Prof. Dr. Seungjoo (Gabriel) Kim
Hello, I am Seungjoo (Gabriel) Kim (Nick: Pr0xy5kim). I am a professor of Graduate School of Information Security / Undergraduate Department of Cyber Defense in Korea University from 2011 and my research areas focus on efficiently integrating "Secure Software Development Lifecycle (or simply the SSDL)" and "Model-Driven Security Engineering" for the development of trustworthy software and hardware systems. Especially I am interested in :
(1) Threat modeling techniques for identifying and addressing design flaws before their implementation into code,
(2) Security testing : penetration testing, fuzzing, and test case development,
(3) Techniques towards independent and trustworthy security evaluation and assertion of ICT product integrity,
(4) Comparative analysis of existing security certification programs,
(5) Methods and techniques for supply chain security,
(6) Model-driven security,
(7) Cryptography and blockchain.
In addition to being a professor, I am positioning a director of CHAOS(Center for High-Assurance Operating Systems), a head of SANE(Security Analysis aNd Evaluation) Lab, an adviser of hacking club 'CyKor (DEFCON CTF 2015 & 2018 winner)' of Department of Cyber Defense in Korea University, a founder/advisory director of an international security & hacking conference 'SECUINSIDE'. My numerous professional focus on a presidential committee member on the 4th industrial revolution and an advisory committee member of several public and private organizations such as NIS(National Intelligence Service), Ministry of National Defense, Ministry of Justice, Supreme Prosecutors' Office, Korea National Police Agency, Nuclear Safety and Security Commission, etc. I also taught at the Korea Military Academy.
I have written 9 books, 73 SCI(E) papers, 29 patents, and according to Google Scholar, the citations to my works are 4200+ (Published papers on cryptography, hacking, malware, security evaluation in premier conferences and journals : ACSAC (2015), AsiaCrypt (1996), BlackHat (2013, 2017, 2018, 2019a, 2019b), CT-RSA (2003a, 2003b, 2007), DEFCON (2019), ICCC (2008, 2010, 2013a, 2013b, 2014, 2019a, 2019b), IEEE TC (2003), Information Sciences (2007, 2012), VB (2018, 2019)),
and have received the best lecturer award from Korea University in 2012, 2016 and from National Human Resources Development Institute in 2019.
Furthermore, I technically advised the SBS TV drama, "Phantom" and the movie, "The Berlin File".
Our lab's R&Ds mainly focus on "Secure Software Development Lifecycle (or simply the SSDL)" and "Model-Driven Security Engineering". Till now we we have gotten some notable achievements :
- Smart Card : In 2006, smart card O/S, co-worked with Samsung SDS, have earned the Common Criteria EAL4+ certification for the first time in Korea.
- Printer (MFP) : In 2008, we co-developed the security modules of MFP (Multifunction Printer) with Samsung Electronics and guided them to get Common Criteria certification for the first time in Korea.
- Database : In 2008, we (with WareValley) also received Common Criteria EAL4 certification for database security solution, 'Chakra' for the first time in Korea.
- Smart TV : In 2017, LG electronics, which has been working with us, received 'world-first' Common Criteria EAL2 certification for home appliances (smart TV). CC EAL2 is the same security level as Samsung KNOX! (Prior to this, in 2015, we got TTA-verified security certification from TTA(Telecommunications Technology Association), which was well-known security testing and certification laboratory in Korea!
(For detailed information refer to this article: "How to Obtain Common Criteria Certification of Smart TV for Home IoT Security and Reliability", Symmetry 2017, 9(10), 233 (IF: 1.457))
- Network-enabled Weapon Systems : From 2016 to 2017, we (with ROK Joint Chiefs of Staff) had developed the national strategy for securing the army's weapon systems and supply chain against cyber attack.
(For detailed information refer to this article: "Security Evaluation Framework for Military IoT Devices", Security and Communication Networks 2018 (IF: 1.067))
- soFrida : In 2019, we developed 'soFrida', which was an automatic vulnerability analysis tool against the mobile cloud app and, among the 4 million android apps, we had identified 2,700+ potentially vulnerable android apps.
Our tool will be shown for the first time at DEFCON 2019.
(For detailed information refer to this site: sofrida.github.io)
Highlights of Recent Researches & Activities
- I am a frequent speaker and interviewee on Information Security. Some highlights include talks at KBS1 'Tonight - Kim Jedong' in February 2019, at JTBC 'Lecture' in May 2018 (Note : Lecture material), at EBS1 science documentary 'Beyond' in November 2017, at KBS1 lecture/documentary show 'Good Insight' in July 2016, at KBS1 'Midnight Debate-Live' in March 2016, and at KBS1 'Jang Young Sil Show' in July 2015. You can find my other talks and interviews here, and newspaper columns here.

- 2019 Highlights : Our paper, "When Voice Phishing met Malicious Android App (extended version)" was accepted to Black Hat Asia 2019 conference (acceptance ratio: 11.95% = 35 accepted / 293 submissions) (See press coverage at DARKReading and Heise),
and another paper "Fuzzing and Exploiting Virtual Channels in Microsoft Remote Desktop Protocol for Fun and Profit" was accepted to Black Hat Europe 2019
(Our discovery of an information leak vulnerability in Microsoft Remote Desktop Client, CVE-2019-1108, had received $10,000 bug bounty from HackerOne).
Furthermore, our automated mobile cloud app analysis tool, "soFrida", was accepted to DEFCON Demo Labs 2019. By using this tool, we had analyzed 4 million Android apps and found 2,700+ potentially vulnerable apps that could leak sensitive personal information data and manipulate back-end cloud DB. For more details, see sofrida.github.io.
And also two papers were accepted at the 18th ICCC 2019 (The 18th International Common Criteria Conference 2019) : "IoT Device Hacking and New Direction of IoT Security Evaluation Using Common Criteria" and "Verification of IVI Over-The-Air Using UML/OCL".
One moer thing! My graduate students, "JaeKi Kim" and "Min-Chang Jang", presented "Kimsuky Group: Tracking the King of the Spear-Phishing" at 29th VB2019 (Virus Bulletin conference 2019) again, after VB 2018.
- 2018 Highlights : I was honorably appointed as "the Presidential Committee member on the 4th industrial revolution".
And, OMG!, we won a champion again at DEFCON CTF 2018 after 2015!! "DEFKOR00T (= DEFKOR + R00timentary)," the team comprised of my students from the Undergraduate Department of Cyber Defense / Graduate School of Information Security in Korea University and Prof. Taesoo Kim's graduate students from Georgia Institute of Technology won the TOP prize at the "DEFCON Capture the Flag (CTF) 26".
And my graduate students, "JaeKi Kim" and "Min-Chang Jang", presented "DOKKAEBI: Documents of Korean and Evil Binary" at 28th VB2018 (Virus Bulletin conference 2018), and "Min-Chang Jang" also presented "When Voice Phishing met Malicious Android App" at CODE BLUE 2018 (See press and book coverage at KBS1 and SBS). Furthermore, we opened a 'Center for High-Assurance Operating Systems(CHAOS)' in Korea University in order to develop the technologies needed to make and evaluate EAL6/EAL7 OS.
- 2017 Highlights : Yes, we did it again after Black Hat USA 2013 : See our talk, "Are you watching TV now? Is it real?: Hacking of smart TV with 0-day" at Hack in Paris 2017 (See press coverage at 01net.com and demo.), and "LG vs. Samsung Smart TV: Which Is Better for Tracking You?" at CODE BLUE 2017! Additionally, my graduate student, "Min-Chang Jang", gave a talk on forensic studies of "North Korean hacking" at Black Hat Europe 2017 (See press coverage at Sky News.) and also at Black Hat Asia 2018.
- 2016 Highlights : Finally, I got tenured and received best lecturer award again after 2012! In addition, I was appointed as an Advisory Committee Member of the PyeongChang 2018 Olympic and Paralympic Winter Games. Furthermore, white-hat hackers union, 'HARU' became a LEGAL entity. HARU will start the stage 2 as an OFFICIAL NON-PROFIT CORPORATION and become the most active community of hackers in Korea! Please cheering!!
- 2015 Highlights : Finally, we did it! "DEFKOR," the team comprised of my students from the Undergraduate Department of Cyber Defense / Graduate School of Information Security in Korea University and the security technology team from Korea-based IT security solution provider Raonsecure, won the TOP prize at the "DEFCON Capture the Flag (CTF) 23," which was held in Las Vegas. DEFCON is the world’s largest international hacking competition, and is dubbed the Hackers' World Cup among hackers. (In 2015, 4,000+ teams qualified, 15 teams made finalists!)
Also, I talked about the various cybersecurity educational and professional training programs of Korea at CODE BLUE 2015 (OMG!! My CODE BLUE presentation slide was selected as one of the 'Most Talked-About Slide on Facebook'!), and we discovered some critical vulnerabilities in LTE Femtocell and notified to the operator and manufacturer (Research Paper @ SECUINSIDE 2015). Additionally, our case studies submission on the "DDoS Attack to DNS Using Infected IoT Devices" to this year's ACSAC 2015 (The 31st Annual Computer Security Applications Conference 2015, which is one of the most important cyber security conferences in the world and the oldest information security conference held annually) was included in the program.
- 2014 Highlights : Finally, SECUINSIDE CTF winners were pre-qualified for DEFCON CTF!, and, honorably, I became a Visiting Professor at Korea Military Academy. Besides, our paper, "Developing a Protection Profile for Smart TV" was accepted at The 15th ICCC 2014 (International Common Criteria Conference 2014), and another paper "(The First Experimental) Study on Smart TV Forensics" was presented at Journal of the KIISC (Korean Institute of Information Security and Cryptology)
(English version is here! : "Further Analysis on Smart TV Forensics" at Journal of Internet Technology (SCI-E, IF:1.930)).
- 2013 Highlights : "Smart TV Security - #1984 in 21st century" appeared at The 14th CanSecWest 2013 (The 14th CanSecWest Applied Security Conference 2013) (See press coverage at MBC, KBS, channelIT, inews24.com), and the extended version, "Hacking, Surveilling, and Deceiving Victims on Smart TV" was also presented at The 17th Black Hat USA 2013 (See press and book coverage at The Wall Street Journal, The Guardian, Fox News, ZDNet, Network World, Digital Trends, CBS, KBS, The Electronic Times, Nitesh Dhanjani's "Abusing the Internet of Things - Blackouts, Freakouts, and Stakeouts - (O'REILLY)", ENISA's report entitled "Security and Resilience of Smart Home Environments", and etc.). Furthermore, We had two papers accepted at The 14th ICCC 2013 (The 14th International Common Criteria Conference 2013). One was "Problem and Improvement of the Composition Documents for Smart Card Composite Product Evaluations", and the other one was "How the CC Harmonizes with Secure Software Development Lifecycle". One more thing! "SHRT - New method of URL shortening including relative word of target URL" was presented at SOUPS 2013 (The Symposium on Usable Privacy and Security 2013) as a poster.
- 2012 Highlights : I was appointed as an Advisory Committee Member of Special Prosecutor, Tae-Seok Park on the case of 2011 Re-Election DDoS Scandal (See press coverage at The Electronic Times), and technically advised the TV drama, "Phantom" and the film, "The Berlin File". Furthermore, our journal paper, "Efficient Certificateless Proxy Signature Scheme with Provable Security" was accepted at Information Sciences (IF:3.643).
- 2011 Highlights : I moved to Korea University and established my lab, "SANE (Security Analysis aNd Evaluation) Lab". Furthermore, Hacker Group, HARU and International Security & Hacking Conference, SECUINSIDE was founded in 2011 by me and my colleagues.
- 2010 Highlights : "Protection Profile for E-Certificate Issuance System" was presented at The 11th ICCC 2010 (The 11th International Common Criteria Conference 2010), and "Efficient Secure Group Communications for SCADA" was presented at IEEE Transactions on Power Delivery.
- 2009 Highlights : "Advanced Key Management Architecture for Secure SCADA Communications" appeared at IEEE Transactions on Power Delivery.
- 2008 Highlights : Our paper, "Protection Profile for E-Voting Systems" was acepted at the 9th ICCC 2008 (The 9th International Common Criteria Conference 2008), which was a major conference for the community of experts involved in security evaluation.
- 2007 Highlights : Our journal paper, "Cryptanalysis on the Authentication Mechanism of the NateOn Messenger", showed that NateOn (which was the biggest messenger service in Korea) was vulnerable to replay attacks. (See press coverage at JoongAng Daily, Yonhap News) Furthermore, "Efficient Password-Authenticated Key Exchange Based on RSA" appeared at The 7th CT-RSA 2007 (The 7th Cryptographers' Track at RSA Conference 2007), and "Security Weakness in a Three-Party Pairing-Based Protocol for Password Authenticated Key Exchange" appeared at Information Sciences (IF:2.147). One more thing! I received NIS(National Intelligence Service) Chief's Award for excellent contribution to national cyber security.
- 2005 Highlights : "A Weakness in the Bresson-Chevassut-Essiari-Pointcheval's Group Key Agreement Scheme for Low-Power Mobile Devices" was accepted at IEEE Communication Letters.
- 2004 Highlights : I left KISA(Korea Information Security Agency), and became an Assistant Professor at Sungkyunkwan University.
- 2003 Highlights : We had two papers accepted at The 3rd CT-RSA 2003 (The 3rd Cryptographers' Track at RSA Conference 2003). One was "Rethinking Chosen-Ciphertext Security under Kerckhoffs' Assumption", and the other one was "An Analysis of Proxy Signatures : Is A Secure Channel Necessary?". Furthermore, "RSA Speedup with Chinese Remainder Theorem Immune against Hardware Fault Cryptanalysis" appeared at IEEE Transactions on Computers.
- 2001 Highlights : "On The Security of The Okamoto-Tanaka ID-Based Key Exchange Scheme against Active Attacks" was accepted at IEICE Trans. Fundamentals.
- 1999 Highlights : "Comments on Password-Based Private Key Download Protocol of NDSS'99" appeared at Electronics Letters (IF:1.164)
- 1997 Highlights : "Proxy Signatures, Rrevisited" appeared at The 1st ICICS 1997 (The 1st International Conference on Information and Communication Security 1997). According to Google Scholar, this paper has been cited more than 700 times.
- 1996 Highlights : "Convertible Group Signatures" appeared at The 5th AsiaCrypt 1996, which was one of three flagship conferences for cryptography research.
|
|