Frequency-comb-referenced multi-wavelength profilometry for largely stepped surfaces.

Hyun, Sangwon,Choi, Minah,Chun, Byung Jae,Kim, Seungman,Kim, Seung-Woo,Kim, Young-Jin Optical Society of America 2013 Optics express Vol.21 No.8

<P>3-D profiles of discontinuous surfaces patterned with high step structures are measured using four wavelengths generated by phase-locking to the frequency comb of an Er-doped fiber femtosecond laser stabilized to the Rb atomic clock. This frequency-comb-referenced method of multi-wavelength interferometry permits extending the phase non-ambiguity range by a factor of 64,500 while maintaining the sub-wavelength measurement precision of single-wavelength interferometry. Experimental results show a repeatability of 3.13 nm (one-sigma) in measuring step heights of 1800, 500, and 70 μm. The proposed method is accurate enough for the standard calibration of gauge blocks and also fast to be suited for the industrial inspection of microelectronics products.</P>

Secure and DoS-Resilient Fragment Authentication in CCN-Based Vehicular Networks

Hyun, Sangwon,Kim, Hyoungshick WILEY INTERSCIENCE 2018 WIRELESS COMMUNICATIONS AND MOBILE COMPUTING Vol.2018 No.-

<P>Content-Centric Networking (CCN) is considered as a promising alternative to traditional IP-based networking for vehicle-to-everything communication environments. In general, CCN packets must be fragmented and reassembled based on the Maximum Transmission Unit (MTU) size of the content delivery path. It is thus challenging to securely protect fragmented packets against attackers who intentionally inject malicious fragments to disrupt normal services on CCN-based vehicular networks. This paper presents a new secure content fragmentation method that is resistant to Denial-of-Service (DoS) attacks in CCN-based vehicular networks. Our approach guarantees the authenticity of each fragment through the immediate fragment verification at interim nodes on the routing path. Our experiment results demonstrate that the proposed approach provides much stronger security than the existing approach named FIGOA, without imposing a significant overhead in the process. The proposed method achieves a high immediate verification probability of 98.2% on average, which is 52% higher than that of FIGOA, while requiring only 14% more fragments than FIGOA.</P>

Absolute length measurement with the frequency comb of a femtosecond laser

Hyun, Sangwon,Kim, Young-Jin,Kim, Yunseok,Jin, Jonghan,Kim, Seung-Woo IOP Pub 2009 Measurement Science and Technology Vol.20 No.9

<P>We report exploiting the frequency comb of a femtosecond laser as a means of realizing the time-based SI definition of the meter for length metrology. Specifically, an external-cavity diode laser is continuously tuned to a stabilized frequency comb, and its output frequency is modulated over an extensive range to measure the absolute value of a given length by means of multi-wavelength optical interferometry. This approach could find applications in establishing practical length standards with a small amount of uncertainty directly traceable to time standards.</P>

Interface to Network Security Functions for Cloud-Based Security Services

Hyun, Sangwon,Kim, Jinyong,Kim, Hyoungshick,Jeong, Jaehoon,Hares, Susan,Dunbar, Linda,Farrel, Adrian Institute of Electrical and Electronics Engineers 2018 IEEE communications magazine Vol.56 No.1

<P>Network functions virtualization and cloudbased security services will become increasingly common in enterprise network systems to reduce the system operation costs and take advantage of the diverse network security functions (NSFs) developed by multiple vendors. In such a network environment, standardizing the interfaces to the NSFs of different vendors is essential to simplify the management of these heterogeneous NSFs. In addition, software-defined networking can be imposed to optimize the security service process in such cloud-based service environments by enforcing some types of packet filtering rules at the SDN switches, instead of NSFs possibly placed in remote clouds. The Interface to Network Security Functions (I2NSF) Working Group, which is part of the Internet Engineering Task Force, is currently developing a set of standard interfaces to such heterogeneous NSFs. In this article, we present the design and development of an I2NSF architecture and propose improving its efficiency by integrating it with SDN. In our work, we implement the SDN-integrated I2NSF architecture and its security applications. This article also discusses several standardization and research challenges for I2NSF.</P>

Design and Analysis of Push Notification-Based Malware on Android

Hyun, Sangwon,Cho, Junsung,Cho, Geumhwan,Kim, Hyoungshick Hindawi Limited 2018 Security and communication networks Vol.2018 No.-

<P>Establishing secret command and control (C&C) channels from attackers is important in malware design. This paper presents design and analysis of malware architecture exploiting push notification services as C&C channels. The key feature of the push notification-based malware design is<I> remote triggering</I>, which allows attackers to trigger and execute their malware by push notifications. The use of push notification services as covert channels makes it difficult to distinguish this type of malware from other normal applications also using the same services. We implemented a backdoor prototype on Android devices as a proof-of-concept of the push notification-based malware and evaluated its stealthiness and feasibility. Our malware implementation effectively evaded the existing malware analysis tools such as 55 antimalware scanners from VirusTotal and SandDroid. In addition, our backdoor implementation successfully cracked about 98% of all the tested unlock secrets (either PINs or unlock patterns) in 5 seconds with only a fraction (less than 0.01%) of the total power consumption of the device. Finally, we proposed several defense strategies to mitigate push notification-based malware by carefully analyzing its attack process. Our defense strategies include filtering subscription requests for push notifications from suspicious applications, providing centralized management and access control of registration tokens of applications, detecting malicious push messages by analyzing message contents and characteristic patterns demonstrated by malicious push messages, and detecting malware by analyzing the behaviors of applications after receiving push messages.</P>

시스템 오브 시스템즈의 효율적 검증을 위한 목표 모델 슬라이싱

현상원(Sangwon Hyun),송지영(Jiyoung Song),지은경(Eunkyoung Jee),배두환(Doo-Hwan Bae) 한국정보과학회 2018 한국정보과학회 학술발표논문집 Vol.2018 No.12

NFV 기반 네트워크 보안 서비스 시스템

현상원(Sangwon Hyun) 한국정보보호학회 2017 情報保護學會誌 Vol.27 No.1

네트워크 기능 가상화(Network Function Virtualization, NFV) 기술은 기존에 물리적인 장비 형태로 제공되던 네트워크 기능들을 소프트웨어로 구현하여 가상의 인스턴스 형태로 제공하는 것을 말한다. 이런 NFV 기술을 통해 가용한 네트워크자원들의 효율적인 활용과 가변적인 시스템 상황에 대한 유연한 대응이 가능하다. 이러한 NFV 기술이 점차 발전하면서 네트워크 보안 분야에서도 보안 서비스 벤더들이 자신들의 클라우드 시스템을 통해 소프트웨어 기반 다양한 네트워크 보안기능들을 제공하는 시스템 형태가 점차 나타나고 있다. 본 논문에서는 NFV 기반 네트워크 보안 서비스 제공 시스템을 위한 참고 아키텍처로서 국제 인터넷 기술 표준화 단체인 IETF의 Interface to Network Security Functions (I2NSF) working group에서 제안한 I2NSF 시스템을 소개한다. 그리고 이러한 시스템 모델을 기반으로 NFV 기반 네트워크 보안 서비스 제공 시스템 설계 및 개발 시 고려해야 할 주요 연구이슈들에 관해 논의한다.

Empirical Modeling and Extraction of Parasitic Resistance in Amorphous Indium–Gallium–Zinc Oxide Thin-Film Transistors

Jun-Hyun Park,Hyun-Kwang Jung,Sungchul Kim,Sangwon Lee,Dong Myong Kim,Dae Hwan Kim IEEE 2011 IEEE transactions on electron devices Vol.58 No.8

<P>We propose an extraction technique for parasitic resistance (<I>RP</I>) with <I>L</I>-, <I>V</I><SUB>GS</SUB>-, and <I>V</I><SUB>DS</SUB>-dependences even for large <I>V</I><SUB>DS</SUB> in amorphous indium-gallium-zinc oxide thin-film transistors (<I>a</I>-IGZO TFTs), by employing <I>I</I><SUB>DS</SUB>-<I>V</I><SUB>GS</SUB> characteristics (as a function of <I>V</I><SUB>DS</SUB> ) of two <I>a</I>-IGZO TFTs with different channel lengths ( <I>L</I><SUB>1</SUB> and <I>L</I><SUB>2</SUB> ). The resistance between the source and drain is modeled as an effective total resistance defined as <I>RT</I><SUP>*</SUP> ≡ <I>V</I><SUB>DS</SUB>/<I>ID</I> for all over the drain bias <I>V</I><SUB>DS</SUB> including both linear and saturation regions. The proposed method can be efficiently employed to model dc <I>I</I>-<I>V</I> characteristics and extract the parasitic resistance in <I>a</I>-IGZO TFTs even with short channel lengths, because the internal drain voltage (<I>V</I><SUB>DS</SUB><SUP>'</SUP>) is accurately calculated as a function of <I>V</I><SUB>GS</SUB>, <I>V</I><SUB>DS</SUB>, and <I>L</I> by deembedding the voltage drop across the parasitic resistance <I>R</I><SUB>P</SUB>.</P>

콘텐츠 중심 네트워크를 위한 안전한 패킷 단편화 기술

현상원(Sangwon Hyun) 한국정보보호학회 2017 정보보호학회논문지 Vol.27 No.4

본 논문에서는 콘텐츠 중심 네트워크(CCN, Content-Centric Networking)를 위한 안전한 패킷 단편화(fragmentation) 기술을 제안한다. 제안하는 기술은 패킷조각(fragment)들에 대한 불법적인 위변조 가능성을 차단하고, 패킷조각 수신 시 높은 확률로 즉각적인 신뢰성 검증을 제공함으로써 검증 지연을 악용한 DoS 공격으로부터 높은 안전성을 제공한다. 본 논문의 성능 분석 결과는 약간의 부하 증가만으로 제안하는 기술이 기존 기술보다 훨씬 더 높은 안전성을 제공함을 보여준다. This paper presents a secure and DoS-resistant fragment authentication technique for Content-Centric Networking (CCN). Our approach not only guarantees the authenticity of each fragment, but also provides a high resistance to DoS attacks through the immediate verification of fragment authenticity at interim nodes on the routing path. Our experimental results demonstrate that the proposed approach provides much stronger security than the existing approach, without imposing a significant overhead.

시스템 오브 시스템즈의 오류 위치 추정을 위한 통계적 검증 결과 활용 기법 분석

현상원(Sangwon Hyun),신용준(Yong-Jun Shin),배두환(Doo-Hwan Bae) 한국정보과학회 2019 한국정보과학회 학술발표논문집 Vol.2019 No.6