Sangwon Hyun

Secure and DoS-Resilient Fragment Authentication in CCN-Based Vehicular Networks

Content-Centric Networking (CCN) is considered as a promising alternative to traditional IP-based networking for vehicle-to-everything communication environments. In general, CCN packets must be fragmented and reassembled based on the Maximum Transmission Unit (MTU) size of the content delivery path. It is thus challenging to securely protect fragmented packets against attackers who intentionally inject malicious fragments to disrupt normal services on CCN-based vehicular networks. This paper presents a new secure content fragmentation method that is resistant to Denial-of-Service (DoS) attacks in CCN-based vehicular networks. Our approach guarantees the authenticity of each fragment through the immediate fragment verification at interim nodes on the routing path. Our experiment results demonstrate that the proposed approach provides much stronger security than the existing approach named FIGOA, without imposing a significant overhead in the process. The proposed method achieves a high immediate verification probability of 98.2% on average, which is 52% higher than that of FIGOA, while requiring only 14% more fragments than FIGOA.

Design and Analysis of Push Notification-Based Malware on Android

Establishing secret command and control (C&C) channels from attackers is important in malware design. This paper presents design and analysis of malware architecture exploiting push notification services as C&C channels. The key feature of the push notification-based malware design is remote triggering, which allows attackers to trigger and execute their malware by push notifications. The use of push notification services as covert channels makes it difficult to distinguish this type of malware from other normal applications also using the same services. We implemented a backdoor prototype on Android devices as a proof-of-concept of the push notification-based malware and evaluated its stealthiness and feasibility. Our malware implementation effectively evaded the existing malware analysis tools such as 55 antimalware scanners from VirusTotal and SandDroid. In addition, our backdoor implementation successfully cracked about 98% of all the tested unlock secrets (either PINs or unlock patterns) in 5 seconds with only a fraction (less than 0.01%) of the total power consumption of the device. Finally, we proposed several defense strategies to mitigate push notification-based malware by carefully analyzing its attack process. Our defense strategies include filtering subscription requests for push notifications from suspicious applications, providing centralized management and access control of registration tokens of applications, detecting malicious push messages by analyzing message contents and characteristic patterns demonstrated by malicious push messages, and detecting malware by analyzing the behaviors of applications after receiving push messages.

FEC-Seluge

Secure data dissemination is indispensable in various network systems such as wireless sensor networks (WSNs) and Information-Centric Networks. Several approaches have been proposed for secure data dissemination while adopting forward error correction techniques (e.g., erasure codes) for efficiency. In particular, an approach named LR-Seluge was proposed to achieve efficient, secure data dissemination by integrating erasure codes into Seluge, a previous solution for secure data dissemination in WSNs. However, despite its efficiency in reducing the number of packet transmissions, LR-Seluge still introduces long dissemination delays.In this paper, we develop a new approach called FEC-Seluge, which is aimed at reducing both the dissemination delay and the number of packet transmissions by taking full advantage of erasure codes. Our key contribution is a technique to securely estimate the optimal amount of redundancy of erasure coding to balance loss-tolerance capabilities and bandwidth consumption. In addition, we develop a novel proactive transmission mechanism, which considerably improves the efficiency by effectively tolerating packet losses. We evaluated FEC-Seluge through experiments in a testbed environment. The experimental results show that FEC-Seluge outperforms LR-Seluge by about 30% and 23% in terms of the dissemination delay and the number of packet transmissions, respectively.