Digital Library[ Search Result ]
revention of Malware Installation in Dedicated Devices Built on General-Purpose Execution Environments
Doyeon Kim, Jione Choi, Kiseok Jeon, Wonjun Lee, Junghee Lee
http://doi.org/10.5626/JOK.2025.52.5.444
With digitalization of various industries, the demand for dedicated devices is increasing. Dedicated devices, such as digital banking branches, medical tablets, and educational tablets, are designed to perform specific tasks. Since they only run designated applications, they are them more secure with minimal the attack surface. Most of these devices are built on general-purpose execution environments like Android. Thus, they offer ease of development, usability, and high availability, contributing to their widespread adoption. At the same time, they may introduce new security vulnerabilities, necessitating security measures tailored to dedicated devices. This study analyed the vulnerabilities of dedicated devices operating in a general-purpose execution environment, evaluated the potential for vulnerabilities that could lead to malware installation, and proposed countermeasures. This research assumes that attackers do not have physical access to the device and that end users do not engage in malicious activities. The widely used Android environment was selected. Ten methods by which an attacker could remotely install malware on a Lenovo P11 device were identified. To mitigate these threats, a security mechanism optimized for dedicated devices was designed by implementing SELinux policies and installing a file integrity verification program.
u-INJECTOR: Unicorn-based Firmware Dynamic Analysis Tool
Youngbeen Yoo, Hanbit Kim, Junghyung Park, Jinsung Cho
http://doi.org/10.5626/JOK.2025.52.4.269
As proliferation of IoT devices fuels growth of the embedded market and expands application areas of embedded devices, the risk of vulnerability exploitation is increasing, particularly as many IoT device manufacturers does not allow security guidelines. This has led to an increased risk of exploitation through vulnerability attacks. Consequently, it's crucial to analyze and address vulnerabilities in embedded firmware beforehand to ensure system safety. While dynamic analysis techniques are crucial for assessing such vulnerabilities, unique development environments of embedded devices, as opposed to host PCs, along with the diversity in hardware architectures, pose challenges in setting up a firmware analysis environment using virtualization tools like QEMU alone. To overcome these challenges, this study introduced an embedded firmware vulnerability analysis tool, u-INJECTOR, utilizing the open-source CPU virtualization tool, Unicorn. u-INJECTOR can significantly reduce environment construction costs compared to QEMU by automatically analyzing symbols of executable files and establishing a virtualization environment for embedded firmware. The u-INJECTOR described in this research is expected to serve as a valuable tool for detecting vulnerabilities against side-channel and fault injection attacks.
Cache Side-Channel Attacks Exploiting the RISC-V Coprocessor Interface on an SoC Platform
Yewon Hwang, Taeweon Suh, Gunjae Koo
http://doi.org/10.5626/JOK.2025.52.2.95
A modern System-on-Chip (SoC) incorporates multiple third-party intellectual properties (IPs) provided by external vendors. Such third-party IPs can be vulnerable to security attacks exploiting hardware Trojans. Namely, attackers may include malicious hardware logic that can perform unauthorized operations within a third-party coprocessor. In this paper, we present a cache side-channel attack scenario that exploits the coprocessor interface, called RoCC, in a RISC-V open-source SoC platform. We demonstrate that attackers can effectively execute a Flush+Reload type cache side-channel attack by activating a malicious memory access logic in a custom IP exploiting RoCC instructions. Our evaluation exhibits the proposed attack can perform flush operations 9.4 times faster than traditional cache side-channel attack methods. This paper highlights the need for defense mechanisms against hardware security attacks in SoC design utilizing open-source processors.
Automatic Generation of Secure Communication Code in Model-based Software Development Framework
Jaewoo Son, Jangryul Kim, EunJin Jeong, Soonhoi Ha
http://doi.org/10.5626/JOK.2022.49.9.669
With the development of the Internet of Things (IoT), the importance of communication and security is growing, as the connection between embedded platforms becomes common. The model-based software development methodology, one of the methods of developing embedded software, is effective for software development on different platforms, by automatically generating code suitable for the platform from a platform-independent model. This is useful in distributed embedded systems by also generating remote communication code, but there are no studies on automatic secure communication code generation. In this paper, we propose a method for automatically applying security on communication, in a model-based software development framework. The efficiency and validity of the proposed method were verified through the implementation of examples, that require communication between different platforms with various encryption methods.
Network-level Tracker Detection Using Features of Encrypted Traffic
Dongkeun Lee, Minwoo Joo, Wonjun Lee
http://doi.org/10.5626/JOK.2022.49.4.314
Third-party trackers breach users’ data privacy by compiling large amounts of personal data such as location or browsing history through web tracking techniques. Although previous research has proposed several methods to protect the users from web tracking via its detection and blockage, their effectiveness is limited in terms of dependency or performance. To this end, this paper proposes a novel approach to detect trackers at the network level using features of encrypted traffic. The proposed method first builds a classification model based on the features extracted from side-channel information of encrypted traffic generated by trackers. It then prevents leakage of user information by accurately detecting tracker traffic within the network independently from the user’s browsers or devices. We validate the feasibility of utilizing features of encrypted traffic in tracker detection by studying the distinctive characteristics of tracker traffic derived from real-world encrypted traffic analysis.
Design Threat Analysis and Risk Assessment of Battery Management System
Woongsub Park, Daehui Jeong, Hyuk Lee
http://doi.org/10.5626/JOK.2022.49.2.176
Climate change due to emission of greenhouse gases and air pollutants is currently the most important international environmental problem. As a result of advances in technology and efforts by automobile manufacturers to address these issues, automobiles are changing from internal combustion engines to electric motors. Electric vehicles have a high proportion of electronic components. Software technologies such as battery management systems, infotainment, and advanced driver assistance systems (ADAS) are integrated. An increase in the proportion of software increases the internal connectivity and complexity of the entire system, leading to expansion of the potential security attack surface. To secure cyber security for automobiles, it is recommended to comply with the ISO/SAE-21434 international standard and perform threat analysis and risk assessment activities. In this paper, high-level threat analysis and risk assessment for the battery management system were performed based on the HEAVENS security model. Threats that can occur in the battery management system were identified through the STRIDE technique. Possible damage and threat scenarios were then derived. Through systematic risk assessment, an impact rating and an attack potential rating for threats were assigned and a security rating was derived. Finally, by analyzing the security level of the threat, it is suggested to apply threat analysis and risk assessment activities to improve the design level security of the battery management system.
A Security Requirements Recommendation Framework Based on APT Attack Cases
MinJu Kim, Sihn-Hye Park, Seok-Won Lee
http://doi.org/10.5626/JOK.2021.48.9.1014
Advanced Persistent Threat (APT) attacks are intelligent and continuous attacks on specific targets. This type of attack is one of the most difficult attacks to detect and defend because it uses an organized and advanced technique for attacking targets, and it continuously attempts to attack the undetected for a certain period. In this paper, we propose a framework that recommends security requirements for real-world APT attacks as a proactive defense against APT attacks. The proposed framework derives attack elements based on scenarios for specific APT attacks and analyzes the relationships between elements. Through case-based reasoning of analytical results, attack patterns are deduced, and security requirements are recommended. For case-based reasoning and security requirements recommendation, we build an integrated knowledge base that includes APT attack knowledge, general security knowledge, and domain-specific knowledge. The integrated knowledge base consists of knowledge-specific ontology and related databases. We implement this framework as a web application to conduct case studies on specific APT attacks.
Smart Contract Weakness Analyzer Based on Concolic Testing
http://doi.org/10.5626/JOK.2021.48.6.668
Ethereum is a blockchain-based cryptocurrency platform that provides a Turing complete language, Solidity, which can be used to develop smart contracts for various applications. This paper present an analyzer that finds security weaknesses in smart contracts using the concolic testing framework. Concolic testing, which combines symbolic execution and testing, is more efficient than symbolic execution while retaining no false positiveness which is absent in static analysis. Also, the analyzer reflects actual execution context to the maximum extent possible using the Ethereum execution environment, the Geth testnet. The analyzer detects integer overflow and unhandled exception weakness. Also, this paper presents performance test results in comparison with a well known smart contract symbolic execution framework, Manticore.
Performance Improvement of Neural Network-based Detection of ROP Attacks using Abstraction of Instruction Features
http://doi.org/10.5626/JOK.2021.48.5.493
Return-oriented programming (ROP) is a program attack technique that executes code snippets in memory following an attacker-intended order using return instructions. This paper proposes a method of detecting ROP attacks using neural networks. The method reduces the size of the data by using abstraction of instruction features relevant to ROP attacks rather than entire bits of instructions and activates the neural networks only for 12 instructions after a return instruction. Our experiments on a web server, browser, and the necessary libraries show speedups of 9.6 and 1,403.1 over DeepCheck and HeNet with an F1 score of 100.
Learning Disentangled Representation of Web Addresses via Convolutional-Recurrent Triplet Network for Phishing URL Classification
http://doi.org/10.5626/JOK.2021.48.2.147
Automated classification of phishing URLs propagated through hyperlinks is critical in environments reinforcing personal connections due to the explosive growth of social media services. Deep learning models for the classification of phishing URLs based on convolutional-recurrent neural networks yielded the best performance in terms of accuracy by modeling the character-level and word-level features. However, the deep learning-based classifier focused on the fitting of a given task via accumulated URLs is limited due to the class imbalance of the phishing attacks that are generated and discarded immediately. We address the class imbalance issue in terms of deep learning-based URL feature space generation task. We propose a modified triplet network structure that explicitly learns the similarity between URLs based on Euclidean distance to alleviate the limitations of the existing deep phishing classifiers. Experiments investigating the real-world dataset of 60,000 URLs collected from web addresses showed the highest performance among the latest deep learning methods, despite the hostile class imbalance. We also demonstrate that the generated URL feature space from the proposed method improved recall by 45.85% compared to the existing methods.
Search
Journal of KIISE
- ISSN : 2383-630X(Print)
- ISSN : 2383-6296(Electronic)
- KCI Accredited Journal
Editorial Office
- Tel. +82-2-588-9240
- Fax. +82-2-521-1352
- E-mail. chwoo@kiise.or.kr