Kangbin Yim

Malware Obfuscation Techniques: A Brief Survey

As the obfuscation is widely used by malware writers to evade antivirus scanners, so it becomes important to analyze how this technique is applied to malwares. This paper explores the malware obfuscation techniques while reviewing the encrypted, oligomorphic, polymorphic and metamorphic malwares which are able to avoid detection. Moreover, we discuss the future trends on the malware obfuscation techniques.

An investigation on the unwillingness of nodes to participate in mobile delay tolerant network routing

Abstract Message routing in mobile delay tolerant networks inherently relies on the cooperation between nodes. In most existing routing protocols, the participation of nodes in the routing process is taken as granted. However, in reality, nodes can be unwilling to participate. We first show in this paper the impact of the unwillingness of nodes to participate in existing routing protocols through a set of experiments. Results show that in the presence of even a small proportion of nodes that do not forward messages, performance is heavily degraded. We then analyze two major reasons of the unwillingness of nodes to participate, i.e., their rational behavior (also called selfishness) and their wariness of disclosing private mobility information. Our main contribution in this paper is to survey the existing related research works that overcome these two issues. We provide a classification of the existing approaches for protocols that deal with selfish behavior. We then conduct experiments to compare the performance of these strategies for preventing different types of selfish behaviors. For protocols that preserve the privacy of users, we classify the existing approaches and provide an analytical comparison of their security guarantees.

Analysis on Maliciousness for Mobile Applications

The rapid increase in smart phone users has enabled the application marketplace to grow dramatically. The black market presence has also grown rapidly, where paid applications are modified for free download. As a consequence, malicious applications are expected to spread with increasing frequency. In particular, the Android marketplace, where applications allowed to register without prior security checks, breeds further indiscreet distribution of malicious applications. This paper suggests a framework for detecting malicious behaviors in Android smart phone applications. The framework proposed here automatically collects applications from the official Android marketplace or from black markets, analyzes them and detects malicious behaviors. Furthermore, a pilot system was implemented based on the proposed framework, which can detect malicious applications, preventing users from any loss due to malware.

A fast motion estimator for real-time system

We modify the three step search (TSS) algorithm to be applicable to real-time system, based on the statistics of motion vector distribution and propose a new architecture. The proposed technique includes a mechanism to stop the TSS algorithm anytime during its processing without degrading the accuracy of motion vector seriously. Thus, the anytime scheduling policy can be applied to the proposed algorithm for a less imprecise motion estimation in real-time application. The simple and regular architecture allows easy VLSI implementation, and minimizes the input data bandwidth. The performance is also analyzed in detail, and compared with those for other architectures.

An Analysis of Strategies for Preventing Selfish Behavior in Mobile Delay Tolerant Networks

In mobile Delay Tolerant Networks (DTNs), messages are routed in a mobility-assisted manner. Therefore, the willingness of nodes to relay messages for other nodes plays a significant role in the routing process. Moreover, since the resources in mobile devices are generally limited, carriers of mobile devices may be unwilling to relay messages for other nodes in order to conserve their scarce resources. Furthermore, recent studies on the impact of selfish behavior in DTNs show that the performance metrics (i.e., delivery ratio, delivery overhead, and delivery latency) are severely influenced if a major portion of the nodes is selfish. A number of strategies have been proposed to prevent the impact of selfish behavior. It is therefore necessary to give an overview of the representative strategies. In this paper, we first classify the different types of selfish behavior. The existing strategies for preventing selfish behavior are traditionally classified into three categories: barter-based, credit-based and reputation-based. We then survey some representative strategies in the literature belonging to each category. Finally, we conduct experiments to compare the performance of these strategies for preventing different types of selfish behavior.

Improved AODV Routing Protocol to Cope with High Overhead in High Mobility MANETs

Ad-hoc On-demand Distance Vector (AODV) routing protocol is the most popular routing protocol for mobile ad-hoc networks (MANETs). This paper enhances AODV protocol by minimizing its control messages overhead. Enhancements include developing two improved versions of AODV protocol. These two versions use Global Positioning System (GPS) to limit the routing discovery control messages. The first version (AODV-LAR) is a variation of the Location Aided Routing (LAR) protocol. The second version (AODV-Line) limits nodes participating in route discovery between source and destination based on their distance from the line connecting source and destination. We evaluate performance of the two proposed protocols using two simulation scenarios. The simulation was done using JIST/SWANS simulator. The results show that the two proposed protocols outperform the original AODV, where the results show a significant reduction of control overhead and delay compared to the original AODV. Results also show that the delivery ratio in the proposed protocols is comparable to the delivery ratio in the original AODV.

Improving security level of LTE authentication and key agreement procedure

In recent years, LTE (Long Term Evolution) has been one of the mainstreams of current wireless communication systems. But when its HSS authenticates UEs, the random number RAND generated by HSS for creating other keys during its delivery from HSS to UE is unencrypted. Also, many parameters are generated by invoking a function with only one input key, thus very easily to be cracked. So in this paper, we propose an improved approach in which the Diffie-Hellman algorithm is employed to solve the exposure problem of RAND in the authentication process, and an Pair key mechanism is deployed when creating other parameters, i.e., parameters are generated by invoking a function with at least two input keys. The purpose is increasing the security levels of all generated parameters so as to make LTE more secure than before.

Privacy Preserving Secure Communication Protocol for Vehicular Ad Hoc Networks

Vehicular Ad-hoc Networks (VANETs) have attracted much attention recently because of its applications and features. The main purpose of adopting VANET technology is to increase safety and efficiency on roads. In this paper, a privacy preserving secure communication protocol (PPSCP) for VANETs is proposed. PPSCP authenticates safety messages anonymously to preserve vehicle privacy and prevent unauthorized tracking, balances between privacy and identification, and makes a new efficient vehicle revocation scheme that reduces revocation lists size. The protocol is resistant to attacks like replay attack and Denial of Service (DoS) attack. A security performance analysis to compare between PPSCP and S3P was performed through simulation which demonstrates that PPSCP is more robust, efficient, secure and provides more privacy preservation and liability.

A secure framework of the surveillance video network integrating heterogeneous video formats and protocols

Recently, IT technologies are becoming focused on different traditional industries. The large scaled intelligent video surveillance system is one of them and it integrates a large number of digitalized CCTV [1] devices through the Web. However, existing video devices have been deployed for many years by different vendors as different models with different specifications. To integrate these heterogeneous devices, the centralized management server (CMS) and its clients need a specialized architecture to deal with different types of media encodings and connection protocols etc. In particular, well-defined access control mechanism is required for a large scaled surveillance video network. In this paper, we designed and implemented a server that incorporates the architecture integrating and delivering multiple video streams from different types of video devices to multiple clients and securing the access to the video streams.

An efficient wormhole attack detection method in wireless sensor networks

Wireless sensor networks are now widely used in many areas, such as military, environmental, health and commercial applications. In these environments, security issues are extremely important since a successful attack can cause great damage, even threatening human life. However, due to the open nature of wireless communication, WSNs are liable to be threatened by various attacks, especially destructive wormhole attack, in which the network topology is completely destroyed. Existing some solutions to detect wormhole attacks require special hardware or strict synchronized clocks or long processing time. Moreover, some solutions cannot even locate the wormhole. In this paper, a wormhole attack detection method is proposed based on the transmission range that exploits the local neighborhood information check without using extra hardware or clock synchronizations. Extensive simulations are conducted under different mobility models. Simulation results indicate that the proposed method can detect wormhole attacks effectively and efficiently in WSNs.