major function hooking technique of Windows Kernel Driver. In this paper, we introduce an improved protection module which provides data encryption transmission by modifying the data transmission driver of the Bluetooth device layer, and also suggest a self-protecting scheme which prevents data exposure by various hacking tools. We implement the protection module to verify the confidentiality guarantee. Our protection module which provides data encryption with minimal latency can be expected the widespread utilization in Bluetooth data transmission. Key Words : Windows-Kernel Hooking, Bluetooth Security, File-Transfer Security, Self-Protection * 교신저자 : 박재표(pjerry@ssu.ac.kr)접수일 11년 04월 04일 수정일 (1차 11년 04월 26일, 2차 11년 05월 23일) 게재확정일 11년 06월 09일 1. 서론 최근 스마트폰이나 노트북과 USB형 블루투스 장비들이 급격히 확산되면서 사용자들의 블루투스 활용도가 높아지고 있다. 또한 기업들은 스마트폰을 업무에 활용하면서 메일, 연락처, 문서 및 결재 작업을 하고 있다. 문서 및 파일을 전송이 간편한 블루투스 통신을 이용하는 빈도가 증가되고 있다.기기들 간에 블루투스를 이용하여 정보를 교환 할 때 보안 취약점으로 인해 개인정보와 연락처, 중요문서들의 데이터 유출 위험이 있지만 현재까지 이러한 블루투스 장치의 보안에 대해서는 큰 관심이 없는 상태이다.본 논문은 블루투스를 이용하여 데이터를 전송 할 때 취약 구간에 대해 분석을 하고, 취약점에 대한 해결방안을 제시하고자 한다.

OTT user authentication system by age classification

The number and types of channels and programs that viewers can choose have been explosively increased since the digital broadcasting service was provided to almost every household while the ground wave broadcastings have been stayed. Since sexual, violent, and antisocial contents have been rapidly it increased to competition broadcasting. The primary goal of this study is to develop a system to restrict viewing of adolescents for improper broadcasting linking with the contents DB system inside OTT device. For the purpose an algorithm to detect the age of viewers of OTT broadcasting is proposed.

The Design of a DRM System Using PKI and a Licensing Agent

As the logistic environment of digital contents is rapidly changing, the protection of digital rights for digital content has been recognized as a very critical issue that needs to be dealt with effectively. Digital Rights Management (DRM) has taken much interest in Internet Service Providers (ISPs), authors and publishers of digital content in order to create a trusted environment for access and use of digital resources. In this paper, PKI (Public Key Infrastructure) and a licensing agent are used in order to prevent illegal use of digital contents by unauthorized users. In addition, a DRM system is proposed and designed which performs proprietary encryption and real-time decoding using the I-frame-under-container method to protect copyright of video data.

Design of Exploitable Automatic Verification System for Secure Open Source Software

As more people use IT products, the application extent of software has increased along with demand for it. In addition to commercialized software, open source software is also seeing its market grow rapidly. But open source software is developed by those without expert knowledge in security. As a result, many security vulnerabilities arise and are taken advantage of for attacks. Therefore, in this paper, we suggested the design of an exploitable automatic verification system for secure open source software to address these issues. It is expected that, through the use of this system, the reliabilities of the open source software, the developers of the open source software, and the corporations using can be improved.

Design of V2I Based Vehicle Identification number In a VANET Environment

With the development of IT Info-Communications technology, the vehicle with a combination of wireless-communication technology has resulted in significant research into the convergence of the component of existing traffic with information, electronics and communication technology. Intelligent Vehicle Communication is a Machine-to-Machine (M2M) concept of the Vehicle-to-Vehicle. The Vehicle-to-Infrastructure communication consists of safety and the ease of transportation. Security technologies must precede the effective Intelligent Vehicle Communication Structure, unlike the existing internet environment, where high-speed vehicle communication is with the security threats of a wireless communication environment and can receive unusual vehicle messages. In this paper, the Vehicle Identification number between the V2I and the secure message communication protocol was proposed using hash functions and a time stamp, and the validity of the vehicle was assessed. The proposed system was the performance evaluation section compared to the conventional technique at a rate VPKI aspect showed an approximate 44% reduction. The safety, including authentication, confidentiality, and privacy threats, were analyzed.

A Study on Cryptography Scheme and Secure Protocol for Safety Secure Scheme Construction in 13.56Mhz RFID

Abstract What is RFID Microchip tag attached to an object, the reader recognizes technology collectively, through communication with the server to authenticate the object. A variety of RFID tags, 13.56Mhz bandwidth RFID card, ISO/IEC 14443 standards based on NXPs Mifare tag occupies 72.5% of the world market. Of the Mifare tags, low cost tag Mifare Classic tag provided in accordance with the limited hardware-based security operations, protocol leaked by a variety of attacks and key recovery vulnerability exists. Therefore, in this paper, Cryptography Scheme and Secure Protocol for Safety Secure Scheme Construction in 13.56Mhz RFID have been designed. The proposed security scheme that KS generated by various fixed values and non-fixed value, S-Box operated, values crossed between LFSR and S-Box is fully satisfied spoofing, replay attacks, such as vulnerability of existing security and general RFID secure requirement. Also, It is designed by considering the limited hardware computational capabilities and existing security schemes, so it could be suit to Mifare Classic now.

A Study of Authentication Method for Id-Based Encryption Using In M2M Environment

Abstract M2M (Machine-to-Machine Communication) refers to technologies that allow wired and wireless systems to communicate with other devices with similar capabilities. M2M has special features which consist of low electricity consumption, cheap expenses, WAN, WLAN and others. Therefore, it can communicate via a network. Also, it can handle itself without a persons management. However, it has a wireless-communicate weakness because of the machine-communicate request, and also it is difficult to administrate and control each other. So In this Paper, It suggests the safety protocol between Device, Gateway and Network Domain in M2M environment. Proposed protocol is based on ID-Based encryptions certificate and creates session key between the Access Server and the Core Server in the Network Domain. It uses that session key for sending and receiving data in mutual, and adds key renewal protocol so it will automatically update discern result. a comparative analysis of the existing M2M communication technologies and PKI-based certificate technology is compared with the proposed protocol efficiency and safety.

A Study on Authentication and Access Control of Wireless Access Point

When a client is accessing a wireless AP, many methodologies which prevent from external attack or internal information leakage using only authorized wireless AP after deciding authorized/unauthorized have proposed. But there are securities and cost problem in server based authentication, and availability problem in client based authentication. In this paper, we use MAC Address to get an authentication from an AP. It searches the NDIS Intermediate Driver from the wireless network card, and then controls the packets after operating the scope of IP and PORT. We have implemented the proposed model, and it showed no more security and cost problem. It also showed that client based authentication availability is very flexible and has high scalability.