Ji Won Yoon

Hybrid spam filtering for mobile communication

Spam messages are an increasing threat to mobile communication. Several mitigation techniques have been proposed, including white and black listing, challenge-response and content-based filtering. However, none are perfect and it makes sense to use a combination rather than just one. We propose an anti-spam framework based on the hybrid of content-based filtering and challenge-response. A message, that has been classified as uncertain through content-based filtering, is checked further by sending a challenge to the message sender. An automated spam generator is unlikely to send back a correct response, in which case, the message is classified as spam. Our simulation results show the trade-off between the accuracy of anti-spam classifiers and the incurring traffic overhead, and demonstrate that our hybrid framework is capable of achieving high accuracy regardless of the content-based filtering algorithm being used.

Network analysis of temporal trends in scholarly research productivity

We propose a method to identify the journals or proceedings that are most highly esteemed by a research group over some time frame. Using open publication databases, we identify the experts in the community, and analyse their publication pattern, and then use this as a guideline for evaluating scientific outputs of other groups of researchers publishing in the same domain. To illustrate the practicality of our method, we analyse the scientific output of Korean researchers in the security subject domain from 2004 to 2009, and comparing this groups’ output with that of well-known researchers. Our empirical analysis demonstrates that there is a persistent gap between these two research groups’ publications impact over this period, although the absolute number of journal publications greatly increased over recent years.

A new collision-free pseudonym scheme in mobile ad hoc networks

A mobile ad hoc network (MANET) is a decentralized network of mobile nodes. Due to the broadcast nature of radio transmissions, communication in MANETs is more susceptible to malicious traffic analysis. An interesting problem is how to thwart malicious traffic analysis. Most anonymous communication protocols are based on the pseudonyms of mobile nodes. However, conventional pseudonym schemes have some limitations such as collisions of pseudonyms and high computational complexity due to the use of cryptographic hash functions. Collisions of identities are not desirable since they are the main causes for reduced effective bandwidth, increased energy consumption and non-deterministic data delivery. In this paper, we propose a new collision-free pseudonym scheme to enable anonymous communication. In our approach, each node generates pseudonyms by using a permutation matrix without collisions. The challenging issue is how to store the overall permutation matrix. It is practically hard to assume that mobile nodes maintain the permutation matrix due to the limitation of resources. Therefore we design the online computation of each nodes own pseudonym without loading the overall matrix.

Visual Honey Encryption: Application to Steganography

Honey encryption (HE) is a new technique to overcome the weakness of conventional password-based encryption (PBE). However, conventional honey encryption still has the limitation that it works only for binary bit streams or integer sequences because it uses a fixed distribution-transforming encoder (DTE). In this paper, we propose a variant of honey encryption called visual honey encryption which employs an adaptive DTE in a Bayesian framework so that the proposed approach can be applied to more complex domains including images and videos. We applied this method to create a new steganography scheme which significantly improves the security level of traditional steganography.

A Perfect Collision-Free Pseudonym System

For anonymous communication, the most popular method is to use pseudonyms instead of original identities. We previously demonstrated the possibility of a collision-free pseudonym system by uniquely assigning a permutation element to each network entity. We extend this idea by assigning k permutation elements to each entity for k ≥ 1. We analyse the randomness of the pseudonyms used in the proposed system to show the effect of k by varying k from 1 to 50. Our experimental results show that our pseudonym system can provide practical anonymity with k.

A new countermeasure against brute-force attacks that use high performance computers for big data analysis

Using high performance parallel and distributed computing systems, we can collect, generate, handle, and transmit ever-increasing amounts of data. However, these technical advancements also allow malicious individuals to obtain high computational power to attack cryptosystems. Traditional cryptosystem countermeasures have been somewhat passive in response to this change, because they simply increase computational costs by increasing key lengths. Cryptosystems that use the conventional countermeasures cannot preserve secrecy against various cryptanalysis approaches, including side channel analysis and brute-force attacks. Therefore, two new countermeasures have recently been introduced to address this problem: honey encryption and the structural code scheme. Both methods look different; however, they have similar security goals and they both feature distribution transforming encoders based on statistical schemes. We unify them into a statistical code scheme in this study. After explaining the statistical code scheme, we describe the structural code scheme, which has not been adopted as widely as the honey encryption.

A New Technique Using a Shuffling Method to Protect Confidential Documents from Shoulder Surfers

In some environments (e.g., for government agencies or international corporations), it is challenging to protect and secure confidential information on a computer screen against shoulder surfers who want to access the confidential information by observing the victims computer screen. In this paper, we propose a simple and practical system named STM to mitigate shoulder surfers from reading computer screens by visually shuffling contents on an end users screen. To find an optimal setting for STM, we tested several configurations at character and word levels and showed that STM with a properly chosen configuration is effectively secure against using direct observation techniques.

Efficient Malware Detector for Android Devices

Smart phone usage has increased exponentially and open source based Android OS occupy significant market share. However, various malicious applications that use the characteristic of Android threaten users. In this paper, we construct an efficient malicious application detector by using the principle component analysis and the incremental k nearest neighbor algorithm, which consider an required permission, of Android applications. The cross validation is exploited in order to find a critical parameter of the algorithm. For the performance evaluation of our approach, we simulate a real data set of Contagio Mobile.

I’m Listening to your Location! Inferring User Location with Acoustic Side Channel

Electrical network frequency (ENF) signals have common patterns that can be used as signatures for identifying recorded time and location of videos and sound. To enable cost-efficient, reliable and scalable location inference, we created a reference map of ENF signals representing hundreds of locations world wide -- extracting real-world ENF signals from online multimedia streaming services (e.g., YouTube and Explore). Based on this reference map of ENF signals, we propose a novel side-channel attack that can identify the physical location of where a target video or sound was recorded or streamed from. Our attack does not require any expensive ENF signal receiver nor any software to be installed on a victim»s device -- all we need is the recorded video or sound files to perform the attack and they are collected from world wide web. The evaluation results show that our attack can infer the intra-grid location of the recorded audio files with an accuracy of

The Vulnerability Exploitation Conveying Digital Data Over Mobile Voice Call Channels

76