Your search keyword '"Sangchul Han"' showing total 29 results

1. Deoptfuscator: Defeating Advanced Control-Flow Obfuscation Using Android Runtime (ART)

Author

Geunha You, Gyoosik Kim, Sangchul Han, Minkyu Park, and Seong-Je Cho

Subjects

Android app, malicious app, obfuscation, deobfuscation, control-flow obfuscation, Electrical engineering. Electronics. Nuclear engineering, TK1-9971

Abstract

Code obfuscation is a technique that makes it difficult for code analyzers to understand a program by transforming its structures or operations while maintaining its original functionality. Android app developers often employ obfuscation techniques to protect business logic and core algorithm inside their app against reverse engineering attacks. On the other hand, malicious app writers also use obfuscation techniques to avoid being detected by anti-malware software. If malware analysts can mitigate the code obfuscation applied to malicious apps, they can analyze and detect the malicious apps more efficiently. This paper proposes a new tool, Deoptfuscator, to detect obfuscated an Android app and to restore the original source codes. Deoptfuscator detects an app control-flow obfuscated by DexGuard and tries to restore the original control-flows. Deoptfuscator deobfuscates in two steps: it determines whether an control-flow obfuscation technique is applied and then deobfuscates the obfuscated codes. Through experiments, we analyze how similar a deobfuscated app is to the original one and show that the obfuscated app can be effectively restored to the one similar to the original. We also show that the deobfuscated apps run normally.

Published

2022

2. A Comparative Study on the Schedulability of the EDZL Scheduling Algorithm on Multiprocessors

Author

Sangchul Han, Woojin Paik, Myeong-Cheol Ko, and Minkyu Park

Subjects

multiprocessor, real-time, schedulability, EDZL, EDF(k), dominance, Technology, Engineering (General). Civil engineering (General), TA1-2040, Biology (General), QH301-705.5, Physics, QC1-999, Chemistry, QD1-999

Abstract

As multiprocessor (or multicore) real-time systems become popular, there has been much research on multiprocessor real-time scheduling algorithms. This work evaluates EDZL (Earliest Deadline until Zero Laxity), a scheduling algorithm for real-time multiprocessor systems. First, we compare the performance of EDZL schedulability tests. We measure and compare the ratio of task sets admitted by each test. We also investigate the dominance between EDZL schedulability tests and discover that the union of the demand-based test and the utilization-based test is an effective combination. Second, we compare the schedulability of EDZL and EDF(k). We prove that the union of the EDZL schedulability tests dominates the EDF(k) schedulability test, i.e., the union of the EDZL schedulability tests can admit all task sets admitted by the EDF(k) schedulability test. We also compare the schedulability of EDZL and EDF(k) through scheduling simulation by measuring the ratio of successfully scheduled task sets. EDZL can successfully schedule 7.0% more task sets than EDF(k).

Published

2023

3. Android-Based Audio Video Navigation System Forensics: A Case Study

Author

Haein Kang, Hojun Seong, Ilkyu Kim, Wookjae Jeong, Seong-Je Cho, Minkyu Park, and Sangchul Han

Subjects

vehicle digital forensics, infotainment system, AVN system, Android, autopsy, Technology, Engineering (General). Civil engineering (General), TA1-2040, Biology (General), QH301-705.5, Physics, QC1-999, Chemistry, QD1-999

Abstract

Vehicle digital forensics includes the process of collecting and analysing digital data stored in vehicles to find evidence related to traffic accidents or crime scenes. Through this process, we can reconstruct digital events by recognizing various information such as driver behaviour, driving patterns, vehicle destinations, and smartphones connected to a vehicle. Recently, many vehicle digital forensic studies have been conducted, but few of them have dealt with Android-based infotainment (or audio video navigation, AVN) systems. While many AVN systems adopt Android as the operating system, digital forensics of Android-based AVN systems is not easy. This is because Android-based AVN systems support various storage devices and data formats and have various data sources, making consistent data collection or analysis difficult. In this article, we perform digital forensics on four AVN systems: two Android 4.2.2 Jellybean-based and two Android 4.4.2 KitKat-based, aiming to develop a data acquisition and analysis method appropriate for each Android version. As a data collection method for the AVN system forensics, logical data acquisition is performed on the Jellybean-based systems and physical data acquisition on the KitKat-based systems. For the collected data, we identify and analyse Bluetooth data, navigation data, and system logs individually. Next, we investigate the differences in the storage structure and file location of major digital artefacts depending on the Android versions and show the limitations of the individual data analysis. Finally, we construct a timeline for the driver’s activities by integrating and analysing the diverse artefacts which consist of Bluetooth data, navigation data, and system logs.

Published

2023

4. Design of an Intuitive Master for Improving Teleoperation Task Performance Using the Functional Separation of Actuators: Movement and Gravity Compensation

Author

Sang Uk Chon, Jaehong Seo, Jungyeong Kim, Sangchul Han, Sangshin Park, Jin Tak Kim, Jinhyeon Kim, and Jungsan Cho

Subjects

teleoperation, telemanipulation, master devices, teleoperation fatigue, Materials of engineering and construction. Mechanics of materials, TA401-492, Production of electric energy or power. Powerplants. Central stations, TK1001-1841

Abstract

Teleoperation, in which humans and robots work together to improve work performance, is growing explosively. However, the work performance of teleoperation is not yet excellent. Master–slave systems with different kinematics and workspaces need space-transformation control techniques. These techniques cause psychological fatigue to an operator with poor manipulation skills. In this study, we propose an intuitive master design that focuses on fatigue. Large workspaces reduce mental fatigue; however, they lead to physical fatigue problems. To solve this problem, we reflect the role of actuators in the design, through functional separation using movement and gravity compensation. This study proposes the design and prototype fabrication of an intuitive master K-handler to improve remote-work performance. The K-handler features six degrees of freedom (DoF), an anthropomorphic structure, and a lightweight nature. It has a reach long enough to cover the workspace of the human arm to reduce mental fatigue. In addition, gravity compensation, which can reduce the operator’s physical fatigue during operation, is possible in all workspace areas.

Published

2022

5. Screwdriving Gripper That Mimics Human Two-Handed Assembly Tasks

Author

Sangchul Han, Myoung-Su Choi, Yong-Woo Shin, Ga-Ram Jang, Dong-Hyuk Lee, Jungsan Cho, Jae-Han Park, and Ji-Hun Bae

Subjects

gripper, assembly task, screwdriving, assembly robot, Mechanical engineering and machinery, TJ1-1570

Abstract

Conventional assembly methods using robots need to change end-effectors or operate two robot arms for assembly. In this study, we propose a screwdriving gripper that can perform the tasks required for the assembly using a single robot arm. The proposed screwdriving gripper mimics a human-two-handed operation and has three features: (1) it performs pick-and-place, peg-in-hole, and screwdriving tasks required for assembly with a single gripper; (2) it uses a flexible link that complies with the contact force in the environment; and (3) it employs the same joints as the pronation and supination of the wrist, which help the manipulator to create a path. We propose a new gripper with 3 fingers and 12 degrees of freedom to implement these features; this gripper is composed of grasping and screwdriving parts. The grasping part has two fingers with a roll-yaw-pitch-pitch joint configuration. Its pitch joint implements wrist pronation and supination. The screwdriving part includes one finger with a roll-pitch-pitch joint configuration and a flexible link that can comply with the environment; this facilitates compliance based on the direction of the external force. The end of the screwdriving finger has a motor with a hex key attached, and an insert tip is attached to the back of the motor. A prototype of the proposed screwdriving gripper is manufactured, and a strategy for assembly using a prototype is proposed. The features of the proposed gripper are verified through screwdriving task experiments using a cooperative robotic arm. The experiments showed that the screwdriving gripper can perform tasks required for the assembly such as pick and place, peg-in-hole, and screwdriving.

Published

2022

6. Machine-Learning-Based Android Malware Family Classification Using Built-In and Custom Permissions

Author

Minki Kim, Daehan Kim, Changha Hwang, Seongje Cho, Sangchul Han, and Minkyu Park

Subjects

Android malware, malware family classification, machine learning, built-in permission, custom permission, balanced accuracy, Technology, Engineering (General). Civil engineering (General), TA1-2040, Biology (General), QH301-705.5, Physics, QC1-999, Chemistry, QD1-999

Abstract

Malware family classification is grouping malware samples that have the same or similar characteristics into the same family. It plays a crucial role in understanding notable malicious patterns and recovering from malware infections. Although many machine learning approaches have been devised for this problem, there are still several open questions including, “Which features, classifiers, and evaluation metrics are better for malware familial classification”? In this paper, we propose a machine learning approach to Android malware family classification using built-in and custom permissions. Each Android app must declare proper permissions to access restricted resources or to perform restricted actions. Permission declaration is an efficient and obfuscation-resilient feature for malware analysis. We developed a malware family classification technique using permissions and conducted extensive experiments with several classifiers on a well-known dataset, DREBIN. We then evaluated the classifiers in terms of four metrics: macrolevel F1-score, accuracy, balanced accuracy (BAC), and the Matthews correlation coefficient (MCC). BAC and the MCC are known to be appropriate for evaluating imbalanced data classification. Our experimental results showed that: (i) custom permissions had a positive impact on classification performance; (ii) even when the same classifier and the same feature information were used, there was a difference up to 3.67% between accuracy and BAC; (iii) LightGBM and AdaBoost performed better than other classifiers we considered.

Published

2021

7. Two-Round Password-Only Authenticated Key Exchange in the Three-Party Setting

Author

Junghyun Nam, Kim-Kwang Raymond Choo, Sangchul Han, Juryon Paik, and Dongho Won

Subjects

password-only authenticated key exchange (PAKE), three-party key exchange, symmetric encryption, communication round, dictionary attack, implicit key authentication, Mathematics, QA1-939

Abstract

We present the first provably-secure three-party password-only authenticated key exchange (PAKE) protocol that can run in only two communication rounds. Our protocol is generic in the sense that it can be constructed from any two-party PAKE protocol. The protocol is proven secure in a variant of the widely-accepted model of Bellare, Pointcheval and Rogaway (2000) without any idealized assumptions on the cryptographic primitives used. We also investigate the security of the two-round, three-party PAKE protocol of Wang, Hu and Li (2010) and demonstrate that this protocol cannot achieve implicit key authentication in the presence of an active adversary.

Published

2015

8. Efficient and anonymous two-factor user authentication in wireless sensor networks: achieving user anonymity with lightweight sensor computation.

Author

Junghyun Nam, Kim-Kwang Raymond Choo, Sangchul Han, Moonseong Kim, Juryon Paik, and Dongho Won

Subjects

Medicine, Science

Abstract

A smart-card-based user authentication scheme for wireless sensor networks (hereafter referred to as a SCA-WSN scheme) is designed to ensure that only users who possess both a smart card and the corresponding password are allowed to gain access to sensor data and their transmissions. Despite many research efforts in recent years, it remains a challenging task to design an efficient SCA-WSN scheme that achieves user anonymity. The majority of published SCA-WSN schemes use only lightweight cryptographic techniques (rather than public-key cryptographic techniques) for the sake of efficiency, and have been demonstrated to suffer from the inability to provide user anonymity. Some schemes employ elliptic curve cryptography for better security but require sensors with strict resource constraints to perform computationally expensive scalar-point multiplications; despite the increased computational requirements, these schemes do not provide user anonymity. In this paper, we present a new SCA-WSN scheme that not only achieves user anonymity but also is efficient in terms of the computation loads for sensors. Our scheme employs elliptic curve cryptography but restricts its use only to anonymous user-to-gateway authentication, thereby allowing sensors to perform only lightweight cryptographic operations. Our scheme also enjoys provable security in a formal model extended from the widely accepted Bellare-Pointcheval-Rogaway (2000) model to capture the user anonymity property and various SCA-WSN specific attacks (e.g., stolen smart card attacks, node capture attacks, privileged insider attacks, and stolen verifier attacks).

Published

2015

9. Development of disaster‐responding special‐purpose machinery: Results of experiments

Author

Jin Tak Kim, Sangshin Park, SangChul Han, Jinhyeon Kim, Hyogon Kim, Young‐Ho Choi, Jaehong Seo, Sanguk Chon, Jungyeong Kim, and Jungsan Cho

Subjects

Control and Systems Engineering, Computer Science Applications

Published

2022

10. Snake Robot Gripper Module for Search and Rescue in Narrow Spaces

Author

Sangchul Han, Sanguk Chon, JungYeong Kim, Jeahong Seo, Dong Gwan Shin, Sangshin Park, Jin Tak Kim, Jinhyeon Kim, Maolin Jin, and Jungsan Cho

Subjects

Human-Computer Interaction, Control and Optimization, Artificial Intelligence, Control and Systems Engineering, Mechanical Engineering, Biomedical Engineering, Computer Vision and Pattern Recognition, Computer Science Applications

Published

2022

11. Analyzing the Effects of API Calls in Android Malware Detection Using Machine Learning

Author

Seong-je Cho, Kang Mun Yeong, Park Ji Hyeon, Sangchul Han, and Park Seong Hyun

Subjects

Computer science, Argument, Android malware, Computer security, computer.software_genre, Return type, computer

Published

2021

12. A Simple and Aggressive Dynamic Voltage/Frequency Scaling Technique for EDZL Scheduling on Multiprocessors

Author

Sangchul Han

Subjects

Dynamic voltage frequency scaling, Computer science, General Engineering, Parallel computing, Scheduling (computing)

Published

2020

13. Energy-aware EDZL Scheduling of Periodic Tasks on Multicore Systems

Author

Sangchul Han

Subjects

Computer science, Distributed computing, General Engineering, Multicore systems, Scheduling (computing)

Published

2020

14. Effective Android App Similarity Analysis Using Obfuscation-Resilient Features

Author

Sungho Kim, Seonghyun Park, Seong-je Cho, Byungchul Kim, and Sangchul Han

Subjects

Obfuscation (software), Information retrieval, Similarity analysis, Computer science, Android app

Published

2020

15. Machine-Learning-Based Android Malware Family Classification Using Built-In and Custom Permissions

Author

Daehan Kim, Seong-je Cho, Sangchul Han, Changha Hwang, Minkyu Park, and Min-Ki Kim

Subjects

built-in permission, Technology, Software_OPERATINGSYSTEMS, QH301-705.5, Computer science, QC1-999, Android malware, Permission, Machine learning, computer.software_genre, Classifier (linguistics), balanced accuracy, Feature (machine learning), General Materials Science, AdaBoost, Biology (General), Malware analysis, QD1-999, Instrumentation, Fluid Flow and Transfer Processes, business.industry, Physics, Process Chemistry and Technology, General Engineering, Engineering (General). Civil engineering (General), Matthews correlation coefficient, Computer Science Applications, Chemistry, ComputingMethodologies_PATTERNRECOGNITION, machine learning, Malware, Artificial intelligence, TA1-2040, malware family classification, business, computer, custom permission

Abstract

Malware family classification is grouping malware samples that have the same or similar characteristics into the same family. It plays a crucial role in understanding notable malicious patterns and recovering from malware infections. Although many machine learning approaches have been devised for this problem, there are still several open questions including, “Which features, classifiers, and evaluation metrics are better for malware familial classification”? In this paper, we propose a machine learning approach to Android malware family classification using built-in and custom permissions. Each Android app must declare proper permissions to access restricted resources or to perform restricted actions. Permission declaration is an efficient and obfuscation-resilient feature for malware analysis. We developed a malware family classification technique using permissions and conducted extensive experiments with several classifiers on a well-known dataset, DREBIN. We then evaluated the classifiers in terms of four metrics: macrolevel F1-score, accuracy, balanced accuracy (BAC), and the Matthews correlation coefficient (MCC). BAC and the MCC are known to be appropriate for evaluating imbalanced data classification. Our experimental results showed that: (i) custom permissions had a positive impact on classification performance, (ii) even when the same classifier and the same feature information were used, there was a difference up to 3.67% between accuracy and BAC, (iii) LightGBM and AdaBoost performed better than other classifiers we considered.

Published

2021

16. Dynamic Voltage/Frequency Scaling for EDZL Scheduling in Multicore Real-Time Systems

Author

Sangchul Han, Woojin Paik, and Minkyu Park

Subjects

Multi-core processor, Dynamic voltage frequency scaling, Computer science, General Engineering, Parallel computing, Scheduling (computing)

Published

2019

17. Distribution of Malicious Apps Considering App Categories and Development Tools in Major Android Markets

Author

OhJiHwan, Sangchul Han, Lee Myeonggeon, and Seong-je Cho

Subjects

Computer science, Malware, Android (operating system), Computer security, computer.software_genre, computer

Published

2019

18. Development of Disaster-Responding Special-Purpose Machinery: Results of Experiments

Author

Young-Ho Choi, Jin Tak Kim, Hyogon Kim, Sang-uk Chon, Jaehong Seo, Jinhyeon Kim, Sangchul Han, Sangshin Park, Jungyeong Kim, and Jungsan Cho

Subjects

Structure (mathematical logic), Development (topology), Risk analysis (engineering), Computer science, Control (management), Set (psychology), Disaster response

Abstract

The frequent occurrence of disasters has prompted the development of efficient disaster-responding equipment. This study deals with the design of special-purpose machinery and its performance assessment. We defined scenarios through the environmental analysis of disaster situations and expert consulting. We also formulated a set of design specifications by analyzing the objectives of the tasks that must be performed at disaster sites, based on simulated scenarios and existing disaster response machinery. The disaster-responding special-purpose machinery was designed to perform various tasks and display rapid movement in disaster situations. And this paper presents the control structure configured to operate the developed machinery. The performance of the special-purpose machinery was assessed through different scenario tests.

Published

2021

19. Dynamic Analysis of Android Apps written with PhoneGap Cross-Platform Framework

Author

null Jaewoo Shim, null Minjae Park, null Seong-je Cho, null Minkyu Park, and null Sangchul Han

Abstract

In this paper, we propose an effective technique that can perform dynamic analysis for Android appwritten with PhoneGap cross-platform framework. For a systematic study, we have written a maliciousAndroid app using PhoneGap framework. We compare the structural differences between abasic Android app (a native app) and the other malicious Android app built in release mode on Phone-Gap framework, and also analyze the malicious app dynamically. The proposed technique first copiesthe web root directory of the target malicious app into a writable directory inside the smartphone.When the app is executed, its web pages and Javascript files are loaded from the copied directoryusing a dynamic instrumentation. Finally, we dynamically change the flag for WebView debuggingso that a remote debugger can successfully be attached to the app built in release mode. Using ourproposed technique, a malware analyst can debug a malicious PhoneGap app built in release modewithout repackaging, which cannot be debugged as it is by Chrome remote debugger. She/he canalso utilize the debugging features supported by the remote debugger. The technique allows the analystto bypass the repackaging detection method that malicious apps use to avoid antivirus detection.

Published

2018

20. Static and Dynamic Analysis of Android Malware and Goodware Written with Unity Framework

Author

Minkyu Park, Kyeonghwan Lim, Seong-je Cho, Sangchul Han, and Jaewoo Shim

Subjects

Reverse engineering, Article Subject, Computer Networks and Communications, Computer science, GeneralLiterature_INTRODUCTORYANDSURVEY, 020206 networking & telecommunications, 020207 software engineering, 02 engineering and technology, computer.file_format, Static analysis, computer.software_genre, Android malware, lcsh:Technology (General), 0202 electrical engineering, electronic engineering, information engineering, Operating system, Java code, Malware, lcsh:T1-995, Executable, Android (operating system), lcsh:Science (General), computer, Machine code, Information Systems, lcsh:Q1-390

Abstract

Unity is the most popular cross-platform development framework to develop games for multiple platforms such as Android, iOS, and Windows Mobile. While Unity developers can easily develop mobile apps for multiple platforms, adversaries can also easily build malicious apps based on the “write once, run anywhere” (WORA) feature. Even though malicious apps were discovered among Android apps written with Unity framework (Unity apps), little research has been done on analysing the malicious apps. We propose static and dynamic reverse engineering techniques for malicious Unity apps. We first inspect the executable file format of a Unity app and present an effective static analysis technique of the Unity app. Then, we also propose a systematic technique to analyse dynamically the Unity app. Using the proposed techniques, the malware analyst can statically and dynamically analyse Java code, native code in C or C ++, and the Mono runtime layer where the C# code is running.

Published

2018

21. Academic studies on literary discourse in Daejeon and the education system

Author

Sangchul Han

Subjects

Pedagogy, Sociology

Published

2015

22. A dual speed scheme for dynamic voltage scaling on real-time multiprocessor systems

Author

Minkyu Park, Sangchul Han, Moonju Park, and Xuefeng Piao

Subjects

Scheme (programming language), Computer science, Multiprocessing, Parallel computing, Energy consumption, Theoretical Computer Science, Dual (category theory), Scheduling (computing), Dynamic voltage scaling, Task (computing), Hardware and Architecture, computer, Software, Information Systems, computer.programming_language

Abstract

This paper proposes an off-line dynamic voltage scaling (DVS) scheme that can be integrated with EDF$$^{(k)}$$(k), which is a global real-time scheduling algorithm for symmetric multiprocessor systems. The scheme computes the static execution speed for each individual task assuming the task's worst-case execution. Based on the individual speed, it determines static dual speeds off-line for each task to make use of the gap between actual execution demand and the worst-case execution demand. The simulation results show that the proposed scheme combined with an existing online DVS technique can reduce energy consumption by up to 37 % compared with a uniform speed technique when the number of processors is 32.

Published

2014

23. Two-Round Password-Only Authenticated Key Exchange in the Three-Party Setting

Author

Kim-Kwang Raymond Choo, Dongho Won, Junghyun Nam, Juryon Paik, Sangchul Han, Nam, Junghyun, Choo, Kim-Kwang Raymond, Sangchul, Han, Paik, Juryon, and Won, Dongho

Subjects

TheoryofComputation_MISCELLANEOUS, Physics and Astronomy (miscellaneous), Computer science, General Mathematics, communication round, Oakley protocol, dictionary attack, Computer security, computer.software_genre, Key authentication, Computer Science (miscellaneous), Key-agreement protocol, Password, Cryptographic primitive, business.industry, lcsh:Mathematics, three-party key exchange, Cryptographic protocol, lcsh:QA1-939, implicit key authentication, Authenticated Key Exchange, password-only authenticated key exchange (PAKE), Chemistry (miscellaneous), Authentication protocol, symmetric encryption, business, computer, Computer network

Abstract

We present the first provably-secure three-party password-only authenticated key exchange (PAKE) protocol that can run in only two communication rounds. Our protocol is generic in the sense that it can be constructed from any two-party PAKE protocol. The protocol is proven secure in a variant of the widely-accepted model of Bellare, Pointcheval and Rogaway (2000) without any idealized assumptions on the cryptographic primitives used. We also investigate the security of the two-round, three-party PAKE protocol of Wang, Hu and Li (2010) and demonstrate that this protocol cannot achieve implicit key authentication in the presence of an active adversary. Refereed/Peer-reviewed

Published

2015

24. Protecting Android Applications with Multiple DEX Files against Static Reverse Engineering Attacks

Author

Seong-je Cho, Younsik Jeong, Sangchul Han, Minkyu Park, Kyeonghwan Lim, and Nak Young Kim

Subjects

060201 languages & linguistics, Reverse engineering, Computer science, 06 humanities and the arts, 02 engineering and technology, computer.software_genre, Theoretical Computer Science, Computational Theory and Mathematics, Artificial Intelligence, 0602 languages and literature, 0202 electrical engineering, electronic engineering, information engineering, Operating system, 020201 artificial intelligence & image processing, Android (operating system), computer, Software

Published

2018

25. Efficient and Anonymous Two-Factor User Authentication in Wireless Sensor Networks: Achieving User Anonymity with Lightweight Sensor Computation

Author

Dongho Won, Moonseong Kim, Juryon Paik, Sangchul Han, Junghyun Nam, Kim-Kwang Raymond Choo, Nam, Junghyun, Choo, Kim-Kwang Raymond, Han, Sangchul, Kim, Moonseong, Paik, Juryon, and Won, Dongho

Subjects

FOS: Computer and information sciences, Provable security, Computer Science - Cryptography and Security, Computer science, Health Smart Cards, lcsh:Medicine, Cryptography, Encryption, Computer Communication Networks, Humans, Elliptic curve cryptography, lcsh:Science, Computer Security, Password, Authentication, Multidisciplinary, business.industry, lcsh:R, Models, Theoretical, lcsh:Q, Smart card, business, Cryptography and Security (cs.CR), Wireless Technology, Wireless sensor network, Algorithms, Confidentiality, Research Article, Anonymity, Computer network

Abstract

A smart-card-based user authentication scheme for wireless sensor networks (hereafter referred to as a SCA-WSN scheme) is designed to ensure that only users who possess both a smart card and the corresponding password are allowed to gain access to sensor data and their transmissions. Despite many research efforts in recent years, it remains a challenging task to design an efficient SCA-WSN scheme that achieves user anonymity. The majority of published SCA-WSN schemes use only lightweight cryptographic techniques (rather than public-key cryptographic techniques) for the sake of efficiency, and have been demonstrated to suffer from the inability to provide user anonymity. Some schemes employ elliptic curve cryptography for better security but require sensors with strict resource constraints to perform computationally expensive scalar-point multiplications; despite the increased computational requirements, these schemes do not provide user anonymity. In this paper,we present a new SCA-WSN scheme that not only achieves user anonymity but also is efficient in terms of the computation loads for sensors. Our scheme employs elliptic curve cryptography but restricts its use only to anonymous user-to-gateway authentication, thereby allowing sensors to perform only lightweight cryptographic operations. Our scheme also enjoys provable security in a formal model extended from the widely accepted Bellare-Pointcheval-Rogaway (2000) model to capture the user anonymity property and various SCA-WSN specific attacks (e.g., stolen smart card attacks, node capture attacks, privileged insider attacks, and stolen verifier attacks). Refereed/Peer-reviewed

Published

2015

26. Protecting Android Applications with Multiple DEX Files Against Static Reverse Engineering Attacks.

Author

Kyeonghwan Lim, Nak Young Kim, Younsik Jeong, Seong-je Cho, Sangchul Han, and Minkyu Park

Subjects

REVERSE engineering, SOURCE code, RANSOMWARE, FILES (Records)

Abstract

The Android application package (APK) uses the DEX format as an executable file format. Since DEX files are in Java bytecode format, you can easily get Java source code using static reverse engineering tools. This feature makes it easy to steal Android applications. Tools such as ijiami, liapp, alibaba, etc. can be used to protect applications from static reverse engineering attacks. These tools typically save encrypted classes.dex in the APK file, and then decrypt and load dynamically when the application starts. However, these tools do not protect multidex Android applications. A multidex Android application is an APK that contains multiple DEX files, mostly used in a large-scale application. We propose a method to protect multidex Android applications from static reverse engineering attacks. The proposed method encrypts multiple DEX files and stores them in an APK file. When an APK is launched, encrypted DEX files are decrypted and loaded dynamically. Experiment results show that the proposed method can effectively protect multidex APKs. [ABSTRACT FROM AUTHOR]

Published

2019

27. Effects of infections with five sexually transmitted pathogens on sperm quality

Author

Yoo Kyung Lee, Tae Jin Kim, Jae Ho Lee, Joong Shik Lee, Kyeong A So, Sungjae Kim, Sangchul Han, Hyo Serk Lee, Seon Ah Kim, In Ho Lee, Dong Wook Park, Ki Heon Lee, Mi Seon Jeong, Juree Kim, Doo Jin Paik, and Ju Tae Seo

Subjects

Sexually transmitted disease, Human papillomavirus, 030232 urology & nephrology, Physiology, Chlamydia trachomatis, Mycoplasma genitalium, Semen, Mycoplasma hominis, Semen analysis, urologic and male genital diseases, medicine.disease_cause, 03 medical and health sciences, fluids and secretions, 0302 clinical medicine, Medicine, 030219 obstetrics & reproductive medicine, medicine.diagnostic_test, biology, urogenital system, business.industry, bacterial infections and mycoses, biology.organism_classification, Sperm, female genital diseases and pregnancy complications, Reproductive Medicine, Original Article, business, Ureaplasma urealyticum

Abstract

Objective This study investigated the prevalence of infections with human papillomavirus, Chlamydia trachomatis, Ureaplasma urealyticum, Mycoplasma hominis, and Mycoplasma genitalium in the semen of Korean infertile couples and their associations with sperm quality. Methods Semen specimens were collected from 400 men who underwent a fertility evaluation. Infection with above five pathogens was assessed in each specimen. Sperm quality was compared in the pathogen-infected group and the non-infected group. Results The infection rates of human papillomavirus, C. trachomatis, U. urealyticum, M. hominis, and M. genitalium in the study subjects were 1.57%, 0.79%, 16.80%, 4.46%, and 1.31%, respectively. The rate of morphological normality in the U. urealyticum-infected group was significantly lower than in those not infected with U. urealyticum. In a subgroup analysis of normozoospermic samples, the semen volume and the total sperm count in the pathogen-infected group were significantly lower than in the non-infected group. Conclusion Our results suggest that infection with U. urealyticum alone and any of the five sexually transmitted infections are likely to affect sperm morphology and semen volume, respectively.

Published

2017

28. Effects of infections with five sexually transmitted pathogens on sperm quality.

Author

Sung Jae Kim, Doo-Jin Paik, Joong Shik Lee, Hyo Serk Lee, Ju Tae Seo, Mi Seon Jeong, Jae-Ho Lee, Dong Wook Park, Sangchul Han, Yoo Kyung Lee, Ki Heon Lee, In Ho Lee, So, Kyeong A., Seon Ah Kim, Juree Kim, and Tae Jin Kim

Subjects

SEXUALLY transmitted diseases, CHLAMYDIA trachomatis, SEXUAL health, PAPILLOMAVIRUSES, BOVINE papillomavirus

Abstract

Objective: This study investigated the prevalence of infections with human papillomavirus, Chlamydia trachomatis, Ureaplasma urealyticum, Mycoplasma hominis, and Mycoplasma genitalium in the semen of Korean infertile couples and their associations with sperm quality. Methods: Semen specimens were collected from 400 men who underwent a fertility evaluation. Infection with above five pathogens was assessed in each specimen. Sperm quality was compared in the pathogen-infected group and the non-infected group. Results: The infection rates of human papillomavirus, C. trachomatis, U. urealyticum, M. hominis, and M. genitalium in the study subjects were 1.57%, 0.79%, 16.80%, 4.46%, and 1.31%, respectively. The rate of morphological normality in the U. urealyticum-infected group was significantly lower than in those not infected with U. urealyticum. In a subgroup analysis of normozoospermic samples, the semen volume and the total sperm count in the pathogen-infected group were significantly lower than in the non-infected group. Conclusion: Our results suggest that infection with U. urealyticum alone and any of the five sexually transmitted infections are likely to affect sperm morphology and semen volume, respectively. [ABSTRACT FROM AUTHOR]

Published

2017

29. Scalable Group Key Exchange for Securing Distributed Operating Systems.

Author

Junghyun Nam, Minkyu Park, Sangchul Han, Juryon Paik, and Dongho Won

Subjects

SCALABILITY, COMPUTER security, COMPUTER operating systems, COMPUTER networks, BINARY number system, COMPUTATIONAL complexity, LOGARITHMS

Abstract

Distributed operating systems are designed to run over a collection of computing nodes that are spatially disseminated and communicate through a computer network. The computing nodes interact collaboratively with each other in order to pursue a common purpose. Protecting group communication between the collaborating nodes against potential attacks is one of the major challenges faced by the designers of distributed operating systems. This challenge can be effectively addressed by a group key exchange (GKE) protocol which allows a group of communicating parties to build a secure multicast channel over an insecure network. In this work, we propose a scalable GKE protocol that achieves both constant round complexity and logarithmic computation complexity. Our GKE protocol achieves its scalability by employing a complete binary tree structure combined with a so-called "nonce-chained authentication technique". Besides the scalability, our protocol features provable security against active adversaries in a well-defined communication model. [ABSTRACT FROM AUTHOR]

Published

2012