• Journal of KIISE
• /
• v.42 no.9
• /
• pp.1100-1108
• /
• 2015

Classes.dex, which is the executable file for android operation system, has Java bite code format, so that anyone can analyze and modify its source codes by using reverse engineering. Due to this characteristic, many android applications using classes.dex as executable file have been illegally copied and distributed, causing damage to the developers and software industry. To tackle such ill-intended behavior, this paper proposes a technique to encrypt classes.dex file using an AES(Advanced Encryption Standard) encryption algorithm and decrypts the applications encrypted in such a manner in order to prevent reverse engineering of the applications. To reinforce the file against reverse engineering attack, hash values that are obtained from substituting a hash equation through the combination of salt values, are used for the keys for encrypting and decrypting classes.dex. The experiments demonstrated that the proposed technique is effective in preventing the illegal duplication of classes.dex-based android applications and reverse engineering attack. As a result, the proposed technique can protect the source of an application and also prevent the spreading of malicious codes due to repackaging attack.

• Journal of KIISE:Computer Systems and Theory
• /
• v.32 no.3
• /
• pp.115-124
• /
• 2005

When the application code is downloaded into the mobile device, it is important to provide authentication. Usually, mobile code execution is overlapped with downloading to reduce transfer delay. To the best of our knowledge, there has not been any algorithm to authenticate the mobile code in this environment. In this paper, we present two efficient code authentication schemes that permit overlapping of execution and downloading under the two cases: the first is when the order of transmission of code chunks is determined before the transmission and the second is when this order is determined during the transmission. The proposed methods are based on hash chaining and authentication trees, respectively. Especially, the latter scheme utilizes previously received authentication informations to verify the currently received chunk, which reduces both communication overhead and verification delay. When the application code consists of n chunks, communication overheads of the both schemes are 0(n) and verification delays of these two schemes are O(1) and O(log n), respectively.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.20 no.4
• /
• pp.747-754
• /
• 2016

DHCP(Dynamic Host Configuration Protocol) is a protocol for efficiency and convenience of the IP address management. DHCP automatically assigns an IP address and configuration information needed to run the TCP/IP communication to individual host in the network. However, existing DHCP is vulnerable for network attack such as DHCP spoofing, release attack because there is no mutual authentication systems between server and client. To solve this problem, we have designed a new DHCP protocol supporting the following features: First, ECDH(Elliptic Curve Diffie-Hellman) is used to create session key and ECDSA(Elliptic Curve Digital Signature Algorithm) is used for mutual authentication between server and client. Also this protocol ensures integrity of message by adding a HMAC(Hash-based Message Authentication Code) on the message. And replay attacks can be prevented by using a Nonce. As a result, The receiver can prevent the network attack by discarding the received message from unauthorized host.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.38A no.10
• /
• pp.908-917
• /
• 2013

In this paper, we propose a discovery protocol for finding nearby mobile applications and services in a device-to-device communications system. The device-to-device communication technology enables proximity-based services such as mobile social networks and mobile marketing. For realizing these proximity-based services, it is essential to design a discovery protocol which pinpoints the devices with mobile applications of interest among hundreds and thousands of devices in proximity. In the infrastructure-less networks such as ad hoc networks, we can design the discovery protocol that periodically broadcasts a short discovery code containing the compressed information of the mobile applications. In this paper, we design the discovery protocol with the discovery code generated by using a hash function and a Bloom filter. We also mathematically analyze the performance of the proposed protocol.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.9 no.7
• /
• pp.2599-2613
• /
• 2015

Multi-index hashing (MIH) is the state-of-the-art method for indexing binary codes, as it di-vides long codes into substrings and builds multiple hash tables. However, MIH is based on the dataset codes uniform distribution assumption, and will lose efficiency in dealing with non-uniformly distributed codes. Besides, there are lots of results sharing the same Hamming distance to a query, which makes the distance measure ambiguous. In this paper, we propose a data-oriented multi-index hashing method (DOMIH). We first compute the covariance ma-trix of bits and learn adaptive projection vector for each binary substring. Instead of using substrings as direct indices into hash tables, we project them with corresponding projection vectors to generate new indices. With adaptive projection, the indices in each hash table are near uniformly distributed. Then with covariance matrix, we propose a ranking method for the binary codes. By assigning different bit-level weights to different bits, the returned bina-ry codes are ranked at a finer-grained binary code level. Experiments conducted on reference large scale datasets show that compared to MIH the time performance of DOMIH can be improved by 36.9%-87.4%, and the search accuracy can be improved by 22.2%. To pinpoint the potential of DOMIH, we further use near-duplicate image retrieval as examples to show the applications and the good performance of our method.

• Journal of Internet of Things and Convergence
• /
• v.2 no.3
• /
• pp.43-51
• /
• 2016

In this paper, we have developed Crypft+ as an enhanced file encryption/decryption system to improve the security of IoT system or individual document file management process. The Crypft+ system was developed as a core security module using Python, and designed and implemented a user interface using PyQt. We also implemented encryption and decryption function of important files stored in the computer system using AES based symmetric key encryption algorithm and SHA-512 based hash algorithm. In addition, Cx-Freezes module is used to convert the program as an exe-based executable code. Additionally, the manual for understanding the Cryptft+ SW is included in the internal program so that it can be downloaded directly.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.14 no.4
• /
• pp.187-195
• /
• 2014

In this paper, we evaluated the performance of recommendation and run time of the MissLess soft keyboard developed in the previous research. The MissLess keyboard assigns a hash code per each word for all words within its mobile dictionary. It decides recommendation words through three consecutive processes such as hash filtering, sorting based on spelling similarity, and finally recommendation based on frequency of use. Each process has some factors to have an impact on the recommendation success. We conducted experiments in an Android mobile device running the MissLess keyboard and measured performance of recommendation and run time overhead according to the impact factors. In this paper, we showed the experiment results.

• The Transactions of The Korean Institute of Electrical Engineers
• /
• v.57 no.4
• /
• pp.706-714
• /
• 2008

In this paper, we suggest a practical and flexible system architecture for JTAG(Joint Test Action Group) protection of application processors. From the view point of security, the debugging function through JTAG port can be abused by malicious users, so the internal structures and important information of application processors, and the sensitive information of devices connected to an application processor can be leak. This paper suggests a system architecture that disables computing power of computers used to attack processors to reveal important information. For this, a user authentication method is used to improve security strength by checking the integrity of boot code that is stored at boot memory, on booting time. Moreover for user authorization, we share hard wired secret key cryptography modules designed for functional operation instead of hardwired public key cryptography modules designed for only JTAG protection; this methodology allows developers to design application processors in a cost and power effective way. Our experiment shows that the security strength can be improved up to $2^{160}{\times}0.6$second when using 160-bit secure hash algorithm.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.13 no.6
• /
• pp.3258-3279
• /
• 2019

Recently, ransomware has earned itself an infamous reputation as a force to reckon with in the cybercrime landscape. However, cybercriminals are adopting other unconventional means to seamlessly attain proceeds of cybercrime with little effort. Cybercriminals are now acquiring cryptocurrencies directly from benign Internet users without the need to extort a ransom from them, as is the case with ransomware. This paper investigates advances in the cryptovirology landscape by examining the state-of-the-art cryptoviral attacks. In our approach, we perform digital autopsy on the malware's source code and execute the different malware variants in a contained sandbox to deduce static and dynamic properties respectively. We examine three cryptoviral attack structures: browser-based crypto mining, memory resident crypto mining and cryptoviral extortion. These attack structures leave a trail of digital forensics evidence when the malware interacts with the file system and generates noise in form of network traffic when communicating with the C2 servers and crypto mining pools. The digital forensics evidence, which essentially are IOCs include network artifacts such as C2 server domains, IPs and cryptographic hash values of the downloaded files apart from the malware hash values. Such evidence can be used as seed into intrusion detection systems for mitigation purposes.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.6 no.4
• /
• pp.3-38
• /
• 1996

The mobile station shall convolutionally encode the data transmitted on the reverse traffic channel and the access channel prior to interleaving. Code symbols output from the convolutional encoder are repeated before being interleaved except the 9600 bps data rate. All the symbols are then interleaved, 64-ary orthogonal modulation, direct-sequence spreading, quadrature spreading, baseband filtering and QPSK transmission. The sync, paging, and forward traffic channel except the pilot channel in the forward CDMA channel are convolutionally encoded, block interleaved, spread with Walsh function at a fixed chip rate of 1.2288 Mcps to provide orthogonal channelization among all code channels. Following the spreading operation, the I and Q impulses are applied to respective baseband filters. After that, these impulses shall be transmitted by QPSK. Authentication in the CDMA system is the process for confirming the identity of the mobile station by exchanging information between a mobile station and the base station. The authentication scheme is to generate a 18-bit hash code from the 152-bit message length appended with 24-bit or 40-bit padding. Several techniques are proposed for the authentication data computation in this paper. To protect sensitive subscriber information, it shall be required enciphering ceratin fields of selected traffic channel signaling messages. The message encryption can be accomplished in two ways, i.e., external encryption and internal encryption.