• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.14 no.11
• /
• pp.4310-4330
• /
• 2020

With the continuous emergence of new applications and cyberattacks and their frequent updates, the need for automatic protocol reverse engineering is gaining recognition. Although several methods for automatic protocol reverse engineering have been proposed, each method still faces major limitations in extracting clear specifications and in its universal application. In order to overcome such limitations, we propose an automatic protocol reverse engineering method using a two-pathway model based on a contiguous sequential pattern (CSP) algorithm. By using this model, the method can infer both command-oriented protocols and non-command-oriented protocols clearly and in detail. The proposed method infers all the key elements of the protocol, which are syntax, semantics, and finite state machine (FSM), and extracts clear syntax by defining fine-grained field types and three types of format: field format, message format, and flow format. We evaluated the efficacy of the proposed method over two non-command-oriented protocols and three command-oriented protocols: the former are HTTP and DNS, and the latter are FTP, SMTP, and POP3. The experimental results show that this method can reverse engineer with high coverage and correctness rates, more than 98.5% and 99.1% respectively, and be general for both command-oriented and non-command-oriented protocols.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.2
• /
• pp.345-358
• /
• 2016

In this paper, we present a security tool which called Digital Legal Seal. The Digital Legal Seal scans a barcode on a paper and print it with the tag generated by Hash-based Message Authentication Code(HMAC) in text format on a display device. The result of HMAC can be used for user authentication or secure message transmission on both online and offline. We examine not only how the Digital Legal Seal can make up the weak points of security card and OTP (One Time Password), but also the possibility of reducing the forgery of promissory note on offline.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.18 no.11
• /
• pp.2678-2684
• /
• 2014

In this paper a new message control method that can reduce server load and network traffic in XMPP/SIP presence service system has been proposed. This presence service system can process both XMPP(Extensible Massaging and Presence Protocol) based presence information and SIP(Session Initiation Protocol) based presence information. A new XMPP stanza architecture with added elements for presence stanza and IQ stanza has been designed, and a new presence information data processing method which can reduce size of SIP notification message and SIP PUBLISH message has been suggested. Furthermore a messages exchanging procedure that can transfer presence information between XMPP domain and SIP domain has been also suggested. The performance of the proposed system has been analysed by simulation.

• Proceedings of the IEEK Conference
• /
• 1998.10a
• /
• pp.289-440
• /
• 1998

This paper describes an interconnection network structure which transports information among processors through a high speed ATM switch. To efficiently use the high speed ATM switch for the message-based multiprocessor, we implemented the cell router that performs multiplexing and demultiplexing of cells from/to processors. In this system, we use the expanded internal cell format including 3bytes for switch routing information. This interconnection network has 3 stage routing strategies: ATM switch routing using switch routing information, cell router routing using a virtual path identifier (VPI) and cell reassembly routing using a virtual channel indentifier (VCI). The interconnection network consists of the NxN folded switch and N cell routers with the M processor interface. Therefore, the maximum number of NxM processors can be interconnected for message communication. This interconnection network using the ATM switch makes a significant improvement in terms of message passing latency and scalability. Additionally, we evaluated the transmission overhead in this interconnection network using ATM switch.

• Journal of the Institute of Convergence Signal Processing
• /
• v.14 no.2
• /
• pp.77-81
• /
• 2013

The international standard AIS, which stands for the safety of ship navigation and vessel traffic management, provides 27 messages to exchange the navigational information of ship. Among 27 messages, message ID 6 and 8 are defined as the binary data format to exchange application specific information and are classified into IFM for international use and RFM for national or regional use. Since international standards are based on English, there have been some needs to exchange data in Hangul text for vessel traffic management to correct the static and dynamic ships' information. In this paper, I analyze international standards to provide a Hangul text messaging service based on RFM and propose a RFM message and a simple protocol to correct information of a ship.

• Journal of Convergence for Information Technology
• /
• v.7 no.6
• /
• pp.97-102
• /
• 2017

In this paper, we have interested in cooperative intelligent transport system and autonomous driving system, and focused on analysis of the characteristics of Cooperative Awareness Message (CAM) and Decentralized Environmental Notification Basis Service (DENM) message, which is key delivery message among cooperative intelligent transport system (C-ITS) characteristics for research objectivity. For research method, we also described V2X communication, and also analyzed the security certificate and header structure of CAM and DENM messages. We described CAM message, which is a message informing the position and status of the vehicle. And the DENM message is presented a message informing an event such as a vehicle accident, and analysis security communication, which is supported services. According to standard analysis result, 186 bits or 275 bits are used. In addition to the security header and the certificate format used for vehicle communication, we have gained the certificate verification procedure for vehicles and PKI characteristics for vehicles. Also We derived the characteristics and transmission capability of the security synchronization pattern required for V2X secure communication. Therefore when it is considered for communication service of DENM and CAM in the C-ITS environment, this paper may be meaningful result.

• Journal of Advanced Navigation Technology
• /
• v.27 no.5
• /
• pp.510-518
• /
• 2023

This paper introduces a MATLAB graphical user interface (GUI) based software for performance analysis of navigation message and wide area differential correction of regional navigation satellite system (RNSS). This software was developed to analyze satellite orbit/clock-related performance of navigation message and wide area differential correction simulating RNSS for regions near Korea based on different distributions of monitor and reference stations. As a result of software operation, navigation message and wide area differential correction are given as output in MATLAB file format. From the analysis of output, it was confirmed that valid navigation message and wide area differential correction could be generated from the results about statistical feature of orbit and clock prediction errors, cm-level fitting errors for navigation message parameters, and 81.9% enhancement in range error for wide area differential correction.

• Journal of Satellite, Information and Communications
• /
• v.12 no.2
• /
• pp.21-27
• /
• 2017

The combat systems in Korea navy have been operating some kinds of tactical data link systems such as Link-11, ISDL and JTDLS. Each tactical data link system has the ability to transmit and receive tactical information like track, engagement, weapon information by using unique message of theirs. And each unique message has their own format. But a number of tactical data link system make combat effectiveness worse because their major functions are duplicated unnecessarily. So, many advanced countries are trying to make united data link system. Similarly, the combat systems in Korea navy will operate C4I data link system, and it is combined version current ISDL, KNCCS and JTDLS data link system. In this paper, we consider the development current tactical data link systems in Korea navy. Also, compare the characteristics between I-message used in ISDL and Host-Interface message used in C4I. From these results, we analyze advanced points about C4I data link system.

• ETRI Journal
• /
• v.42 no.3
• /
• pp.446-458
• /
• 2020

In this study, an efficient scheme for hiding data directly in partially encrypted versions of high efficiency video coding (HEVC) videos is proposed. The content owner uses stream cipher to selectively encrypt some HEVC-CABAC bin strings in a format-compliant manner. Then, the data hider embeds the secret message into the encrypted HEVC videos using the specific coefficient modification technique. Consequently, it can be used in third-party computing environments (more generally, cloud computing). For security and privacy purposes, service providers cannot access the visual content of the host video. As the coefficient is only slightly modified, the quality of the decrypted video is satisfactory. The encrypted and marked bitstreams meet the requirements of format compatibility, and have the same bit rate. At the receiving end, data extraction can be performed in the encrypted domain or decrypted domain that can be adapted to different application scenarios. Several standard video sequences with different resolutions and contents have been used for experimental evaluation.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.7 no.3
• /
• pp.576-599
• /
• 2013

Protocol reverse engineering is useful for many security applications, including intelligent fuzzing, intrusion detection and fingerprint generation. Since manual reverse engineering is a time-consuming and tedious process, a number of automatic techniques have been proposed. However, the accuracy of these techniques is limited due to the complexity of binary instructions, and the derived formats have missed constraints that are critical for security applications. In this paper, we propose a new approach for protocol format extraction. Our approach reasons about only the evaluation behavior of a program on the input message from concolic execution, and enables field identification and constraint inference with high accuracy. Moreover, it performs binary analysis with low complexity by reducing modern instruction sets to BIL, a small, well-specified and architecture-independent language. We have implemented our approach into a system called Icefex and evaluated it over real-world implementations of DNS, eDonkey, FTP, HTTP and McAfee ePO protocols. Experimental results show that our approach is more accurate and effective at extracting protocol formats than other approaches.