scroll identifier for mobile
main-content

This book constitutes the thoroughly refereed post-conference proceedings of the 19th International Conference on Information Security Applications, WISA 2018, held on Jeju Island, Korea, in August 2018. The 11 revised full papers and 11 short papers presented in this volume were carefully reviewed and selected from 44 submissions. #The primary focus of WISA 2018 was on systems and network security including all other technical and practical aspects of security applications and also on the embedded, unmanned or autonomous systems and cyber physical systems in general.

### Security Analysis of Mobile Web Browser Hardware Accessibility: Study with Ambient Light Sensors

Abstract
Mobile web browsers are evolved to support the functionalities presented by HTML5. With the hardware accessibility of HTML5, it is now possible to access sensor hardware of a mobile device through a web page regardless of the need for a mobile application. In this paper, we analyze the security impact of accessing sensor hardware of a mobile device from mobile web page. First, we present the test results of hardware accessibility from mobile web browsers. Second, to raise awareness of the seriousness of hardware accessibility, we introduce a new POC attack LightTracker which infers the victim’s location using light sensor. We also show the effectiveness of the attack in real world.
Sanghak Lee, Sangwoo Ji, Jong Kim

### HapticPoints: The Extended PassPoints Graphical Password

Abstract
Trust Ratchasan, Rungrat Wiangsripanawan

### ADSaS: Comprehensive Real-Time Anomaly Detection System

Abstract
Since with massive data growth, the need for autonomous and generic anomaly detection system is increased. However, developing one stand-alone generic anomaly detection system that is accurate and fast is still a challenge. In this paper, we propose conventional time-series analysis approaches, the Seasonal Autoregressive Integrated Moving Average (SARIMA) model and Seasonal Trend decomposition using Loess (STL), to detect complex and various anomalies. Usually, SARIMA and STL are used only for stationary and periodic time-series, but by combining, we show they can detect anomalies with high accuracy for data that is even noisy and non-periodic. We compared the algorithm to Long Short Term Memory (LSTM), a deep-learning-based algorithm used for anomaly detection system. We used a total of seven real-world datasets and four artificial datasets with different time-series properties to verify the performance of the proposed algorithm.
Sooyeon Lee, Huy Kang Kim

### One-Pixel Adversarial Example that Is Safe for Friendly Deep Neural Networks

Abstract
Deep neural networks (DNNs) offer superior performance in machine learning tasks such as image recognition, speech recognition, pattern analysis, and intrusion detection. In this paper, we propose a one-pixel adversarial example that is safe for friendly deep neural networks. By modifying only one pixel, our proposed method generates a one-pixel-safe adversarial example that can be misclassified by an enemy classifier and correctly classified by a friendly classifier. To verify the performance of the proposed method, we used the CIFAR-10 dataset, ResNet model classifiers, and the Tensorflow library in our experiments. Results show that the proposed method modified only one pixel to achieve success rates of 13.5% and 26.0% in targeted and untargeted attacks, respectively. The success rate is slightly lower than that of the conventional one-pixel method, which has success rates of 15% and 33.5% in targeted and untargeted attacks, respectively; however, this method protects 100% of the friendly classifiers. In addition, if the proposed method modifies five pixels, this method can achieve success rates of 20.5% and 52.0% in targeted and untargeted attacks, respectively.
Hyun Kwon, Yongchul Kim, Hyunsoo Yoon, Daeseon Choi

### Efficient Ate-Based Pairing over the Attractive Classes of BN Curves

Abstract
This paper proposes two attractive classes of Barreto-Naehrig curve for ate-based pairing by imposing certain condition on the integer $$\chi$$ that parameterizes the curve settings. The restriction results in an unparalleled way to determine a BN curve, its twisted curve coefficients, and obvious generator points. The proposed $$\chi \equiv 11~(\bmod ~12)$$ are found to be more efficient than $$\chi \equiv 7~(\bmod ~12)$$ together with pseudo 8-sparse multiplication in Miller’s algorithm. The authors also provide comparative implementations for the proposal.
Yuki Nanjo, Md. Al-Amin Khandaker, Masaaki Shirase, Takuya Kusaka, Yasuyuki Nogami

### A Study on the Vulnerability Assessment for Digital I&C System in Nuclear Power Plant

Abstract
NPP (Nuclear Power Plant) Operators have approached the problem of cyber security by simply keep up with the never-ending stream of new vulnerability alerts from suppliers and groups like ICS-CERT. Keeping Cyber Security Compliance, NPP Owner must patch vulnerabilities according to their CVSS Score. In fact, NPP Owner often has to deal with hundreds of vulnerabilities, which is not a trivial task to carry out. Unfortunately, the CVSS Score has been shown to be poor indicator for actual exploitation in NPP. This paper analyzes Vulnerability Assessment Methodology about Critical digital asset in NPP. And then give an effective methodology. It approaches the cyber security regulations of NPP from a technical vulnerability point of view, where any given Critical Digital Asset can be assessed for vulnerabilities.
SungCheol Kim, IeckChae Euom, ChangHyun Ha, JooHyoung Lee, BongNam Noh

### IP Address Mutation Scheme Using Vector Projection for Tactical Wireless Networks

Abstract
The static address configuration of networks and hosts allows attackers to have enough time to discover target networks and systems. On the other hands, the defenders always lack of time to respond because they can take action after attacker’s explicit behaviors. To eliminate the attacker’s asymmetric advantage of time, randomization of addresses have been suggested as Moving Target Defense (MTD) which is a promising technique to make the attacker’s reconnaissance activities difficult by dynamically changing network properties. In this paper, I propose the address mutation scheme using vector projection for tactical wireless networks that are a leader node centric hierarchical structure. In the proposed scheme, the addresses in the same networks are mutated with a simple vector operation by fully distributed manner and the mutated addresses are shared to all the members in the internal networks. Unlike the conventional schemes, all addresses associated with network entities for data delivery are mutated. I evaluate the performance of the proposed scheme by numerical analysis and experimental simulations. The results show that the proposed scheme could effectively randomize the addresses in tactical wireless networks.
Jong-Kwan Lee

### Parallel Implementations of CHAM

Abstract
In this paper, we presented novel parallel implementations of CHAM-64/128 block cipher on modern ARM-NEON processors. In order to accelerate the performance of the implementation of CHAM-64/128 block cipher, the full specifications of ARM-NEON processors are utilized in terms of instruction set and multiple cores. First, the SIMD feature of ARM processor is fully utilized. The modern ARM processor provides $$2\times 16$$-bit vectorized instruction. By using the instruction sets and full register files, total 4 CHAM-64/128 encryptions are performed at once in data parallel way. Second, the dedicated SIMD instruction sets, namely NEON engine, is fully exploited. The NEON engine supports $$8\times 16$$-bit vectorized instruction over 128-bit Q registers. The 24 CHAM-64/128 encryptions are performed at once in data parallel way. Third, both ARM and NEON instruction sets are well re-ordered in interleaved way. This mixed approach hides the pipeline stalls between each instruction set. Fourth, the multiple cores are exploited to maximize the performance in thread level. Finally, we achieved the 4.2 cycles/byte for implementation of CHAM-64/128 on ARM-NEON processors. This result is competitive to the parallel implementation of LEA-128/128 and HIGHT-64/128 on same processor.
Hwajeong Seo, Kyuhwang An, Hyeokdong Kwon, Taehwan Park, Zhi Hu, Howon Kim

### Logarithm Design on Encrypted Data with Bitwise Operation

Abstract
Privacy-preserving big data analysis on cloud systems is becoming increasingly indispensable as the amount of information of the individuals is accumulated on our database system. As a way of maintaining security on cloud system, Homomorphic Encryption (HE) is considered to be theoretically eminent protecting against privacy leakage. However, insufficient number of operations on HE are developed, hindering many research developers to apply their knowledgeable techniques on this field. Therefore, we propose a novel approach in constructing logarithm function based on mathematical theorem of Taylor expansion with fundamental arithmetic operations and basic gate operations in usage. Moreover, we present a more accurate way of deriving answers for logarithm using square and shift method.
Joon Soo Yoo, Baek Kyung Song, Ji Won Yoon

### Network Deployments of Bitcoin Peers and Malicious Nodes Based on Darknet Sensor

Abstract
Bitcoin depends on Peer-to-Peer (P2P) network in a major way and shares the connecting IP address list with the nearest peer. In addition, the blockchain which is the basic technology can be accessed by anyone, and the transaction stored in the block can be checked anytime. Recent research has reported that anonymity of such a bitcoin P2P network is low, regardless of whether peer uses the anonymizers like TOR to keep the anonymity. This fact shows the risk of the malicious users being able to use this public information without exception. However, when the malicious user is hiding behind the network and browsing public information, it is difficult to distinguish between a malicious user and a honest one, and it is a challenge to detect signs of hidden threats. In this research, we propose a data mining approach to analyze by combining two kinds of IP address distributions: Bitcoion peer and malicious node (not in the bitcoin network), in order to obtain characteristics of hidden users. As a result, we confirmed that the nodes, which matched the first 24 bits of the IP address in the bitcoin network peer, sent the packet to the darknet. The contribution of this paper is three-fold: (1) we employ a novel approach to analyze a bitcoin network using Darknet dataset, (2) we identify the malicious node in the same network as the honest peer, and (3) we clarify the network deployments of Bitcoin peers and malicious nodes.
Mitsuyoshi Imamura, Kazumasa Omote

### VODKA: Virtualization Obfuscation Using Dynamic Key Approach

Abstract
The virtualization obfuscation technique is known to possess excellent security among software protection techniques. However, research has shown that virtualization obfuscation techniques can be analyzed by automated analysis tools because the deobfuscate virtualization obfuscation methodology is fixed. In this situation, additional protection techniques of the virtualization structure have been studied to supplement the protection strength of virtualization obfuscation. However, most of the proposed protection schemes require a special assumption or significantly increase the overhead of the program to be protected.
In this paper, we propose a delayed analysis method for a lightweight virtualization structure that does not require a strong assumption. Hence, we propose a new virtual code protection scheme combining an anti-analysis technique and dynamic key, and explain its mechanism. This causes correspondence ambiguity between the virtual code and the handler code, thus causing analysis delay. In addition, we show the result of debugging or dynamic instrumentation experiment when the additional anti-analysis technique is applied.
Jae-Yung Lee, Jae Hyuk Suk, Dong Hoon Lee

### Reliable Rowhammer Attack and Mitigation Based on Reverse Engineering Memory Address Mapping Algorithms

Abstract
Rowhammer attacks intentionally induce bit flips to corrupt victim’s data whose integrity must be guaranteed. To perform sophisticated rowhammer attacks, attackers need to repeatedly access the neighboring rows of target data. In DRAM, however, the physical addresses of neighboring rows are not always contiguous even if they are located before or after a target row. Hence, it is important to know the mapping algorithm which maps between physical addresses and physical row indexes not only for an attack but also for protection.
In this paper, we introduce a method to reverse engineer the exact mapping algorithm and demonstrate that the assumption in previous rowhammer work is faulty. In addition, we introduce a novel and efficient rowhammer method and improve existing mitigations that has a security hole caused by the faulty assumption. Finally, we evaluate the effectiveness of the proposed attack and show that the proposed mitigation almost perfectly defends against rowhammer attacks.
Saeyoung Oh, Jong Kim

### A Study on Analyzing Risk Scenarios About Vulnerabilities of Security Monitoring System: Focused on Information Leakage by Insider

Abstract
Information leakage by insider results in financial losses and ethical issues, thus affects business sustainability as well as corporate reputation. In Korea, information leakage by insiders occupies about 80% of the security incidents. Most companies are establishing preventive and prohibited security policies. Nevertheless, security incidents are unceasing. Such restrictive security policies inhibit work efficiency or make employees recognize security negatively. Due to these problems, the rapid detection capability of leakage signs is required. To detect the signs of information leakage, security monitoring is an essential activity. This study is an exploratory case study that analyzed the current state of security monitoring operated by three companies in Korea and provides some risk scenarios about information leakage. For the case analysis, this study collected each company’s security policy, systems linked with security monitoring system, and system log used. As a result, this study identified vulnerabilities that were difficult to be detected with the current security monitoring system, and drew 4 risk scenarios that were likely to occur in the future. The results of this study will be useful for the companies that are planning to establish effective security monitoring system.
Kunwoo Kim, Jungduk Kim

### Analysis and Visualization of Threats

#### Frontmatter

Abstract
Security is not just a technical problem, but it is a business problem. Companies are facing highly-sophisticated and targeted cyber attacks everyday, and losing a huge amount of money as well as private data. Threat intelligence helps in predicting and reacting to such problems, but extracting well-organized threat intelligence from enormous amount of information is significantly challenging. In this paper, we propose a novel technique for visualizing security alerts, and implement it in a system that we call AlertVision, which provides an analyst with a visual summary about the correlation between security alerts. The visualization helps in understanding various threats in wild in an intuitive manner, and eventually benefits the analyst to build TI. We applied our technique on real-world data obtained from the network of 85 organizations, which include 5,801,619 security events in total, and summarized lessons learned.
Jina Hong, JinKi Lee, HyunKyu Lee, YoonHa Chang, KwangHo Choi, Sang Kil Cha

### A New Bayesian Approach to Exploring Damaged Assets by Monitoring Mission Failures Caused by Undetected Attack

Abstract
Modern military systems operated with a complex of computers and software may have mission failure which is caused by undetected attacks. In such situations, it is important to find out which assets are damaged. After identifying damaged assets, we need to immediately examine the damaged assets to defend against the attacks. However, it is not straightforward to explore the damaged assets because there are the complicated relationships among assets, tasks and missions. In this paper, we propose an effective methodology to infer the damaged assets given observed mission impacts in a Bayesian framework. We used Bayesian networks to model assets, tasks, missions and to set the relationships among them. Our approach visually infers and identifies the damaged assets with the probability. We show that proposed Bayesian framework is practical and useful with the use case experiment.
Shinwoo Shim, Ji Won Yoon

### Threat Modeling and Analysis of Voice Assistant Applications

Abstract
Voice assistant is an application that helps users to interact with their devices using voice commands in a more intuitive and natural manner. Recently, many voice assistant applications have been popularly deployed on smartphones and voice-controlled smart speakers. However, the threat and security of those applications have been examined only in very few studies. In this paper, we identify potential threats to voice assistant applications and assess the risk of those threats using the STRIDE and DREAD models. Our threat modeling demonstrates that generic voice assistants can potentially have 16 security threats. To mitigate the identified threats, we also discuss several defense strategies.
Geumhwan Cho, Jusop Choi, Hyoungshick Kim, Sangwon Hyun, Jungwoo Ryoo

### Secure Comparison Protocol with Encrypted Output and the Computation for Proceeding 2 Bits-by-2 Bits

Abstract
A secure comparison protocol computes a comparison result between private information from inputs without leakage of the information. It is a very important factor in many potential applications such as secure multi-party computation. These protocols under Yao’s Millionaires’ Problem output a plaintext of a comparison result. Because of this feature, however, these protocols are not suitable for some applications such as secure biometrics, secure statistics and so on. From this concern, we focus on a secure comparison protocol whose output is one bit encrypted comparison result. In recent works, the computation of such protocols proceeds bit-by-bit. For this reason, these protocols still have a problem about the efficiency. In this paper, as a first step of our study, we propose two secure comparison protocols with encrypted output. As an interesting feature, the computation of one of our protocols proceeds 2 bits-by-2 bits. We prove the correctness of our protocols and estimate the computational cost. Moreover we discuss the security of our protocols against semi-honest model.
Takumi Kobayashi, Keisuke Hakuta

### Blockchain-Based Decentralized Key Management System with Quantum Resistance

Abstract
The blockchain technique was first proposed called Bitcoin in 2008 and is a distributed database technology. Public Key Infrastructure (PKI) system, which is one of the key management systems, is a centralized system. There is a possibility of single point failure in currently used centralized PKI system. Classical digital signature algorithm; ECDSA has used the well-known cryptocurrencies such as Bitcoin and Ethereum. Using the Shor’s algorithm, it is vulnerable to an attack by the quantum adversary. In this paper, we propose a blockchain-based key management system using quantum-resistant cryptography. Since it uses a GLP digital signature scheme, which is a secure lattice-based digital signature scheme. Therefore, our construction is based on quantum-resistant cryptography, it is secure against the attack of a quantum adversary and ensures long-term safety. In addition, we design a decentralized blockchain structure with extended X.509 certificate, and it is secure for the single point of failure.
Hyeongcheol An, Rakyong Choi, Kwangjo Kim

### A Construction of a Keyword Search to Allow Partial Matching with a Block Cipher

Abstract
This paper considers a new construction of a keyword search including partial matching on an encrypted document. Typically, an index-based searchable symmetric encryption has been investigated. However, it makes a partial keyword matching difficult without a designated trapdoor. Thus, our objective is to propose a keyword search scheme which enables us to search a part of a keyword only by building trapdoors of each original keyword. The main idea is to insulate each character of a keyword into a bitstream of the sequence generated by a pseudorandom number generator. It achieves a partial search by giving a restriction on the length of a keyword.
Yuta Kodera, Minoru Kuribayashi, Takuya Kusaka, Yasuyuki Nogami

### Compact LEA and HIGHT Implementations on 8-Bit AVR and 16-Bit MSP Processors

Abstract
In this paper, we revisited the previous LEA and HIGHT implementations on the low-end embedded processors. First, the general purpose registers are fully utilized to cache the intermediate results of delta variable during key scheduling process of LEA. By caching the delta variables, the number of memory access is replaced to the relatively cheap register access. Similarly, the master key and plaintext are cached during key scheduling and encryption of HIGHT block cipher, respectively. Second, stack storage and pointer are fully utilized to store the intermediate results and access the round keys. This approach solves the limited storage problem and saves one general purpose register. Third, indirect addressing mode is more efficient than indexed addressing mode. In the decryption process of LEA, the round key pair is efficiently accessed through indirect addressing with minor address modification. Fourth, 8-bit word operations for HIGHT is efficiently handled by 16-bit wise instruction of 16-bit MSP processors. Finally, the proposed LEA implementations on the representative 8-bit AVR and 16-bit MSP processors are fully evaluated in terms of code size, RAM and execution timing. The proposed implementations over the target processors (8-bit AVR processor, 16-bit MSP processor) are faster than previous works by (13.6%, 9.3%), (0.6%, 8.5%), and (3.4%, 1.5%) for key scheduling, encryption, and decryption, respectively. Similarly, the proposed HIGHT implementations on the 16-bit MSP processors are faster than previous works by 38.6%, 33.7%, and 33.6% for key scheduling, encryption, and decryption, respectively.
Hwajeong Seo, Kyuhwang An, Hyeokdong Kwon