ABSTRACT. While using IoT (Internet of Things) devices, not all file in firmware are executed and they are hundreds to about a thousand ELF files in one firmware. Therefore, security investigations without prioritizing may lead to first investigating programs that are not executed while using IoT devices. This will cause inefficient security investigations. To conduct efficient security investigations, we proposed a method that can identify the programs that execute during the startup process. However, only two firmware were used for the evaluation which can evaluate only one of the two startup sequences in OpenWrt-based firmware. Also, the security investigation to validate whether the proposed method solves the problem of inefficient security investigations was limited to OpenWrt-based firmware. In this paper, we use more firmware for the evaluation and validation. We use nine firmware not used for the previous research including which startup methods have not previously been used for evaluation. Also, we increased the number of firmware used for validation to 225. The evaluation results show that the proposed method can identify with a small amount of false positive. The validation shows that we can improve efficiency and it is worthwhile to prioritize the investigation in which the proposed method can analyzed.

ABSTRACT. As deepfake technology develops at a rapid pace, its abuse in the field of digital sexual crimes is intensifying. Given the increasing damage and social disruption caused by the misuse of deepfake technology, it is necessary to develop deepfake detection technology to prevent deepfake damage and discuss appropriate legislation to regulate deepfake abuse. Technologically, South Korean government branches are investing in research and tool development in the field of AI deepfake detection to counter deepfakes, focusing on real-time detection and multi-modal detection requirements to improve detection reliability. On the policy side, South Korean government branches are discussing new technological developments and legal responses to combat digital sexual crimes that utilize deepfakes. Deepfake detection technology and digital literacy education should be developed to prevent criminal victimization using deepfake technology. Legislation to regulate the abuse of deepfake technology and self-detection systems for deepfake-utilized content are expected to reduce social costs.

ABSTRACT. This paper analyzes and compares detection models designed to combat various crimes arising from the advancement of deepfake technology. Deepfake technology enables the realistic synthesis of facial features, voices, and actions to create fake videos, which can lead to social chaos such as the spread of fake news, financial fraud and sexual crimes. To counter these threats, this paper introduces key deepfake detection models, including XceptionNet, EfficientNet-B7, and the CNN-LSTM hybrid model, and compares their specialization and drawbacks. Furthermore, the importance of deepfake detection technology is emphasized, and the need for legal regulations and public awareness to prevent deepfake-related crimes is proposed.

ABSTRACT. Remote control services are widely used for their ability to provide access to a device from anywhere via a remote connection when physical access to the required device is not possible. However, recently, criminal organizations have been employing remote control for voice phishing by exploiting the fact that connecting to a device located in Korea through remote control allows them to call local numbers. In particular, Samsung's Call \& Message Continuity (CMC) service, which can be easily connected using a Samsung account, is the most commonly used. Since the use of devices such as repeaters is more difficult to detect than repeaters such as SIM boxes, which limits the ability to quickly apprehend criminal organizations, it is important to quickly identify and secure evidence of voice phishing crime methods. Therefore, this study analyzed forensic artifacts that can determine whether a device activates the CMC function and makes remote calls through device log analysis, and proposed an effective artifact collection method to investigate its possible use in voice phishing investigations.

ABSTRACT. Recently, there has been increasing interest in Zero Trust (ZT) to mitigate the limitations of perimeter-based security. The U.S. government issued an executive order on improving national cybersecurity, mandating the protection of agency systems through the implementation of Zero Trust, which trusts no one. The Korean government (Ministry of Science and ICT) has also released Zero Trust guidelines. In the financial sector, which is pursuing digital transformation and application modernization, there is a growing demand for adopting microservices-based cloud architecture and utilizing cloud-native services in line with the cloud-native application of DevSecOps. These changes in the financial sector are driving the establishment of high-level continuous integration and deployment (CI/CD, Continuous Integration/Continuous Deployment) pipelines, increasing the complexity of the DevSecOps environment and expanding the attack surface. In response, the financial sector has shown increased interest in adopting Zero Trust to mitigate the shortcomings of perimeter-based security and to establish automated, high-level cybersecurity capabilities. However, financial companies lack the basic materials needed to apply Zero Trust, and realistically, many difficulties are expected in the initial adoption review. Therefore, this paper aims to present basic materials that financial companies can use for autonomous review when applying Zero Trust policies and technologies. This paper analyzes the relationship between the microservices-based DevSecOps environment of financial companies and Zero Trust, derives Zero Trust considerations through stage-by-stage analysis of the Software Development Life Cycle (SDLC), and proposes a Zero Trust approach to enhance security.

ABSTRACT. The rise in electric vehicles(EVs) has led to a rapid increase in the number of eletric vehicle charging staions(EVCSs) with approximately 5 million installed worldwide by 2023. These EVCSs are operated according to various standards and protocols. ISO 15118, which is used for communication between EVs and EVCS, lacks security guidelines, and this absence can result in numerous vulnerabilities due to improper implementation. This study introduces the V2G Fuzzer, a security testing tool designed to prevent vulnerabilities caused by incorrect implementations in EV CSs. The tool is designed as a black-box testing solution capable of handling various implementations, regardless of the EVCS platform or programming language used. The fuzzing technique is applied to identify errors and discover vulnerabilities in the application layer where messages are processed. To validate the effectiveness of this approach, fuzzing tests were conducted on open-source EVCS implementations. The results confirmed that the tool is effective in determining whether the open-source projects correctly implement the ISO 15118 standard and in detecting potential vulnerabilities.

ABSTRACT. The development of software-defined, fully autonomous driving vehicles has recently become a hot topic. This advancement paves the way for service-oriented and software-centric approaches to in-vehicle computation. However, it also increases the hardware requirement for the ever-growing software demands. As more computing hardware components are added, resource management and security for mixed-criticality operating environments become increasingly challenging, and virtualization has emerged as a promising technology for managing and isolating heterogeneous computing resources in vehicles. However, a major drawback of virtualization is performance degradation, and how application processes communicate efficiently with low latencies via a portable application programming interface (API) in a virtualized environment remains a challenge. In this work, we propose a framework, Zenoh Virtualization Link, or ZVLink, that integrates efficient virtualization with a lightweight open-source pub/sub API, Zenoh, to achieve efficient and real-time interprocess communications across colocated virtual machines (VMs). Experimental results demonstrate that an unoptimized Zenoh delivers messages across VM at 14.3 MB/s, which is 82\% of the 17.4 MB/s transfer rate measured with XenLoop, the state-of-the-art network optimization in Xen, while our framework delivers 333.8 MB/s, which outperform the unoptimized Zenoh by 23.3 times, and the XenLoop optimized Zenoh by 19.2 times. These findings suggest that our framework offers a viable solution for efficient and scalable interprocess communications in conjunction with virtualized environments to enhance the security and reliability of autonomous systems.

ABSTRACT. The reconstruction of a vehicle accident is a crucial procedure aimed at understanding the comprehensive circumstances of the incident and ascertaining the liability of the parties involved. Essential components for reconstructing a vehicle accident include acquiring details about the pre-collision scenario, pinpointing the precise location of impact on the vehicle, and determining the vehicle's speed at the moment of the collision. This necessitates the retrieval of vehicle data from diverse sensors integrated into the vehicle. However, concerns have been raised regarding the potential inclusion of sensitive information related to the vehicle owner or the surrounding environment in the data collection process. Organizations, companies, or individuals involved in vehicle accident reconstruction necessitate access to vehicle data. However, vehicle owners often hesitate to share their data readily to safeguard their privacy. Therefore, this paper proposes a model that computes and derives essential values for vehicle accident reconstruction without revealing the original data shared by the vehicle owner. The proposed data trading model employs Multi-party Computation (MPC) technique to ensure the privacy of the original data while computing the value required for vehicle accident reconstruction.

ABSTRACT. As modern vehicles become more dependent on electronic systems, in-vehicle infotainment (IVI) systems have become tightly integrated with various automotive functions. Traditionally, crash-related data has been extracted from Event Data Recorders (EDRs), but the proprietary nature and variability of EDR formats across manufacturers limit accessibility. This paper introduces a novel approach to collecting and analyzing log data from the IVI system of the Hyundai Avante CN7 to assist in crash investigations. Our method allows the retrieval of key data points such as vehicle speed, seatbelt status, airbag deployment, door status, and RPM directly from the IVI system, bypassing the need for manufacturer-specific tools. The results demonstrate that IVI log data can serve as a valuable resource in crash analysis, providing critical evidence for legal proceedings and contributing to more accurate liability assessments.

ABSTRACT. Nowadays, autonomous vehicles have become a new way of transportation and are more and more common on roads. However, the potential security risk of these vehicles may be a threat to all road users including drivers, passengers and pedestrians. Autonomous vehicles (AV) deploy many sensors and Electronic Control Units (ECUs) to obtain and transfer information to make decisions for self-driving. In the Intra-Vehicle network, ECUs are connected to the Control Area Network (CAN) bus and communicate with each other. Since CANbus does not include any security measures while transmitting messages, it is obviously vulnerable to cyber-attacks. Moreover, Vehicular Ad-hoc Network (VANET) represents a bigger picture of autonomous vehicles including more communications such as Vehicle-to-Infrastructure (V2I) and Vehicle-to-Vehicle (V2V). Communications in VANET are also potentially vulnerable to cyber-attacks. Since both Intra-Vehicle network and VANET have very different structures and protocols compared with traditional networks such as the Internet and Local Area Network (LAN), most existing Intrusion Detection Systems (IDS) are not expected to have high performance on autonomous vehicles. Therefore, many research projects on developing IDS for Intra-Vehicle and VANET have been done in recent years. In this survey, we first provide the taxonomy of IDS for autonomous vehicles and summarise existing survey papers. Then, we provide a comprehensive literature review of IDS developed for autonomous vehicles in recent years. Furthermore, we discuss the trends and issues in the research on vehicle security.

ABSTRACT. In the rapidly evolving healthcare environment, the Internet of Health Things (IoHT) is transforming medical services by enabling real-time monitoring, diagnosis, and preventive health management through interconnected devices like wearable gadgets, medical equipment, sensors, and mobile health applications. IoHT enhances accessibility, efficiency, and personalized care for both healthcare providers and patients, from hospital monitoring to telemedicine and home health management. However, the sensitive nature of medical data necessitates strong security measures to protect against unauthorized access, data breaches, and malicious attacks. Existing encryption methods are becoming increasingly vulnerable, especially with the emergence of quantum computing.

In this paper, we propose a dual-layer encryption scheme for the post-quantum era to address security vulnerabilities arising from next-generation quantum computers. Our scheme combines Quantum Key Distribution (QKD) using the BB84 protocol with the Post-Quantum Cryptography (PQC) algorithm with Kyber to secure IoHT data in the cloud environment with master and slave nodes. In the proposed scheme, each compute node collects and processes data from IoHT devices in real-time, converting the data into a binary format for consistency and efficiency. This binary data is first encrypted using the Kyber algorithm, providing post-quantum security as the first layer of encryption. A quantum key is then generated via QKD and used to perform a second layer of encryption on the already encrypted data, enhancing security during transmission to the centralized master node. At the master node, the data is decrypted sequentially using the quantum key and the Kyber decryption key to restore the original IoHT data. By integrating QKD with PQC, our scheme ensures data integrity and confidentiality during transmission, providing a dual security layer that complies with GDPR and HIPAA requirements.

Our evaluation using IoHT and Edge workloads demonstrates that our proposed scheme offers efficient encryption performance. Compared to the AES-SSH protocol combined scheme, the proposed scheme provides 2.82X better encryption processing performance. In addition, the proposed scheme maintains lower and more consistent CPU utilization than the AES-SSH protocol scheme, minimizing overhead and interference.

ABSTRACT. Password-based authenticated key exchange (PAKE) is a cryptographic technique that allows for the sharing of high-entropy session keys derived from low-entropy passwords. Recent advancements in quantum computing pose a significant threat to various existing PAKE protocols, necessitating new construction methods. This paper proposes a secure PAKE cryptographic protocol under lattice assumptions within a server-client model, designed for a quantum computing environment. The proposed protocol does not rely on the server's public key and utilizes only easy-to-remember passwords, enhancing user convenience. It also offers post-quantum security similar to that of the NIST standard CRYSTALS-KYBER KEM. Additionally, the protocol introduces the concept of a public salt—a new random sequence that can be updated with each session—providing resilience against pre-computation attacks. Finally, this paper experimentally demonstrates that the proposed protocol exhibits excellent performance in Bluetooth communication environments.

ABSTRACT. Classic McEliece is one of the most promising public key encryption schemes in the NIST PQC Round 4. Thus, there are many researches on cryptanalysis of this cryptosystem. In particular, Hemmert et al. (PQCrypto 2022) proposed a backdoor mechanism for (Classic) McEliece and proved that it is possible to embed a backdoor into this cryptosystem in a single-user setting where a single backdoor holder is allowed to embed a backdoor into a cryptosystem. In addition, they also presented how to prevent this backdoor mechanism. In this paper, we prove that this backdoor mechanism for (Classic) McEliece is valid in a multi-user setting where multiple users are allowed to use the backdoor mechanism against (Classic) McEliece. This indicates that backdoor holders can embed a backdoor into Classic McEliece in a more practical security model. Furthermore, we also give a slight variant of (Classic) McEliece so that we can prevent the backdoor mechanism in the multi-user setting.

ABSTRACT. As mobile Internet services and transactions continue to expand, there is an increased risk of personal information leakage and security threats. Sensitive data, such as facial images, are frequently exposed on social media platforms, increasing the likelihood of misuse for identity theft, fraud, and phishing. While previous research has introduced face de-identification methods to mitigate these threats, they are limited by their inability to restore the original images, reducing their practical utility. To address this limitation, we propose a restorable face de-identification method using format-preserving encryption. Our approach combines a de-identification network with symmetric key-based format-preserving encryption to generate de-identified facial images that can be restored by authorized users when necessary. Extensive experiments demonstrated that our method is flexible and generalizable, allowing the restoration of original images while minimizing the degradation of de-identified images.

ABSTRACT. Recent wildfires in forested areas have caused significant damage to both life and property. The importance of early detection and rapid response is growing. AI-based deep learning technologies play a crucial role in fire monitoring, with Super-Resolution (SR) technology essential for converting low-resolution images to high-resolution for early fire detection. However, existing Super-Resolution Generative Adversarial Network (SRGAN) models struggle with restoring detailed textures like flames and smoke. We propose Attention SRU-GAN, which combines U-Net and Convolutional Block Attention Module (CBAM) and can be integrated with mobile edge computing to process drone-captured images in real-time. This reduces response time and improves wildfire spread prediction accuracy. Our model achieved performance gains of 51.70% in PSNR and 10.08% in SSIM.

ABSTRACT. Japan is prone to natural disasters, including earthquakes, typhoons, torrential rains, tsunamis, floods, and volcanic eruptions. Depending on the situation, local governments establish disaster control headquarters and issue evacuation advisories to residents. The disaster control headquarters staff must monitor the number of refugees at each shelter in real-time and estimate the congestion situation and the approximate amount of relief supplies needed. However, it remains challenging for disaster control headquarters to track the number of refugees and relief supply requirements in real-time. Therefore, this study proposes a new shelter control system for efficient shelter management. The system automatically calculates the required relief supplies based on the number of refugees by monitoring real-time congestion at shelters. Appropriate distribution of relief supplies is essential for rapid and effective disaster response, and this system is expected to facilitate the efficient supply of relief supplies.

ABSTRACT. As AI technology has advanced, copyright infringements of digital images have become increasingly serious, with digital watermarking technology gaining attention as a key solution. Digital watermarking involves embedding and detecting a unique watermark to protect the copyright of digital works or detect and trace forgery and tampering. The watermark must remain invisible without degrading the quality of the original image. It should be sufficiently robust to withstand various external factors, such as image manipulation and noise attacks, to ensure stable extraction. However, previous studies have failed to resolve the trade-off issue, where enhancing invisibility reduces robustness, and strengthening robustness degrades image quality. This paper proposes a watermarking technique that repetitively embeds a watermark in the low-frequency regions of an image and applies error correction to resist noise attacks while maintaining image quality and invisibility. Experimental results show that the proposed method improves the digital watermark extraction performance by up to 22% under the most severe attack conditions compared with conventional methods.

ABSTRACT. The Internet of Things (IoT) is utilized across various industrial domains, including smart homes, factories, and intelligent transportation. IoT devices are integral to daily life. Recently, software-defined everything (SDx) has emerged as a prominent method for managing IoT networks securely and efficiently. However, ensuring secure authentication for IoT devices in resource-constrained environments remains challenging owing to the limitations of conventional complex protocols. Previous approaches focused on enhanced mutual authentication through key exchange protocols or complex operations, which are impractical for lightweight devices. To address this, our study proposes the privacy-preserving software-defined range proof (SDRP) technique, which achieves secure authentication with low complexity. Experimental results demonstrate that SDRP significantly improves security efficiency, increasing it by an average of 93.02% compared to conventional methods. Additionally, it mitigates the trade-off between security and efficiency by reducing leakage risk by an average of 98.7%.

ABSTRACT. This paper introduces a scenario language that represents the formal model behaviors of the Transport Layer Security (TLS) protocol. Given specific requirements, the state sequences generated from formal models are transformed into executable test programs written in the scenario language. We use Maude, a formal verification tool, to model the TLS protocol and generate formal state sequences that satisfy the message ordering requirements specified in the RFC 5246 official documents. Using the scenario language, we translate these state sequences into test programs and execute tests on widely used TLS libraries, including OpenSSL and WolfSSL. The results show that the scenario language can effectively express formal model behaviors and be used to test TLS implementations.

ABSTRACT. ormal verification is a method used to verify the security of cryptographic protocols. In formal verification, the specifications of a protocol and its security properties are described using the input language of a software tool called a verification tool, enabling automated verification. However, protocol specifications and security properties are generally described and explained in natural language, and rewriting them in the tool's language requires specialized knowledge and time. This study attempts to efficiently create formal descriptions of cryptographic protocols by utilizing an LLM chatbot. Specifically, it explains the process by which the LLM chatbot understands protocol specifications described in natural language and converts them into formal descriptions. By using this approach, we aim to support the initial step of creating inputs for formal verification tools and reduce the effort required when starting to use such tools.

ABSTRACT. Cyber attacks have been continuously becoming more frequent and powerful in modern computer networks, which interconnect a huge number of devices, including mobile ones. A main reason explaining the effectiveness of the attacks lies in the errors introduced by human administrators in the configuration of network security functions such as firewalls and VPN gateways. In literature, formal methods were used to check if a security configuration satisfies the policies describing the security properties to be enforced in the network. However, most existing proposals use a-posteriori formal verification, which still requires multiple tasks to be carried out by human administrators and may be time-consuming. In order to overcome these limitations, we have carried out research toward applying correctness-by-construction approaches for network security configuration. In this paper, we survey our most relevant contributions to this area, describing techniques based on constraint programming, like MaxSMT formulations, for a formal representation and resolution of the automatic security configuration problem, in such a way that the computed result is already proved to be correct and compliant with the requested policies.

ABSTRACT. This paper conducts a rigorous formal verification of the EAP-AKA'-FS protocol using the ProVerif tool, focusing on strengthening security guarantees for future mobile networks. EAP-AKA'-FS introduces key improvements over existing authentication protocols, notably by integrating forward secrecy and enhanced mutual authentication mechanisms. Through formal modeling and analysis, we verify critical security properties such as mutual authentication, confidentiality, and forward secrecy. Our findings confirm that EAP-AKA'-FS offers superior security compared to alternatives like 5G AKA, particularly in resistance to known attacks. The paper also addresses performance considerations and outlines potential extensions, including adaptability to post-quantum cryptography. These results contribute to the ongoing development of robust, future-proof mobile authentication systems.

ABSTRACT. In this paper, we propose machine learning-based secure transmission with artificial noise (AN) to enhance the physical layer security in multiple-input single-output (MISO) communication systems. In secure MISO communication systems, the transmitter utilizes AN to maximize the secrecy rate. In this case, the optimal power allocation coefficient for AN varies depending on the locations of the user and the eavesdropper. Therefore, the transmitter needs to perform iterative calculations to determine the optimal power allocation coefficient for AN. However, when the frequency of changes in the eavesdropper’s location is high, the computational load increases, making it difficult to find the optimal power allocation coefficient for AN. To address this issue, we propose a scheme that employs a machine learning model to find the optimal power allocation coefficient for AN with reduced the computational complexity. Numerical results show that the proposed scheme achieves performance comparable to the optimal scheme.

ABSTRACT. A Virtual Private Network (VPN) is a technology used by users to hide their IP or access assets that are only accessible with an internal network IP. VPN uses tunneling protocols to make the network information you send unreadable to the outside world, and all connections outside of VPN are blocked, allowing you to securely access internal network assets without fear of intrusion. Organizations rely on this technology to set up VPN servers to allow employees to work remotely from outside the organization. However, our lab has found vulnerabilities in VPN clients that allow non-VPN network traffic to be introduced using routing commands, and vulnerabilities that allow internal network penetration due to unbroken sessions that were established before the VPN connection. These vulnerabilities break the tunneling protocol, which is a dangerous vulnerability that can occur in many types of VPNs. In this paper, we will describe the tunneling disabling vulnerability using the routing table and propose security measures against it

ABSTRACT. The development of ultra-low-latency mobile communication technology has led to the rapid expansion of the autonomous driving and virtual- and augmented-reality service markets. Accordingly, low-latency traffic (LLT) transmission and processing technology has been widely investigated as a next-generation Wi-Fi standard technology. However, existing LLT transmission mechanisms are inefficient owing to the large overhead of the approval process. In this study, LLT was transmitted at high speed using the interframe space between the data and ACK frames, which has not been used thus far. Furthermore, we propose a dynamic x-interframe space (xIFS) model with a key update mechanism that uses the random number generator and XOR operations to prevent the leakage of LLT information during the transmission process. Experimental results show that when the data payload size of non-LLT traffic was 1,000 bytes, the dynamic xIFS model improved the saturation throughput by a factor of approximately 116 compared with the conventional model. Moreover, the LLT data confidentiality was maintained, and the latency was reduced by a factor of approximately 3.83.

ABSTRACT. The digital healthcare industry and technologies providing personalized medical and healthcare services have garnered significant attention due to advancements in information and communication technologies. Federated learning (FL), which enables decentralized learning without sharing data with a central server, is crucial for maintaining data privacy while delivering artificial intelligence-based digital healthcare services. However, FL faces challenges such as performance degradation in the global model and increased communication costs, particularly when data on mobile devices are non-independent and non-identically distributed (non-IID). As wearable devices used in digital healthcare are wireless and lightweight, minimizing communication costs is essential. To address this issue, this study introduces differential federated learning (DFL), which reduces communication costs while enhancing privacy in FL environments where data on mobile devices are non-IID. In DFL, devices are grouped into IID and non-IID categories, with their participation in FL differing by group. The IID group updates the model frequently, while non-IID group updates it intermittently to improve convergence speed and communication efficiency. Reducing transmission frequency also lowers the risk of data leakage. Evaluation results indicate that DFL improved convergence speed by 19.54% on average compared to conventional federated averaging, while improving privacy leakage risk by at least 7.2% and up to 71.43% and reducing communication costs by a minimum of 39.35% and up to 76.27%. Furthermore, compared to conventional centralized learning methods, DFL reduced communication costs by at least 63.45% and up to 86.25%, and improving privacy leakage risk by a minimum of approximately 36% and up to 79.99%. The proposed method presents a novel approach to improving convergence speed while maintaining privacy and efficiency, addressing key challenges in FL.

ABSTRACT. This paper proposes a biometric authentication framework, PPHDM-IoTC (PrivacyPreserving Hamming Distance Biometric Matching in IoT-Cloud architecture), which encrypts biometric templates collected through IoT devices to perform biometric authentication in a cloud environment, ensuring privacy protection. We implement the PPHDM-IoTC in C++ on a Raspberry Pi 4B environment, and the analysis showed that it can be efficiently executed even on lightweight devices, with authentication times ranging from 7.59 to 194.79 microseconds. Furthermore, the cloud server cannot recover sensitive information from the encrypted biometric templates sent by the IoT devices, thus preventing privacy breaches in advance.

ABSTRACT. In cellular networks, authorities may need to physically locate user devices to track criminals or illegal equipment. This process involves authorized agents tracing devices by monitoring uplink signals with cellular operator assistance. However, tracking uncooperative uplink signal sources remains challenging, even for operators and authorities. Three key challenges persist for fine-grained localization: i) devices must generate sufficient, consistent uplink traffic over time, ii) target devices may transmit uplink signals at very low power, and iii) signals from cellular repeaters may hinder localization of the target device. While these challenges pose significant practical obstacles to localization, they have been largely overlooked in existing research. Addressing these issues, we introduce the Uncooperative Multiangulation Attack (UMA), which forces continuous uplink traffic, maximizes signal strength, and distinguishes target signals from repeaters without requiring privileged access to cellular operators or devices.

ABSTRACT. The Message queuing telemetry transport (MQTT) protocol is a representative protocol for IoT communication, but brokers can be utilized as attack vectors. To solve this problem, this paper proposes a method that divides and delivers authentication information using two brokers in the authentication process of the MQTT protocol. The proposed scheme increases the attack cost by 1.84×1017 times while maintaining similar throughput to the existing scheme.

ABSTRACT. Modern vehicles are mostly controlled by electronic control units, from the most basic driving functions to simple functions such as trunk opening and closing. Because of these characteristics of modern vehicles, traffic accident investigators analyze Event Data Recorders (EDRs) for forensic evidence collection in addition to traditional traffic accident investigation methods. These EDRs are used as key evidence in determining the cause of traffic accidents and the liability. The EDR report can be acquired by connecting the vehicle manufacturer’s dedicated EDR analysis tool to the canonical interface [2]. However, if the canonical interface is damaged due to fire or severe accident, crash data can’t be acquired using canonical methods [1][3][4]. In this study, we propose a Chip-swap technique as a method to acquire crash data in a situation where the canonical interface is damaged,and a procedure to verify the integrity of the data acquired through it.

ABSTRACT. We propose a novel authentication system for connected cars that leverages multi-touch pressure gesture recognition of the user's hand. The proposed system authenticates a user's identity by analyzing the unique shape and pressure of their hand as they grip the steering wheel in next-generation mobility vehicles. The proposed system enhanced both the reliability of authentication and overall usability in shared connected cars.

ABSTRACT. Quantum computers are prone to complex errors like bit-flip and phase-flip, driven by their sensitivity to decoherence and noise, making robust error correction essential for scalability. Unlike classical bits, qubits face intricate error patterns and cannot be copied due to the no-cloning theorem, complicating the preservation of superposition and entanglement. However, key challenge is developing quantum error correction techniques that protecting critical quantum properties while effectively mitigating errors. In view of this, it becomes extremely challenging to keep quantum operations reliable and stable. This study proposes an elaborate Quantum Error Correction Code (QECC), modelled after the Shor Code, that addresses this issue by encoding a single qubit into nine physical qubits. The primary objective is to significantly lower the probability of errors in order to improve the dependability of quantum calculations. In order to identify mistakes, the suggested approach uses syndrome measurements. It also uses artificial intelligence to predict and fix error patterns in real time. These results show a notable improvement in mistake resilience, with the error probability dropping from 3% without correction to just 0.01% with the Shor Code. Based on these results, these developments are essential for quantum computing's scalability and are particularly important to protecting IoT systems in the changing post-5G.

ABSTRACT. We propose the Size-Hiding Inner Product Private Join and Compute (SH-PJC) pro tocol with dummy data, which enables two parties to securely compute the inner product of their private datasets while keeping their dataset sizes confidential. We extend the prior inner product PJC protocol to ensure privacy for input data sizes, and we analyze and compare the resulting computation and communication costs with those of prior work.

ABSTRACT. Quantum computers in the NISQ (Noisy Intermediate-Scale Quantum) era are prone to errors (noise) in the computational process, so optimization for the qubit resources and computational efficiency of quantum circuits is required. In order to satisfy various optimization conditions of quantum circuits, a method of integrating and applying multiple algorithms should be considered. We present an implementation method of SW that improves and integrates quantum circuit synthesis and depth optimization algorithms.

ABSTRACT. To mitigate shoulder surfing attacks, various shoulder-surfing resistant (SSR) authentication schemes have been proposed. To ensure a fair comparison of these SSR schemes, it is essential to establish general metrics that measure their resistance to shoulder surfing attacks. These metrics can guide the design of new SSR schemes. Additionally, these metrics will allow researchers to understand the impact of different parameters and fine-tune SSR schemes accordingly. Furthermore, the metrics will provide insight into the information gain that a shoulder surfer can achieve through observation of authentication attempts. In our preliminary study, we proposed two information-theoretical metrics to measure shoulder surfing resistance. These metrics are based on a generalized model of SSR schemes. We evaluated CDS and CHC using the proposed metrics in our preliminary study. The evaluation reveals interesting insights into the two schemes.

ABSTRACT. In cellular networks, four major active attack models exist: Man-in-the-Middle (MitM), Signal Overshadowing (SigOver), Fake base station (FBS), and Fake User Equipment (Fake UE). Existing testing frameworks primarily operate by sending test messages and validating responses to verify security against various attacker models. However, this approach fails to detect Fake UE attack vulnerabilities since the impact appears in the victim UE's behavior rather than in the network's responses. To address this limitation, we propose a novel security testing framework specifically targeting the Fake UE attack model. Our framework features three main capabilities: systematic testing across different UE connection states, precise control of test message sequences, and effective detection of behavioral changes indicating successful attacks. We evaluated our framework against both open-source and commercial LTE cores and identified critical security impacts: Denial-of-Service and IMSI exposure attacks.

ABSTRACT. This study addresses the security challenges posed by quantum computing and explores the use of Post-Quantum Cryptosystems (PQC) as replacements for traditional cryptosystems in TLS and key exchange protocols. Prior research identified Kyber-1024 and Dilithium3 as the most effective combination for TLS, with Kyber-1024 performing efficiently for key exchange protocols. The primary goal of this paper is to individually validate the security of Kyber and Dilithium through formal analysis using ProVerif, ensuring their reliability for secure communication in post-quantum environments.

ABSTRACT. TLS 1.3 PSK with (EC)DHE supports both authentication and key exchange. The use of PSK simplifies the authentication process, making it more efficient, while also providing forward secrecy. This study performed a formal verification of TLS 1.3 PSK with (EC)DHE using BAN logic. The verification results revealed that replay attacks on ClientHello and resource exhaustion attacks through retransmission are possible.

ABSTRACT. In this study, we evaluate the performance of tfsec, a security vulnerability detection tool for Terraform. Terraform is an Infrastructure as Code (IaC) tool that enables the automation of infrastructure management, particularly with the rise of DevOps. While tfsec effectively detects vulnerabilities in public cloud environments, it is insufficient in detecting critical security issues in private cloud environments. This study emphasizes the need to enhance tfsec’s detection capabilities to better address security in private cloud environments.

ABSTRACT. Malware remains one of the most significant forms of cybercrime. With the rise of Transport Layer Security (TLS), attackers are increasingly encrypting malicious activities. While behavior-based features have been used to detect malware traffic, no prior work, to our knowledge, has incorporated TLS metadata. In this study, we integrate TLS metadata into an existing framework to classify encrypted malware traffic and evaluate its impact. Our experiments showed notable performance improvements with the use of TLS metadata.

ABSTRACT. Apple Wireless Direct Link (AWDL) is a proprietary peer-to-peer wireless technology developed by Apple. It enables direct communication between Apple devices, such as iPhones, iPads, Macs, and Apple Watches, without requiring an existing Wi-Fi network or internet connection. This paper examines the AWDL protocol from the perspective of implementing covert channels in air-gapped networks. As a result, we reveal that by exploiting the discovery phase of AWDL, it is possible to encode and transmit hidden information between Apple devices. By designing three covert channels based on the AWDL discovery phase, we highlight that AWDL's inherent design can be subtly manipulated to facilitate stealthy communication, raising concerns about privacy and data exfiltration risks in air-gapped environments where AWDL is actively used.

ABSTRACT. In 5G SBA(Service-Based Architecture), communication between different NFs (Network Functions) is essential. It also requires supporting connectivity between networks, including roaming scenarios. All messages between NFs use HTTP/2, secured through TLS(Transport Layer Security). In particular, 5G private network roaming presents unique challenges that demand performance improvements due to real-time mobility requirements. In this paper, our objective is to demonstrate performance improvements at the transport layer through the application of HTTP/3, and at the application layer by utilizing the 0-RTT mode of TLS 1.3, specifically within the 5G SBA.

ABSTRACT. The sixth-generation (6G) network which is the Advanced 5G, research is being conducted to provide Open Radio Access Network (O-RAN) and vertically/horizontally expanded networks and application services. Accordingly, 6G network should guarantee more security properties to achieve trust in the expanding network, such as satellites and drone base stations. In particular, the 6G network is expected to address security threats caused by Fake Base Stations (FBS), which have exposed various vulnerabilities since the 5G network. In this paper, we propose a gNB authentication scheme based on the Public Key Infrastructure (PKI). We analyze threat scenarios that may occur due to FBS and whether our scheme can guarantee security against that. Finally, our scheme provides a secure authentication scheme against FBS in the 6G communication environment.

ABSTRACT. As cyberattacks through networks increase, air-gapped networks physically isolated from the Internet are often recommended to protect systems and industrial facilities. However, prior research has demonstrated that data exfiltration attacks are still possible in airgapped environments by exploiting computer systems or peripheral devices. This study, therefore, proposes an attack model that uses fuzzing on Internet of Things (IoT) connectivity devices to exfiltrate data from air-gapped environments through side-channel signal patterns.

ABSTRACT. With the advancement of quantum computing, the security of traditional public-key cryptography has come under threat, leading to the organization of the PQC competition and the ongoing standardization efforts. The Known Answer Test (KAT) for conventional public-key cryptography involves extracting random numbers to verify key generation or encryption/decryption results. However, Post-Quantum Cryptography (PQC) is built upon mathematical theories and computational algorithms that are significantly more complex and sophisticated compared to traditional public-key cryptography. This complexity demands a more meticulous approach to implementation validation. Consequently, beyond simple result comparison, there is an emerging need for so-called negative tests, which deliberately introduce incorrect inputs to uncover potential implementation bugs [5, 3, 4]. This paper discusses the definition, types, and significance of such negative tests. Furthermore, we propose negative testing strategies for the algorithms submitted to the KpqC competition, based on the proposed methodologies.

ABSTRACT. With the advancement of quantum computers, NIST has been conducting a standardization project for post-quantum cryptography. In 2022, NIST selected one KEM and three DSAs as standardization candidates. However, due to the issue that most of the selected algorithms are lattice-based, NIST is currently holding an additional competition to select more DSAs in 2023. MAYO is a multivariate signature algorithm with a structure similar to the Oil and Vinegar scheme. It is characterized by its use of a small secret key and a large amount of stack memory. This paper aims to lay the groundwork for GPU optimization research on MAYO by identifying its performance bottlenecks and presenting the throughput when porting MAYO to the GPU in a simple manner. Additionally, we discuss the precautions in the porting process and suggest future research directions for optimizing MAYO.

ABSTRACT. Multi-factor authentication (MFA) provides strong security, but its poor usability often hinders adoption. This paper proposes a parallel authentication model utilizing Shamir's Secret Sharing scheme. Unlike conventional sequential authentication methods, the proposed model simultaneously verifies multiple authentication factors, thereby shortening the authentication process and improving usability. Additionally, the model is designed to complete authentication when a threshold number of authentication factors are passed, thus enhancing security.

ABSTRACT. This study introduces a signal fingerprinting method based on emphasized spectrum data to address security vulnerabilities in Bluetooth Low Energy(BLE) communications. By applying specific filter banks to highlight distinctive frequency characteristics, the method effectively authenticates and identifies IoT devices. Experimental results demonstrate improved accuracy over traditional methods, presenting a promising approach for enhancing IoT security.

ABSTRACT. In this paper, we propose Road Balance, a novel message set designed to improve traffic management using Roadside Units within the existing Probe Vehicle Data framework. This message set includes functions for deceleration, acceleration, stop/yield, approval, and queue management, allowing RSUs to control vehicle behavior in real-time dynamically. We expect that Road Balance can be successfully implemented across various road infrastructures to optimize vehicle movement and reduce delays.

ABSTRACT. A key principle of DevSecOps is to configure and manage infrastructure in an automated manner using Infrastructure as Code (IaC), where infrastructure is managed as code. This automation increases efficiency by allowing infrastructure settings to be quickly synchronized with code changes. However, there is also a risk that incorrect configurations or security vulnerabilities could be propagated into the infrastructure along with these changes. In this paper, we examine whether Terraform, one of the IaC tools, can properly provision and configure nodes within a Kubernetes environment. Through this, we aim to examine how potentially vulnerable misconfigurations are applied to actual clusters and nodes, and analyze whether vulnerabilities arise as a result. We aim to propose solutions to strengthen security within the DevSecOps cycle.

ABSTRACT. This paper introduces a device authentication framework designed for private 5G networks, providing flexible support for security algorithms and End-to-End authentication. Key implementation aspects include device-authentication chip interactions, security algorithm selection, performance improvements, and server separation. The framework aims to enhance security and flexibility in device identification for private 5G networks.

ABSTRACT. Low Earth Orbit (LEO) satellite communication networks are susceptible to security threats due to their global connectivity, particularly to ICARUS attacks, which exploit Link Flooding Attacks (LFA) to induce network congestion and disrupt services. Accordingly, this study conducts an analysis of the ICARUS attack and proposes a dynamic topology virtualization system to mitigate its impact.

ABSTRACT. The most essential factor for human survival today is a secure power supply. To ensure a power supply, the Element Management System (EMS) has been developed, designed to maintain the efficient operation and stability of the power grid. EMS enhances power supply efficiency through real-time monitoring, remote metering, load management, and fault detection and recovery, while security functions are critical to protect the grid from cyberattacks and external threats. Datagram Transport Layer Security (DTLS) is an effective protocol to meet these security requirements, supporting real-time communication while enhancing EMS security. This paper explains the requirements for applying DTLS to secure message exchange within EMS.

ABSTRACT. Video sensor technology is used extensively in a variety of files, but there is a risk of privacy invasions when videos or images captured by such sensors are used. To address this issue, traditional methods involve additional post-processing operations on stored data. However, these post-processing techniques leave the original de-identified data still in place, which can expose it to privacy risks. In this paper, we propose the concept of a "Privacy Camera" which embeds an object anonymization. We implement a prototype of the prototype and conducted a series of experiments to evaluate its performance and potential applications.

ABSTRACT. The widespread adoption of AI in IoT devices has introduced new attack surfaces, particularly through unconventional methods like inaudible attacks on AI assistants such as Google Assistant and Siri. These attacks use sound waves at frequencies beyond human hearing, evading detection by conventional security systems. A common defense strategy involves using machine learning to classify attack sounds, but this requires large datasets, which are currently insufficient. The proposed methodology explores using generative adversarial networks (GANs) to classify inaudible attack sounds more effectively, even in data-limited environments, by generating synthetic data to detect attack characteristics.

ABSTRACT. For NIST PQC, higher-order polynomial multiplication is typically required, which is a major computational load. Therefore, this paper introduces methods for optimizing polynomial multiplication based on operations in binary fields, such as in the NIST PQC Round 4 code-based cryptographic algorithms. Even when using representative high-order polynomial multiplication algorithms like Karatsuba, multiplication between words is still necessary in the final stage of polynomial multiplication. Based on the Karatsuba algorithm, we calculate the number of base multiplication calls according to the polynomial size of HQC and provide performance analysis results for two different methods on Cortex-M4.

ABSTRACT. This paper proposes a method to identify DoS attacks at RSU and notify the administrator to ensure the availability of the wireless channel when certain messages abnormally occupy the wireless channel in V2X wireless channel environment.

ABSTRACT. ALTEQ is a candidate for the first round of the NIST Additional DSA. To the best of our knowledge, no optimal implementation of ALTEQ has been reported to date. Therefore, we present the first port and efficient implementation of ALTEQ on Cortex-M4 and present its performance.

ABSTRACT. Although the microservice architecture provides the advantages of high scalability and independent service management, it increases the security risk by forming a wider attack surface compared to the existing monolithic structure. In particular, DoS attacks that induce excessive traffic to services can affect not only the performance of certain services but also other services involved. Therefore, this study proposes a new DoS attack detection method using a distributed tracing tool called SkyWalking. It uses SkyWalking Rover's eBPF-based agent tool to collect real-time network metrics for each service and effectively detect DoS attacks through an unsupervised learning-based anomaly detection technique.

ABSTRACT. The traditional Flying Ad hoc Network (FANETs) relying solely on ad hoc routing protocols suffers from a high packet loss rate when the topology changes frequently. To tackle this issue, this paper presents a networking scheme called SINET-OLSR. In this scheme, access network users and core network ARs are connected through static routes with single hops, while core network nodes are routed via traditional wireless Ad hoc networking protocols. This paper improves the traditional SINET protocol flow to enable mobile switching between users and ARs. The SINET-OLSR scheme is implemented in the NS3 environment and is compared with the traditional OLSR scheme in terms of mobility switching delay and packet loss rate. Experimental results indicate that the SINET-OLSR scheme significantly reduces the packet loss rate.

ABSTRACT. Conventional information leakage attacks using air-gapped systems are limited by transmission range. This paper proposes two methods utilizing Wi-Fi beacons to extend the transmission distance to hundreds of meters: the first method embeds data within the beacon signal’s data field, while the second modulates the beacon signal interval. Experimental results show that the data embedding method consumes about 2.7 times more bandwidth on average and introduces roughly twice the delay compared to other methods.

ABSTRACT. Private Set Intersection (PSI) is a technique for securely computing the intersection of data with privacy-preserving. Recently, research proposed on computing the intersection of the other parties’ datasets by a third party who has no dataset. When virus clusters appear, regulatory organizations use this data for contact tracing via third party PSI preserving the privacy of other visitors. However, third party PSI can only compute the intersection of two parties' datasets without the scaleability of more parties. In this paper, we propose an MPSI that allows a third party to compute the intersection of three or more parties' datasets for efficient contact tracing.

ABSTRACT. In this paper, we propose a technique to detect errors or malicious attacks through the location information of BSM messages used in vehicle-to-vehicle (V2X) communications by utilizing popular AI algorithms for outlier detection.

ABSTRACT. With the emergence of non-terrestrial base stations and heterogeneous devices, 6G networks are becoming more open and fragmented, making trust assurance a critical issue. In particular, the trustworthiness of anonymous non-terrestrial base stations and their segmented networks is a key challenge. To address this, we propose a certificate management system for base stations and devices. Our core novelty lies in delegating trust within the segmented networks through base station authentication. Furthermore, by leveraging the characteristics of base stations and entities, we propose a blockchain-based PKI that tightly integrates two different blockchains using distinct consensus algorithms.

ABSTRACT. With the development of 5G networks over time, the significance of 5G security has grown considerably. Among various security authentication mechanisms, the EAP-AKA' protocol(Extensible Authentication Protocol Method for Authentication and Key Agreement) is recognized as one of the commonly used mechanisms and standards. However, previous formal verification of the protocol didn't address security in the event of long-term key leakage and protection against replay attacks. Therefore, this paper aims to address this gap by performing formal verification of the EAP-AKA' protocol to evaluate its security against potential threats and verify any existing vulnerabilities.

ABSTRACT. Lane detection systems are critical for the safe operation of autonomous vehicles. As infrared (IR) cameras become increasingly integrated into these systems due to their various advantages, they also introduce new vulnerabilities. This study investigates an attack that leverages IR lasers to generate fake lanes, invisible to the human eye but detectable by vehicle cameras. These fake lanes can deceive lane detection algorithms, leading to misinterpretations of the road. We specifically target LaneNet, a widely-used segmentation-based algorithm, to demonstrate the impact of these IR-based attacks. Through a series of experiments, we explore the potential safety risks and accident scenarios that could arise from such attacks, highlighting a previously overlooked security vulnerability in lane detection systems.

ABSTRACT. Although research to prevent zero-day attacks is ongoing, the nature of these attacks makes them difficult to counter with current defense methods. In this study, we evaluate the performance of existing Deep Neural Network (DNN) methods and propose an enhanced attack detection architecture.

ABSTRACT. Internet of Things(IoT) devices have been widely used across multiple fields and form interconnected networks. Consequently, they are susceptible to cyber threats and illegal activities from the Darknet, similar to the conventional computing infrastructure. Darknet is a network environment that guarantees anonymity and is frequently utilized by cybercriminals to carry out illegal activities. Undetected malicious activities can compromise numerous interconnected devices or lead to data breaches of critical infrastructure and potential large-scale cyber attacks, making identifying Darknet traffic essential. Previous studies have focused on detecting Darknet traffic and improving detection accuracy using supervised learning-based machine learning techniques. However, following the Tor Project’s V3 update in 2022, existing research has limitations in addressing the latest cyber threats. This paper presents a new dataset that reflects the most recent Darknet traffic. By comparing it with the existing dataset, we test the following three supervised learning-based machine learning classifiers: Random Forest (RF), Support Vector Machine (SVM), and Artificial Neural Network (ANN).

ABSTRACT. The Korea Water Resources Corporation has piloted the introduction of an AI-based smart water treatment plant at the Hwaseong Water Treatment Plant, demonstrating the effective application of AI technology. Given that supply chain damage cases occur every year, the possibility of AI supply chain attacks targeting smart water treatment plants cannot be ruled out. In this scenario, it is assumed that the smart water treatment plant's water quality prediction algorithm uses TensorFlow, and the possibility of a typosquatting attack on TensorFlow is demonstrated. By predicting the damage to the smart water treatment plant and proposing preventive measures, the aim is to contribute to the security of the actual smart water treatment plant supply chain.

ABSTRACT. This paper proposes a data augmentation technique that analyzes temporal changes in the statistical features of encrypted traffic to capture differences between normal and attack traffic. The method improves data diversity by retaining original characteristics while introducing subtle variations. Experimental results show that using augmented data significantly improved the classification model performance as data volume increased.

ABSTRACT. With the addition of numerous ECUs(Electronic Control Units), vehicles provide significantly enhanced safety and convenience. CAN(Controller Area Network) connects multiple ECUs in a single network and is used for more efficient communication between in-vehicle applications. When ECU-1 transmits a data frame, all ECUs on a single network can decide whether to receive it. In this study, we assign a unique differential voltage to each ECU and use this to distinguish between legitimate ECU messages versus attacker-generated messages. However, if the differential voltage remains static, an attacker could have enough time to identify the unique differential voltage of each ECU, enabling a spoofing attack. To prevent this threat, research has been conducted to apply the MTD algorithm to dynamically change the attack target and confuse the attacker. Therefore, we intend to strengthen security by applying the MTD algorithm that changes the differential voltage at specific cycles.

ABSTRACT. This study proposed a DC-GML (Dataset Characterization-guided Machine Learning) method for anomaly detection in lightweight devices. Experimental results show that feature selection using feature importance selected by DC-GML shows 10.32% higher accuracy with five features remaining than other feature selection methods.

ABSTRACT. COVID-19 has had a significant impact not only on daily life but also on various industries. Notably, online broadcasting platforms have continued to grow steadily and gain widespread popularity even after the declaration of the endemic, leading to an increase in the number of broadcasters and viewers. Additionally, the types of digital content used and exposed in broadcasts are becoming more diverse, but the copyright agreements and management for such content remain insufficient. The main reason for this is that the concept and process of licensing are complex, making expert assistance essential. Therefore, this paper aims to explain a contract information analysis mechanism based on digital content categories for recommending license agreement clauses.

The mechanism proposed in this paper can be divided into the data collection and preprocessing stage, AI model training stage, and the license agreement clause recommendation stage. The data collection and preprocessing stage involves obtaining digital content license agreements and extracting and structuring the relevant information from the agreements. The data extracted from the agreements is classified into digital content categories, licensed copyright property rights, and detailed clauses related to the licensed copyright property rights. The AI model training stage uses the preprocessed data to train a recommendation model based on either collaborative filtering or content-based filtering. By analyzing the performance evaluation results of the trained model, fine-tuning processes such as modifying the model structure and adjusting hyperparameters are carried out to improve the model’s performance. Lastly, the license agreement clause recommendation stage is the phase where the actual model is applied. When digital content is inputted, the system identifies the content category and recommends the appropriate copyright property rights and detailed clauses for drafting the license agreement.

By applying the proposed mechanism to the license agreement process, it can enhance accessibility to digital content license agreements, prevent unfair contracts in digital content usage, and protect against copyright infringement when creating digital content.

ABSTRACT. A GPS spoofing attack manipulates a target's location, velocity, and time by transmitting counterfeit GPS signals. This attack may cause substantial economic loss and safety risks in many safety-critical systems such as transportation systems and power grids. Existing spoofing detection methods commonly requiring addition or manipulation of the hardware have not been deployed widely. In this work, we present a novel GPS spoofing detector using a commodity GPS receiver without any hardware modifications. This is achieved by uniquely leveraging the signal model inaccuracies of GPS spoofers, which affect outputs of commodity receivers. Our evaluation demonstrates that our lightweight software-only design based on a neural network enables real-time execution (1.35ms on a single board computer) with a 98.6% spoofing detection rate and a 4% false alarm rate.

ABSTRACT. Digital watermarking is a technology that hides data or identifies information in digital content. The Least Significant Bit (LSB) technique, one of the digital watermarking insertion methods, inserts data into the least significant bit of a pixel. It has little effect on the quality of the image but is very sensitive to noise attack. In this paper, we improved the watermark robustness against noise attacks by repeatedly embedding watermarks in multi-bits. According to the experimental results, when data was repeatedly inserted into five bits in a pixel, invisibility and robustness were optimized, and up to 62% of the original data could be restored depending on the noise intensity.

ABSTRACT. Federated learning is a solution to address data privacy concerns and the need for distributed learning environments. By processing data locally and aggregating models on a central server, federated learning guarantees data privacy. In this study, we conduct extensive experiments of federated learning for non-IID network intrusion detection datasets.

ABSTRACT. Unauthorized drones significantly threaten security and privacy in critical infrastructures and public spaces. While much research has focused on detection methods, effective post-detection countermeasures are still underexplored. We propose a novel anti-drone system that neutralizes unauthorized drones by inducing a targeted battery drain attack via the drone's wireless communication. By transmitting meaningless packets to the unauthorized drone, its battery is rapidly drained, forcing it to either be neutralized or trigger emergency landing protocols. This proposed solution provides a novel, efficient, and non-destructive alternative to existing drone countermeasures.

ABSTRACT. The method of deploying containerized applications to distributed systems such as edge clouds in IoT environments has advantages in terms of lightweightness and portability. However, malicious containers deployed in this environment can spread faster than traditional host environments, so it is important to detect them at runtime. In this study, system calls of containerized botnet malware are compared with benign containers and analyzed through machine learning.

ABSTRACT. As autonomous driving technology using vision sensors becomes more popular, illegal attempts are being made to manipulate road signs and warning signs. In this paper, we propose a technique to prevent artificial forgery using steganography technology.

ABSTRACT. This paper presents a method to apply NTT-based Polynomial Multiplication in cryptographic algorithms that utilize NTT Unfriendly Rings. Specifically, it proposes an NTT application approach for SMAUG-T, which was submitted to KpqC and employs an NTT Unfriendly Ring, thereby exploring an effective way to perform NTT-based polynomial multiplication. As a result, compared to the current reference implementation, a performance improvement of up to 34% was achieved in matrix multiplication.

ABSTRACT. As the use of mobile devices continues to grow, the study of recommendation systems has become a crucial area of research for a variety of mobile commercial services. These recommendation services have been widely utilized, resulting in the accumulation of sub- stantial data related to users’ historical interactions with items. However, there is a paucity of research on recommendation systems for long user history sequences spanning several years. Existing studies often focus on the most recent actions in a user’s sequence and discard the remainder of the sequence. Therefore, we propose Patching Sequential Rec- ommendation (PSR), a method that applies the patching method to learn user historical sequences recorded over a long period of time, extracting preferences for each interval and predicting the next item that will be preferred in the future.

ABSTRACT. We simplify the tracing of fake audio sources to the attribution of the vocoder architecture, which is applied in the final step of speech synthesis to generate speech waveform.The advent of new technologies has led to an increased reliance on digital evidence in legal proceedings, giving rise to concerns about its admissibility and integrity due to the ease of duplication and tampering. To ensure admissibility, it is necessary to demonstrate a secure chain of custody. This research introduces BIS-MDEI (Blockchain-Based Integrated System for Management of Digital Evidence Integrity), a blockchain-based system for evi- dence collection, storage, and management. BIS-MDEI preserves the original data at each stage, thereby reducing costs, simplifying the chain of custody, and enhancing the integrity of the process when compared to traditional methods.

ABSTRACT. Recently, ransomware attacks have surged, with mission-critical applications becoming primary targets. Interruptions in mission-critical systems can lead to significant damage to life and safety. However, conventional backup systems fail to guarantee availability due to long recovery times and high data loss rates. This study proposes a novel ransomware countermeasure using a dual-core system to reduce recovery time and minimize data damage. Performance evaluation shows that the proposed method achieves 99.02% faster recovery time than the conventional method.

ABSTRACT. As insider threats are a major cause of security incidents, preventive measures at the hiring stage are essential. This paper proposes methods for managing insider threats during recruitment by assessing candidates’ reliability and compliance through background checks and security awareness interviews. Additionally, collaboration with HRM (Human Resource Management) for security training can help prevent insider threats and protect core assets.

ABSTRACT. In finance, AI analyzes complex data to make personalized product recommendations, support credit scoring and decision-making, and more. There is a growing need for fairness and reliability in AI-driven decisions, even as the adoption of AI technologies aims to improve the efficiency and accuracy of financial services. In this paper, we analyze the bias of AI algorithms. We propose a practical solution that addresses both fairness and accuracy.

ABSTRACT. Voice phishing, a form of fraud that uses phone calls or voice messages to steal sensitive personal or financial information, is becoming increasingly common. Attackers impersonate financial institutions, employing increasingly sophisticated techniques to deceive victims. In response to this escalating threat, we propose a novel approach that verifies the au- thenticity of phone calls by embedding digital signatures into the audio streams. Utilizing the spread spectrum technique, the system embeds the signature at the start of the call, enabling recipients to confirm the call’s origin. To the best of our knowledge, this is the first approach that applies digital audio signatures to prevent voice phishing.

ABSTRACT. SOAR (Security Orchestration, Automation, and Response) technology is gaining attention as an essential element for efficient cybersecurity management and threat response. This technology integrates and automates various security data to support rapid decision-making[1]. Currently, many organizations are using a manual approach to determine threat assets and establish response strategies through mapping. This process is time-consuming and resource-intensive, and has the disadvantage of making it difficult to respond quickly[2]. To overcome the limitations of the manual system, we propose a system that collects and formalizes CTI(Cyber Threat Intelligence), calculates the risk level, and automatically maps the response strategy. This system maximizes efficiency by performing all processes automatically. First, when receiving CTI Raw Data from an external STIX/TAXII server and retrieving information in report format, collection and formalization are performed through the CTI Collection & Formalization Module. At this time, in the Data Progressing process, the data is classified into five cases. ① When only CVE ID exists, ② When only CPE exists, ③ When both CVE ID and CPE exist, ④ When both CVE ID and TTP exist, and ⑤ When only TTP exists. These values are first stored in the CTI, and then they are processed for missing values through the CTI-Based TTP Mapping Module and then secondarily loaded into the CTI DB in the form of a CVE Object. Next, the information on internal assets is identified in the Internal Asset DB and the CPE combination is completed through the Internal Asset CPE Combination. This CPE is searched for in the values stored in the CTI DB to find the matching CVE Object. At this time, the CVE ID, CVSS, and TTP of the matching CPE are retrieved. These values go through the Risk Calculation & Response Strategies Module to obtain the final result through the risk calculation formula and the response strategy mapping block using TTP. The risk calculation formula is as follows[3]. R = (Cx0.3) + (Bx0.4) + (Ix0.3). Here, R represents the network internal asset risk, C represents the collected CTI risk (the average of all CVSSs that appear after searching the internal asset CPE in CTI), B represents the basic risk of the network asset, and I represents the importance of the network asset. The risk calculation using CTI is calculated according to the above formula. The response strategy mapping follows the following algorithm. TTP and Mitigation are mapped through the MITRE-based att_to_miti_RE.json file that contains the most information on TTP. The TTPs of the CVE Objects that appear after searching the internal asset CPE in CTI are found and the matching Mitigation is derived. After going through all of the above processes, the Final User Table displays the information on internal assets, CPE, CVE ID of CTI found by CPE, Asset base score, CTI score, Final exploit score, TTP mapped to CVE ID information, and defense strategy required for risk calculation, organized in an easy-to-see manner for users.

ABSTRACT. Generative Artificial Intelligence (AI) has revolutionized technology in various industries, but it also brings with it the challenges of copyright infringement and deepfake misuse. To mitigate these risks, digital watermarking technology is gaining attention. However, conventional digital watermarking techniques become increasingly vulnerable to geometric deformations as image complexity increases, and their robustness has not been evaluated, making them unreliable. This study assesses the robustness of TrustMark, a generative AI-based watermarking technology based on image complexity and proposes a new robustness requirement for trustworthy digital watermarks.

ABSTRACT. Digital human technology has emerged as a core element of the metaverse environment, being utilized in user avatars and various service provisions. However, with the rapid development of digital human technology, issues such as ownership verification and copyright protection have arisen. Digital humans are composed of a collection of multiple components, making them difficult to express as NFTs. There are hierarchical NFTs that can solve this problem, but there is a problem in that it is difficult to verify the integrity and ownership of data with only hierarchical NFTs technology. Therefore, this paper proposes an ownership verification architecture that combines hierarchical NFTs and Merkle tree to systematically classify the complex components of digital humans and efficiently verify the ownership of each component.

The proposed architecture consists of digital human component classification, Merkle Tree generation, hierarchical NFTs creation, and digital human component ownership verification using hierarchical NFTs, which are shown in Figure 1 and Figure 2. In the digital human component classification phase, since digital humans are composed of not just a single data type but include elements such as Skeleton data and Asset data, these are categorized and subdivided into more detailed items. In the Merkle tree generation phase, a hash value is created for each detailed component of the digital human to generate a Merkle tree. In the hierarchical NFTs creation phase, the generated Merkle tree hash values are added to the fields of the corresponding layer of the NFT, creating the NFT. Finally, in the ownership verification phase, users can perform full ownership verification or partial verification by providing either the Root NFT or the NFT of the layer that needs verification. If ownership verification of a layer other than the provided NFT is performed, the ownership verification may be performed by tracking parent nodes or child nodes.

By applying the proposed architecture, the components of a digital human composed of various data can be easily expressed, and users can verify whether they have legitimate ownership of the digital human data they are using.

ABSTRACT. With the increase in digital crimes among adolescents, the importance of digital literacy education has come to the forefront. This paper analyzes the current state of digital literacy education for young people and explores potential areas for improvement. The analysis reveals that the aspect of 'digital safety and ethics' is the least represented among the digital literacy factors reflected in the elementary school curriculum. By identifying the elements of digital literacy education reflected in the current curriculum and highlighting subject-specific and factor-specific biases, this paper proposes directions for improving education

ABSTRACT. This research proposes an LBAC model using X.509 certificates in Hyperledger Fabric to enhance access control. By encoding LBAC information in certificate extension fields,it aims to provide more flexible control while maintaining compatibility. The approach is expected to improve access decisions, policy management, and cross-channel functionality, addressing key enterprise blockchain security needs. This study seeks to promote wider adoption of Hyperledger Fabric in complex corporate settings by enhancing its security infrastructure.

ABSTRACT. The abuse of deepfake technology has led to issues like the spread of fake news and sexual crimes, with the problem worsening due to the rise of social media. Despite this, no universal defense mechanism for both autoencoder and GAN model has been established. We propose a defense technique using adversarial examples to limit deepfake abuse among general models. FakeGuard operates by introducing invisible perturbations that obscure the face embedding vectors, preventing both models from accurately generating images while satisfying the invisibility of perturbation.

ABSTRACT. Over the past 20 years, cryptographic technology has rapidly advanced. In particular, with the recent rapid development of quantum computers, various Post-Quantum Crypto graphic (PQC) algorithms have been adopted. Although it is suggested that all public-key cryptographic algorithms should be replaced with PQCs by 2030 to avoid the threat posed by quantum computers, the standards for verifying implementation accuracy remain un clear. We propose the Cryptographic Algorithm Validation Program (CAVP) methodology for ML-DSA, which follows the design principles of existing public-key cryptographic al gorithms.

ABSTRACT. With the proliferation of mobile technology and IoT devices, mobile edge computing has emerged as a solution for handling computation-intensive tasks. Containers, a core virtualization technology, allow for efficient application deployment in edge environments. However, their lightweight nature makes them vulnerable to botnet attacks. This paper presents a novel botnet detection framework that leverages eBPF-based network monitoring in cloud environments. Our framework uses eBPF programs distributed via Kubernetes DaemonSet to monitor and analyze real-time network traffic at the Veth interface of containers. By capturing key network features, such as flow data and TCP statistics, and using machine learning models like Random Forest and SVM, we achieve high botnet detection accuracy of up to 100%. We demonstrate the effectiveness of this approach through experiments with the Kaiji and Mirai botnets in a Kubernetes cluster.

ABSTRACT. As Internet of Things (IoT) device usage grows, secure firmware updates are crucial. The Firmware Over-The-Air (FOTA) mechanism is vulnerable to hijacking attacks, and while Secure FOTA (S-FOTA) improves security, it depends on a central server with limitations. Therefore, this paper proposes a decentralized firmware update mechanism based on S-FOTA and the InterPlanetary File System (IPFS), with hash values and decryption keys stored on the blockchain for a secure, decentralized update process.

ABSTRACT. To solve the reliability problem of watermarks vulnerable to various forgery attacks, this paper proposes an enhanced watermarking system that combines watermarks and NFT technology. The proposed method can register watermarked images to NFTs to manage ownership and embed new watermarks when the images are reprocessed to trace the process and distribution history. Preventing data tampering and proving ownership through blockchain technology can contribute to the prevention of piracy and copyright protection of digital content.

ABSTRACT. This paper introduces Mitra, an innovative eBPF-based real-time SSH monitoring system designed to overcome the limitations of traditional system log-based approaches, which are prone to high overhead and susceptible to vulnerabilities, such as log deletion and omission. Mitra operates independently of system logs, providing efficient, lightweight SSH session monitoring in both kernel and user spaces and detects malicious activities by leveraging this comprehensive monitoring. These contributions enhance the security posture of Linux environments, offering a robust alternative to conventional SSH monitoring methods.

ABSTRACT. Ransomware incidents have been consistently occurring worldwide, with the range of victims expanding from individuals to small and medium-sized enterprises and public institutions. Ransom notes, like the ransomware, are important sources of intelligence that include profiles of ransomware groups; however, the majority of existing research has focused primarily on the ransomware. In this paper, we explore the potential for profiling ransomware groups based on the analysis of ransom notes.

ABSTRACT. Although many insurance policyholders benefit from insurance products, the complex claims process often leads them to abandon small claims. According to data from the office of former Representative Chang-Hyun Yoon of the People Power Party, unclaimed insurance payouts amounted to approximately 321.1 billion KRW in 2023. To address this issue, an amendment to the Insurance Business Act was passed by the National Assembly of South Korea, allowing healthcare providers, such as hospitals and pharmacies, to electronically transmit the documents required for insurance claims directly to insurance companies upon the policyholder's request. This amendment is expected to streamline the claims process, reducing the difficulties policyholders face in obtaining and submitting documents and providing more efficient services.

With the passage of this amendment, the Korea Insurance Development Institute (KIDI), responsible for developing and operating the system, has been designated as an intermediary agency to facilitate electronic submissions without requiring additional document issuance from policyholders. However, due to the potential risk of personal information leaks during transmission, this paper proposes a solution to securely relay data by utilizing blockchain-based proxy re-encryption technology.

ABSTRACT. Roach Motel is a deceptive dark pattern that restricts user choices by intentionally complicating the process of service termination and unsubscribing. It undermines transparency in digital environments by manipulating user decisions without consent, posing an increasing threat to user rights. We propose a hierarchical method that analyzes web pages’ visual, behavioral, and semantic elements to systematically detect dark patterns and recommend effective measures for user protection. The proposed solution aims to enhance user autonomy and promote transparency in digital environments by discerning these harmful patterns.

ABSTRACT. The establishment of the web API ecosystem has increasingly attracted busi- nesses, thereby unlocking potential for growth and agility in development. How- ever, as the development of various web applications progresses, so does the effort of malicious actors to penetrate and identify vulnerabilities in these sys- tems, and these vulnerabilities are emphasized in OWASP Top 10 API Security Risks – 2023. This paper proposes the intrusion detection system (IDS) based on normal behavior specifications to be applied on the web API particularly the REST API architecture as a security layer to effectively monitor and mitigate security threats in a system.

ABSTRACT. As generative AI technology is being used for digital sexual crimes, fake videos through deepfake technology are increasingly occurring. Although punishment provisions related to domestic sexual assault laws have been newly enacted, there has been no research on how to respond to the types of pornographic materials in digital sexual crimes using AI. This paper presents a review on how to classify and punish pornography produced using generative AI.

ABSTRACT. This study developed a simulation system utilizing VR technology and a VR treadmill to enhance the immersion and safety of fire evacuation training. To address the spatial constraints and limitations in responding to unexpected situations of existing HMD-based simulations, the VR treadmill was incorporated to implement real walking and running movements in the virtual environment. This system can be applied to various disaster scenarios and is expected to provide effective evacuation training.