AI System Security
Prompt InjectionInformation LeakResponsible ModelSafety FilteringSoftware Security
ReversingBinary Code Similarity AnalysisAutomatic Exploit GenerationCellular Network Security
Baseband ExploitControl PlaneIMSCharging BypassCore NetworkCyber-Physical System Security
Drone HijackingCar HackingWearable DevicesSensor SpoofingEMI InjectionRobots
Dongkwan Kim
Security Engineer [at] Samsung Security Center
Samsung SDS, 125, Olympic-ro 35-gil, Songpa-gu, Seoul, KR, 05510
Korean, English
Background
Bio
Bio
Dongkwan Kim is a highly interdisciplinary security researcher and engineer with expertise in AI, IoT, mobile/cellular systems, and cyber-physical systems, including drones and automobiles. He has authored multiple top-tier research papers, holds patents, and has delivered talks at various industry and academic venues, sharing insights that advance these fields (see his recent slides on AI service security). Known for his strong communication skills, he has won awards at hacking contests and led the KAIST hacking team in organizing CTFs such as Samsung CTF ’17 and ’18.
In the Advanced Penetration Testing Group at the Samsung Security Center, he plays a pivotal role in “Red Team” efforts, applying interdisciplinary approaches to address previously overlooked enterprise security threats across all Samsung affiliates, collaborating closely with various companies and their departments. His current focus is on securing AI services across a broad spectrum, from cloud infrastructure to on-device applications and models, ensuring robust and secure environments.
In the Advanced Penetration Testing Group at the Samsung Security Center, he plays a pivotal role in “Red Team” efforts, applying interdisciplinary approaches to address previously overlooked enterprise security threats across all Samsung affiliates, collaborating closely with various companies and their departments. His current focus is on securing AI services across a broad spectrum, from cloud infrastructure to on-device applications and models, ensuring robust and secure environments.
Research Interests
Research Interests
Work Experience
Work Experience
Security Engineer, Advanced Penetration Testing Group, Samsung Security Center, Samsung SDS
Aug, 2022 - Present2 years
Carrying out Red Team work to proactively prevent security threats to products and services of all Samsung affiliates.Ph.D. and Postdoctoral Researcher, KAIST
Mar, 2014 - Jul, 20228 years 5 months
Successfully completed 17 industrial & governmental projects, leading 7 projects (See cv for more details)Security Engineer (Intern), Pinion Industries
Dec, 2013 - Feb, 20142 months
Car hacking compnay. Exploited various components in a car including network systems, AVN, telematics, smartkey, and ECUs. Members of Pinion Industries are now working for Hyundai.Student Senior, KAIST Computer Emergency Response Team (CERT)
Sep, 2010 - Dec, 20122 years 4 months
Investigated security incidents, successfully identified the culprit in one case, leading to their apprehension by the police.- Student Team Leader (2011. 9. 1 ~ 2012. 8. 31)
Education
Education
Electrical Engineering, Ph.D., KAIST
Mar, 2016 - Feb, 2022
Electrical Engineering, M.S., KAIST
Mar, 2014 - Feb, 2016
Software and System Security, Visiting Scholar, EURECOM
Jun, 2014 - Jul, 2014
Computer Science, Bachelor, KAIST
Feb, 2010 - Feb, 2014
Recent Talks (Selected)
Recent Talks (Selected)
AI Security Primer: Red Team Perspectives on Navigating New Threats and Safeguarding AI Frontier [Slides (Korean)]
Dongkwan Kim
.HACK Conference, Theori
Link: Schedule2024-05-28
Scaling up Vulnerability Analysis of IoT Devices with Heuristics and Binary Code Similarity [Slides]
Dongkwan Kim
Colloquium Fall 2023, School of Cybersecurity, Korea University
Link: Schedule2023-10-25
Publications
Publications
BaseComp: A Comparative Analysis for Integrity Protection in Cellular Baseband Software [PDF] [Slides] [Code]
Eunsoo Kim*, Min Woo Baek*, CheolJun Park, Dongkwan Kim, Yongdae Kim, Insu Yun
Proceedings of the 32st USENIX Security Symposium (Security'23)
Aug 10, 2023
Un-Rocking Drones: Foundations of Acoustic Injection Attacks and Recovery Thereof [PDF] [Slides] [Site] [Code & Data]
Jinseob Jung, Dongkwan Kim, Joonha Jang, Juhwan Noh, Changhun Song, and Yongdae Kim
Proceedings of the 2023 Annual Network and Distributed System Security Symposium (NDSS'23)
Mar 02, 2023
Paralyzing Drones via EMI Signal Injection on Sensory Communication Channels [PDF] [Slides] [Site]
Joonha Jang*, ManGi Cho*, Jaehoon Kim, Dongkwan Kim , and Yongdae Kim
Proceedings of the 2023 Annual Network and Distributed System Security Symposium (NDSS'23)
Mar 02, 2023
Watching the Watchers: Practical Video Identification Attack in LTE Networks [PDF] [Slides] [Site]
Sangwook Bae, Mincheol Son, Dongkwan Kim, CheolJun Park, Jiho Lee, Sooel Son, and Yongdae Kim
Proceedings of the 31st USENIX Security Symposium (Security'22)
Aug 10, 2022
Revisiting Binary Code Similarity Analysis using Interpretable Feature Engineering and Lessons Learned [PDF] [Benchmark] [Tool]
Dongkwan Kim, Eunsoo Kim, Sang Kil Cha, Sooel Son, and Yongdae Kim
IEEE Transactions on Software Engineering (TSE'22)
Jul 01, 2022
Improving Large-Scale Vulnerability Analysis of IoT Devices with Heuristics and Binary Code Similarity [PDF] [Slides] [Code]
Dongkwan Kim
Ph.D. Thesis
Feb 18, 2022
Enabling the Large-Scale Emulation of Internet of Things Firmware With Heuristic Workarounds [PDF]
Dongkwan Kim, Eunsoo Kim, Mingeun Kim, Yeongjin Jang, and Yongdae Kim
IEEE Security & Privacy
May 14, 2021
BaseSpec: Comparative Analysis of Baseband Software and Cellular Specifications for L3 Protocols [PDF] [Slides] [Code]
Dongkwan Kim*, Eunsoo Kim*, CheolJun Park, Insu Yun, and Yongdae Kim
Proceedings of the 2021 Annual Network and Distributed System Security Symposium (NDSS'21)
Feb 24, 2021
FirmAE: Towards Large-Scale Emulation of IoT Firmware forDynamic Analysis [PDF] [Slides] [Code]
Mingeun Kim, Dongkwan Kim, Eunsoo Kim, Suryeon Kim, Yeongjin Jang, and Yongdae Kim
Proceedings of the 2020 Annual Computer Security Applications Conference (ACSAC'20)
Link: Reported CVEs and PoC exploits,Dec 11, 2020
Who Spent My EOS? On the (In)Security of Resource Management of EOS.IO [PDF] [Slides]
Sangsup Lee, Daejun Kim, Dongkwan Kim, Sooel Son, and Yongdae Kim
Proceedings of the 13th USENIX Workshop on Offensive Technologies (WOOT'19)
Media: CoinSpice,...Aug 13, 2019
Peeking over the Cellular Walled Gardens - A Method for Closed Network Diagnosis [PDF]
Byeongdo Hong, Shinjo Park, Hongil Kim, Dongkwan Kim, Hyunwook Hong, Hyunwoo Choi, Jean-Pierre Seifert, Sung-Ju Lee, and Yongdae Kim
IEEE Transactions on Mobile Computing (TMC'18)
Feb 12, 2018
When Cellular Networks Met IPv6: Security Problems of Middleboxes in IPv6 Cellular Networks [PDF]
Hyunwook Hong, Hyunwoo Choi, Dongkwan Kim, Hongil Kim, Byeongdo Hong, Jiseong Noh, and Yongdae Kim
Proceedings of the 2nd IEEE European Symposium on Security and Privacy (EuroS&P'17)
Apr 28, 2017
Pay As You Want: Bypassing Charging System in Operational Cellular Networks [PDF]
Hyunwook Hong, Hongil Kim, Byeongdo Hong, Dongkwan Kim, Hyunwoo Choi, Eunkyu Lee and Yongdae Kim
Proceedings of the 17th International Workshop on Information Security Applications (WISA'16)
Aug 26, 2016
Dissecting VoLTE: Exploiting Free Data Channels and Security Problems [PDF]
Dongkwan Kim
M.S. Thesis
Feb 19, 2016
Breaking and Fixing VoLTE: Exploiting Hidden Data Channels and Mis-implementations [PDF] [Slides]
Dongkwan Kim*, Hongil Kim*, Minhee Kwon, Hyungseok Han, Yeongjin Jang, Dongsu Han, Taesoo Kim, and Yongdae Kim
Proceedings of the 22nd ACM Conference on Computer and Communications Security (CCS'15)
Media: CVE-2015-6614,Nexus Security Bulletin,CERT,DSLReports,IT World,Softpedia,tom's guide,Pocketnow,FierceMobileIT,Techworm,Neowin,Network World,...Oct 13, 2015
BurnFit: Analyzing and Exploiting Wearable Devices [PDF] [Slides] Best Paper
Dongkwan Kim, Suwan Park, Kibum Choi, Yongdae Kim
Proceedings of the 16th International Workshop on Information Security Applications (WISA'15)
Aug 26, 2015
Rocking Drones with Intentional Sound Noise on Gyroscopic Sensors [PDF] [Slides]
Yunmok Son, Hocheol Shin, Dongkwan Kim, Youngseok Park, Juhwan Noh, Kibum Choi, Jungwoo Choi, and Yongdae Kim
Proceedings of the 24th USENIX Security Symposium (Security'15)
Media: Popular Science,New York Daily,Discover Magazine,Defense Systems,IBTimes,Sputnik,Techworm,Slashdot,Network World,Gizmodo,...Aug 14, 2015
Analyzing Security of Korean USIM-based PKI Certificate Service [PDF]
Shinjo Park, Suwan Park, Insu Yun, Dongkwan Kim, Yongdae Kim
Proceedings of the 15th International Workshop on Information Security Applications (WISA'14)
Aug 26, 2014
High-speed automatic segmentation of intravascular stent struts in optical coherence tomography images [PDF]
Myounghee Han, Dongkwan Kim, Wang-Yuhl Oh, and Sukyoung Ryu
Proceedings of SPIE Biomedical Optics, Photonics West 2013 (BiOS'13)
Feb 02, 2013
Awards
Awards
Finalist to Defcon 27 CTF (team. KaisHack GoN)
Aug 09, 2019
Finalist to Defcon 26 CTF (team. KaisHack+PLUS+GoN)
Aug 09, 2018
HDCON CTF 1st Prize $20,000 (team. maxlen)
Organized by Ministry of Science and ICT
Nov 30, 2017
Whitehat Contest 2017 1st Prize $30,000 (team. Old GoatskiN)
Organized by Ministry of National Defense
Nov 27, 2017
Codegate CTF 3rd Prize $5,000 (team. Old GoatskiN)
Organized by Ministry of Science, ICT and Future Planning of Korea
Apr 12, 2017
Finalist to Defcon 24 CTF (team. KaisHack GoN)
Aug 05, 2016
Whitehat Contest 2014 1st Prize $20,000 (team. Syssec)
Organized by Ministry of National Defense and National Intelligence Service of Korea
Nov 18, 2014
Finalist to Defcon 22 CTF (team. KAIST GoN)
Aug 08, 2014
HDCON CTF Silver Prize $2,000 (team. GoN)
Organized by Korea Internet & Security Agency (KISA)
Dec 04, 2013
Whitehat Contest 2013 1st Prize $20,000 (team. KAIST GoN)
Organized by Ministry of National Defense and National Intelligence Service
Oct 02, 2013
Finalist to Defcon 20 CTF (team. KAIST GoN)
Jul 27, 2012
HDCON CTF Silver Prize $2,000 (team. KAIST GoN)
Organized by Korea Internet & Security Agency (KISA)
Jul 11, 2012
Codegate YUT CTF 3rd Prize $5,000 (team. KAIST GoN)
Organized by Ministry of Science, ICT and Future Planning of Korea
Apr 03, 2012
ISEC CTF 1st Prize $10,000 (team. GoN)
Organized by Ministry of the Interior and Safety
Sep 21, 2011
PADOCON CTF 1st Prize $1,000 (team. GoN)
Organized by PAraDOx CONference (union of undergraduate hacking groups)
Jan 31, 2011
References
References
Dr. Yongdae Kim [www]
Professor of Electrical Engineering (EE) and Graduate School of Information Security (GSIS), KAIST
yongdaek@kaist.ac.krDr. Sang Kil Cha [www]
Director of Cyber Security Research Center (CSRC), KAIST, and Associate Professor of School of Computing (CS) and GSIS, KAIST
sangkilc@kaist.ac.krDr. Sooel Son [www]
Associate Professor of CS and GSIS, KAIST
sl.son@kaist.ac.krDr. Yeongjin Jang [www]
Principal Software Engineer
y.jang1@samsung.comDr. Insu Yun [www]
Assistant Professor of EE and GSIS, KAIST
insuyun@kaist.ac.krDr. Sukyoung Ryu [www]
Head of CS, KAIST
sryu.cs@kaist.ac.kr