CODEGATE 2019
닫기

컨텐츠

submit your paper

Technical Session

Overview
Date 27th of March, 2019
Location

Session (1) Security : COEX Grand ballroom Room 103, Seoul

Session (2) Blockchain : COEX Grand ballroom Room 104~105, Seoul

Technical Session(1) Security
  • Ga-won ChoKorea, IBM Korea

    Ga-won Cho is an IT professional with more than 20 years of experience in various areas of software development, solution building and technical engineering.
    Since 2008, he has supported IBM Korea in the information governance field and over the past two years, he has served as a leader in data security technology in the Asia-Pacific region. As a cyber security expert, he is currently responsible for the Information Risk and Protection security technology domains of the Security Business Department, including data security, account fraud identification, and cloud security.

    Title : Next-generation security for digital ID fraud prevention

  • Tae hyun, KiCEO at Blockchain Security

    He is a professor of Cyber security at Ewha womans university and a famous expert of Cyber Security in Korea

    Title : Breaking Microsoft Edge Extensions Security Policies

    To be updated.

  • Jung-hoon, ShinKorea, Theori
    신정훈

    Shin Jung-hoon and Jung Hye-jin, who met through Korea Information Technology Research Institute (KITRI)’s next-generation security leader training program BoB (Best of the Best) will be presenting as mentor-mentee for the dissemination and analysis of HDMI vector attack.

    Title : Anatomy of hdmi attack vector

    In HDMI, there are not only TMDS protocol that transmits video and audio data but CEC, DDC and ARC protocols that provide different functions. We would like to introduce in the codegate
    1) What is the HDMI protocol
    2) Why these protocols can be regarded as attack vectors
    3) The introducing fuzzer we created
    4) Finally the vulnerability found.

  • Hye-jin, JungKorea, Soongsil University
    정혜진

    Shin Jung-hoon and Jung Hye-jin, who met through Korea Information Technology Research Institute (KITRI)’s next-generation security leader training program BoB (Best of the Best) will be presenting as mentor-mentee for the dissemination and analysis of HDMI vector attack.

    Title : Anatomy of hdmi attack vector

    In HDMI, there are not only TMDS protocol that transmits video and audio data but CEC, DDC and ARC protocols that provide different functions. We would like to introduce in the codegate
    1) What is the HDMI protocol
    2) Why these protocols can be regarded as attack vectors
    3) The introducing fuzzer we created
    4) Finally the vulnerability found.

  • Moon soo, JangKorea, Korean National Security Research Institute

    Title : Development Plan to Train & Combat Cyber Security Issues

    Difficulties arise when dealing with critical issues regarding cyber space as it is borderless and cannot be fully controlled by a single individual. Therefore this presentation consists of analysis from corresponding training and capacity building operations and concludes that seeking new ways to combat such threats through training and expanding of security is essential.

  • Junbo ShimKorea, BlackPERL Security

    Junbo Shim(aka passket) is one of famous hacker in Republic of Korea. He give many advisory about security to Gov., and also interested in 0-day finding, exploiting and reverse engineering

    Title : Deserialize Unchained Blockchain

    In making decision, blockchain system is according to the principle of majority rule basically. Many security problem lies in every system like a organism, blockchain systems consist of block and block, node and token, contract of node to note involving security. This talk will be give you insight to modern blockchain system and make a security hole.

Technical Session(2) Blockchain
  • Jino Masaaki HaroJapan, Columbia University

    J. Haro is an undergraduate student at Columbia University in the City of New York and an independent researcher who has previously spoken at DEFCON China and Code Blue. Haro helped run Dr. Sam Bowne's DEFCON 26 workshops and is currently among the most frequent users of the VirusBay research platform, mostly focusing on malware and targeted attack simulations; although current projects involve work on differential privacy under the guidance of Jeannette Wing at the Fu Foundation School of Engineering.

    Title : Targeted Attacks on the Blockchain

    This talk follows the process of a targeted attack on a specific company's custom blockchain system, including language-based attacks, container-based attacks, and custom malware. Following these processes in detail, we discuss the aftermath and response of the entity in question, from the various parties that became involved or interested in the investigation to the final alternate approach. In the end, we consider possible attacks against the final version of the system released for testing among 15 global financial corporations - including UBS, Credit Suisse, and IHS Markit - and what the end of the testing phase this month may lead to.

  • Jong hyuck, SongKorea, Samsung Research

    - Security team at Samsung Research (2016 ~ current)
    - Ph.D. D in CSE, POSTECH (2008 ~ 2015)
    - B.S. in CSE, POSTECH(2004 ~ 2008)
    * DEFCON 17, 19, 25 CTF Finalist (PLUS, hacking4danbi)

    Title : Breaking Pseudo-Random Number Generator in Ethereum Smart Contracts

    Generating random number in Ethereum smart contracts is very difficult because the execution result of smart contracts should be deterministic on multiple nodes, running multiple times. Despite the difficulties, many smart contracts such as game, lottery, and gambling have implemented their own Pseudo-Random Number Generator (PRNG).However, most of them are vulnerable, so attackers can easily exploit it even if they are not miners.  Even though many researchers have suggested tools to verify smart contracts, they cannot detect the vulnerable PRNG.s This talk will classify types of the vulnerable PRNGs and show the real-world examples. Also, it will explain how to exploit them with the detailed analysis.  There are 4 major types of the vulnerable PRNG to be introduced in this presentation.

  • Kyrylo ChykhradzeUkraine, Bitfury Crystal
    Kyrylo Chykhradze

    Kyrylo Chykhradze is the Head of Crystal, Bitfury’s investigative analytics tool for blockchain and cryptocurrencies. He joined Bitfury after having worked at the Russian Academy of Sciences for more than 5 years. During that period he was also a scientific advisor for students of leading Russian universities including the Moscow Institute of Physics and Technology and the National Research University Higher School of Economics. His academic areas of focus were graph theory and real-world network analysis.

    Title : Investigating Crypto Hacks with Crystal Analytics

    Kyrylo Chykhradze, the head of Product of Crystal Blockchain, will demonstrate how to use the Crystal blockchain analytics platform to investigate cyber attacks related to cryptocurrencies (including ransomware, exchange hacks, and more) using real examples from Crystal’s investigations. Attendees will learn how to use Crystal’s industry-leading connections, filtering and tracking features to analyze transactions on the Bitcoin, Bitcoin Cash and Ethereum blockchains.

  • Kyoungmin KimKorea, Code4Block

    Bachelor’s degree at Korea University, Department of Cyber Defense Blockchain research group, Team Code4Block Project Manager Report various smart contract CVE

    Title : Practical Detection of Access Control Vulnerabilities in Smart Contract

    It is extremely challenging to write a smart contract developed in a domain-specific language safely and reliably. Since, many smart contract breaches have occurred, its security interest has increased and various automated smart contract security tools have emerged. This speech introduces the existing smart contract vulnerabilities and argues the methodology and differences of various security tools (such as OYENTE, Mithril, etc.)
    However, this paper introduces access control vulnerabilities that existing diagnostic tools have not been able to validate, and introduces the background why the vulnerability class was challenging to diagnose. Furthermore, the speaker introduces security tool that detect the access control vulnerability. The security tool developed in this study experimented a sample of 48,399 smart contract codes which have been deployed in ethereum blockchain. The study have found that there are more than 170 vulnerabilities which has currently used by lots of vendors through the security tools.

  • Jinkyung LeeKorea, Code4Block

    Bachelor’s degree at Seoul Woman’s University, Department of Information Security Blockchain research group, Team Code4Block Consulting Manager

    Title : Practical Detection of Access Control Vulnerabilities in Smart Contract

    It is extremely challenging to write a smart contract developed in a domain-specific language safely and reliably. Since, many smart contract breaches have occurred, its security interest has increased and various automated smart contract security tools have emerged. This speech introduces the existing smart contract vulnerabilities and argues the methodology and differences of various security tools (such as OYENTE, Mithril, etc.)
    However, this paper introduces access control vulnerabilities that existing diagnostic tools have not been able to validate, and introduces the background why the vulnerability class was challenging to diagnose. Furthermore, the speaker introduces security tool that detect the access control vulnerability. The security tool developed in this study experimented a sample of 48,399 smart contract codes which have been deployed in ethereum blockchain. The study have found that there are more than 170 vulnerabilities which has currently used by lots of vendors through the security tools.

  • Seung-pil HongKorea, A senior vice president of Korea Society of Blockchain

    Professor Hong Seung-pil currently serves as senior vice president of the Korea Society of Blockchain, which represents the domestic blockchain academic community.
    Professor Hong Seung-pil, a former Ph.D. in computer science at KAIST, was appointed as a member of the Personal Information Protection Assessment Committee in Ministry of the Interior and Safety and Security in 2016 and a member of the FinTech Expert Committee of the Financial Services Commission.

    Title : Security and Blockchain in Smartcity

    This aims to understand the present status and future of Smart City through case studies and suggest the necessity of security and interlocking with blockchain. We will present current status of blockchain issues and global trends through practical implementation examples. Also plan to propose business strategies and future plans from the aspect of technology.

  • Eugene AseevSingapore, CTO at Chainstack
    Eugene Aseev

    Eugene Aseev is the CTO and co-founder of Chainstack. He has strong roots in engineering, cybersecurity, and research, with more than 10 years of experience in leading top R&D teams on a global scale.
    Prior to Chainstack, he held the role of VP of Engineering at Acronis where his contributions have led to the development of Acronis Active Protection and Acronis Notary. He also spearheaded the security research team at GeoEdge and headed the anti-malware team in a leading cybersecurity company.
    Eugene has worked with blockchain technologies for more than 3 years in projects involving research on blockchain for data protection and building productiongrade solutions on Ethereum.
    Eugene holds a Master’s degree in Computer Science from Bauman Moscow State Technical University and a CISSP certification. He has authored various publications in cybersecurity and has done multiple public speaking engagements, workshops, and training sessions. He currently resides in Singapore, where Chainstack is based.

    Title : Distributed Ledger Security in the Enterprise Environment

    Businesses are actively experimenting with blockchain and broader distributed ledger technology (DLT) for compelling use cases in supply chain, logistics, healthcare, and other markets. Building a decentralized solution might bring a lot of benefits with regards to transparency and streamlining of operations between multiple parties involved in the business process, but also introduces a completely new kind of risk. DLT is a complex, immature and rapidly changing technology, which requires a mindful approach to security and privacy in the enterprise context. In this talk, various cybersecurity challenges introduced by DLT implementation will be introduced together with potential solutions.

사업자명 : ⓒ코드게이트보안포럼I사업자등록번호 : 195-82-00022I대표자명 : 신용섭
주소 : 10th, Hancom Tower, 49 Daewangpangyo-ro 644 Beon-gil, Bundang-gu, Seongnam-si, Gyeonggi-do ©CODEGATE. All Rights Reserved.