This page has only limited features, please log in for full access.

Unclaimed
Sang-Gon Lee
College of Software Convergence, Dongseo University, Busan 47011, Korea

Honors and Awards

The user has no records in this section


Career Timeline

The user has no records in this section.


Short Biography

The user biography is not available.
Following
Followers
Co Authors
The list of users this user is following is empty.
Following: 0 users

Feed

Journal article
Published: 28 March 2021 in IoT
Reads 0
Downloads 0

Since the inception of the Internet of Things (IoT), we have adopted centralized architecture for decades. With the vastly growing number of IoT devices and gateways, this architecture struggles to cope with the high demands of state-of-the-art IoT services, which require scalable and responsive infrastructure. In response, decentralization becomes a considerable interest among IoT adopters. Following a similar trajectory, this paper introduces an IoT architecture re-work that enables three spheres of IoT workflows (i.e., computing, storage, and networking) to be run in a distributed manner. In particular, we employ the blockchain and smart contract to provide a secure computing platform. The distributed storage network maintains the saving of IoT raw data and application data. The software-defined networking (SDN) controllers and SDN switches exist in the architecture to provide connectivity across multiple IoT domains. We envision all of those services in the form of separate yet integrated peer-to-peer (P2P) overlay networks, which IoT actors such as IoT domain owners, IoT users, Internet Service Provider (ISP), and government can cultivate. We also present several IoT workflow examples showing how IoT developers can adapt to this new proposed architecture. Based on the presented workflows, the IoT computing can be performed in a trusted and privacy-preserving manner, the IoT storage can be made robust and verifiable, and finally, we can react to the network events automatically and quickly. Our discussions in this paper can be beneficial for many people ranging from academia, industries, and investors that are interested in the future of IoT in general.

ACS Style

Yustus Oktian; Elizabeth Witanto; Sang-Gon Lee. A Conceptual Architecture in Decentralizing Computing, Storage, and Networking Aspect of IoT Infrastructure. IoT 2021, 2, 205 -221.

AMA Style

Yustus Oktian, Elizabeth Witanto, Sang-Gon Lee. A Conceptual Architecture in Decentralizing Computing, Storage, and Networking Aspect of IoT Infrastructure. IoT. 2021; 2 (2):205-221.

Chicago/Turabian Style

Yustus Oktian; Elizabeth Witanto; Sang-Gon Lee. 2021. "A Conceptual Architecture in Decentralizing Computing, Storage, and Networking Aspect of IoT Infrastructure." IoT 2, no. 2: 205-221.

Conference paper
Published: 28 November 2020 in Proceedings of International Conference on Big Data, Machine Learning and Applications
Reads 0
Downloads 0

Improper configuration of web applications or servers can lead to various security flaws. Security misconfiguration is ranked number 6 on the OWASP top 10 2017 list, meaning it is a critical risk in web applications that web developers need to focus on. The exploitation of this kind of vulnerabilities can lead to exploitation of other severe vulnerabilities and complete compromise of web applications. In this paper, we collaborate with security experts from a web security company to propose a tool to detect security misconfigurations in web applications. Our proposed tool, BitScanner, can effectively identify misconfiguration issues in all web applications regardless of the platform and technology they are built. The proposed tool is to enable web developers to fix any misconfiguration issues in applications before deployment in real development scenarios. Evaluation results show that our proposed tool has higher detection coverage and avoids false positives.

ACS Style

Sandra Kumi; ChaeHo Lim; Sang-Gon Lee; Yustus Oko Oktian; Elizabeth Nathania Witanto. Automatic Detection of Security Misconfigurations in Web Applications. Proceedings of International Conference on Big Data, Machine Learning and Applications 2020, 91 -99.

AMA Style

Sandra Kumi, ChaeHo Lim, Sang-Gon Lee, Yustus Oko Oktian, Elizabeth Nathania Witanto. Automatic Detection of Security Misconfigurations in Web Applications. Proceedings of International Conference on Big Data, Machine Learning and Applications. 2020; ():91-99.

Chicago/Turabian Style

Sandra Kumi; ChaeHo Lim; Sang-Gon Lee; Yustus Oko Oktian; Elizabeth Nathania Witanto. 2020. "Automatic Detection of Security Misconfigurations in Web Applications." Proceedings of International Conference on Big Data, Machine Learning and Applications , no. : 91-99.

Journal article
Published: 26 September 2020 in Applied Sciences
Reads 0
Downloads 0

As the usage growth rate of Internet of Things (IoT) devices is increasing, various issues related to these devices need attention. One of them is the distribution of the IoT firmware update. The IoT devices’ software development does not end when the manufacturer sells the devices to the market. It still needs to be kept updated to prevent cyber-attacks. The commonly used firmware update process, over-the-air (OTA), mostly happens in a centralized way, in which the IoT devices directly download the firmware update from the manufacturer’s server. This central architecture makes the manufacturer’s server vulnerable to single-point-of-failure and latency issues that can delay critical patches from being applied to vulnerable devices. The Open Connectivity Foundation (OCF) is one organization contributing to providing interoperability services for IoT devices. In one of their subject areas, they provide a firmware update protocol for IoT devices. However, their firmware update process does not ensure the integrity and security of the patches. In this paper, we propose a blockchain-based OCF firmware update for IoT devices. Specifically, we introduce two types of firmware update protocol, direct and peer-to-peer updates, integrated into OCF firmware update specifications. In the direct scenario, the device, through the IoT gateway, can download the new firmware update from the manufacturer’s server. Meanwhile, in the peer-to-peer scheme, the device can query the update from the nearby gateways. We implemented our protocol using Raspberry Pi hardware and Ethereum-based blockchain with the smart contracts to record metadata of the manufacturer’s firmware updates. We evaluated the proposed system’s performance by measuring the average throughput, the latency, and the firmware update distribution’s duration. The analysis results indicate that our proposal can deliver firmware updates in a reasonable duration, with the peer-to-peer version having a faster completion time than the direct one.

ACS Style

Elizabeth Nathania Witanto; Yustus Eko Oktian; Sang-Gon Lee; Jin-Heung Lee. A Blockchain-Based OCF Firmware Update for IoT Devices. Applied Sciences 2020, 10, 6744 .

AMA Style

Elizabeth Nathania Witanto, Yustus Eko Oktian, Sang-Gon Lee, Jin-Heung Lee. A Blockchain-Based OCF Firmware Update for IoT Devices. Applied Sciences. 2020; 10 (19):6744.

Chicago/Turabian Style

Elizabeth Nathania Witanto; Yustus Eko Oktian; Sang-Gon Lee; Jin-Heung Lee. 2020. "A Blockchain-Based OCF Firmware Update for IoT Devices." Applied Sciences 10, no. 19: 6744.

Journal article
Published: 03 September 2020 in Electronics
Reads 0
Downloads 0

The state-of-the-art centralized Internet of Things (IoT) data flow pipeline has started aging since it cannot cope with the vast number of newly connected IoT devices. As a result, the community begins the transition to a decentralized pipeline to encourage data and resource sharing. However, the move is not trivial. With many instances allocating data or service arbitrarily, how can we guarantee the correctness of IoT data or processes that other parties offer. Furthermore, in case of dispute, how can the IoT data assist in determining which party is guilty of faulty behavior. Finally, the number of Service Level Agreement (SLA) increases as the number of sharing grows. The problem then becomes how we can provide a natural SLA generation and verification that we can automate instead of going through a manual and tedious legalization process through a trusted third party. In this paper, we explore blockchain solutions to answer those issues and propose continued data integrity services for IoT big data management. Specifically, we design five integrity protocols across three phases of IoT operations—during the transmission of IoT data (data in transit), when we physically store the data in the database (data at rest), and at the time of data processing (data in process). In each phase, we first lay out our motivations and survey the related blockchain solutions from the literature. We then use curated papers from our surveys as building blocks in designing the protocol. Using our proposal, we augment the overall value of IoT data and commands, generated in the IoT system, as they are now tamper-proof, verifiable, non-repudiable, and more robust.

ACS Style

Yustus Eko Oktian; Sang-Gon Lee; Byung-Gook Lee. Blockchain-Based Continued Integrity Service for IoT Big Data Management: A Comprehensive Design. Electronics 2020, 9, 1434 .

AMA Style

Yustus Eko Oktian, Sang-Gon Lee, Byung-Gook Lee. Blockchain-Based Continued Integrity Service for IoT Big Data Management: A Comprehensive Design. Electronics. 2020; 9 (9):1434.

Chicago/Turabian Style

Yustus Eko Oktian; Sang-Gon Lee; Byung-Gook Lee. 2020. "Blockchain-Based Continued Integrity Service for IoT Big Data Management: A Comprehensive Design." Electronics 9, no. 9: 1434.

Journal article
Published: 25 June 2020 in Electronics
Reads 0
Downloads 0

Many researchers challenge the possibility of using blockchain and smart contracts to disrupt the Internet of Things (IoT) architecture because of their security and decentralization guarantees. However, the state-of-the-art blockchain architecture is not scalable enough to satisfy the requirements of massive data traffics in the IoT environment. The main reason for this issue is one needs to choose the consensus trade-off between either coping with a high throughput or a high number of nodes. Consequently, this issue prevents the applicability of blockchain for IoT use cases. In this paper, we propose a scalable two-tiered hierarchical blockchain architecture for IoT. The first tier is a Core Engine, which is based on a Practical Byzantine Fault Tolerance (PBFT) consensus to cope with a high throughput, that supervises the underlying subordinate engines (sub-engines) as its second tier. This second tier comprises of the Payment, Compute, and Storage Engine, respectively. We can deploy multiple instances of these sub-engines as many as we need and as local as possible near to the IoT domains, where IoT devices reside, to cope with a high number of nodes. Furthermore, to further extend the scalability of the proposed architecture, we also provide additional scalability features on the Core Engine such as request aggregation, request prioritization, as well as sub-engine parallelism. We implement all of our engines and expose them to IoT applications through the Engine APIs. With these APIs, developers can build and run IoT applications in our architecture. Our evaluation results show that our proposed features on the Core Engine can indeed enhance the overall performance of our architecture. Moreover, based on our proof-of-concept IoT car rental application, we also show that the interoperability between sub-engines through the Core Engine is possible, even when the particular sub-engine is under sub-engine parallelism.

ACS Style

Yustus Eko Oktian; Sang-Gon Lee; Hoon Jae Lee. Hierarchical Multi-Blockchain Architecture for Scalable Internet of Things Environment. Electronics 2020, 9, 1050 .

AMA Style

Yustus Eko Oktian, Sang-Gon Lee, Hoon Jae Lee. Hierarchical Multi-Blockchain Architecture for Scalable Internet of Things Environment. Electronics. 2020; 9 (6):1050.

Chicago/Turabian Style

Yustus Eko Oktian; Sang-Gon Lee; Hoon Jae Lee. 2020. "Hierarchical Multi-Blockchain Architecture for Scalable Internet of Things Environment." Electronics 9, no. 6: 1050.

Article
Published: 18 May 2017 in Journal of Network and Systems Management
Reads 0
Downloads 0

Implementing REST API for SDN is quite challenging compared to conventional web services. First, the state transfers in SDN are more complex among network devices, controllers, and applications. Second, SDN provides more granular resources in both the controller and the network device itself. Those challenges require SDN to have a proper REST API security definition, which is currently not available in most of the SDN controllers. In this paper, we propose and implement a REST API security module for SDN controller based on OAuth 2.0. We answer the SDN REST API security challenges by presenting novel access control parameters to cope with the granular resources introduced by SDN. Our prototype maintains the best trade-off between performance and safety by generating a maximum value of 15% overhead during our benchmark. It also offers a customizable and flexible access control for the network in various use cases.

ACS Style

Yustus Eko Oktian; Sang-Gon Lee; JunHuy Lam. OAuthkeeper: An Authorization Framework for Software Defined Network. Journal of Network and Systems Management 2017, 26, 147 -168.

AMA Style

Yustus Eko Oktian, Sang-Gon Lee, JunHuy Lam. OAuthkeeper: An Authorization Framework for Software Defined Network. Journal of Network and Systems Management. 2017; 26 (1):147-168.

Chicago/Turabian Style

Yustus Eko Oktian; Sang-Gon Lee; JunHuy Lam. 2017. "OAuthkeeper: An Authorization Framework for Software Defined Network." Journal of Network and Systems Management 26, no. 1: 147-168.

Research article
Published: 23 August 2016 in Mobile Information Systems
Reads 0
Downloads 0

In software-defined network (SDN), the southbound protocol defines the communication between the control plane and the data plane. The agreed protocol, OpenFlow, suggests securing the southbound communication with Transport Layer Security (TLS). However, most current SDN projects do not implement the security segment, with only a few exceptions such as OpenDayLight, HP VAN SDN, and ONOS implementing TLS in the southbound communication. From the telecommunication providers’ perspective, one of the major SDN consumers besides data centers, the data plane becomes much more complicated with the addition of wireless data plane as it involves numerous wireless technologies. Therefore, the complicated resource management along with the security of such a data plane can hinder the migration to SDN. In this paper, we propose securing the distributed SDN communication with a multidomain capable Identity-Based Cryptography (IBC) protocol, particularly for the southbound and wireless data plane communication. We also analyze the TLS-secured Message Queuing Telemetry Transport (MQTT) message exchanges to find out the possible bandwidth saved with IBC.

ACS Style

JunHuy Lam; Sang-Gon Lee; Hoon-Jae Lee; Yustus Eko Oktian. Securing SDN Southbound and Data Plane Communication with IBC. Mobile Information Systems 2016, 2016, 1 -12.

AMA Style

JunHuy Lam, Sang-Gon Lee, Hoon-Jae Lee, Yustus Eko Oktian. Securing SDN Southbound and Data Plane Communication with IBC. Mobile Information Systems. 2016; 2016 ():1-12.

Chicago/Turabian Style

JunHuy Lam; Sang-Gon Lee; Hoon-Jae Lee; Yustus Eko Oktian. 2016. "Securing SDN Southbound and Data Plane Communication with IBC." Mobile Information Systems 2016, no. : 1-12.

Book chapter
Published: 29 June 2016 in Lecture Notes in Electrical Engineering
Reads 0
Downloads 0

East/West-bound communication is the communication channel which exists only in the distributed software-defined network (SDN) that governs the communication within the control plane of the network. Unlike most SDN projects, that have neglected the security of, and have achieved east/west-bound communication with the assistance of a network application on the management plane through the representational state transfer (REST) application program interface (API), the Open Networking Operating System (ONOS) was designed with distributed functionality as one of its core features. Hence, it supports both the native intra-cluster and the network application’s inter-cluster communication. In this paper, the transport layer security (TLS) channel for ONOS’s native east/west-bound communication was implemented and the performance impact was evaluated.

ACS Style

Jun Huy Lam; Sang-Gon Lee; Hoon-Jae Lee; Yustus Eko Oktian. TLS Channel Implementation for ONOS’s East/West-Bound Communication. Lecture Notes in Electrical Engineering 2016, 397 -403.

AMA Style

Jun Huy Lam, Sang-Gon Lee, Hoon-Jae Lee, Yustus Eko Oktian. TLS Channel Implementation for ONOS’s East/West-Bound Communication. Lecture Notes in Electrical Engineering. 2016; ():397-403.

Chicago/Turabian Style

Jun Huy Lam; Sang-Gon Lee; Hoon-Jae Lee; Yustus Eko Oktian. 2016. "TLS Channel Implementation for ONOS’s East/West-Bound Communication." Lecture Notes in Electrical Engineering , no. : 397-403.

Journal article
Published: 13 August 2014 in Sensors
Reads 0
Downloads 0

Internet of Things is a ubiquitous concept where physical objects are connected over the internet and are provided with unique identifiers to enable their self-identification to other devices and the ability to continuously generate data and transmit it over a network. Hence, the security of the network, data and sensor devices is a paramount concern in the IoT network as it grows very fast in terms of exchanged data and interconnected sensor nodes. This paper analyses the authentication and access control method using in the Internet of Things presented by Jing et al. According to our analysis, Jing et al.’s protocol is costly in the message exchange and the security assessment is not strong enough for such a protocol. Therefore, we propose improvements to the protocol to fill the discovered weakness gaps. The protocol enhancements facilitate many services to the users such as user anonymity, mutual authentication, and secure session key establishment. Finally, the performance and security analysis show that the improved protocol possesses many advantages against popular attacks, and achieves better efficiency at low communication cost.

ACS Style

Bruce Ndibanje; Hoon-Jae Lee; Sang-Gon Lee. Security Analysis and Improvements of Authentication and Access Control in the Internet of Things. Sensors 2014, 14, 14786 -14805.

AMA Style

Bruce Ndibanje, Hoon-Jae Lee, Sang-Gon Lee. Security Analysis and Improvements of Authentication and Access Control in the Internet of Things. Sensors. 2014; 14 (8):14786-14805.

Chicago/Turabian Style

Bruce Ndibanje; Hoon-Jae Lee; Sang-Gon Lee. 2014. "Security Analysis and Improvements of Authentication and Access Control in the Internet of Things." Sensors 14, no. 8: 14786-14805.

Journal article
Published: 11 February 2014 in Sensors
Reads 0
Downloads 0

Robust security is highly coveted in real wireless sensor network (WSN) applications since wireless sensors’ sense critical data from the application environment. This article presents an efficient and adaptive mutual authentication framework that suits real heterogeneous WSN-based applications (such as smart homes, industrial environments, smart grids, and healthcare monitoring). The proposed framework offers: (i) key initialization; (ii) secure network (cluster) formation (i.e., mutual authentication and dynamic key establishment); (iii) key revocation; and (iv) new node addition into the network. The correctness of the proposed scheme is formally verified. An extensive analysis shows the proposed scheme coupled with message confidentiality, mutual authentication and dynamic session key establishment, node privacy, and message freshness. Moreover, the preliminary study also reveals the proposed framework is secure against popular types of attacks, such as impersonation attacks, man-in-the-middle attacks, replay attacks, and information-leakage attacks. As a result, we believe the proposed framework achieves efficiency at reasonable computation and communication costs and it can be a safeguard to real heterogeneous WSN applications.

ACS Style

Pardeep Kumar; Mika Ylianttila; Andrei Gurtov; Sang-Gon Lee; Hoon-Jae Lee. An Efficient and Adaptive Mutual Authentication Framework for Heterogeneous Wireless Sensor Network-Based Applications. Sensors 2014, 14, 2732 -2755.

AMA Style

Pardeep Kumar, Mika Ylianttila, Andrei Gurtov, Sang-Gon Lee, Hoon-Jae Lee. An Efficient and Adaptive Mutual Authentication Framework for Heterogeneous Wireless Sensor Network-Based Applications. Sensors. 2014; 14 (2):2732-2755.

Chicago/Turabian Style

Pardeep Kumar; Mika Ylianttila; Andrei Gurtov; Sang-Gon Lee; Hoon-Jae Lee. 2014. "An Efficient and Adaptive Mutual Authentication Framework for Heterogeneous Wireless Sensor Network-Based Applications." Sensors 14, no. 2: 2732-2755.

Journal article
Published: 07 February 2012 in Sensors
Reads 0
Downloads 0

A wireless medical sensor network (WMSN) can sense humans’ physiological signs without sacrificing patient comfort and transmit patient vital signs to health professionals’ hand-held devices. The patient physiological data are highly sensitive and WMSNs are extremely vulnerable to many attacks. Therefore, it must be ensured that patients’ medical signs are not exposed to unauthorized users. Consequently, strong user authentication is the main concern for the success and large scale deployment of WMSNs. In this regard, this paper presents an efficient, strong authentication protocol, named E-SAP, for healthcare application using WMSNs. The proposed E-SAP includes: (1) a two-factor (i.e., password and smartcard) professional authentication; (2) mutual authentication between the professional and the medical sensor; (3) symmetric encryption/decryption for providing message confidentiality; (4) establishment of a secure session key at the end of authentication; and (5) professionals can change their password. Further, the proposed protocol requires three message exchanges between the professional, medical sensor node and gateway node, and achieves efficiency (i.e., low computation and communication cost). Through the formal analysis, security analysis and performance analysis, we demonstrate that E-SAP is more secure against many practical attacks, and allows a tradeoff between the security and the performance cost for healthcare application using WMSNs.

ACS Style

Pardeep Kumar; Sang-Gon Lee; Hoon-Jae Lee. E-SAP: Efficient-Strong Authentication Protocol for Healthcare Applications Using Wireless Medical Sensor Networks. Sensors 2012, 12, 1625 -1647.

AMA Style

Pardeep Kumar, Sang-Gon Lee, Hoon-Jae Lee. E-SAP: Efficient-Strong Authentication Protocol for Healthcare Applications Using Wireless Medical Sensor Networks. Sensors. 2012; 12 (2):1625-1647.

Chicago/Turabian Style

Pardeep Kumar; Sang-Gon Lee; Hoon-Jae Lee. 2012. "E-SAP: Efficient-Strong Authentication Protocol for Healthcare Applications Using Wireless Medical Sensor Networks." Sensors 12, no. 2: 1625-1647.

Journal article
Published: 04 May 2011 in Sensors
Reads 0
Downloads 0

In recent years, wireless sensor networks (WSNs) have been considered as a potential solution for real-time monitoring applications and these WSNs have potential practical impact on next generation technology too. However, WSNs could become a threat if suitable security is not considered before the deployment and if there are any loopholes in their security, which might open the door for an attacker and hence, endanger the application. User authentication is one of the most important security services to protect WSN data access from unauthorized users; it should provide both mutual authentication and session key establishment services. This paper proposes a robust user authentication framework for wireless sensor networks, based on a two-factor (password and smart card) concept. This scheme facilitates many services to the users such as user anonymity, mutual authentication, secure session key establishment and it allows users to choose/update their password regularly, whenever needed. Furthermore, we have provided the formal verification using Rubin logic and compare RUASN with many existing schemes. As a result, we found that the proposed scheme possesses many advantages against popular attacks, and achieves better efficiency at low computation cost.

ACS Style

Pardeep Kumar; Amlan Jyoti Choudhury; Mangal Sain; Sang-Gon Lee; Hoon-Jae Lee. RUASN: A Robust User Authentication Framework for Wireless Sensor Networks. Sensors 2011, 11, 5020 -5046.

AMA Style

Pardeep Kumar, Amlan Jyoti Choudhury, Mangal Sain, Sang-Gon Lee, Hoon-Jae Lee. RUASN: A Robust User Authentication Framework for Wireless Sensor Networks. Sensors. 2011; 11 (5):5020-5046.

Chicago/Turabian Style

Pardeep Kumar; Amlan Jyoti Choudhury; Mangal Sain; Sang-Gon Lee; Hoon-Jae Lee. 2011. "RUASN: A Robust User Authentication Framework for Wireless Sensor Networks." Sensors 11, no. 5: 5020-5046.