Taekyoung Kwon

Taekyoung Kwon
Yonsei University · Graduate School of Information

About

141
Publications
10,351
Reads
How we measure 'reads'
A 'read' is counted each time someone views a publication summary (such as the title, abstract, and list of authors), clicks on a figure, or views or downloads the full-text. Learn more
1,659
Citations

Publications

Publications (141)
Article
Full-text available
The OS kernel, which has full system privileges, is an attractive attack surface. A kernel fuzzer that targets system calls in fuzzing is a popular tool for discovering kernel bugs that can induce kernel privilege escalation attacks. To the best of our knowledge, the relevance of code coverage, which is obtained by fuzzing, to the system call has n...
Article
Full-text available
The Industrial Internet of Things (IIoT) could enhance automation and analytics in industrial environments. Despite the promising benefits of IIoT, securely managing software updates is a challenging problem for those critical applications. This is due to at least the intrinsic lack of software protection mechanisms in legacy industrial systems. In...
Article
Full-text available
FPGAs are field-programmable and reconfigurable integrated circuits; consequently, they entail numerous security concerns. For example, malicious functions such as hardware Trojans (HTs), can be inserted into the circuits in both development and deployment stages, as malicious fabrication and modification are possible even after deployment. Therefo...
Article
Full-text available
To meet password selection criteria of a server, a user occasionally needs to provide multiple choices of password candidates to an on-line password meter, but such user-chosen candidates tend to be derived from the user’s previous passwords—the meter may have a high chance to acquire information about a user’s passwords employed for various purpos...
Article
Firmware vulnerabilities raise serious security concerns with the rapid growth in connected embedded devices. Fuzzing is an effective dynamic testing technique to find those vulnerabilities; however, firmware fuzzing is very limited by hardware dependence, such as on-chip and off-chip peripherals. The latest elegant approaches are making substantia...
Article
Full-text available
Wireless sensor networks (WSNs) have played an important role in the Internet of Things (IoT), and the 5G network is being considered as a major candidate for IoT’s communication network with the advent of 5G commercialization. The potential of integrating WSNs and 5G in the IoT is expected to allow IoT to penetrate deeply into our daily lives and...
Article
Full-text available
It is challenging for malware lineage inference to identify versions of collected malware by ensuring high accuracy in clustering. In this article, we tackle this problem and present a novel mechanism using behavioral features for version identification of (un)packed malware. Our basic idea involves focusing on intrafamily clustering. We extract th...
Conference Paper
The OS kernel, which has entire system privileges, is an attractive target of attackers. To reduce this threat, we need to find security bugs in the kernel prior to the attackers, and system call fuzzing is a widely used technique for this purpose. However, many system call fuzzers have not been evaluated for coverage performance which is an import...
Conference Paper
Deep neural networks (DNNs) gained in popularity as an effective machine learning algorithm, but their high complexity leads to the lack of model interpretability and difficulty in the verification of deep learning. Fuzzing, which is an automated software testing technique, is recently applied to DNNs as an effort to address these problems by follo...
Conference Paper
Hybrid fuzzing, which combines fuzzing and concolic execution, is promising in light of the recent performance improvements in concolic engines. We have observed that there is room for further improvement: symbolic emulation is still slow, unnecessary constraints dominate solving time, resources are overly allocated, and hard-to-trigger bugs are mi...
Article
We are facing a big data world, embedded with interconnected IoT (Internet of Things) devices that generate large volumes of data. They pose a significant challenge to academia and industries focused on digital security: A variety of new malware and other threats are emerging at a fast pace, and existing preventive methods are struggling to deal wi...
Article
Nowadays, smart devices enable most of the personal tasks such as banking, mailing, and paperwork that people do on their personal computers (PCs). For this reason, personal information on smart devices has become a good target for malware. Especially, Malware targeted at personal information stored on mobile are hard to detect and risks from usage...
Article
Android pattern lock is still popularly used for mobile user authentication. Unfortunately, however, many concerns have been raised regarding its security and usability. User-created patterns tend to be simply structured or reduced to a small set. Complex patterns are hard to memorize. Input patterns are susceptible to various attacks, such as gues...
Article
Full-text available
A wireless sensor network (WSN) is used for a smart home system’s backbone that monitors home environment and controls smart home devices to manage lighting, heating, security and surveillance. However, despite its convenience and potential benefits, there are concerns about various security threats that may infringe on privacy and threaten our hom...
Conference Paper
User's behavioral biometrics are promising as authentication factors in particular if accuracy is sufficiently guaranteed. They can be used to augment security in combination with other authentication factors. A gesture-based pattern lock system is a good example of such multi-factor authentication, using touch dynamics in a smartphone. However, to...
Conference Paper
Since FPGAs are field-programmable and reconfigurable integrated circuits, there are many security concerns that malicious functions like hardware Trojans can be infiltrated into circuits not only in development stages but also in deployment stages -- malicious fabrication and modification are possible even after deployment. To detect hardware Troj...
Article
Full-text available
When a wearable device such as a smartwatch is paired with a host device, e.g., a smartphone, it is inevitable that a certain amount of data stored in the host device will be copied to the wearable device for initialization and personalization purposes. This incident may frequently occur with the Internet of Things. However, it is not well known, p...
Chapter
As the IoT era comes to the full-fledged, hardware Trojans that involve malicious modifications of circuitry are becoming a growing security concern. To avoid a detection mechanism, hardware Trojans may need a stealthy nature in their existence for being dormant, and even when triggered. In this paper, we devise a new hardware Trojan concept that e...
Article
Full-text available
The integration of 5G networks and wireless sensor networks (WSNs) is critical in the new era of the Internet of Things (IoT), for a wide range of applications. However, despite the potential advantages of this integration, there are concerns about unforeseen security threats that may impact our daily lives. Authenticated key agreement is an essent...
Conference Paper
A small touch sensor employed in smartphones can only capture a partial limited portion of the full fingerprint, and so it is more vulnerable to fingerprint spoofing attacks that leverage a user's firm impression. However, it is still unknown whether daily smudges remaining on the smartphone surface can be exploited to circumvent the small touch se...
Article
Full-text available
Wireless sensor networks are widely used in many mission critical applications such as environment monitoring, military monitoring, and healthcare. The highly sensitive nature of collected information and various potential security threats make security in wireless sensor networks a crucial concern. For resource-constrained nature of these special...
Conference Paper
Modern smartphones popularly adopt a small touch sensor for fingerprint identification of a user, but it captures only a partial limited portion of a fingerprint. Recently we have studied a gap between actual risk and user perception of latent fingerprints remaining on a smartphone, and developed a fake fingerprint attack that exploits the latent f...
Conference Paper
We coin a new term called \textit{data transfusion} as a phenomenon that a user experiences when pairing a wearable device with the host device. A large amount of data stored in the host device (e.g., a smartphone) is forcibly copied to the wearable device (e.g., a smart watch) due to pairing while the wearable device is usually less attended. To t...
Conference Paper
In recent years, people can do most of their personal tasks, such as banking on smart devices like personal computers (PCs). Especially, Malware targeted at personal information stored on mobile are hard to detect and risks from usage patterns are even more difficult. Therefore, a means for easy recognition of the problems and the smartphone usage...
Conference Paper
Media server daemons, running with a high privilege in the background, are attractive attack vectors that exist across various systems including smartphones. Fuzzing is a popularly used methodology to find software vulnerabilities although symbolic execution and advanced techniques are obviously promising. Unfortunately, fuzzing itself is not effec...
Article
Fingerprint authentication identifies individuals based on user specific information. It is widely used as it is convenient, secure and has no risk of leakage, loss, or forgotten. However, the latent fingerprints remaining on the smart device`s surface are vulnerable to smudge attacks. We analyze the usage patterns of individuals using smart device...
Article
A remote data integrity checking is a crucial technology for cloud storage services because of an increasing threat against user data outsourced in remote cloud servers. Recently, integrity checking protocols have been proposed and in particular for batch auditing. However, they cannot efficiently identify corrupted clouds when batch auditing fails...
Article
Cryptographic technologies providing confidentiality and integrity such as encryption algorithms and message authentication codes (MACs) are necessary for preventing security threats in the Internet of Things (IoT) where various kinds of devices are interconnected. As a number of encryption schemes that have passed security verification are not nec...
Article
Deduplicated filesystem can reduce usage of storage. However, it be able to recover deleted block. We studied sanitization of deduplicated filesystem, LessFS which is based on FUSE(Filesystem in USErspace). First, we show a vulnerability recover deleted data in the deduplicated filesystem. We implement sanitization of deduplicated filesystem consid...
Article
Full-text available
Wireless mobile networks frequently need remote software updates to add or adjust the tasks of mobile nodes. Software update traffic, particularly in the Internet of Things (IoT), should be carefully handled since attackers can easily compromise a number of unattended devices by modifying a piece of code in the software update routine. These attack...
Article
As smart mobile devices having touchscreens are growingly deployed, a pattern lock system, which is one of the graphical password systems, has become a major authentication mechanism. However, a user`s unlocking behaviour leaves smudges on a touchscreen and they are vulnerable to the so-called smudge attacks. Smudges can help an adversary guess a s...
Article
For securing password-based authentication, a user must select and manage a strong password that has sufficient length and randomness. Unfortunately, however, it is known that many users are likely to choose easy-to-remember weak passwords and very poorly manage them. In this paper, we study a domestic user case of password selection and management...
Article
Password authentication is the representative user authentication method and particularly text-based passwords are most widely used. Unfortunately, most users select weak passwords and so many web sites provide a password meter that measures password strength to derive the users to select strong passwords. However, some metering results are not con...
Article
Heterogeneous IoT devices must satisfy a certain level of security for mutual connections and communications. However, a performance degradation of cryptographic algorithms in resource constrained devices is inevitable and so an optimization or efficient implementation method is necessary. In this paper, we study an efficient implementation method...
Article
In this paper, we propose new detection and detour methods against packet drop attacks for availability in the Internet of Things (IoT) based on the IEEE 802.15.4e and RPL protocol standards that employ IPv6. We consider the rank value of RPL and the consecutive packet drops to improve the detection metrics, and also take into account the use of bo...
Article
In point-to-point communication channels, an anonymization mechanism is necessary for a data link layer because link layer IDs such as MAC addresses can reveal further private information about communicating devices, which may threaten cyber security. Previous mechanisms based on heavy cryptographic operations are not suitable for link layer that n...
Conference Paper
In this paper, we propose an efficient identity-based password authenticated key exchange (IBPAKE) protocol using identity-based KEM/DEM. In IBPAKE, a client conducts authentication based on a human-memorable password and a server’s identity. A distinctive feature of IBPAKE protocols, compared to the well-known EKE-like PAKE protocols, is that an a...
Article
Although Android systems provide a permission-based access control mechanism and demand a user to decide whether to install an app based on its permission list, many users tend to ignore this phase. Thus, an improved method is necessary for users to intuitively make informed decisions when installing a new app. In this paper, with regard to the per...
Article
The purpose of this study was to find if the password composition of domestic users is affected by the different form of the word `Password` in the interface of login or password change. In particular, `Password`, foreign notation, and `Secret Number`, notation translated by Korean, have a semantic difference. According to the survey of 200 student...
Conference Paper
In cloud storage services, users can store their data in remote cloud servers. Due to new and challenging security threats toward outsourced data, remote data integrity checking has become a crucial technology in cloud storage services. Recently, many integrity checking protocols have been proposed. Several protocols support batch auditing, but the...
Article
This paper proposes a location-based key management scheme in wireless sensor networks, and among the existing location-based key management techniques, we focused on the LDK (Location Dependent Key management). In order to improve the problems occurred by communication interference, we introduced the key revision process and the method of key esta...
Article
Users typically reuse the same personalized identification number (PIN) for multiple systems and in numerous sessions. Direct PIN entries are highly susceptible to shoulder-surfing attacks as attackers can effectively observe PIN entry with concealed cameras. Indirect PIN entry methods proposed as countermeasures are rarely deployed because they de...
Article
To achieve secure communications in wireless sensor networks (WSNs), sensor nodes (SNs) must establish secret shared keys with neighboring nodes. Moreover, those keys must be updated by defeating the insider threats of corrupted nodes. In this paper, we propose a location-based key management scheme for WSNs, with special considerations of insider...
Article
Full-text available
Recently, many public auditing schemes have been proposed to support public auditability that enables a third party auditor to verify the integrity of data stored in the remote cloud server. To improve the performance of the auditor, several public auditing schemes support batch auditing which allows the auditor to handle simultaneously multiple au...
Article
Devising a user authentication scheme based on personal identification numbers (PINs) that is both secure and practically usable is a challenging problem. The greatest difficulty lies with the susceptibility of the PIN entry process to direct observational attacks, such as human shoulder-surfing and camera-based recording. This paper starts with an...
Article
Industrial wireless sensor networks (IWSNs) are advancing to a form of active networks called industrial wireless active sensor networks (IWASNs) with reprogrammable sensor nodes, and thus require a method to check the integrity of software in sensor nodes. Regarding energy efficiency, however, previous methods did not take into account the scalabi...
Article
Due to the privacy concerns prevailing in today’s computing environments, users are more likely to require anonymity or at least pseudonyms; on the other hand, they must be traceable or revokable in case of abuse. Meanwhile, an authorization mechanism that controls access rights of users to services or resources is frequently needed in various real...
Article
User authentication based on ID and PW has been widely used. As the Internet has become a growing part of people` lives, input times of ID/PW have been increased for a variety of services. People have already learned enough to perform the authentication procedure and have entered ID/PW while ones are unconscious. This is referred to as the adaptive...
Article
When a user interacts with a computing system to enter a secret password, shoulder surfing attacks are of great concern. To cope with this problem, previous methods presumed limited cognitive capabilities of a human adversary as a deterrent, but there was a pitfall with the assumption. In this paper, we show that human adversaries, even without a r...
Article
Full-text available
Limited capabilities of tiny sensor node make it difficult to build a secure wireless sensor network. To cope with this problem, location-aware key predistribution schemes have been studied but without considering irregularity of real sensing fields. They were designed for ideal sensing fields divided into uniform regular polygons but false is the...
Conference Paper
User's password entry is susceptible to shoulder-surfing attacks. We propose a novel PIN entry method called SwitchPIN to effectively deal with this challenging problem by rendering a random mapping between switchable keypads.
Conference Paper
Recently, malware has been dramatically increasing on smartphones. Particularly, spyware is a great concern regarding privacy. In this paper, we propose a new virtual keyboard called RIK, to prevent spyware from stealing users' sensitive information, such as a password, entered on a user interface.
Article
Due to the fundamental features of smartphones, such as openness and mobility, a great deal of malicious software including spyware can be installed more easily. Since spyware can steal user`s sensitive information and invade privacy, it is necessary to provide proper security mechanisms like secure virtual keyboards. In this paper, we propose a no...
Article
In this paper, we studied threats and risks that users might enter their passwords without awareness onto phishing and pharming sites, and particularly showed that it was highly likely to leak the secret information of multiple passwords by user experiments. The novel methodology of verifying those threats and risks is the major contribution of thi...
Article
Smartphones are rapidly growing because of easy installation of the apps (application software) that users actually want. There are increasingly many apps that require cryptographic suites to be installed, for instance, for protecting account and financial data. Android platform provides protection mechanisms for memory and storage based on Linux k...
Article
A pattern lock system is a widely used graphical password mechanism in today’s mobile computing environment. To unlock a smartphone, a user draws a memorized graphical pattern with a finger on a flat touchscreen whereas the finger actually leaves its oily residues, also called smudges, on the surface of the touchscreen. The smudges can be exploited...
Conference Paper
Small touchscreens are widely used in consumer electronics, such as smartphones and mobile electronic devices. However, typing on the small touchscreen is still worth studying. In fact, smartphone users are experiencing difficulties and also many errors in typing alphanumeric keys with their thumbs because a small virtual keyboard even with the red...
Conference Paper
The increasing video resolution of handheld devices such as smartphones makes it harder for users to accurately touch a tiny item on a small touchscreen without conducting pinch-to-zoom and correction actions. To deal with this problem, an offset-free point-and-click mechanism is proposed in this paper. The touch pointer implemented in dual layers...
Article
Due to the widespread use of smart devices, threats of direct observation attacks such as shoulder surfing and recording attacks, by which user secrets can be stolen at user interfaces, are increasing greatly. Although formal security models are necessary to evaluate the possibility of and security against those attacks, such a model does not exist...
Article
Full-text available
The design of authentication protocols, for online banking services in particular and any service that is of sensitive nature in general, is quite challenging. Indeed, enforcing security guarantees has overhead thus imposing additional computation and design considerations that do not always meet usability and user requirements. On the other hand,...
Article
Privacy preservation has become an essential requirement in today’s computing environment; abuse based on anonymity and user-controlled pseudonyms is a serious problem. For prompt deployment in legacy information systems, it would be desirable to develop a new method in the standard paradigm. This paper investigates practical methods for privacy pr...
Article
Full-text available
for some fixed and two integers with a low weight representation. We call this class of exponents split exponents, and we show that with certain choice of parameters the DL problem on split exponents is essentially as secure as the standard DL problem, while the exponentiation operation using exponents of this class is significantly faster than bes...
Article
Secure Authentication Scheme with Improved Anonymity for Wireless Environments
Article
Wireless industrial sensor networks are necessary for industrial applications, so that wireless sensor nodes sense around themselves and detect anomaly events in the harsh industrial environments. Due to the harshness, anomaly events such as adversarial intrusions may result in harmful and disastrous situations for industrial applications but it is...
Article
Authenticated broadcast, enabling a base station to send commands and requests to low-powered sensor nodes in an authentic manner, is one of the core challenges for securing wireless sensor networks. μTESLA and its multilevel variants based on delayed exposure of one-way chains are well known valuable broadcast authentication schemes, but concerns...
Article
It is a recent trend to consider wireless sensor networks in harsh industrial environments. With actual deployment of wireless sensor networks, it would be desirable to make a concrete deployment plan regarding connectivities and to place sensors by grouping them according to the planned deployment points, even more in case of targeting multiple ob...
Conference Paper
Radio frequency identification (RFID) is a promising technology for identifying physical objects in an automated manner, but raises privacy infringement problems significantly in the real world. The low-cost RFID tags are much more vulnerable, meaning traceable, than active tags due to their restricted (poor) capabilities. In this paper, we present...
Article
A practical pairwise key distribution scheme is necessary for wireless sensor networks since sensor nodes are susceptible to physical capture and constrained in their resources. In this paper, we investigate a simple and practical scheme that achieves higher connectivities and perfect resilience with less resources, even in case of deployment error...
Conference Paper
Actual interactions between human users and computers occur at the user interface, which includes both hardware and software. When users attempt to input sensitive information to computers, a kind of shoulder surfing that might use direct observation techniques, such as looking over someone’s shoulder, to get the information could be a great concer...
Article
We propose an authentication methodology that combines multimodal biometrics and cryptographic mechanisms for border control applications. We accommodate faces and fingerprints without a mandatory requirement of (tamper-resistant) smart-card-level devices on e-passports for easier deployment. It is even allowable to imprint (publicly readable) bar...
Conference Paper
In ubiquitous computing environments, the computer technology will recede into the background of our lives for its ultimate goal, invisibility. For ensuring security and privacy in those environments, both human beings and surrounding devices should be authenticated under the interaction methods that are used for ubiquitous services. However, the i...
Conference Paper
Existing biometric authentication systems use probabilistic method to decide the claimed identity of a user. But, these are weak on the privacy protection perspective as anyone can access someone’s biometric template without restrictions. Therefore, we propose a scheme that can improve the biometric authentication accuracy with the concept of digit...
Conference Paper
There are tremendous need increase for personal verification and identification in internet security, electronic commerce and access control in recent years. Also, as the demands for security in many applications such as data protection and financial transaction become an increasingly relevant issues, the importance of biometric technology is rapi...
Conference Paper
User authentication is necessary for proving and verifying the claimed identity of users in a distributed environment. Three factors such as user’s knowledge, belongings, and biometric traits are usually considered for the purpose. A sort of multi-factor authentication may combine those factors in the way that a user provides the requested multi-fa...
Conference Paper
Wireless Sensor Networks (WSNs) consist of highly resource constrained sensor nodes. A large number of sensor nodes are deployed over a wide geographical area and operate in unattended fashions. These features of WSNs make difficult the manual intervention through physical access. Thus, secure network reprogramming is a critical requirement for WSN...
Conference Paper
It is not easy to achieve secure key establishment in wireless sensor networks without public key cryptography. Many key management protocols have been proposed for the purpose. Among them, LEAP is a simple and elegant protocol that establishes multi-level keys in an efficient way, but its security mainly relies on that of a single initialization k...
Conference Paper
By deploying wireless sensor networks in the future ubiquitous computing environment, smart consumer electronic devices could cooperate with such networks for sensing the environment and reacting upon various events more actively and accurately. However, the information gathered by sensor nodes may vary in locations and sensory devices, and is repr...
Conference Paper
Full-text available
It is not easy to achieve secure key establishment in wireless sensor networks without public key cryptography. Many key management protocols have been proposed for the purpose. Among them, LEAP is a simple and elegant protocol that establishes multi-level keys in an efficient way, but its security mainly relies on that of a single initialization k...
Conference Paper
RFID technology arouses great interests from both its advocates and opponents because of the promising but privacy-threatening nature of low-cost RFID tags. A main privacy concern in RFID systems results from clandestine scanning through which an adversary could conduct silent tracking and inventorying of persons carrying tagged objects. Thus, the...
Conference Paper
Password-based authentication and key distribution are important in today's computing environment. Since passwords are easy to remember for human users, the password-based system is used widely. However, due to the fact that the passwords are chosen from small space, the password-based schemes are more susceptible to various attacks including passw...
Conference Paper
Most of password authenticated key agreement protocols have focused on the two-party setting where two communicating parties share a human-memorable password. In this paper, we study password authenticated key agreement in the three-party setting where both communicating parties share respective passwords with a trusted third party rather than them...
Conference Paper
Since small low-powered sensor nodes are constrained in their computation, communication, and storage capabilities, it is not easy to achieve secure key establishment in a wireless sensor network where a number of such sensor nodes are spread over. There are many previous studies in the area of secure key establishment without public key cryptograp...
Article
DRM is a technique for preventing an illegal use of digital contents such as streaming media. ISMA 1.0 is a standard for implementing MPEG-4 streaming media in the Internet, while ISMACryp 1.0 adds cryptographic mechanisms for enabling DRM to the ISMA standard. Since ISMACryp 1.0 satisfies requirements for Internet streaming and copyright protectio...
Conference Paper
The emergence of wireless sensor networks should allow for entirely new kinds of infrastructure in the ubiquitous computing environments while physical attacks will be new concerns. We study security of wireless sensor networks with experiments on physical capture attacks.