Yong-Sung Jeon

Security considerations for secure and trustworthy smart home system in the IoT environment

Recently, smart home appliances and wearable devices have been developed through many companies. Most devices can be interacted with various sensors, have communication function to connect the Internet by themselves. Those devices will provide a wide range of services to users through a mutual exchange of information. However, due to the nature of the IoT environment, the appropriate security functions for secure and trustworthy smart home service should be applied extensively because the security threats will be increased and impact of security threats is likely to be expanded. Therefore, in this paper, we describe specifically the security requirements of the components that make up the smart home system.

Reducing the impact of repackaged app on Android

Repackaging is the one of the most common techniques used by Android malwares. Recently, as one approach to prevent the repackaged malwares, it is considered to use the trust agency that guarantees the app developer. However, these approaches have no or limited secure channel to deploy the guaranteed apps. No secure channel poses another security issue of phishing. The limited channel through trust market poses the limitation in app operation. To tackle these problems, we present a secure trusted app deployment approach. Our approach inserts the guarantee generated by trust agency into app. The app with this guarantee, called Trusted APP, is signed with only developer certificate. So Trusted APP can be deployed through the existing Android Markets and has no limitation in app operation. For secure deployment, the guarantee information in the app is verified on the device before the installation. Through this verification, the proposed approach can reduce to propagate the repackaged malwares of Trusted APPs.

A secure channel establishment method on a hardware security module

In various computing environments, hardware security modules are needed for protecting cryptographic keys and security services from threats of information leakage. For that protection, the modules normally have the methods of password-based access control and message encryption. Nowadays, a password itself can be easily exposed by a variety of password hacking techniques and the secure channel for encrypting messages can be connected to a malicious program which already knows the password. Moreover, frequent password inputs are inconvenient to users. To solve these problems, we propose an enhanced secure channel establishment method on a hardware security module. The method has been implemented on our prototype mobile trusted module.

Protection method from APP repackaging attack on mobile device with separated domain.

Hacking method of decomposing a well-known apps, reverse engineering, inserting malicious code, repackaging of it, and then redistributing it accounts for the majority of Android apps hacking. It is related to the fact that Android App consists of JAVA language and it is easy to apply reverse engineering. We propose a protection solution for this hacking method. It can prevent avoiding App integrity check routine and working of forgery apps.

Cooperative remote attestation for IoT swarms

Prior remote attestation may not be suitable to scale to the proliferation of IoT device swarms. To this end, we propose a cooperative remote attestation scheme, which validates the security state and verifies the system integrity with the cooperation of neighbor devices. The efficiency of the proposed mechanism is analyzed as a cryptographic protocol and then discussed in terms of security and scalability.

A Functional Relationship Based Attestation Scheme for Detecting Compromised Nodes in Large IoT Networks

Despite memory traverse is commonly used for attestation, this approach could not feasibly work for an IoT network that requires scalable and sustainable operations. To overcome this limitation, we propose a functional relationship based attestation scheme, which verifies the integrity of battery-powered devices by analyzing the consistency among neighbors, where a consistent edge between two nodes is given if outputs of the same functions at both nodes are equal to each other. Efficiency of the proposed method is demonstrated in terms of attestation termination and detection speed.

Mobile security technology for smart devices

While the number of smartphones increased, the security threats such as violating privacy and malicious code in smart environment increased. In general, the software security scheme is mainly used to protect mobile device from the security threat. However, this security scheme can be easily manipulated and changed. In this paper, we propose MTM hardware based mobile device security technology to prevent data leakage and unauthorized access.

A method based on platform integrity verification for activating a mobile trusted module

We are developing a new hardware security module based on the tamper-proof IC (Integrated Circuit) card to enhance the insufficient functions of previously known modules. The functions of our module includes platform integrity verification, cryptography management, security services such as banking, payment, etc., internal storage management, and the access control based on application integrity verification. This paper presents a method based on platform integrity verification for activating our new module. Under the situation of maliciously tampered platform, the method makes the module to any disabled status although the boot process is completed.

Trusted military services based on the secure domain of the mobile security solution

The number of smartphone users has increased rapidly. The interests of many people have grown how to prevent the leakage of security data of their enterprises. There are the technologies for using smartphone devices safely by separating the personal area and the business area. The technologies to assure security when using smartphone devices with open-platform in tight security environment such as financial service, medical service, military service, and so on are needed. The Mobile Security Solution presented in this paper provides users with secure services in the open platform based smart mobile devices by building the Secure Domain that is isolated from the normal domain by applying virtualization technologies. In this paper, we describe the structure and the operation procedures of Mobile Security Solutions and the possible services of the military using the Mobile Security Solution. We also describe the enhanced security aspects in each service of them when applying Mobile Security Solutions to the military in this paper.

Network resilience estimation to cascading failures

Failures of a small fraction of nodes can lead to breakdown of entire network due to overload or congestion. To understand this crucial feature in networks, we propose a load-dependent cascading failure model according to sandpile principle in this paper. Our model is effective in evaluating the overall aspect of resilience capacity in terms of connectivity efficiency against the spreading of large collapse.