Revisiting GPS Spoofing in Phasor Measurement: Real-World Exploitation and Practical Detection in Power GridsChunghyo Kim, Juhwan Noh, Esmaeil Ghahremani, Yongdae KimACM Transactions on Privacy and Security, 2025 Enhancing synchrophasor Reliability Through Network-Based Time Synchronization: KEPCO's Practical ApproachChunghyo Kim, Hanbyul Kim, Sangyoum Lee, Juhwan Noh, Esmaeil Ghahremani, Yongdae KimIEEE Power and Energy Magazine, 2025, 23.1: 81-89. Enabling Physical Localization of Uncooperative Cellular DevicesTaekkyungOh, Sangwook Bae, Junho Ahn, Yonghwa Lee, Tuan Dinh Hoang, Min Suk Kang, Nils Ole Tippenhauer, Yongdae Kim30th Annual International Conference on Mobile Computing and Networking (ACM MobiCom 2024) A Systematic Study of Physical Sensor Attack HardnessH Kim, R Bandyopadhyay, MO Ozmen, ZB Celik, A Bianchi, Y. Kim, D XuIEEE Symposium on Security and Privacy (S&P 2024) Lightbox: Sensor Attack Detection for Photoelectric Sensors via Spectrum FingerprintingD Kim, M Cho, H Shin, J Kim, J Noh, and Y. KimACM Transactions on Privacy and Security 26 (4), 2023 Delegation of TLS Authentication to CDNs using Revocable Delegated CredentialsD Yoon, T Chung, Y Kim, Y. KimAnnual Computer Security Applications Conference (ACSAC 2023) BaseComp: A Comparative Analysis for Integrity Protection in Cellular BaseBand SoftwareEunsoo Kim*, Min Woo Baek*, CheolJun Park, Dongkwan Kim, Yongdae Kim, Insu YunUSENIX Conference on Security Symposium (USENIX Security '23) LTESniffer: An Open-source LTE Downlink/Uplink EavesdropperTuan Dinh Hoang, CheolJun Park, Mincheol Son, Teakkyung Oh, Sangwook Bae, Junho Ahn, BeomSeok Oh, and Yongdae Kim16th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec '23) Un-Rocking Drones: Foundations of Acoustic Injection Attacks and Recovery ThereofJinseob Jeong, Dongkwan Kim, Joonha Jang, Juhwan Noh, Changhun Song, and Yongdae KimNetwork and Distributed Systems Security Symposium (NDSS '23) Preventing SIM Box Fraud Using Device FingerprintingBeomSeok Oh*, Junho Ahn*, Sangwook Bae, Mincheol Son, Yonghwa Lee, Min Suk Kang, and Yongdae Kim (*: co-first author)Network and Distributed Systems Security Symposium (NDSS '23)Research Implications: In 2022, we received USD 5 million in funding from the Korean police to develop a network-based solution to combat voice phishing crime. (Voice phishing resulted in financial losses of over USD 0.5 billion in Korea in 2021.) As part of this project, we are developing multiple solutions. The first solution we have published is to develop methodologies to distinguish SIM Box (a VoIP gateway that converts VoIP call to and from cellular call) from other smartphones. The key idea is that fingerprints, which were constructed from network-layer auxiliary information with more than 31K features, are mostly distinct among 85 smartphones as well as SIM boxes. We are currently under discussion with a major operator to test out solution inside their network. Paralyzing Drones via EMI Signal Injection on Sensory Communication Channels (Website)Joonha Jang*, ManGi Cho*, Jaehoon Kim, Dongkwan Kim , and Yongdae KimNetwork and Distributed Systems Security Symposium (NDSS '23)(*: co-first author) HearMeOut: detecting voice phishing activities in AndroidJoongyum Kim, Jihwan Kim, Seongil Wi, Yongdae Kim, and Sooel SonAnnual International Conference on Mobile Systems, Applications and Services (MobiSys '22) Are There Wireless Hidden Cameras Spying on Me?Jeongyoon Heo, Sangwon Gil, Youngman Jung, Jinmok Kim, Donguk Kim, Woojin Park, Yongdae Kim, Kang G. Shin, and Choong-Hoon LeeAnnual Computer Security Applications Conference (ACSAC '22) Revisiting binary code similarity analysis using interpretable feature engineering and lessons learnedDongkwan Kim, Eunsoo Kim, Sang Kil Cha, Sooel Son, and Yongdae KimIEEE Transactions on Software Engineering (IEEE TSE '22) Watching the Watchers: Practical Video Identification Attack in LTE NetworksSangwook Bae, Mincheol Son, Dongkwan Kim, CheolJun Park, Jiho Lee, Sooel Son, and Yongdae KimUSENIX Conference on Security Symposium (USENIX Security '22)Research Implications: DCI (Downlink Control Indicator) refers to the control signaling that is transmitted from the BS to the UE. DCI carries information that is used by the UE to decode the downlink data, such as the resource allocation, the modulation and coding scheme used for the data as well as uplink channel assignment. When the UE receives a DCI, it uses the RNTI to determine if the DCI is intended for it. As none of the information in DCI is encrypted, if an attacker can identify a victim’s RNTI, the attacker can obtain the victim’s resource usage or uplink scheduling. Using the victim’s resource usage, an unprivileged adversary equipped with a software-defined radio can 1) identify mobile users who are watching target videos of the adversary’s interest and then 2) infer the video title that each of these users is watching. DoLTEst: In-depth Downlink Negative Testing Framework for LTE DevicesCheolJun Park*, Sangwook Bae*, BeomSeok Oh, Jiho Lee, Eunkyu Lee, Insu Yun, and Yongdae KimUSENIX Conference on Security Symposium (USENIX Security '22)(*: co-first author)CVEs: CVE-2019-2289, CVE-2021-25516, CVE-2021-30826Research Implications: DoLTEst isa negative testing framework for finding non-standard-compliant bugs in LTE protocol implementations of UEs. DoLTEst is stateful and covers all optional cases. It generates about 1,800 test cases to check vulnerabilities of UEs. This paper was discussed in a 3GPP SA3 meeting. It is currently open-sourced at https://github.com/SysSec- KAIST/DoLTEst. We uncovered 26 implementation flaws from 43 devices from 5 different baseband manufacturers by using DoLTEst. We have received 3 CVEs (CVE-2019-2289 from Qualcomm, CVE-2021-25516 from Samsung, and CVE-2021-30826 from Apple.) The Qualcomm bug allows an authentication bypass in all baseband processors manufactured by Qualcomm, requiring almost one year to finish the patch process. The Trilemma of StablecoinYujin Kwon, Jihee Kim, Yongdae Kim, and Dawn SongSocial Science Research Network (SSRN) 2021 Enabling the Large-Scale Emulation of Internet of Things Firmware With Heuristic WorkaroundsDongkwan Kim*, Eunsoo Kim*, Mingeun Kim, Yeongjin Jang, and Yongdae Kim (*: co-first author)IEEE Security & Privacy (IEEE S&P '21) BaseSpec: Comparative Analysis of Baseband Software and Cellular Specifications for L3 ProtocolsEunsoo Kim*, Dongkwan Kim*, CheulJun Park, Insu Yun, and Yongdae Kim (*: co-first author)Network and Distributed Systems Security Symposium (NDSS '21)Research Implications: This work checks if we can run comparative static analysis of Baseband binaries and Cellular Specifications. The key intuition is that a message decoder in baseband software embeds the protocol specification in a machine-friendly structure to parse incoming messages. With BaseSpec, we analyzed the implementation of cellular standard L3 messages in 18 baseband firmware images of 9 devices models from one of the top three vendors. It is currently open-sourced at https://github.com/SysSec-KAIST/BaseSpec. BaseSpec identified hundreds of functional or potentially vulnerable mismatches. Investigation of these bugs led to 5 functional errors and 4 memory-related vulnerabilities. These bugs are patched by the vendors. FirmAE: Towards Large-Scale Emulation of IoT Firmware for Dynamic AnalysisMingeun Kim, Dongkwan Kim, Eunsoo Kim, Suryeon Kim, Yeongjin Jang, and Yongdae KimAnnual Computer Security Applications Conference (ACSAC '20)CVEs: CVE-2018-19986, CVE-2018-19987, CVE-2018-19988, CVE-2018-19989, CVE-2018-19990, CVE-2018-20114, CVE-2019-11399, CVE-2019-11400, CVE-2019-20082, CVE-2019-20084, CVE-2019-6258 The System That Cried Wolf: Sensor Security Analysis of Wide-area Smoke Detectors for Critical InfrastructureHocheol Shin, Juhwan Noh, Dohyun Kim, and Yongdae KimACM Transactions on Privacy and Security (ACM TOPS), Vol. 23 No. 3, Article 15, 2020 Amnesiac DRAM: A Proactive Defense Mechanism Against Cold Boot AttacksHoseok Seol, Min-Hye Kim, Yongdae Kim, Taesoo Kim, and Lee-Sup KimIEEE Transactions on Computers (To appear) SoK: A Minimalist Approach to Formalizing Analog Sensor SecurityChen Yan, Hocheol Shin, Connor Bolton, Wenyuan Xu, Yongdae Kim, and Kevin FuIEEE Symposium on Security and Privacy (IEEE S&P '20) 이통통신 보안의 현재와 미래김용대 (Yongdae Kim)정보보호학회지 (KIISC), Vol 29, No. 5, 2019 An Eye for an Eye: Economics of Retaliation in Mining PoolsYujin Kwon, Hyoungshick Kim, Yung Yi, Yongdae KimACM Advances in Financial Technology (ACM AFT '19) Impossibility of Full Decentralization in Permissionless BlockchainsYujin Kwon, Jian Liu, Minjeong Kim, Dawn Song, Yongdae KimACM Advances in Financial Technology (ACM AFT '19) Who Spent My EOS? On the (In)Security of Resource Management of EOS.IOSangsup Lee, Daejun Kim, Dongkwan Kim, Sooel Son, Yongdae KimUSENIX Workshop on Offensive Technologies (USENIX WOOT '19) Hiding in Plain Signal: Physical Signal Overshadowing Attack on LTEHojoon Yang, Sangwook Bae, Mincheol Son, Hongil Kim, Songmin Kim, and Yongdae KimUSENIX Conference on Security Symposium (USENIX Security '19)Research Implications: 4G and 5G cellular networks do not provide protection for the integrity of broadcasting, paging, or some unicasting messages, making them vulnerable to Man-in-the-Middle (MitM) attacks. An MitM attacker can hijack and modify these unauthenticated messages by implementing a fake base station (FBS) and a fake user equipment (UE). To the victim UE and the victim BS, the FBS and the fake UE should look like a legitimate BS and UE, respectively. Implementing a fully functional cellular MitM attacker is a complex task, as none of the academic papers have successfully done so. Therefore, instead of implementing this type of attacker, we implemented signal overshadowing, where the attacker overwrites the broadcast message from the base station to UEs (i.e. downlink). It took a total of two years to implement this attack, as the overshadowing signal had to be sent with precise timing and frequency. Our intention was to spark renewed discussions on how to protect these unauthenticated cellular messages within standard bodies. The initial response from GSMA was disappointing as they viewed this work as only academically interesting. However, it turned out to be important for both academia and standard bodies. After it was initially discussed in 2019 Reno 97th 3GPP meeting (S3-194063), a lot of documents (and probably discussions) tried to address this attack accross multiple 3GPP meetings: TSGS3_100Bis-e (S3-202556,S3-202738, S3-202740), TSGS3_100e (S3-202026, S3-202109, S3-202150), TSGS3_101e (S3-202983, S3-202984, S3-203158, S3-203160, S3-203364, S3-203447), TSGS3_102Bis-e (S3-211345), TSGS3_102e (S3-210131, S3-210778, S3-210783), TSGS3_103e (S3-212351), TSGS3_104e (S3-212748,S3-213244), TSGS3_105e (S3-214408), and TSGS3_107e (S3-221266). In addition, the attack is extended to sigover attack over unicast channel by us, layer 2 messages by Tan et. al. and uplink channel by Erni et. al. Doppelgängers on the Dark Web: A Large-scale Assessment on Phishing Hidden Web ServicesChanghoon Yoon, Kwanwoo Kim, Yongdae Kim, Seungwon Shin, and Sooel SonThe World Wide Web Conference (WWW ’19) Is Stellar As Secure As You Think?Minjeong Kim, Yujin Kwon, Yongdae KimIEEE Security and Privacy on the Blockchain (IEEE S&B '19)Webpage: https://sites.google.com/view/stellar-analysisMedia: CoinTelegraph: Stellar’s Blockchain Briefly Goes Offline, Confirming the Project Lacks DecentralizationSafety vs. Liveness in the Stellar Network, David MazièresResearch Implications: We show that all of the nodes in Stellar cannot run Stellar consensus protocol if only two nodes fail. In MAY 15, 2019 5:00 AM (UTC/GMT), Stellar actually stopped as we forecasted, as reported by CoinTelegraph. Tractor Beam: Safe-hijacking of Consumer Drones with Adaptive GPS SpoofingJuhwan Noh, Yujin Kwon, Yunmok Son, Hocheol Shin, Dohyun Kim, Jaeyeong Choi, Yongdae KimACM Transactions on Privacy and Security (ACM TOPS), Vol. 22, No. 2, Article 12, 2019 Bitcoin vs. Bitcoin Cash: Coexistence or Downfall of Bitcoin Cash?Yujin Kwon, Hyoungshick Kim, Jinwoo Shin, Yongdae KimIEEE Symposium on Security and Privacy (IEEE S&P '19) Cybercriminal Minds: An investigative study of cryptocurrency abuses in the Dark WebSeunghyeon Lee, Changhoon Yoon, Heedo Kang, Yeonkeun Kim, Yongdae Kim, Dongsu Han, Sooel Son, and Seungwon ShinNetwork and Distributed Systems Security Symposium (NDSS '19) Hidden Figures: Comparative Latency Analysis of Cellular Networks with Fine-grained State Machine ModelsSangwook Bae, Mincheol Son, Sooel Son, and Yongdae Kim ACM International Workshop on Mobile Computing Systems and Applications (ACM HotMobile '19) Touching the Untouchables: Dynamic Security Analysis of the LTE Control PlaneHongil Kim, Jiho Lee, Eunkyu Lee, and Yongdae KimIEEE Symposium on Security and Privacy (IEEE S&P '19)CVEs: CVE-2019-5307, CVE-2019-20783Research Implications:For the first time, we tested carrier network as an academia. We sent negative test cases (i.e. test cases that are prohibited by the standard, e.g. messages with wrong message authentication code) to the operator network or smartphones, in order to see if they are dropped by the receiving parties. As a result, we uncovered 51 vulnerabilities (36 new and 15 previously known). Check LTEFuzz site for details. Immediately after the paper is published online, we’ve received inquiries from many operators if we can visit their site to test their networks. Unfortunately, we could not provide service to commercial operators, as students did not want to provide commercial services. We’ve also communicated with device vendors such as Apple, Samsung, Qualcomm, LG, Huawei, and Ericsson helping their patching process. Cellular security companies such as P1Security and Positive Technologies now provide protocol security testing. We have received two CVEs (CVE-2019-20783 from LG and CVE-2019-5307 from Huawei.) This was also featured in multple media outlets, such as ZDNet,SecurityWeek, Huawei, Engadget, Tech Xplore, Security Affairs, E-Crypto, Cybersecurity Insiders, Israel Defense, ITPro, UK, TGDaily, Gizmodo, and DailyMail, UK. LTEFuzz paper was discussed in three SA3 meetings: TSGS3_95_Reno (S3-191230), TSGS3_97_Reno (S3-194063). TSGS3_101e (S3-202878). Peeking over the Cellular Walled Gardens - A Method for Closed Network Diagnosis Byeongdo Hong, Shinjo Park, Hongil Kim, Dongkwan Kim, Hyunwook Hong, Hyunwoo Choi, Jean-Pierre Seifert, Sung-Ju Lee and Yongdae Kim IEEE Transactions on Mobile Computing (IEEE TMC), Vol. 17, No. 10, 2018Research Implications: We collected 6.4M control plane messages from 28 operators in 11 countries using 95 USIMs by generating 52K voice call events. Through this extensive dataset, we aimed to understand and confirm Pr2. We examined each control plane message to identify operators with abnormal processing times, sequence of events, or signaling failures. This study revealed a total of 7 bugs that occurred in only a few operators. For instance, a UE in a US operator experienced out-of-service for 11 seconds due to location update collisions. We confirmed that comparative analysis between operators is an effective way to detect performance bugs and their root causes. Unfortunately, we are unable to release this dataset as it contains personal information. GyrosFinger: Fingerprinting Drones for Location Tracking based on the Outputs of MEMS Gyroscopes Yunmok Son, Juhwan Noh, Jaeyeong Choi and Yongdae Kim ACM Transactions on Privacy and Security (ACM TOPS), Vol. 21, No. 2, Article 10, 2018 GUTI Reallocation Demystified: Cellular Location Tracking with Changing Temporary Identifier Byeongdo Hong, Sangwook Bae, and Yongdae Kim Network and Distributed Systems Security Symposium (NDSS '18)Research Implications: In LTE, a mechanism called GUTI_Reallocation is employed, which forcibly changes the GUTI after each instance of its exposure in a message. This requirement, though, does not enforce either the linkability or unpredictability of the changing IDs. We verified if this is the case with a large dataset we built (a dataset containing 6.4M control plane messages from 28 operators in 11 countries). Out of 28 carriers, 20 carriers have at least one byte fixed (GUTI is 4 byte long), allowing the attacker to fingerprint a particular user. More detailed analysis on 4 carriers showing seemingly random assignment reveals that the attacker can make the GUTI unchanged after invoking GUTI_reallocation multiple times within a short time period. This paper played an important role to add unpredictability of GUTI in LTE, discussed in S3-220075. Now in 5G, unpredictability in GUTI after every exposure is mandatory. Unfortunately, a recent report about China and our measurement in Korea show that this is not the case. Be Selfish and Avoid Dilemmas: Fork After Withholding (FAW) Attacks on Bitcoin Yujin Kwon, Dohyun Kim, Yunmok Son, Eugene Vasserman, and Yongdae Kim ACM Conference on Computer and Communications Security (ACM CCS '17) Illusion and Dazzle: Adversarial Optical Channel Exploits against Lidars for Automotive Applications Hocheol Shin, Dohyun Kim, Yujin Kwon, and Yongdae Kim Conference on Cryptographic Hardware and Embedded Systems (CHES '17) Research Implications: This analyzes the security of Velodyne VLP-16, which can be used for self-driving cars. We showed that one can either blind it or generate fake dots (even closer than the attackers). AFAWK, none of the LIDARs still protect against our attacks. (Please let us know if you find one.) When Cellular Networks Met IPv6: Security Problems of Middleboxes in IPv6 Cellular Networks Hyunwook Hong, Hyunwoo Choi, Dongkwan Kim, Hongil Kim, Byeongdo Hong, Jiseong Noh, and Yongdae Kim IEEE European Symposium on Security and Privacy (IEEE EuroS&P '17)Research Implications: This is the first study analyzing security of middleboxes within cellular networks. Enabling Automatic Protocol Behavior Analysis for Android Applications Jeongmin Kim, Hyunwoo Choi, Hun Namkung, Woohyun Choi, Byungkwon Choi, Hyunwook Hong, Yongdae Kim, Jonghyup Lee, Dongsu Han International Conference on emerging Networking EXperiments and Technologies (ACM CoNEXT '16) PIkit: A New Kernel-Independent Processor-Interconnect Rootkit Wonjun Song, Hyunwoo Choi, Junhong Kim, Eunsoo Kim, Yongdae Kim, and John Kim USENIX Conference on Security Symposium (USENIX Security '16) Sampling Race: Bypassing Timing-based Analog Active Sensor Spoofing Detection on Analog-digital Systems Hocheol Shin, Yunmok Son, Youngseok Park, Yujin Kwon, and Yongdae Kim USENIX Workshop on Offensive Technologies (USENIX WOOT '16) This ain't your dose: Sensor Spoofing Attack on Medical Infusion Pump Youngseok Park, Yunmok Son, Hocheol Shin, Dohyun Kim, and Yongdae Kim USENIX Workshop on Offensive Technologies (USENIX WOOT '16) Doppelganger in Bitcoin Mining Pools: An Analysis of the Duplication Share AttackYujin Kwon, Dohyun Kim, Yunmok Son, Jaeyeong Choi, Yongdae Kim World Conference on Information Security Applications (WISA '16) Pay As You Want: Bypassing Charging System in Operational Cellular NetworksHyunwook Hong, Hongil Kim, Byeongdo Hong, Dongkwan Kim, Hyunwoo Choi, Eunkyu Lee and Yongdae Kim World Conference on Information Security Applications (WISA '16) Dissecting Customized Protocols: Automatic Analysis for Customized Protocols based on IEEE 802.15.4Kibum Choi, Yunmok Son, Juhwan Noh, Hocheol Shin, Jaeyeong Choi and Yongdae Kim ACM Conference on Security and Privacy in Wireless and Mobile Networks (ACM WiSec '16) Best Paper Award Timing Attacks on Access Privacy in Information Centric Networks and Countermeasures Aziz Mohaisen, Hesham Mekky, Xinwen Zhang, Haiyong Xie and Yongdae Kim IEEE Transactions on Dependable and Secure Computing (IEEE TDSC), vol.12 no.6, 2015 Breaking and Fixing VoLTE: Exploiting Hidden Data Channels and Mis-implementationsHongil Kim*, Dongkwan Kim*, Minhee Kwon, Hyungseok Han, Yeongjin Jang, Dongsu Han, Taesoo Kim, and Yongdae Kim ACM Conference on Computer and Communications Security (ACM CCS '15) (*: co-first author)CVEs: CVE-2015-6614, VU#943167Research Implications:This is our first security testing paper. Using 60 security test cases in 5 operators (3 in Korea, 2 in the US), we found 10 new vulnerabilities (4 accounting bypasses, 2 caller spoofing attacks, 2 DoS attacks, and so on). The vulnerabilities were jointly disclosed with the US Cyber Emergency Response Team (US Cert) as VU#943167. At the time, none of the US operators acknowledged the vulnerabilities, but they later patched them silently. After this investigation, we received funding from SK Telecom to start investigating security of LTE networks. We were invited to make a presentation at GSMA, the organization of the operators. The findings were covered by multiple media outlets, such as IT World, Nexus Security Bulletin, DSLReports, Softpedia, tom’s guide, Pocketnow, FierceMobileIT, Techworm, Neowin, and Network World. Frying PAN: Dissecting Customized Protocol for Personal Area NetworkKibum Choi, Yunmok Son, Jangjun Lee, Suryeon Kim, and Yongdae Kim International Workshop on Information Security Applications (WISA '15) Security Analysis of FHSS-type Drone ControllerHocheol Shin, Kibum Choi, Youngseok Park, Jaeyeong Choi, and Yongdae Kim International Workshop on Information Security Applications (WISA '15) Research Implications: We found that FHSS implemented by FrSky has a weakness. In particular, we found that it repeats the hopping sequence after 141 random hopping. This means that after observing RF channel over 1.5 seconds, one can exactly predict the future hoping sequence. BurnFit: Analyzing and Exploiting Wearable DevicesDongkwan Kim, Suwan Park, Kibum Choi, and Yongdae Kim International Workshop on Information Security Applications (WISA '15) Best Paper Award Extractocol: Automatic Extraction of Application-level Protocol Behaviors for Android ApplicationsHyunwoo Choi, Jeongmin Kim, Hyunwook Hong, Yongdae Kim, Jonghyup Lee, and Dongsu Han ACM Conference on Special Interest Group on Data Communication. (ACM SIGCOMM '15, poster) Rocking Drones with Intentional Sound Noise on Gyroscopic SensorsYunmok Son, Hocheol Shin, Dongkwan Kim, Youngseok Park, Juhwan Noh, Kibum Choi, Jungwoo Choi, Yongdae Kim USENIX Conference on Security Symposium. (USENIX Security '15) Research Implications: This paper shows that sound can knock drone down. Playing sound on resonance frequency of gyroscope sensor in IMU of a drone causes significant fluctuation of rotor speeds due to the popular control algorithm called PID. This was the 1st time we realized "anti-drone" solution is important. In 2020, Sandia National Lab has published a report "Assessing the Vulnerability of Unmanned Aircraft Systems to Directed Acoustic Energy" to see if "sound" can be an effective anti-drone solution.
Towards Complete Node Enumeration in a Peer-to-Peer BotnetB. Kang, E. Chan-Tin, C. Lee, J. Tyra, H. Kang, C. Nunnery, Z. Wadler, G. Sinclair, N. Hopper, D. Dagon, and Y. Kim ACM Symposium on Information, Computer & Communication Security (ACM AsiaCCS '09) Secure Localization with Phantom Node DetectionJ. Hwang, T. He, Y. Kim Ad Hoc Networks, Volume 6, Issue 7 (September 2008) Elsevier. Provably Secure Timed-Release Public Key Encryption.J. Cheon, N. Hopper, Y. Kim, I. Osipkov,(alphabetical order. Main author of the paper is I. Osipkov.) ACM Transactions on Information Systems Security (ACM TISSEC), Volume 11 , Issue 2 (March 2008). Attacking the Kad NetworkP. Wang, J. Tyra, E. Chan-Tin, T. Malchow, D. Foo Kune, N. Hopper, and Y. Kim. International Conference on Security and Privacy in Communication Networks (SecureComm '08)Research Implications: eMule folks have patched and improved their routing security. ------------------------ Jun, 27. 2008 ------------------------.: Several changes were made to Kad in order to defy routing attacks researched by University of Minnesota guys [Peng Wang, James Tyra, Eric Chan-Tin, Tyson Malchow, Denis Foo Kune, Nicholas Hopper, Yongdae Kim], in particular:.: Kad contacts will only be able to update themself in others routing tables if they provide the proper key (supported by 0.49a+ nodes) in order to make it impossible to hijack them.: Kad uses now a three-way-handshake (or for older version a similar check) for new contacts, making sure they do not use a spoofed IP.: Unverified contacts are not used for routing tasks and a marked with a special icon in the GUI