Publications.olds

XDAC: XAI-Driven Detection and Attribution of LLM-Generated News Comments in Korean

Too Much of a Good Thing: (In-)Security of Mandatory Security Software for Financial Services in South Korea

Revisiting GPS Spoofing in Phasor Measurement: Real-World Exploitation and Practical Detection in Power Grids

Passive 3-D User Equipment Tracking Using Long-Term Evolution Uplink Signals

LLFuzz: An Over-the-Air Dynamic Testing Framework for Cellular Baseband Lower Layers

Impact LLFuzz uncovered 11 previously unknown vulnerabilities across 15 commercial smartphones from major vendors including Qualcomm, MediaTek, Samsung, and Apple. Seven of these …

FirmState: Bringing Cellular Protocol States to Shannon Baseband Emulation

CITesting: Systematic Testing of Context Integrity Violations in LTE Core Networks

🏆 Distinguished Paper Award Impact We uncovered 29, 22, 16, and 59 distinct CIVs in Open5GS, srsRAN, Amarisoft, and Nokia LTE cores, respectively. These allow remote detachment, …

Enabling Physical Localization of Uncooperative Cellular Devices

A Systematic Study of Physical Sensor Attack Hardness

Un-Rocking Drones: Foundations of Acoustic Injection Attacks and Recovery Thereof

Preventing SIM Box Fraud Using Device Model Fingerprinting

Impact We are currently testing our solution with a major operator in Korea.

Paralyzing Drones via EMI Signal Injection on Sensory Communication Channels

LTESniffer: An Open-source LTE Downlink/Uplink Eavesdropper

Impact LTESniffer is open-sourced at https://github.com/SysSec-KAIST/LTESniffer). It is very popular in github, receiving 1,212 stars with 128 forked project. There are at least …

Lightbox: Sensor Attack Detection for Photoelectric Sensors via Spectrum Fingerprinting

Delegation of TLS Authentication to CDNs using Revocable Delegated Credentials

BASECOMP: A Comparative Analysis for Integrity Protection in Cellular Baseband Software

Watching the Watchers: Practical Video Identification Attack in LTE Networks

Impact Although it is too early to determine the impact of the video identification work, it was discussed in 2022 August 3GPP meeting (S3-221922). We plan to exploit information …

HearMeOut: detecting voice phishing activities in Android

Media Coverage IT Media

DoLTEst: In-depth Downlink Negative Testing Framework for LTE Devices

Impact This paper was discussed in a 3GPP SA3 meeting. It is currently open-sourced at https://github.com/SysSec-KAIST/DoLTEst. We uncovered 26 implementation flaws from 43 devices …

Cellular Security: Why is it difficult?

Attack of the Clones: Measuring the Maintainability, Originality and Security of Bitcoin 'Forks' in the Wild

Are There Wireless Hidden Cameras Spying on Me?

Enabling the Large-Scale Emulation of Internet of Things Firmware With Heuristic Workarounds

BaseSpec: Comparative Analysis of Baseband Software and Cellular Specifications for L3 Protocols

Amnesiac DRAM: A Proactive Defense Mechanism Against Cold Boot Attacks

The System That Cried Wolf: Sensor Security Analysis of Wide-area Smoke Detectors for Critical Infrastructure

SoK: A Minimalist Approach to Formalizing Analog Sensor Security

Revisiting Binary Code Similarity Analysis using Interpretable Feature Engineering and Lessons Learned

FirmAE: Towards Large-Scale Emulation of IoT Firmware for Dynamic Analysis

Analysis of LFT2

Who Spent My EOS? On the (In)Security of Resource Management of EOS.IO

Tractor Beam: Safe-hijacking of Consumer Drones with Adaptive GPS Spoofing

Touching the Untouchables: Dynamic Security Analysis of the LTE Control Plane

Impact Immediately after the paper is published online, we’ve received inquiries from many operators such as Deutche Telecom, Google Project Fi, Singtel, etc if we can visit their …

Is Stellar As Secure As You Think?

Media Coverage Cointelegraph: Stellar’s Blockchain Briefly Goes Offline Confirming the Project Lacks Decentralization Safety vs. Liveness in the Stellar Network David Mazi'eres

Impossibility of Full Decentralization in Permissionless Blockchains

Hiding in Plain Signal: Physical Signal Overshadowing Attack on LTE

Impact The initial response from GSMA was disappointing as they viewed this work as only academically interesting. However, it turned out to be important for both academia and …

Hidden Figures: Comparative Latency Analysis of Cellular Networks with Fine-grained State Machine Models

Doppelg\"angers on the Dark Web: A Large-scale Assessment on Phishing Hidden Web Services

Cybercriminal Minds: An investigative study of cryptocurrency abuses in the Dark Web

Bitcoin vs. Bitcoin Cash: Coexistence or Downfall of Bitcoin Cash?

An Eye for an Eye: Economics of Retaliation in Mining Pools

Peeking Over the Cellular Walled Gardens - A Method for Closed Network Diagnosis -

Large-Scale Analysis of Remote Code Injection Attacks in Android Apps

GyrosFinger: Fingerprinting Drones for Location Tracking Based on the Outputs of MEMS Gyroscopes

GUTI Reallocation Demystified: Cellular Location Tracking with Changing Temporary Identifier

Impact Our first paperkune2012location in 2012 was discussed in three SA3 meetings held in 2017 across multiple documents: TSG3_086_SophiaSA3 meeting as part of 86th 3GPP meeting …

When Cellular Networks Met IPv6: Security Problems of Middleboxes in IPv6 Cellular Networks

Illusion and Dazzle: Adversarial Optical Channel Exploits against Lidars for Automotive Applications

Media Coverage The Register

Crime Scene Reconstruction: Online Gold Farming Network Analysis

Be Selfish and Avoid Dilemmas: Fork After Withholding (FAW) Attacks on Bitcoin

Media Coverage ACM The Morning Paper

This Ain't Your Dose: Sensor Spoofing Attack on Medical Infusion Pump

Supply-Chain Security for Cyberinfrastructure [Guest editors' introduction]

Sampling Race: Bypassing Timing-Based Analog Active Sensor Spoofing Detection on Analog-Digital Systems

Private Over-Threshold Aggregation Protocols over Distributed Datasets

PIkit: A New Kernel-Independent Processor-Interconnect Rootkit

Pay as You Want: Bypassing Charging System in Operational Cellular Networks

Enabling Automatic Protocol Behavior Analysis for Android Applications

Doppelganger in Bitcoin Mining Pools: An Analysis of the Duplication Share Attack

Dissecting Customized Protocols: Automatic Analysis for Customized Protocols based on IEEE 802.15.4

🏆 Best Paper Award

Decoder-Free Sino-Korean Shellcode

Timing Attacks on Access Privacy in Information Centric Networks and Countermeasures

Security Analysis of FHSS-type Drone Controller

Rocking Drones with Intentional Sound Noise on Gyroscopic Sensors

Hijacking the Vuze BitTorrent network: all your hop are belong to us

Frying PAN: Dissecting Customized Protocol for Personal Area Network

Extractocol: Autoatic Extraction of Application-level Protocol Behaviors for Android Applications

BurnFit: Analyzing and Exploiting Wearable Devices

Breaking and Fixing VoLTE: Exploiting Hidden Data Channels and Mis-implementations

Impact At the time, only South Korea and the United States had widely deployed Voice over LTE (VoLTE) technology, so no other countries were affected. The vulnerabilities were …

Bittersweet ADB: Attacks and Defenses

Successful Profiling Attacks with Different Measurement Environments for Each Phase

Run Away If You Can: - Persistent Jamming Attacks against Channel Hopping Wi-Fi Devices in Dense Networks

Revisiting security of proportional fair scheduler in wireless cellular networks

Gaining Control of Cellular Traffic Accounting by Spurious TCP Retransmission

Impact We discovered that Korean operators are more concerned with over-charging than charging bypass. This is because over-charging can result in penalties from the government. …

First Experimental Result of Power Analysis Attacks on a FPGA Implementation of LEA

Analyzing Security of Korean USIM-Based PKI Certificate Service

Using Principal Component Analysis for Practical Biasing of Power Traces to Improve Power Analysis Attacks

Trustworthy distributed computing on social networks

Towards accurate accounting of cellular data for TCP retransmission

Impact We discovered that Korean operators are more concerned with over-charging than charging bypass. This is because over-charging can result in penalties from the government. …

Secure Encounter-Based Mobile Social Networks: Requirements, Designs, and Tradeoffs

Peer Pressure: Exerting Malicious Influence on Routers at a Distance

Ghost Talk: Mitigating EMI Signal Injection Attacks against Analog Sensors

Media Coverage The Register

Dynamix: anonymity on dynamic social structures

Attacking the kad network - real world evaluation and high fidelity simulation using DVN

Taking Routers Off Their Meds: Why Assumptions Of Router Stability Are Dangerous

Security Evaluation of Cryptographic Modules against Profiling Attacks

Protecting access privacy of cached contents in information centric networks

Private Top-k Aggregation Protocols

Private Over-Threshold Aggregation Protocols

One-Way Indexing for Plausible Deniability in Censorship Resistant Storage

On the mixing time of directed social graphs and security implications

Measuring bias in the mixing time of social graphs due to graph sampling

Location leaks over the GSM air interface

Impact Our first paperkune2012location in 2012 was discussed in three SA3 meetings held in 2017 across multiple documents: TSG3_086_SophiaSA3 meeting as part of 86th 3GPP meeting …

Understanding Social Networks Properties for Trustworthy Computing

The Frog-Boiling Attack: Limitations of Secure Network Coordinate Systems

SocialCloud: Using Social Networks for Building Distributed Computing Services

Security Requirements of Certificate Validation in Web Security

Mistaking friends for foes: an analysis of a social network-based Sybil defense in mobile networks

Keep your friends close: Incorporating trust into social network-based Sybil defenses

Timing attacks on PIN input devices

Secure encounter-based social networks: requirements, challenges, and designs

Recruiting new tor relays with BRAIDS

On Homomorphic Signatures for Network Coding

Measuring the mixing time of social graphs

Losing control of the internet: using the data plane to attack the control plane

Media Coverage New Scientist ZDNet The Register

Efficient Cryptographic Primitives for Private Data Mining

Designs to account for trust in social network-based sybil defenses

Balancing the shadows

Why Kad Lookup Fails

Towards complete node enumeration in a peer-to-peer botnet

The Frog-Boiling Attack: Limitations of Anomaly Detection for Secure Network Coordinate Systems

Scalable onion routing with torsk

On protecting integrity and confidentiality of cryptographic file system for outsourced storage

Membership-concealing overlay networks

Hashing it out in public: common failure modes of DHT-based anonymity schemes

Voice coil motor nano stage with an eddy current damper

Secure localization with phantom node detection

Provably Secure Timed-Release Public Key Encryption

Attacking the Kad network

Realistic Sensing Area Modeling

Exploring in-situ sensing irregularity in wireless sensor networks

Detecting Phantom Nodes in Wireless Sensor Networks

Combating Double-Spending Using Cooperative P2P Systems

Building Trust in Storage Outsourcing: Secure Accounting of Utility Storage

Privacy Protection in PKIs: A Separation-of-Authority Approach

Privacy Preserving Nearest Neighbor Search

Integrating an Eclipse-Based Scenario Modeling Environment with a Requirements Management System

Achieving realistic sensing area modeling

Strengthening Password-Based Authentication Protocols Against Online Dictionary Attacks

Securing distributed storage: challenges, techniques, and systems

Remote Software-Based Attestation for Wireless Sensors

Timed-Release and Key-Insulated Public Key Encryption

Secure Group Communication Using Robust Contributory Key Agreement

Revisiting random key pre-distribution schemes for wireless sensor networks

Group Key Agreement Efficient in Communication

Design and implementation of a secure multi-agent marketplace

Batch Verifications with ID-Based Signatures

A New ID-based Signature with Batch Verification

Security model for a multi-agent marketplace

Secure group key management for storage area networks

Decentralized Authentication Mechanisms for Object-based Storage Devices

An Efficient Tree-Based Group Key Agreement Using Bilinear Map

Admission Control in Peer Groups

Tree-based Group Key Agreement

Secure Group Services for Storage Area Networks

On the Performance of Group Key Agreement Protocols

Exploring Robustness in Group Key Agreement

Design and control of a two degree of freedom haptic device for the application of PC video games

Communication-Efficient Group Key Agreement

Simple and fault-tolerant key agreement for dynamic collaborative groups

Secure Group Communication in Asynchronous Networks with Failures: Integration and Experiments

On the Design of a Stream Cipher and a Hash Function Suitable to Smart Card Applications