Prof. Dr. SEUNGJOO (GABRIEL) KIM's Homepage

Who Am I?

Click here to see my CV in Korean. : NamuWiki

Hello, I am Seungjoo (Gabriel) Kim (Nick: Pr0xy5kim). I am currently serving as a full professor at Korea University's School of Cybersecurity. I earned my bachelor's degree in information engineering from Sungkyunkwan University in 1994, followed by a master's and a Ph.D. in cryptology from the same institution.

My main research field includes a broad range of topics relating to cyber security engineering, which is focused on creating secure systems and designing networks that are resilient to malicious attacks, as well as any other potential cause of outages such as natural disasters. In more detail, my research interests lie primarily in ⑴ Security/Privacy by Design (a.k.a. security engineering) processes, from requirements to maintenance, ⑵ Threat analysis and attack scenarios, ⑶ Risk management and risk oriented security testing, ⑷ Secure design and architecture, ⑸ Secure coding, ⑹ Security assessment (Common Criteria, CMVP, SSE-CMM, RMF A&A. etc.), ⑺ Software ecosystem and software supply chain security, ⑻ DevSecOps, ⑼ Security automation and tooling, ⑽ Formal verification and other high-assurance methods for security, ⑾ Human-centered design for systems security, ⑿ Blockchain & Crypto Engineering.

Till now, I have written 17 books, 84 SCI(E) papers, 35 patents and, according to Google Scholar, the citations to my works are 4900+ (Published papers in premier conferences : AsiaCrypt(1), BlackHat(7), DEFCON(4), ICCC(10), IEEE MILCOM(1), USENIX Security(1), Virus Bulletin(2)). And I have received the best lecturer award from Korea University in 2012, 2016 (awarded in the top 5%) and from National Human Resources Development Institute in 2019 (awarded in the top 0.3% (=3/800+)). Furthermore, I technically advised the SBS TV drama, "Phantom" and "Treasure Island", and the movie, "The Berlin File".

Over the course of my career, I have held several key positions, including: ▲Team Leader at KISA(Korea Internet & Security Agency) from 1998 to 2004, ▲Associate Professor at Sungkyunkwan University's School of Information and Communication Engineering from 2004 to 2011, ▲Full Professor at Korea University's School of Cybersecurity since 2011, ▲Visiting Professor at Korea Military Academy from 2018 to 2019, ▲Dean of Korea University's School of Smart Mobility from 2022, ▲Vice President for Digital Information of Korea University from 2023.

Besides these activities, I am a a director of AR2C(Army RMF Research Center), a director of CHAOS(Center for High-Assurance Operating Systems), a head of SANE(Security Assessment aNd Engineering) Lab, an adviser of undergraduate hacking club 'CyKor (DEFCON CTF 2015 & 2018 winner)' at the School of Cybersecurity, Korea University from 2011 to February 2020, and a founder/advisory director of an international security & hacking conference 'SECUINSIDE'.

In addition to my academic roles, I have been actively engaged in various governmental advisory committees, such as: ▲Serving as a member of The Presidential Committee on the 4th Industrial Revolution from 2018 to 2020, ▲Acting as a member of The Presidential Defense Innovation Committee from 2023, and The Presidential Committee on AI from 2024, ▲Leading as the President of the KSAEM(Korea Security Association for Emerging Military Technologies), ▲Serving as a committee member of NIS(National Intelligence Service), Ministry of National Defense, Ministry of Justice, Supreme Prosecutors' Office, Korea National Police Agency, and Nuclear Safety and Security Commission, etc.

Notably, as an advisor to the presidential office, I played a pivotal role in the establishment of K-RMF in 2024. In 2025, I led the reform (known as N2SF(National Network Security Framework)) of the national network separation policy, which had been in place for 19 years, and was instrumental in enabling the adoption of the international encryption standard AES within Korea’s public sector.

What Is the Focus of Our Laboratory's Research?

Now, let me talk about our laboratory. Our lab's R&Ds mainly focus on "Security Assessment", "Secure Software Engineering", and "Blockchain". Till now we have gotten some notable achievements such as :

Smart Card : In 2006, smart card O/S, co-worked with Samsung SDS, have earned the Common Criteria EAL4+ certification for the first time in Korea.

Printer (MFP) : In 2008, we co-developed the security modules of MFP (Multifunction Printer) with Samsung Electronics and guided them to get Common Criteria certification for the first time in Korea.
Database : In 2008, we (with WareValley) also received Common Criteria EAL4 certification for database security solution, 'Chakra' for the first time in Korea.
Smart TV : In 2017, LG electronics, which had been working with us, received 'world-first' Common Criteria EAL2 certification for home appliances (smart TV). CC EAL2 is the same security level as Samsung KNOX! (Prior to this, in 2015, we got TTA-verified security certification from TTA(Telecommunications Technology Association), which was well-known security testing and certification laboratory in Korea! (For detailed information refer to this article: "How to Obtain Common Criteria Certification of Smart TV for Home IoT Security and Reliability", Symmetry 2017, 9(10), 233 (IF: 1.457))

K-RMF : At the request of the Joint Chiefs of Staff, from 2016, I started research on the Integrating the RMF(Risk Management Framework) into the Defense Acquisition Management System for the first time in Korea. And related policies began to take effect in April 2024. (For detailed information refer to this article: "Security Evaluation Framework for Military IoT Devices", Security and Communication Networks 2018 (IF: 1.067))
soFrida : In 2019, we developed 'soFrida', which was an automatic vulnerability analysis tool against the mobile cloud app and, among the 4 million android apps, we had identified 2,700+ potentially vulnerable android apps. Our tool was shown for the first time at DEFCON 2019. (For detailed information refer to this site: github.com/HackProof/soFrida)
Secure SDLC : From 2019 to 2020, we had conducted R&D project for diagnosing and improving the current level of Samsung Research's Secure SDLC(Software Development Life Cycle). Through this project, we quantitatively analyzed the difference in Secure SDLC level between Samsung and its competitors, and suggested improvement plans for Secure SDLC optimized for Samsung.
CHAOS(ChibiOS-based High-Assurance Operating System) : Since 2018, we have been developing Korea's first secure micro kernel for drones with a security level above Common Criteria EAL6. (For detailed information refer to this site: github.com/HackProof/CHAOS)
TMoC(Threat Modelers on Chain) : Since 2021, we have been developing a threat modeling tool in the form of a decentralized web. For this, we combined threat modeling with a blockchain-based collective intelligence system. Our tool was presented at DEFCON 2021 and Black Hat Asia 2022. (For detailed information refer to this site: github.com/HackProof/TMoC)
HASUMS(High-Assurance Software Update Management System) : In 2023, we developed a 'HASUMS', an acronym for "High-Assurance Software Update Management System", that meets the requirements of the "UN Regulation No. 156 - Software update and software update management system". To further specify the unclear requirements of UN R156, we used the STRIDE Threat Modeling technique. We also designed, implemented, and formally verified our HASUMS using Event-B and Atelier B. Our tool was presented at NDSS Symposium - VehicleSec 2023. (For detailed information refer to this site: github.com/HackProof/HASUMS)

Highlights of Recent Researches & Activities

2025 Highlights : We are pleased to announce that our paper, "Too Much of a Good Thing: (In-)Security of Mandatory Security Software for Financial Services in South Korea," has been accepted for presentation at USENIX Security 2025. In addition, two of our papers — "Improving CC Evaluation Efficiency Through MAL" and "Maintaining Assurance in Fast-Paced Software Development: Automation, Delta Evaluation, and Applicability to Common Criteria" — have been accepted to ICCC 2025 (The International Common Criteria Conference 2025), the leading global forum for professionals involved in cybersecurity evaluation and certification. Furthermore, our journal papers — "Comprehensive Analysis and Recommendation of Supply Chain Risk Management Framework for the Military Domain," "Deriving Usability Evaluation Criteria for Threat Modeling Tools," and "Threat Modeling for the Defense Industry: Past, Present, and Future" — have been accepted for publication in IEEE Access (Impact Factor: 3.4). Lastly, I am honored to have co-authored a bestselling book this year titled "Money Trends 2026", together with leading investment experts from various sectors including stocks and real estate. I contributed the section on cryptocurrency.

2024 Highlights : I was honored to be appointed as a committee member of "The Presidential Committee on AI", which aims to unify Korea’s national capabilities in artificial intelligence and foster a trustworthy environment for its use. In addition, during my tenure on "The Presidential Defense Innovation Committee", I successfully persuaded the President to revise the network separation policy that had been uniformly applied across all public-sector workplaces. As a result, the National Intelligence Service (NIS) announced a roadmap for transitioning to MLS (Multi-Level Security, also known as N2SF) at CSK 2024 (Cyber Summit Korea 2024) on September 11, 2024. MLS introduces a three-tiered classification system for public operational data — Classified, Sensitive, and Open — with corresponding security controls applied to each level. From an academic perspective, our paper "A Tip for IOTA Privacy: IOTA Light Node Deanonymization via Tip Selection" was accepted as a full paper at IEEE ICBC 2024 (IEEE International Conference on Blockchain and Cryptocurrency 2024), held in Dublin, Ireland (May 27–31, 2024). This year, 35 full papers were accepted out of 181 submissions, resulting in an acceptance rate of 19.34%. Furthermore, our journal paper "Challenges in Dynamic Analysis of Drone Firmware and Its Solutions" was accepted for publication in IEEE Access (Impact Factor: 3.4).

2023 Highlights : I was honored to be appointed as a committee member of "The Presidential Defense Innovation Committee" and to serve as the founding president of the "Korea Security Association for Emerging Military Technologies (K-SAEM)". In addition, I was appointed as the Vice President for Digital Information at Korea University. During my tenure in this role, Korea University was recognized for the first time as the nation’s best ISMS (Information Security Management System) operating university and received a commendation from the MSIT(Minister of Science and ICT) in December 2023. From an academic perspective, our paper "Formally Verified Software Update Management System in Automotive" was presented at the NDSS Symposium – VehicleSec 2023 (Inaugural Symposium on Vehicle Security and Privacy 2023).

2022 Highlights : In this year, I authored four books, among which "Seven Tech" ranked third on the national bestseller list at Korea’s largest bookstore. In terms of research, our paper "TMoC: Threat Modelers on Chain" was presented at Black Hat Asia 2022 Arsenal, while "Block Double-Submission Attack: Block Withholding Can Be Self-Destructive" was presented at ACM AFT 2022 (ACM Advances in Financial Technologies 2022). In addition, our paper "Do You Really Need to Disguise Normal Servers as Honeypots?" was accepted to IEEE MILCOM 2022 (40th IEEE Military Communications Conference 2022), and another paper, "Rethinking Selfish Mining under Pooled Mining," was accepted for publication in ICT Express, which has an Impact Factor of 4.317, ranking 22nd out of 91 journals in the Telecommunications category.

2021 Highlights : As of January 1, 2021, I was appointed as the Head of the Department of Cyber Defense under the School of Cybersecurity at Korea University, and I authored a book titled "Coin War". Furthermore, two papers from our lab were accepted to DEFCON Blockchain Village 2021: "Blockchain as a Threat Modeling Thinking Tool" and "Will Secure Elements Really Help Strengthen the Security of Cryptocurrency Wallets?". In addition, our journal papers — "CIA-Level Driven Secure SDLC Framework for Integrating Security into the SDLC Process" and "Blockchain as a Cyber Defense" — were accepted for publication in the Journal of Ambient Intelligence and Humanized Computing (Impact Factor: 7.104) and IEEE Access (Impact Factor: 3.367), respectively.

2020 Highlights : I was honored to be selected as one of the Best Lecturers of 2019 by the NHI(National HRD Institute) and was also inducted into the NHI Hall of Fame. Since 2012, NHI has selected only three lecturers out of more than 800 each year for this distinction. (This is an interview with the NHI.) In research, our paper "Blockchain for Cyber Defense: Will It Be As Good As You Think?" was presented at DEFCON Blockchain Village 2020, and our university hacking club "CyKor" achieved 8th place in the finals of DEFCON Capture the Flag (CTF) 28. In addition, our paper "BinTyper: Type Confusion Detection for C++ Binaries" was accepted to Black Hat Europe 2020, and "Application of the Common Criteria to Building Trustworthy Automotive SDLC" was accepted to the ICCC 2020 (The 19th International Common Criteria Conference 2020). Finally, our journal paper "Blockchain-Based Sensitive Data Management Using a Key Escrow Encryption System from the Perspective of Supply Chain" was published in IEEE Access (Impact Factor: 4.098).

2019 Highlights : Our paper "When Voice Phishing Met Malicious Android App (Extended Version)" was accepted to Black Hat Asia 2019 with an acceptance rate of 11.95% (35 accepted out of 293 submissions). (See press coverage in DARKReading and Heise.) Another paper, "Fuzzing and Exploiting Virtual Channels in Microsoft Remote Desktop Protocol for Fun and Profit," was accepted to Black Hat Europe 2019. Our discovery of an information leak vulnerability in Microsoft Remote Desktop Client (CVE-2019-1108) earned a $10,000 bug bounty through HackerOne. Furthermore, our automated mobile cloud app analysis tool, "soFrida", was accepted to DEFCON Demo Labs 2019. Using this tool, we analyzed over 4 million Android apps and identified more than 2,700 potentially vulnerable applications capable of leaking sensitive personal data or manipulating back-end cloud databases. (For more details, visit sofrida.github.io.) Additionally, two papers were accepted to the ICCC 2019 (The 18th International Common Criteria Conference) 2019: "IoT Device Hacking and New Direction of IoT Security Evaluation Using Common Criteria" and "Verification of IVI Over-The-Air Using UML/OCL". And one more achievement — my graduate students, JaeKi Kim and Min-Chang Jang, presented "Kimsuky Group: Tracking the King of Spear-Phishing" at VB 2019 (The 29th Virus Bulletin Conference 2019), following their previous presentation at VB 2018. Lastly, I was honored to receive the Proud Alumni Award from Dae-Il Foreign Language High School, South Korea.
2018 Highlights : I was honored to be appointed as a member of "The Presidential Committee on the 4th Industrial Revolution". As a result of the committee’s work, we published the report “Recommendations to the Government for the 4th Industrial Revolution” in October 2019. (Main report available in Korean and English; appendix in Korean.)

And, OMG!, We won the championship again at DEFCON CTF 2018, following our previous victory in 2015!! Our team, "DEFKOR00T" (= DEFKOR + R00timentary), comprised of my undergraduate and graduate students from the School of Cybersecurity at Korea University, together with Prof. Taesoo Kim’s graduate students from the Georgia Institute of Technology, captured the top prize at DEFCON Capture the Flag (CTF) 26. In addition, my graduate students JaeKi Kim and Min-Chang Jang presented "DOKKAEBI: Documents of Korean and Evil Binary" at VB 2018 (Virus Bulletin Conference 2018), and Min-Chang Jang also presented "When Voice Phishing Met Malicious Android App" at CODE BLUE 2018 — which received media and book coverage on KBS1 and SBS. Furthermore, we established the Center for High-Assurance Operating Systems (CHAOS) at Korea University to advance research and development on EAL6/EAL7-grade operating systems and related evaluation technologies.

2017 Highlights : Yes, we did it again, following our presentation at Black Hat USA 2013! Our talk "Are You Watching TV Now? Is It Real?: Hacking of Smart TV with a 0-Day" was presented at Hack in Paris 2017 (See press coverage on 01net.com and the live demo), and another presentation, "LG vs. Samsung Smart TV: Which Is Better for Tracking You?", was delivered at CODE BLUE 2017. In addition, my graduate student Min-Chang Jang gave a talk on forensic studies of North Korean hacking at Black Hat Europe 2017 (featured on Sky News) and later at Black Hat Asia 2018. Furthermore, we established the "Army RMF Research Center (AR²C)" to advance research on Risk Management Framework (RMF) for defense systems.
2016 Highlights : Finally, I received tenure and was honored to be recognized once again as a Best Lecturer, following my previous award in 2012. In addition, I was appointed as an Advisory Committee Member for the PyeongChang 2018 Olympic and Paralympic Winter Games. Furthermore, our paper "Deep Learning-Based Real-Time DNS DDoS Detection System" was accepted as a poster presentation at ACSAC 2016 (The 32nd Annual Computer Security Applications Conference 2016).
2015 Highlights : Finally, we did it! "DEFKOR", a team comprised of my undergraduate and graduate students from the School of Cybersecurity at Korea University together with the security technology team from Raon Secure, a leading IT security solution provider in Korea, won the top prize at the DEFCON Capture the Flag (CTF) 23, held in Las Vegas. DEFCON is the world’s largest international hacking competition, often referred to as the "Hackers’ World Cup." (In 2015, over 4,000 teams participated in the qualifiers, and only 15 advanced to the finals!) In the same year, I was invited to CODE BLUE 2015, where I gave a talk on Korea’s cybersecurity education and professional training programs. (My CODE BLUE presentation slides were even selected as one of the "Most Talked-About Slides on Facebook"!) We also discovered critical vulnerabilities in LTE Femtocell and responsibly disclosed them to the relevant operators and manufacturers. (Research presented at SECUINSIDE 2015.) Additionally, our case study submission "DDoS Attack to DNS Using Infected IoT Devices" was included in the program of ACSAC 2015 (The 31st Annual Computer Security Applications Conference) — one of the world’s most prestigious and longest-running cybersecurity conferences.

2014 Highlights : Finally, our SECUINSIDE CTF winners were pre-qualified for the DEFCON CTF, marking another significant milestone for our team! I was also honored to be appointed as a Visiting Professor at the Korea Military Academy. In addition, our paper "Developing a Protection Profile for Smart TV" was accepted to the ICCC 2014 (The 15th International Common Criteria Conference 2014), and another study, "(The First Experimental) Study on Smart TV Forensics," was published in the Journal of the KIISC (Korean Institute of Information Security and Cryptology). An extended English version, titled "Further Analysis on Smart TV Forensics," was later published in the Journal of Internet Technology (SCI-E, Impact Factor: 1.930).
2013 Highlights : Our research "Smart TV Security – #1984 in the 21st Century" was presented at the CanSecWest 2013 (The 14th CanSecWest Applied Security Conference 2013) and received significant media attention, including coverage from MBC, KBS, Channel IT, and inews24.com, etc. The extended version, titled "Hacking, Surveilling, and Deceiving Victims on Smart TV," was later presented at The 17th Black Hat USA 2013, and was featured by numerous global media outlets such as The Wall Street Journal, The Guardian, Fox News, ZDNet, Network World, Digital Trends, CBS, KBS, and The Electronic Times. The work was also cited in Nitesh Dhanjani’s book "Abusing the Internet of Things: Blackouts, Freakouts, and Stakeouts" (O’Reilly) and the ENISA report "Security and Resilience of Smart Home Environments." Furthermore, two papers from our group were accepted to the ICCC 2013 (The 14th International Common Criteria Conference 2013): "Problem and Improvement of the Composition Documents for Smart Card Composite Product Evaluations" and "How the Common Criteria Harmonizes with the Secure Software Development Lifecycle". And one more thing! Our poster "SHRT – A New Method of URL Shortening Including Relative Words of Target URLs" was presented at the SOUPS 2013 (The Symposium on Usable Privacy and Security 2013).
2012 Highlights : I was honored to be appointed as an Advisory Committee Member to Special Prosecutor Tae-Seok Park for the 2011 Re-Election DDoS Scandal (see press coverage in The Electronic Times). I also served as a technical advisor for the TV drama "Phantom" and the film "The Berlin File". Furthermore, our journal paper "Efficient Certificateless Proxy Signature Scheme with Provable Security" was accepted for publication in Information Sciences (Impact Factor: 3.643).
2011 Highlights : I joined Korea University and established my research laboratory, the "SANE (Security Assessment aNd Engineering) Lab". In addition, together with my colleagues, I co-founded the hacker group "HARU" and the international security and hacking conference "SECUINSIDE" in 2011.
2010 Highlights : Our paper "Protection Profile for E-Certificate Issuance System" was presented at the ICCC 2010 (The 11th International Common Criteria Conference 2010), and "Efficient Secure Group Communications for SCADA" was published in IEEE Transactions on Power Delivery.
2009 Highlights : Our paper "Advanced Key Management Architecture for Secure SCADA Communications" was published in IEEE Transactions on Power Delivery.
2008 Highlights : Our paper "Protection Profile for E-Voting Systems" was accepted to the ICCC 2008 (The 9th International Common Criteria Conference 2008), a leading international conference for professionals and experts in the field of security evaluation.
2007 Highlights : Our journal paper "Cryptanalysis on the Authentication Mechanism of the NateOn Messenger" demonstrated that NateOn, then Korea’s largest messenger service, was vulnerable to replay attacks. (See press coverage in JoongAng Daily and Yonhap News.) Furthermore, our paper "Efficient Password-Authenticated Key Exchange Based on RSA" was presented at the CT-RSA 2007 (The 7th Cryptographers’ Track at RSA Conference 2007), and "Security Weakness in a Three-Party Pairing-Based Protocol for Password-Authenticated Key Exchange" was published in Information Sciences (Impact Factor: 2.147). Lastly, I was honored to receive the NIS(National Intelligence Service) Chief’s Award in recognition of my outstanding contributions to national cybersecurity.
2005 Highlights : Our paper "A Weakness in the Bresson–Chevassut–Essiari–Pointcheval’s Group Key Agreement Scheme for Low-Power Mobile Devices" was published in IEEE Communications Letters.
2004 Highlights : I left the KISA(Korea Information Security Agency) and joined Sungkyunkwan University as an Assistant Professor.
2003 Highlights : We had two papers accepted to the CT-RSA 2003 (The 3rd Cryptographers’ Track at RSA Conference 2003). The first was "Rethinking Chosen-Ciphertext Security under Kerckhoffs’ Assumption," and the second was "An Analysis of Proxy Signatures: Is a Secure Channel Necessary?". Furthermore, our paper "RSA Speedup with Chinese Remainder Theorem Immune against Hardware Fault Cryptanalysis" was published in IEEE Transactions on Computers.
2001 Highlights : Our paper "On the Security of the Okamoto–Tanaka ID-Based Key Exchange Scheme against Active Attacks" was published in IEICE Trans. Fundamentals.
1999 Highlights : "Comments on Password-Based Private Key Download Protocol of NDSS'99" appeared at Electronics Letters (IF:1.164)
1997 Highlights : Our paper "Proxy Signatures, Revisited," presented at the ICICS 1997 (The 1st International Conference on Information and Communication Security 1997), has been cited over 780 times according to Google Scholar. The KPW Proxy Signature Scheme introduced in this work laid the foundation for A. Boldyreva’s provably secure proxy signature scheme, which is now employed for stake delegation in the Cardano (ADA) blockchain.
1996 Highlights : Our paper "Convertible Group Signatures" was presented at The 5th ASIACRYPT 1996, one of the three premier international conferences for cryptography research, alongside CRYPTO and EUROCRYPT.

Media Coverage

I am a frequent speaker and interviewee on Information Security. Some highlights include talks at 'MBC 100 Minute Debate' in February and September 2025, at tvN 'Remarkable Proof' in November 2024, at SBS '꼬리에 꼬리를 무는 그날 이야기' in October 2024, at SBS 'Master In The House' in January 2022, at KBS1 Issue Pick ‘With Teacher' in June 2025, January 2022 and June 2021, at tvN Insight 'Living the New Normal' in December 2020, at KBS1 'Midnight Debate-Live' in March 2020, at KBS1 'Tonight - Kim Jedong' in February 2019, at JTBC 'Lecture' in May 2018 (Note : Lecture material) and May 2025, at EBS1 science documentary 'Beyond' in November 2017, at KBS1 lecture/documentary show 'Good Insight' in July 2016, at KBS1 'Midnight Debate-Live' in March 2016, and at KBS1 'Jang Young Sil Show' in July 2015. You can find my other talks and interviews here, and newspaper columns here.