[Blockchain and Cryptocurrency] 09. Blockchain Usage Beyond Currency - Way to...Seungjoo Kim
'Blockchain and Cryptocurrency' Subject @ Korea University, 2021
01. Syllabus
02. Blockchain Overview and Introduction - Technical Concepts of Blockchain Systems -
03. Blockchain's Theoretical Foundation, Cryptography
04. Bitcoin and Nakamoto Blockchain
05. Ethereum and Smart Contract
06. NFT and Metaverse
07. Cardano(ADA) and Other Altcoins
08. Dark Coins
09. Blockchain Usage Beyond Currency - Way to Design Good Blockchain Business Models -
[Blockchain and Cryptocurrency] 05. Ethereum and Smart ContractSeungjoo Kim
'Blockchain and Cryptocurrency' Subject @ Korea University, 2021
01. Syllabus
02. Blockchain Overview and Introduction - Technical Concepts of Blockchain Systems -
03. Blockchain's Theoretical Foundation, Cryptography
04. Bitcoin and Nakamoto Blockchain
05. Ethereum and Smart Contract
06. NFT and Metaverse
07. Cardano(ADA) and Other Altcoins
08. Dark Coins
09. Blockchain Usage Beyond Currency - Way to Design Good Blockchain Business Models -
[Blockchain and Cryptocurrency] 07. Cardano(ADA) and Other AltcoinsSeungjoo Kim
'Blockchain and Cryptocurrency' Subject @ Korea University, 2021
01. Syllabus
02. Blockchain Overview and Introduction - Technical Concepts of Blockchain Systems -
03. Blockchain's Theoretical Foundation, Cryptography
04. Bitcoin and Nakamoto Blockchain
05. Ethereum and Smart Contract
06. NFT and Metaverse
07. Cardano(ADA) and Other Altcoins
08. Dark Coins
09. Blockchain Usage Beyond Currency - Way to Design Good Blockchain Business Models -
[Blockchain and Cryptocurrency] 03. Blockchain's Theoretical Foundation, Cryp...Seungjoo Kim
'Blockchain and Cryptocurrency' Subject @ Korea University, 2021
01. Syllabus
02. Blockchain Overview and Introduction - Technical Concepts of Blockchain Systems -
03. Blockchain's Theoretical Foundation, Cryptography
04. Bitcoin and Nakamoto Blockchain
05. Ethereum and Smart Contract
06. NFT and Metaverse
07. Cardano(ADA) and Other Altcoins
08. Dark Coins
09. Blockchain Usage Beyond Currency - Way to Design Good Blockchain Business Models -
[Blockchain and Cryptocurrency] 09. Blockchain Usage Beyond Currency - Way to...Seungjoo Kim
'Blockchain and Cryptocurrency' Subject @ Korea University, 2021
01. Syllabus
02. Blockchain Overview and Introduction - Technical Concepts of Blockchain Systems -
03. Blockchain's Theoretical Foundation, Cryptography
04. Bitcoin and Nakamoto Blockchain
05. Ethereum and Smart Contract
06. NFT and Metaverse
07. Cardano(ADA) and Other Altcoins
08. Dark Coins
09. Blockchain Usage Beyond Currency - Way to Design Good Blockchain Business Models -
[Blockchain and Cryptocurrency] 05. Ethereum and Smart ContractSeungjoo Kim
'Blockchain and Cryptocurrency' Subject @ Korea University, 2021
01. Syllabus
02. Blockchain Overview and Introduction - Technical Concepts of Blockchain Systems -
03. Blockchain's Theoretical Foundation, Cryptography
04. Bitcoin and Nakamoto Blockchain
05. Ethereum and Smart Contract
06. NFT and Metaverse
07. Cardano(ADA) and Other Altcoins
08. Dark Coins
09. Blockchain Usage Beyond Currency - Way to Design Good Blockchain Business Models -
[Blockchain and Cryptocurrency] 07. Cardano(ADA) and Other AltcoinsSeungjoo Kim
'Blockchain and Cryptocurrency' Subject @ Korea University, 2021
01. Syllabus
02. Blockchain Overview and Introduction - Technical Concepts of Blockchain Systems -
03. Blockchain's Theoretical Foundation, Cryptography
04. Bitcoin and Nakamoto Blockchain
05. Ethereum and Smart Contract
06. NFT and Metaverse
07. Cardano(ADA) and Other Altcoins
08. Dark Coins
09. Blockchain Usage Beyond Currency - Way to Design Good Blockchain Business Models -
[Blockchain and Cryptocurrency] 03. Blockchain's Theoretical Foundation, Cryp...Seungjoo Kim
'Blockchain and Cryptocurrency' Subject @ Korea University, 2021
01. Syllabus
02. Blockchain Overview and Introduction - Technical Concepts of Blockchain Systems -
03. Blockchain's Theoretical Foundation, Cryptography
04. Bitcoin and Nakamoto Blockchain
05. Ethereum and Smart Contract
06. NFT and Metaverse
07. Cardano(ADA) and Other Altcoins
08. Dark Coins
09. Blockchain Usage Beyond Currency - Way to Design Good Blockchain Business Models -
[Blockchain and Cryptocurrency] 06. NFT and MetaverseSeungjoo Kim
'Blockchain and Cryptocurrency' Subject @ Korea University, 2021
01. Syllabus
02. Blockchain Overview and Introduction - Technical Concepts of Blockchain Systems -
03. Blockchain's Theoretical Foundation, Cryptography
04. Bitcoin and Nakamoto Blockchain
05. Ethereum and Smart Contract
06. NFT and Metaverse
07. Cardano(ADA) and Other Altcoins
08. Dark Coins
09. Blockchain Usage Beyond Currency - Way to Design Good Blockchain Business Models -
[Blockchain and Cryptocurrency] 02. Blockchain Overview and Introduction - Te...Seungjoo Kim
'Blockchain and Cryptocurrency' Subject @ Korea University, 2021
01. Syllabus
02. Blockchain Overview and Introduction - Technical Concepts of Blockchain Systems -
03. Blockchain's Theoretical Foundation, Cryptography
04. Bitcoin and Nakamoto Blockchain
05. Ethereum and Smart Contract
06. NFT and Metaverse
07. Cardano(ADA) and Other Altcoins
08. Dark Coins
09. Blockchain Usage Beyond Currency - Way to Design Good Blockchain Business Models -
[Blockchain and Cryptocurrency] 04. Bitcoin and Nakamoto BlockchainSeungjoo Kim
'Blockchain and Cryptocurrency' Subject @ Korea University, 2021
01. Syllabus
02. Blockchain Overview and Introduction - Technical Concepts of Blockchain Systems -
03. Blockchain's Theoretical Foundation, Cryptography
04. Bitcoin and Nakamoto Blockchain
05. Ethereum and Smart Contract
06. NFT and Metaverse
07. Cardano(ADA) and Other Altcoins
08. Dark Coins
09. Blockchain Usage Beyond Currency - Way to Design Good Blockchain Business Models -
[Blockchain and Cryptocurrency] 01. SyllabusSeungjoo Kim
'Blockchain and Cryptocurrency' Subject @ Korea University, 2021
01. Syllabus
02. Blockchain Overview and Introduction - Technical Concepts of Blockchain Systems -
03. Blockchain's Theoretical Foundation, Cryptography
04. Bitcoin and Nakamoto Blockchain
05. Ethereum and Smart Contract
06. NFT and Metaverse
07. Cardano(ADA) and Other Altcoins
08. Dark Coins
09. Blockchain Usage Beyond Currency - Way to Design Good Blockchain Business Models -
Kid Blockchain - Everything You Need to Know - (Part 1)Seungjoo Kim
Kid Blockchain - Everything You Need to Know - (Part 1)
01. 화폐의 역사 : 금에서부터 간편결제에 이르기까지 ... 4P
02. 비트코인의 탄생 ... 27P
03. 비트코인과 블록체인의 세부 동작원리 ... 85P
04. 작업증명(PoW)이란? ... 158P
05. 비트코인과 블록체인이 당면한 기술적 문제 ... 171P
대표적인 인터넷 서비스인 온라인게임에 존재하는 대표적인 fraud 인 게임봇/작업장에 대해 소개하고 이를 탐지하기 위한 알고리즘을 사례와 함께 설명한다.
더불어 간편결제 서비스에 지속적인 공격이 발생하고 있는데, 이를 조기 탐지하기 위한 방법에는 어떠한 것이 있을지 소개하도록 한다.
Nnstreamer stream pipeline for arbitrary neural networksNAVER Engineering
In the recent decade, we have witnessed widespread of deep neural networks and their applications. With the evolution of consumer electronics, the range of applicable devices for such deep neural networks is expanding as well to personal, mobile, or even wearable devices. The new challenge of such systems is to efficiently manage data streams between sensors (cameras, mics, radars, lidars, and so on), media filters, neural network models and their post processors, and applications. In order to tackle the challenge with less effort and more effect, we propose to implement general neural network supporting filters for Gstreamer, which is actively developed and tested at https://github.com/nnsuite/nnstreamer
With NNStreamer, neural network developers may easily configure streams with various sensors and models and execute the streams with high efficiency. Besides, media stream developers can now use deep neural networks as yet another media filters with much less efforts.
○ 개요
* Frequency별 금융 상품 소개 (크래프트 프로젝트 소개)
- Ultra low frequency : 자산배분문제 (3달 ~ 6달)
- low frequency : 로보어드바이저 (2달~3달)
- median frequency : 펀드, ETF (1달~2달)
- high frequency : 주문집행, 마켓메이킹 (일단위 밑)
○ 문제점 정의
- 금융데이터로 딥러닝을 할 경우 왜 학습이 안 되는가?
> 문제점 1 : Feature 종류 대비 짧은 Sequence 길이
> 문제점 2 : Feature 자체의 노이즈
> 문제점 3 : 문제점 1, 2로 인한 오버피팅 문제
- 레몬마켓
> 위 문제점들로 인해, 1) 퀀트 only 2) 퀀트 + 딥러닝 3) 잘못된 딥러닝이 대부분임.
> 이런 문제로 기존 로보어드바이저는 AI라는 이름을 달고 나오지만 실제로는 AI가 아닌 경우도 있고, 딥러닝을 쓰지만 성과가 나쁜 경우가 대다수임. 이런 문제로 금융 + 딥러닝 업체들에 대한 레몬마켓 현상이 발생.
○ 크래프트 해결책 (직관에 대한 최적화)
- (문제점1) Feature 종류 대비 짧은 Sequence를 어떻게 해결할 것인가?
> GAN등의 방법으로 Sequence를 연장할 수도 있지만 GAN 데이터가 시계열 데이터의 패턴을 완벽하게 반영하지 않으면 데이터 생성의 의미가 없으면, 금융데이터는 시계열 간의 관계도 매우 중요함. 따라서 부적절
> 직관적으로 퀀트들은 이런 문제를 해결하기 위해 경제적 함의점을 가지는 퀀트모델들을 만듦. (간단한 팩터모델들 소개)
> 우리는 퀀트모델들에 대한 직관적 사고 방식을 모사하는 딥러닝 모형을 설계. (팩터 모델, 자산배분모델 등에서 매우 잘 작동함을 확인)
- (문제점2) Feature 자체의 노이즈를 어떻게 해결할 것인가?
> stacked CNN AutoEncoder 기반의 노이즈 제거기술. 모듈로 확장가능성 존재
> (노이즈 제거가 잘 되는 자료 첨부, 이로 인한 학습 효과 증대)
- (문제점3) 그럼에도 발생하는 오버피팅 문제를 어떻게 해결할 것인가?
> Asynchronous Multi Network Learning Framework 소개.
> Beam search와 유사하게 각 프로세서 개별적으로 초기화된 네트워크를 가지고 학습을 진행. validation data로 검증 후 적자생존 방식으로 오버피팅 발생가능성 최소화
How the CC Harmonizes with Secure Software Development LifecycleSeungjoo Kim
How the CC Harmonizes with Secure Software Development Lifecycle @ ICCC 2013 (International Common Criteria Conference), which is a major conference for the community of experts involved in security evaluation
Developing a Protection Profile for Smart TVSeungjoo Kim
Developing a PP(Protection Profile) for Smart TV @ ICCC 2014 (International Common Criteria Conference), which is a major conference for the community of experts involved in security evaluation (September 9, 2014)
Using the CGC's Fully Automated Vulnerability Detection Tools in Security Eva...Seungjoo Kim
"Using the CGC's Fully Automated Vulnerability Detection Tools in Security Evaluation and Its Effectiveness - Are Tools Good for Hackers Good for Security Evaluators? -" @ CODE BLUE 2016, Tokyo, Japan (October 20, 2016)
PP(Protection Profile) for E-Certificate Issuance System @ ICCC 2010 (International Common Criteria Conference), which is a major conference for the community of experts involved in security evaluation
Problem and Improvement of the Composition Documents for Smart Card Composed ...Seungjoo Kim
Problem and Improvement of the Composition Documents for Smart Card Composed Product Evaluation @ ICCC 2013 (International Common Criteria Conference), which is a major conference for the community of experts involved in security evaluation
[Blockchain and Cryptocurrency] 06. NFT and MetaverseSeungjoo Kim
'Blockchain and Cryptocurrency' Subject @ Korea University, 2021
01. Syllabus
02. Blockchain Overview and Introduction - Technical Concepts of Blockchain Systems -
03. Blockchain's Theoretical Foundation, Cryptography
04. Bitcoin and Nakamoto Blockchain
05. Ethereum and Smart Contract
06. NFT and Metaverse
07. Cardano(ADA) and Other Altcoins
08. Dark Coins
09. Blockchain Usage Beyond Currency - Way to Design Good Blockchain Business Models -
[Blockchain and Cryptocurrency] 02. Blockchain Overview and Introduction - Te...Seungjoo Kim
'Blockchain and Cryptocurrency' Subject @ Korea University, 2021
01. Syllabus
02. Blockchain Overview and Introduction - Technical Concepts of Blockchain Systems -
03. Blockchain's Theoretical Foundation, Cryptography
04. Bitcoin and Nakamoto Blockchain
05. Ethereum and Smart Contract
06. NFT and Metaverse
07. Cardano(ADA) and Other Altcoins
08. Dark Coins
09. Blockchain Usage Beyond Currency - Way to Design Good Blockchain Business Models -
[Blockchain and Cryptocurrency] 04. Bitcoin and Nakamoto BlockchainSeungjoo Kim
'Blockchain and Cryptocurrency' Subject @ Korea University, 2021
01. Syllabus
02. Blockchain Overview and Introduction - Technical Concepts of Blockchain Systems -
03. Blockchain's Theoretical Foundation, Cryptography
04. Bitcoin and Nakamoto Blockchain
05. Ethereum and Smart Contract
06. NFT and Metaverse
07. Cardano(ADA) and Other Altcoins
08. Dark Coins
09. Blockchain Usage Beyond Currency - Way to Design Good Blockchain Business Models -
[Blockchain and Cryptocurrency] 01. SyllabusSeungjoo Kim
'Blockchain and Cryptocurrency' Subject @ Korea University, 2021
01. Syllabus
02. Blockchain Overview and Introduction - Technical Concepts of Blockchain Systems -
03. Blockchain's Theoretical Foundation, Cryptography
04. Bitcoin and Nakamoto Blockchain
05. Ethereum and Smart Contract
06. NFT and Metaverse
07. Cardano(ADA) and Other Altcoins
08. Dark Coins
09. Blockchain Usage Beyond Currency - Way to Design Good Blockchain Business Models -
Kid Blockchain - Everything You Need to Know - (Part 1)Seungjoo Kim
Kid Blockchain - Everything You Need to Know - (Part 1)
01. 화폐의 역사 : 금에서부터 간편결제에 이르기까지 ... 4P
02. 비트코인의 탄생 ... 27P
03. 비트코인과 블록체인의 세부 동작원리 ... 85P
04. 작업증명(PoW)이란? ... 158P
05. 비트코인과 블록체인이 당면한 기술적 문제 ... 171P
대표적인 인터넷 서비스인 온라인게임에 존재하는 대표적인 fraud 인 게임봇/작업장에 대해 소개하고 이를 탐지하기 위한 알고리즘을 사례와 함께 설명한다.
더불어 간편결제 서비스에 지속적인 공격이 발생하고 있는데, 이를 조기 탐지하기 위한 방법에는 어떠한 것이 있을지 소개하도록 한다.
Nnstreamer stream pipeline for arbitrary neural networksNAVER Engineering
In the recent decade, we have witnessed widespread of deep neural networks and their applications. With the evolution of consumer electronics, the range of applicable devices for such deep neural networks is expanding as well to personal, mobile, or even wearable devices. The new challenge of such systems is to efficiently manage data streams between sensors (cameras, mics, radars, lidars, and so on), media filters, neural network models and their post processors, and applications. In order to tackle the challenge with less effort and more effect, we propose to implement general neural network supporting filters for Gstreamer, which is actively developed and tested at https://github.com/nnsuite/nnstreamer
With NNStreamer, neural network developers may easily configure streams with various sensors and models and execute the streams with high efficiency. Besides, media stream developers can now use deep neural networks as yet another media filters with much less efforts.
○ 개요
* Frequency별 금융 상품 소개 (크래프트 프로젝트 소개)
- Ultra low frequency : 자산배분문제 (3달 ~ 6달)
- low frequency : 로보어드바이저 (2달~3달)
- median frequency : 펀드, ETF (1달~2달)
- high frequency : 주문집행, 마켓메이킹 (일단위 밑)
○ 문제점 정의
- 금융데이터로 딥러닝을 할 경우 왜 학습이 안 되는가?
> 문제점 1 : Feature 종류 대비 짧은 Sequence 길이
> 문제점 2 : Feature 자체의 노이즈
> 문제점 3 : 문제점 1, 2로 인한 오버피팅 문제
- 레몬마켓
> 위 문제점들로 인해, 1) 퀀트 only 2) 퀀트 + 딥러닝 3) 잘못된 딥러닝이 대부분임.
> 이런 문제로 기존 로보어드바이저는 AI라는 이름을 달고 나오지만 실제로는 AI가 아닌 경우도 있고, 딥러닝을 쓰지만 성과가 나쁜 경우가 대다수임. 이런 문제로 금융 + 딥러닝 업체들에 대한 레몬마켓 현상이 발생.
○ 크래프트 해결책 (직관에 대한 최적화)
- (문제점1) Feature 종류 대비 짧은 Sequence를 어떻게 해결할 것인가?
> GAN등의 방법으로 Sequence를 연장할 수도 있지만 GAN 데이터가 시계열 데이터의 패턴을 완벽하게 반영하지 않으면 데이터 생성의 의미가 없으면, 금융데이터는 시계열 간의 관계도 매우 중요함. 따라서 부적절
> 직관적으로 퀀트들은 이런 문제를 해결하기 위해 경제적 함의점을 가지는 퀀트모델들을 만듦. (간단한 팩터모델들 소개)
> 우리는 퀀트모델들에 대한 직관적 사고 방식을 모사하는 딥러닝 모형을 설계. (팩터 모델, 자산배분모델 등에서 매우 잘 작동함을 확인)
- (문제점2) Feature 자체의 노이즈를 어떻게 해결할 것인가?
> stacked CNN AutoEncoder 기반의 노이즈 제거기술. 모듈로 확장가능성 존재
> (노이즈 제거가 잘 되는 자료 첨부, 이로 인한 학습 효과 증대)
- (문제점3) 그럼에도 발생하는 오버피팅 문제를 어떻게 해결할 것인가?
> Asynchronous Multi Network Learning Framework 소개.
> Beam search와 유사하게 각 프로세서 개별적으로 초기화된 네트워크를 가지고 학습을 진행. validation data로 검증 후 적자생존 방식으로 오버피팅 발생가능성 최소화
How the CC Harmonizes with Secure Software Development LifecycleSeungjoo Kim
How the CC Harmonizes with Secure Software Development Lifecycle @ ICCC 2013 (International Common Criteria Conference), which is a major conference for the community of experts involved in security evaluation
Developing a Protection Profile for Smart TVSeungjoo Kim
Developing a PP(Protection Profile) for Smart TV @ ICCC 2014 (International Common Criteria Conference), which is a major conference for the community of experts involved in security evaluation (September 9, 2014)
Using the CGC's Fully Automated Vulnerability Detection Tools in Security Eva...Seungjoo Kim
"Using the CGC's Fully Automated Vulnerability Detection Tools in Security Evaluation and Its Effectiveness - Are Tools Good for Hackers Good for Security Evaluators? -" @ CODE BLUE 2016, Tokyo, Japan (October 20, 2016)
PP(Protection Profile) for E-Certificate Issuance System @ ICCC 2010 (International Common Criteria Conference), which is a major conference for the community of experts involved in security evaluation
Problem and Improvement of the Composition Documents for Smart Card Composed ...Seungjoo Kim
Problem and Improvement of the Composition Documents for Smart Card Composed Product Evaluation @ ICCC 2013 (International Common Criteria Conference), which is a major conference for the community of experts involved in security evaluation
DDoS Attack on DNS using infected IoT DevicesSeungjoo Kim
[Case Study] DDoS Attack on DNS using infected IoT Devices @ ACSAC 2015 (The 31st Annual Computer Security Applications Conference 2015), which is one of the most important cyber security conferences in the world and the oldest information security conference held annually
머신러닝 및 데이터 과학 연구자를 위한 python 기반 컨테이너 분산처리 플랫폼 설계 및 개발Jeongkyu Shin
머신러닝 및 데이터 과학 분야의 컴퓨팅 수요는 해가 갈수록 급증하고 있습니다. 이와 더불어 분산처리 기술, 데이터 파이프라이닝 및 개발 환경 스택 관리 등의 관련된 다양한 이슈들 또한 엄청나게 늘어나고 있습니다. 머신러닝 모델의 기하급수적인 모델 복잡도 증가 추세와 마찬가지로, 모델 학습을 위한 환경 관리 또한 갈수록 복잡도가 높아지는 추세입니다.
이 세션에서는 이러한 문제를 해결하기 위해 python 언어 기반의 분산처리 스케쥴링/오케스트레이션 미들웨어 플랫폼을 개발한 4년간의 과정에서 겪은 다양한 문제들에 대해 다룹니다. 2015년 컨테이너 기반의 고밀도 분산처리 플랫폼 설계 및 프로토타이핑 과정을 PyCon KR에서 발표한 이후, 실제 구현 및 오픈소스화, 안정화를 거치며 겪은 다양한 기술적/비기술적 문제들에 대한 경험을 공유합니다.
기술적으로는 최근 몇 년 간의 클러스터 플랫폼 관련 기술의 진보와 함께 탄생한 다양한 도구들과, 이러한 도구들을 python 기반으로 엮어내기 위해 사용하고 개발한 다양한 오픈소스들을 다룹니다. Python 기반의 컨테이너 스케쥴링 및 오케스트레이션 과정의 구현과, 다양한 프로그래밍 언어로 만든 SDK를 graphQL을 이용하여 연동하는 과정에서의 몇몇 유의점을 설명합니다. 아울러 python 기반의 SDK를 다양한 언어로 포팅했던 경험을 간단하게 안내합니다.
플랫폼을 개발하는 중 등장한 TensorFlow, PyTorch 등의 다양한 머신러닝 프레임워크들을 도입하며 겪은 문제와 해결 과정에 대해서도 나눕니다. 연구 분야에는 Python 2.7 기반의 프레임워크들이 여전히 많습니다. 이러한 프레임워크 및 라이브러리의 지원을 위하여 Python 2 기반의 프레임워크와 Python 3.7로 구현한 컨테이너 인터페이스를 단일 컨테이너 환경에 중복 빌드 및 상호 간섭 없이 공존시키기 위해 개발한 아이디어를 소개합니다.
마지막으로 Python 기반의 프레임워크를 개발, 배포 및 상용화 하는 과정에서 겪은 다양한 어려움을 소개합니다. 솔루션을 배포 및 보급할 때 겪는 다양한 런타임, 하드웨어 환경 및 개인 정보 보호를 위한 폐쇄망 대상의 디플로이 등에 대응하기 위하여 Python 응용프로그램을 단독 실행용으로 패키징하는 과정에서 겪은 팁들을 설명합니다. 또한 GUI 빌드 및 Python, Go 및 C++을 함께 사용한 드라이버 가상화 레이어 개발 등의 내용도 살짝 다룹니다.
이 슬라이드는 PyCon KR 2019의 발표 슬라이드입니다. ( https://www.pycon.kr/program/talk-detail?id=138 )
2009 CodeEngn Conference 03
새로운 CTF 운영 단체로 인하여 전체적으로 변화된 스타일 등을 간략히 알아보고 DEFCON CTF 2009 Binary Leetness 분야의 100부터 500까지의 문제를 풀이해본다.
http://codeengn.com/conference/03
[Blockchain and Cryptocurrency] 08. Dark CoinsSeungjoo Kim
'Blockchain and Cryptocurrency' Subject @ Korea University, 2021
01. Syllabus
02. Blockchain Overview and Introduction - Technical Concepts of Blockchain Systems -
03. Blockchain's Theoretical Foundation, Cryptography
04. Bitcoin and Nakamoto Blockchain
05. Ethereum and Smart Contract
06. NFT and Metaverse
07. Cardano(ADA) and Other Altcoins
08. Dark Coins
09. Blockchain Usage Beyond Currency - Way to Design Good Blockchain Business Models -
Why is it getting harder to train the cybersecurity workforce? (ExtendedVersion)Seungjoo Kim
Even in this pandemic situation, thank you for making and running the HITCON 2021 so well. Thank you for giving me the chance to talk!
This presentation is revised by reinforcing Q&A. Look forward to seeing you offline next year!
Application of the Common Criteria to Building Trustworthy Automotive SDLCSeungjoo Kim
Seungyeon Jeong, Sooyoung Kang, and Seungjoo Kim, "Application of the Common Criteria to Building Trustworthy Automotive SDLC", Proc. of The 19th ICCC 2020, The 19th International Common Criteria Conference, Virtual (online) Conference, November 16-18, 2020.
Assurance-Level Driven Method for Integrating Security into SDLC ProcessSeungjoo Kim
Sooyoung Kang, Seungyeon Jeong, and Seungjoo Kim, "Assurance-Level Driven Method for Integrating Security into SDLC Process”, Proc. of The 18th CCUF Workshop 2020, The 18th Common Criteria Users Forum Workshop, Virtual (online) Conference, November 12, 2020.
How South Korea Is Fighting North Korea's Cyber ThreatsSeungjoo Kim
Seungjoo Kim, "How South Korea Is Fighting North Korea's Cyber Threats", Asia Transnational Threats Forum - Virtual Roundtable on North Korean Cyber Threats, Center for East Asia Policy Studies at BROOKINGS, October 15, 2020.
o 행 사 명 : 포스트코로나 시대의 ICT산업 미래전략포럼
o 일시/장소 : ‘20.5.22.(금) 10:00~16:30 / 에스팩토리(서울 성수동 소재)
o 주최/후원 : KAIT, KCA, IITP / SKT, KT, LGU+, LG전자 등
o 참 석 자 : 과기정통부 2차관, 정보통신산업정책관 및 ICT산업분야별 전문가 등
IoT Device Hacking and New Direction of IoT Security Evaluation Using Common ...Seungjoo Kim
IoT Device Hacking and New Direction of IoT Security Evaluation Using Common Criteria @ ICCC 2019 (International Common Criteria Conference), which is a major conference for the community of experts involved in security evaluation
Verification of IVI Over-The-Air using UML/OCLSeungjoo Kim
Verification of IVI Over-The-Air using UML/OCL @ ICCC 2019 (International Common Criteria Conference), which is a major conference for the community of experts involved in security evaluation
Virtual Currency Myth and Reality (Ver. 3.0 (182 pages) : Extended Version of...Seungjoo Kim
Virtual Currency Myth and Reality (Ver. 3.0 (182 pages) : Extended Version of Seoul National Univ. China AMP Seminar, Jan 24, 2018) @ NAVER Corp., Feb 21, 2018
This is a summary of my talk at Microsoft Digital Crimes Consortium 2017 Panel: "Going Offline - The Role of Network Separation in Government Civilian Networks" (March 14, 2017)
(Moderator: Kaja Ciglic, Microsoft, Panelists: Seungjoo Kim, Korea University; Ron Winward, Radware; and Erick Stephens, Microsoft)
Deep Learning Based Real-Time DNS DDoS Detection SystemSeungjoo Kim
[Poster] Deep Learning Based Real-Time DNS DDoS Detection System @ ACSAC 2016 (The 32nd Annual Computer Security Applications Conference 2016), which is one of the most important cyber security conferences in the world and the oldest information security conference held annually
21. 고려대학교정보보호대학원
마스터 제목 스타일 편집
21
The error of Applied Cryptography is that I didn't talk at all about the context. I talked about cryptography as if it were the answer. I was pretty naive. The result wasn't pretty.
……
Security is a chain;it's only as secure as the weakest link. Security is a process, not a product.
Secrets and Lies : Preface
39. 고려대학교정보보호대학원
마스터 제목 스타일 편집
39
Increase length of message so that it is a multiple of the block size
Padding can be used to enhance security
Disguise the length of plaintexts
Prevent traffic analysis, or guessing based on plaintext length
“Buy” versus “Sell”
Can padding have a negative impact on security?
Padding
40. 고려대학교정보보호대학원
마스터 제목 스타일 편집
40
CBC mode
Ci-1
Ci
Pi-1
Pi
dK
dK
Pi-1
Pi
Ci-1
Ci
eK
eK
Typical block size n:
64 bits (DES, triple DES) or 128 bits (AES).
Typical key size:
56 bits (DES), 168 bits (triple DES), 128, 192 or 256 bits (AES).
41. 고려대학교정보보호대학원
마스터 제목 스타일 편집
41
Malleability of CBC mode
Ci-1
Ci
Pi-1
Pi
dK
dK
Flipping bits here
Leads to bit flips here
And randomised block here
42. 고려대학교정보보호대학원
마스터 제목 스타일 편집
42
Byte-orientated padding scheme
If q bytes are required to fill the last block, then add q bytes of value q
xx xxxxxxxxxxxxxxxxxxxxxxxxxxxx01
xx xxxxxxxxxxxxxxxxxxxxxxxxxx02 02
xx xxxxxxxxxx0a 0a0a0a0a0a0a0a0a0a
10 10 10 10 10 10 10 10 10 10 10 10 10 10 10 10
CBC-PAD of PKCS#5
43. 고려대학교정보보호대학원
마스터 제목 스타일 편집
43
The padding is removed after decryption
What if padding is invalid?
xx xxxxxxxxxxxxxxxxxxxxxxxxxx01 02
xx xxxxxxxxxxxxxxxxxxxxxx04 03 04 04
Behavior depends on implementation
Error msg? Status msg? Measurable delay?
CBC-PAD of PKCS#5
44. 고려대학교정보보호대학원
마스터 제목 스타일 편집
44
First proposed by Serge Vaudenay(2002)
Assume that a padding oracle is available to the adversary
Adversary submits CBC mode ciphertextto oracle
Oracle decrypts under fixed key K and checks correctness of padding with respect to particular padding method in use
Oracle outputs VALID or INVALID according to correctness of padding
Padding Oracle Attack
45. 고려대학교정보보호대학원
마스터 제목 스타일 편집
45
Vaudenayshowed that padding oracles and bit flipping can be used to build decryption oracle for CBC mode
For a variety of padding schemes, including those used in SSL/TLS and IPSec.
PO
K
(IV, C1, C2, …)
“VALID” or “INVALID”
Padding Oracle Attack on CBC
46. 고려대학교정보보호대학원
마스터 제목 스타일 편집
46
Padding Oracle Attack on CBC (in Detail)
PO
K
(r, Ci)
“VALID”
Compute P⊕Ci−1⊕r
Check LSB8(P⊕Ci−1⊕r)=’01’ ?
LSB8(P) = LSB8(r)⊕’01’⊕LSB8(Ci−1)
48. 고려대학교정보보호대학원
마스터 제목 스타일 편집
48
How about?
Padding Oracle Attacks : Side channel against CBC-PAD
This vulnerability was first identified by Serge Vaudenayin 2002, but was difficult enough to exploit that there were no live examples of it until Thai Duong and JulianoRizzo on September 23, 2011.
BEAST :Browser Exploit Against SSL/TLS
55. 고려대학교정보보호대학원
마스터 제목 스타일 편집
55
Ian Goldberg (hacker) and David Wagner (cryptographer) were graduate students at Cal in 1996
Ian’s now a professor at University of Waterloo, David is a professor at Berkeley)
Ian and David wondered how the Netscape Browser generated its session key for SSL
They reverse-engineered the part of the browser containing the PRNG
How about?
56. 고려대학교정보보호대학원
마스터 제목 스타일 편집
56
Netscape PRNG
global variable seed;
RNG_CreateContext()
(seconds, microseconds) = time of day;
pid = process ID; ppid = parent process ID;
a = mklcpr(microseconds);
b = mklcpr(pid+ seconds+ (ppid<< 12));
seed = MD5(a, b);
mklcpr(x)
return ((0xDEECE66D * x + 0x2BBB62DC) >> 1);
57. 고려대학교정보보호대학원
마스터 제목 스타일 편집
57
Assume you have an account on the same machine as the browser
Use ‘ps’ to get pidand ppidand run tcpdumpto get time SSL challenge was issued
This yields pid, ppid, and seconds, and only microseconds remains unknown
Exhaustively searchwith complexity 220to find microseconds
Takes about 10 seconds on a modern machine
Attack is possible without an account, but a little harder
Weakness of Netscape PRNG (Ver.’96)
60. 고려대학교정보보호대학원
마스터 제목 스타일 편집
60
UKCriteria
GermanCriteria
French
Criteria
Orange Book(TCSEC) 1985
미국
영국
독일
프랑스
Canadian Criteria
(CTCPEC) 1993
Federal Criteria
Draft 1993
캐나다
ITSEC(1991)
※ 1999년: ISO/IEC 15408 국제표준으로제정
v1.0 1996
v2.0 1998
v2.1 1999
v2.2 2004
v2.3 2005
v3.1 R1 2006.9
v3.1 R2 2007.9
Do You Know?
61. 고려대학교정보보호대학원
마스터 제목 스타일 편집
61
(출처: www.commoncriteriaportal.org)
Do You Know?
62. 고려대학교정보보호대학원
마스터 제목 스타일 편집
62
Do You Know?
※ "Certified" for products/PPs that were certified up to 5 years ago and are still supported. "Certified –
Archived"for products/PPs that were certified over 5 years ago or are no longer supported.
66. 고려대학교정보보호대학원
마스터 제목 스타일 편집
66
State whatshould be protected.
A security policy is a statement of what is, and what is not, allowed.
Confidentiality :Who is allowed to learn what?
Integrity :What changes are allowed by system.
… includes resource utilization, input/output to environment.
Availability :When must service be rendered.
And howthis should be achieved.
Security Policy
67. 고려대학교정보보호대학원
마스터 제목 스타일 편집
67
Formal Specification of Security Policy
(e.g.) DAC Model, MAC Model, Bell-LaPadulaModel, BibaModel, Clark-Wilson Model, Harrison-Ruzzo-UllmanModel, Chinese Wall Model, RBAC Model, etc.
Security Policy Model (SPM)
68. 고려대학교정보보호대학원
마스터 제목 스타일 편집
68
Informal method
English (or other natural language)
Semiformal methods
Gane& Sarsen/DeMarco/Yourdon
Entity-Relationship Diagrams
Jackson/Orr/Warnier
SADT, PSL/PSA, SREM, etc.
Formal methods
Finite State Machines
Petri Nets
Z
ANNA, VDM, CSP, etc.
(Semi-)Formal Methods
69. 고려대학교정보보호대학원
마스터 제목 스타일 편집
69
(M202, Open University, UK) A safe has a combination lock that can be in one of three positions, labeled 1, 2, and 3. The dial can be turned left or right (L or R). Thus there are six possible dial movements, namely 1L, 1R, 2L, 2R, 3L, and 3R. The combination to the safe is 1L, 3R, 2L; any other dial movement will cause the alarm to go off.
FSM Example
70. 고려대학교정보보호대학원
마스터 제목 스타일 편집
70
[State Transition Diagram]
[Transition Table]
FSM Example
71. 고려대학교정보보호대학원
마스터 제목 스타일 편집
71
Security Policy : A subject has read access to a file
only if the permission R was initially present or has been explicitly granted by the file’s owner.
Example
72. 고려대학교정보보호대학원
마스터 제목 스타일 편집
72
Security Policy : A subject has read access to a file
only if the permission R was initially present or has been explicitly granted by the file’s owner.
Solution Design : For each transition that gives new read access to an object,
access control (reference monitor) checks that this has been done by the owner of the object using confer_read.
Example
73. 고려대학교정보보호대학원
마스터 제목 스타일 편집
73
Security Policy : A subject has read access to a file
only if the permission R was initially present or has been explicitly granted by the file’s owner.
Solution (Mechanism) : For each transition that gives new read access to an object,
access control (reference monitor) checks that this has been done by the owner of the object using confer_read.
Is this solution
right or not?
Example
76. 고려대학교정보보호대학원
마스터 제목 스타일 편집
76
Theorem :
If access control makes sure that only locally acceptable transitions take place, then all reachable states are authorized, i.e. the system is secure.
Formally:
Example
107. 고려대학교정보보호대학원
마스터 제목 스타일 편집
107
End-to-End Proof
Policy
Mechanisms
Assurance
Level of Trust that it really does!
108. 고려대학교정보보호대학원
마스터 제목 스타일 편집
108
Policy Assurance :Evidence establishing security requirements in policy is complete, consistent, technically sound.
Security Objectives : High-level security issues
Security Requirements : Specific, concrete issues
Design assurance : Evidence establishing design sufficient to meet requirements of security policy.
End-to-End Proof
109. 고려대학교정보보호대학원
마스터 제목 스타일 편집
109
Implementation Assurance : Evidence establishing implementation consistent with security requirements of security policy.
Operational Assurance : Evidence establishing system sustains the security policy requirements during installation, configuration, and day-to-day operation.
Also called ‘Administrative Assurance’.
End-to-End Proof