Visible to the public Biblio

Filters: Author is Kim, Y.  [Clear All Filters]
Conference Paper
Harkanson, R., Kim, Y..  2017.  Applications of Elliptic Curve Cryptography: A Light Introduction to Elliptic Curves and a Survey of Their Applications. Proceedings of the 12th Annual Conference on Cyber and Information Security Research. :6:1–6:7.

Elliptic curve cryptography (ECC) is a relatively newer form of public key cryptography that provides more security per bit than other forms of cryptography still being used today. We explore the mathematical structure and operations of elliptic curves and how those properties make curves suitable tools for cryptography. A brief historical context is given followed by the safety of usage in production, as not all curves are free from vulnerabilities. Next, we compare ECC with other popular forms of cryptography for both key exchange and digital signatures, in terms of security and speed. Traditional applications of ECC, both theoretical and in-practice, are presented, including key exchange for web browser usage and DNSSEC. We examine multiple uses of ECC in a mobile context, including cellular phones and the Internet of Things. Modern applications of curves are explored, such as iris recognition, RFID, smart grid, as well as an application for E-health. Finally, we discuss how ECC stacks up in a post-quantum cryptography world.

Kim, Y., Ahn, S., Thang, N. C., Choi, D., Park, M..  2019.  ARP Poisoning Attack Detection Based on ARP Update State in Software-Defined Networks. 2019 International Conference on Information Networking (ICOIN). :366—371.

Recently, the novel networking technology Software-Defined Networking(SDN) and Service Function Chaining(SFC) are rapidly growing, and security issues are also emerging for SDN and SFC. However, the research about security and safety on a novel networking environment is still unsatisfactory, and the vulnerabilities have been revealed continuously. Among these security issues, this paper addresses the ARP Poisoning attack to exploit SFC vulnerability, and proposes a method to defend the attack. The proposed method recognizes the repetitive ARP reply which is a feature of ARP Poisoning attack, and detects ARP Poisoning attack. The proposed method overcomes the limitations of the existing detection methods. The proposed method also detects the presence of an attack more accurately.

Dinh, N., Tran, M., Park, Y., Kim, Y..  2020.  An Information-centric NFV-based System Implementation for Disaster Management Services. 2020 International Conference on Information Networking (ICOIN). :807–810.
When disasters occur, they not only affect the human life. Therefore, communication in disaster management is very important. During the disaster recovery phase, the network infrastructure may be partially fragmented and mobile rescue operations may involve many teams with different roles which can dynamically change. Therefore, disaster management services require high flexibility both in terms of network infrastructure management and rescue group communication. Existing studies have shown that IP-based or traditional telephony solutions are not well-suited to deal with such flexible group communication and network management due to their connection-oriented communication, no built-in support for mobile devices, and no mechanism for network fragmentation. Recent studies show that information-centric networking offers scalable and flexible communication based on its name-based interest-oriented communication approach. However, considering the difficulty of deploying a new service on the existing network, the programmability and virtualization of the network are required. This paper presents our implementation of an information-centric disaster management system based on network function virtualization (vICSNF). We show a proof-of-concept system with a case study for Seoul disaster management services. The system achieves flexibility both in terms of network infrastructure management and rescue group communication. Obtained testbed results show that vICSNF achieves a low communication overhead compared to the IP-based approach and the auto-configuration of vICSNFs enables the quick deployment for disaster management services in disaster scenarios.
Olaimat, M. Al, Lee, D., Kim, Y., Kim, J., Kim, J..  2020.  A Learning-based Data Augmentation for Network Anomaly Detection. 2020 29th International Conference on Computer Communications and Networks (ICCCN). :1–10.
While machine learning technologies have been remarkably advanced over the past several years, one of the fundamental requirements for the success of learning-based approaches would be the availability of high-quality data that thoroughly represent individual classes in a problem space. Unfortunately, it is not uncommon to observe a significant degree of class imbalance with only a few instances for minority classes in many datasets, including network traffic traces highly skewed toward a large number of normal connections while very small in quantity for attack instances. A well-known approach to addressing the class imbalance problem is data augmentation that generates synthetic instances belonging to minority classes. However, traditional statistical techniques may be limited since the extended data through statistical sampling should have the same density as original data instances with a minor degree of variation. This paper takes a learning-based approach to data augmentation to enable effective network anomaly detection. One of the critical challenges for the learning-based approach is the mode collapse problem resulting in a limited diversity of samples, which was also observed from our preliminary experimental result. To this end, we present a novel "Divide-Augment-Combine" (DAC) strategy, which groups the instances based on their characteristics and augments data on a group basis to represent a subset independently using a generative adversarial model. Our experimental results conducted with two recently collected public network datasets (UNSW-NB15 and IDS-2017) show that the proposed technique enhances performances up to 21.5% for identifying network anomalies.
Koo, J., Kim, Y., Lee, S..  2019.  Security Requirements for Cloud-based C4I Security Architecture. 2019 International Conference on Platform Technology and Service (PlatCon). :1—4.
With the development of cloud computing technology, developed countries including the U.S. are performing the efficiency of national defense and public sector, national innovation, and construction of the infrastructure for cloud computing environment through the policies that apply cloud computing. Korea Military is also considering that apply the cloud computing technology into its national defense command control system. However, only existing security requirements for national defense information system cannot solve the problem related security vulnerabilities of cloud computing. In order to solve this problem, it is necessary to design the secure security architecture of national defense command control system considering security requirements related to cloud computing. This study analyze the security requirements needed when the U.S. military apply the cloud computing system. It also analyze existing security requirements for Korea national defense information system and security requirements for cloud computing system and draw the security requirements needed to Korea national defense information system based on cloud computing.
Hong, H., Choi, H., Kim, D., Kim, H., Hong, B., Noh, J., Kim, Y..  2017.  When Cellular Networks Met IPv6: Security Problems of Middleboxes in IPv6 Cellular Networks. 2017 IEEE European Symposium on Security and Privacy (EuroS P). :595–609.

Recently, cellular operators have started migrating to IPv6 in response to the increasing demand for IP addresses. With the introduction of IPv6, cellular middleboxes, such as firewalls for preventing malicious traffic from the Internet and stateful NAT64 boxes for providing backward compatibility with legacy IPv4 services, have become crucial to maintain stability of cellular networks. This paper presents security problems of the currently deployed IPv6 middleboxes of five major operators. To this end, we first investigate several key features of the current IPv6 deployment that can harm the safety of a cellular network as well as its customers. These features combined with the currently deployed IPv6 middlebox allow an adversary to launch six different attacks. First, firewalls in IPv6 cellular networks fail to block incoming packets properly. Thus, an adversary could fingerprint cellular devices with scanning, and further, she could launch denial-of-service or over-billing attacks. Second, vulnerabilities in the stateful NAT64 box, a middlebox that maps an IPv6 address to an IPv4 address (and vice versa), allow an adversary to launch three different attacks: 1) NAT overflow attack that allows an adversary to overflow the NAT resources, 2) NAT wiping attack that removes active NAT mappings by exploiting the lack of TCP sequence number verification of firewalls, and 3) NAT bricking attack that targets services adopting IP-based blacklisting by preventing the shared external IPv4 address from accessing the service. We confirmed the feasibility of these attacks with an empirical analysis. We also propose effective countermeasures for each attack.