슬라이드 1 - Ahope Co., Ltd.

Transcription

English
Company Profile
February 2016
1
Ahope Confidential & Proprietary
Company overview
Name
Ahope Co., Ltd.
CEO
Yeonwoo Kim
Established
Established July 31, 2003
Member
40 +
Address
1st Fl., Hotel Prince Seoul Annex, 11-8, 22gil Toegyero, Jung-gu, Seoul, South Korea
Contact
TEL : +82. 2. 556. 4801
Homepage
http://www.ahope.net
FAX : +82. 2. 556. 4802
• Cryptography and PKI systems development, network-related security system development
Area
• Security and system development for mobile platforms
• Distributed processing-based system integration business
2
HISTORY
2015
2014
 Dev of IoT Mobile App (DawonDNS)
 Dev of Room mediation system (web, mobile)
 Acquire GS license for ‘APP Shields v2.6’
 Dev of PaynowBiz update (LGU+)
 Exhibit in GMV(Global Mobile Vision) 2015
 Security Consulting on mobile app (Hyundai)
 Exhibit in CTIA(USA) 2015
 Exhibit in GMV(Global Mobile Vision) 2014
 Exhibit in Interop London 2015
 Deploy AUSMS (unified security management system)
 Security consulting on IoT platform (Samsung)
 Deploy Security Checker (PC, mobile)
 Dev of Integrated Sales Solution (LGU+)
 Exhibit in Interop Tokyo 2014
 Release ‘APP Shields Online Service’
 APP Shields - contract with Hyundai
 Exhibit in GSMA MWC 2015
3
HISTORY
2013
2010~1997
 Registered a number of patents on off-load
 Release Cartoon Viewer/Editor for mobile
 Dev of Paynow biz marketing platform (LGU+)
 Supply MWLAN (LGU+)
 APP Shields – contract with KB Card
 Dev of T-money issuing system (T-monet)
 Dev of Kmotion, App-card Service (KB Card)
 Established in 2003
 Dev of security solutions based on WAVE (Hyundai)
 Security Consulting on Account system (Samsung)
1996
2012/2011
 Launch a business with a financial engineering solution
 WISPr Client – contract with Verizon
 Dev of CAN Secure Interface for vehicles
 Prior development of off-load (LGU+)
4
SOLUTION
& SERVICE
5
Security Consulting
Process
 Security consulting was made from a practical perspective, based on development know-hows
of network solutions with LGU+(carrier), and many security modules(SSL,VPN,MDM, etc.)
 In the case of designing security infrastructure, we’re proposing best adaptive products and
solutions reflecting characteristics of the system at the stage of security strategy planning.
 Vulnerabilities check is a prerequisite step to understand the current security level of this
system. We scan them with a tool, and inspect them manually with check lists.
 In case of simulated hacking, we judge whether an attack is actually possible based on precalculated scenarios, and report and demonstrate it to customers with the counter-measures.
Requirement
definition
•Requirement analysis
and interview
•Documentation
Service
Service
research & vulnerability Penetration
test
analysis
Analysis
•Check current system
•Interview with
authorities
•Check DB structure
•Check client use-case
•Check protocol
definitions
•Documentation
Interim
Report
Security
strategy
planning
•Server(DB,OS)
•Simulated hacking
vulnerability analysis
system (pre-agreed)
•Client(Application)
vulnerability analysis •Reporting
•Network
vulnerability analysis
•Documentation
6
Final
Report
Security Consulting
APK files
De-compile
Android simulated hacking
Virus
App
APK Repackaging
(malware)
Source
Analysis
Malware
App
Rooted phone
Dex2jar decompile
(Java source)
Java source
analysis
Smali code
modification
APK extraction
APKtool decompile
(Smali code)
Smali code
analysis
APK Repackaging
(apktool)
Virus, Malware App
test
Android
Masterkey applied
(log analysis and
dynamic tracking)
※ Derive a possible attack
scenario from vulnerability,
and take a feasibility test
 Create various scenarios accessing to critical information assets from a PC or a mobile phone. Conduct a penetration test, bypassing or
abnormally the authentication, after deliberations over the long period.
 Android devices account for a significant market share globally, and it also have security risks due to the nature of an open platform. More
focus on android vulnerabilities issues, and exploitation techniques would be the only solution for upcoming mobile service environment.
 In the case of reverse engineering attack, we can diagnose it more professionally and scan with our product(APP Shields), which is
a solution of apk obfuscation.
7
Security Consulting
Development
Know-How
Features and Benefits
Network
experience
Knowledge of security tech
 Our engineers have extensive experiences
with security solution developments and
various SI projects and are well versed in
trendy hacking technologies and source
code analysis.
 We have extensive know-hows in
implementing IPSec-based VPN,
wireless network and IP flow
based solutions for various
systems.
 Our laboratory covers kernels and lowlevel networks programming.
 We suggest practical solutions
and security construction schemes
tackling your security risks.
 In some cases, we develop secure
component with our solution while
consulting.
8
Penetration
Test
Practical skills
 Keeping alert on up to date hacking
trends and their verification is the key
to the prevention of risks.
 Our APK obfuscation solution will
suggest you the best way to prevent
countless attempts to penetrate your
mobile platform.
APP Shields
Overview
Integrated mobile security solution, which blocks the attacker’s reverse-engineering,
and responds to the threat of forgery
Mobile
App
Security
Vulnerability
Check
Security
Check
Report
on Issues
Anti-Analysis
[APP Shields for Android,
APP Shields for iOS]
Anti-Forgery
[PureApp]
Audit report &
Technical support
Apply Solution
9
APP Shields
APP Shields for Android
Obfuscate APK(app package file) , which is based on Android platform, to improve the
security of the application
obfuscated byte code
APP Shields For
Android
Disassembly Tool
In response to a reverse
engineering algorithm,
obfuscate byte code, remove
symbol information, encrypt
strings, code inject
preventing analysis.
Dynamic analysis
proof
• Detecting dynamic analysis
and disconnect the trial
dexdump
androguard
baksmali
dedexer, ded
dex2jar
Set-top Box
• Dedicated appliance helps make
it secure zone
10
It is difficult to discern 'Original
Instruction Symbol'
www.
Web manager
• Easy set-up and manage the history
of protection with web interfaces
APP Shields
Benefits of APP Shields for Android
• DEX obfuscation
• Debug information
removal
• Method/parameter
modification
• Dynamic debugging
prevention
Obfuscation
Antidebugging
Powerful
features
All the available functions
are obfuscated at the binary
level (DEX byte code)
• options :
• Strings encryption
user settings, log settings,
• Crypt authenticated by NIS
obfuscation levels,
• Resource protection
• Forgery check
encryption, usability
• Class level encrypt
• Rooting check
Encryption
Forgery
prevention
Operation
settings
Fast support
for SDLC
Without any
knowledge of final
APK version,
obfuscation is
possible
Compliance
Applicable easily
without changing
source code, simply
by uploading it once
Convenient
maintenance
11
respond to the
regulation using
certified cryptographic
module by NIS
APP Shields
APP Shields for iOS
Strengthen the security of IPA file (iOS app file)
Prohibit the risk of stripping
DRM (apple’s FairPlay DRM
Stop
working
Jailbreak Detection
• Detection leads to stop working
 Code Signature verification
????
????
technology)
Obfuscation
 ARM Binary Obfuscation
 Unity Obfuscation
 Encryption check
Block
dynamic-analysis
• Dynamic analysis is disallowed
and session is disconnected
 Accessing to the memory
of an application and
extract data is prohibited
 Process ID check
 File size / File System check
12
APP Shields
PureApp
Server-based ‘PureApp’ solution helps the company to detect the tampering attack
and check integrity of the app and readily cope with the risk.
PSK based token
9 authentication
Service Server
Application authentication,
code signature-based
random generation of an PSK-based random token
generation
authentication vector
6
2
10
service
initiation
PureApp
Server
1
PureApp
authentication
request
7
3
5
Authentication Authentication
vector
vector
token
8
Login information
+ token
Two-way authentication to
protect replay attack
Make sure that we have
actually verified the integrity of
an app additional token
Rooting/Jailbreak/Debugging
detect and disable
Security policy support
App
4
Monitoring and audit
Server authentication,
code-signature based random
authentication vector generation
13
APP Shields
PureApp benefits
Powerful integrity check and audit method
•
Disable bypassing integrity
checking
•
Handling replay attack
•
Safe authentication through
SSL-data exchange
•
Provide counter measure
for OS level attacks
(Rooting by Tegrak,
Jailbreak etc...)
Two-way
authentication
service server
login
additional
authentication
Detect
rooting/
debugging/
jailbreak
Policy setting
and monitoring
system
14
•
When services need to be
linked with the server, make
sure that you have actually
run the verification of
integrity with an additional
issued-token
•
Enhanced safety at the time
of login, such as games and
financial application services
•
Manage abnormal users and
ban them followed by policy
•
Monitoring and tracking
security accidents
Smart wifi
Overview
Using smart Wi-Fi around in saturated 3G/4G network environment,
solution satisfies both a user’s and a carrier’s convenience needs
3G/4G
network
A
IFOM/NSWO
ANDSF
B
Internet
(3G/4G off-load)
(Wireless network
connection determination)
wifi
network
wifi
IWLAN/MWLAN
WISPr D
C
MWLAN(Mobile WLAN)
A
ANDSF(Access Network Discovery and Selection Function)
C
IWLAN(Interworking WLAN)
B
IFOM(IP Flow Mobility) NSWO(Non-seamless WLAN offload)
D
WISPr(Wireless Internet Service Provider roaming)
15
Smart wifi
Solution benefits
Increase operational efficiency of the network
by enabling Wi-Fi and 3G/LTE network at the
same time.
Provides excellent service quality regardless of the
activity of Wi-Fi, maintaining existing session
New style Wi-Fi
activated
Carrier : Consume data rates adequately via 3G/LTE
Maintaining
existing session
Internet
Social : Efficiently use of pre-installed communication resources
Video
User: Reasonable service quality in the saturated 3G/LTE area
wifi
3G/LTE
wifi
Mail
With the convenience of roaming among carriers,
Wi-Fi network can be used without any manual
settings outside their coverage area of carrier
3G/LTE sessions in use are distributed over
Wi-Fi on the basis of the policies defined by
carrier.
Policy settings by carrier
When entering other wireless
internet area (overseas)
• Updated by sending the latest policy
• Location specific application in con -junction with positioning system
• Connection termination scheme taking into account the usability
16
checking Wi-Fi
to select AP
Automatic processing
in background
Web
authentication
- SSID input
- Password input
Connection
completed
AUSMS
Overview
AUSMS(Ahope Unified Security Management System) is a unified security
management system, which checks the security status of PCs and controls data
flows, accounting system.
SERVER
• Access control of PC accounts
• Protection of data leak/loss
• Check the vulnerabilities of PC
Client PC
Client PC
Client PC
Client PC
17
AUSMS
Features
Try to login with
ID&PW
ACS
• Users are authenticated and authorized to
(Access Control System;)
gain access to the programs and services of the
Client PC
Login success
(authorized)
/failed
SERVER
• Recent data breaches are often caused by
intention or fault caused by internal users, not
only of external hacking or attacks.
USB storage device
access/forbid
DLP
(Data Loss Prevention;)
Client PC
Check
Security
Vulnerabilities
PC vulnerability scan
OK
PC.
SERVER
Personal Information
Vulnerability scan
• Limiting the access of the USB storage device,
and sending the information to the server to let
administrators to know the flow of data.
• PC vulnerability scan: assess the vulnerabilities of
PCs following the security guideline checklists.
• Personal information Vulnerability scan: find the
personal information within saved documents on
your PC and show the location and the type of
data.
18
PROJECT
Info.
19
Project info.
Security consulting & development
Project subject
IoT platform security
consulting
Centralized Document
Services development
Penetration test
Security verification
technology for telematics
smartphone apps
Client
Description
Samsung elec.
- Penta security
KT
ETRI
Hyundai Motors
- Penta security
year
IoT platform vulnerability analysis and security consulting
2015
Centralized document services development
2015
vulnerability analysis and security consulting on services
2015
Vulnerability analysis and penetration testing services for the blue link verification scenario
2014
Internet black-box development
2014
CDS(Centralized Document Services) joint development
2014
Internet black-box
ETRI
CDS development
SOMANSA
Samsung cloud
Security consulting
Samsung elec.
- Penta security
Network, client, server infrastructure security consulting and planning strategies, and
vulnerability analysis and build security strategy and roadmap. Advise security enhancements
of API design structures.
2013
Hyundai automotive
WAVE
Hyundai
- Penta security
V2X security platform of Hyundai
2013
Samsung Account
Security consulting
Samsung elec.
- Penta security
Security infrastructure consulting and planning strategies, and vulnerability analysis and build
security strategy and roadmap. Advise security enhancements of API design structures.
2013
DUKPT security module for mobile printer in the airplane
2012
DUKPT
Bixolon
20
Project info.
Security consulting & development
Project subject
Client
Description
year
ChatON
Security consulting
Samsung elec.
- Penta security
Check security levels and scan vulnerabilities and design security framework
2012
CAN Interface
Hyundai
- Penta security
Attach cryptographic module to CAN (intra-network of a car)
2011
Implemented sub-modules of mobile office project of KEPCO. Modules were installed on cell
phone, and manage software made by KEPCO. Devices were monitored by central system
and detected when they are lost.
2011
MDM
KEPCO
- KDN
21
Project info.
Smart WiFi
Project subject
Client
Description
year
ANDSF advancement
(smart wifi)
LGU plus
Advancement of ‘Access network discovery and selection function’ (3GPP)
2013
ANDSF
LGU plus
Development of ‘Access network discovery and selection function’ (3GPP)
2012
IFOM
LGU plus
Commercialization of IFOM (ip flow mobility)
2012
NSWO
LGU plus
Commercialization of NSWO (none seamless wireless offload)
2012
Smart client
Verizon,
Pantech
Development of smart client, automatic connecting to Wi-Fi.
2012
SSL customizing
Verizon,
Pantech
To meet the requirement from Verizon; FIPS 140, customize android platform specific ssl
functions with certified cryptographic algorithms.
2012
Ipsec for IMS
AT&T,
Pantech
Install Ipsec on Pantech mobile phone for AT&T
2011
iOS/WM CM
LGU plus
Develop CM to use ACN service on iOS and Windows Mobile platform
2011
ACN CM for WM
LGU plus
Additional CM on WM(Windows Mobile) supporting CAN(sharing wireless router)
2011
22
Project info.
Smart WiFi
Project subject
Client
Description
year
ACN CM for android
LGU plus
Provision of CM for CAN service on android platform
2011
inter-RAT
Handover
LGU plus
Precedent research project; handover between 3G/4G and Wi-Fi service was developed for
android.
2011
android
common API
LGU plus
Provision of some APIs, not supporting on default android platform, but is necessary for LGU+
and cooperating companies.
2011
Roaming CM
LGU plus
Develop roaming CM connecting to near Boingo AP through WISPr client
2011
ANDSF
LGU plus
Pre-load and download version client, functioning OMA DM and ANDSF.
2011
IWLAN
LGU plus
Implement IWLAN client adaptable to 3GPP specification
2011
MWLAN upgrade
LGU plus
Advancement of MWLAN client
2010
MWLAN
LGU plus
Implement MWLAN client adaptable to 3GPP specification
2010
23
Project info.
Banking, Payment System
Project subject
BizPaynow Integrated sales
solution development
Timonet Tizen project
Client
LGU+
Timonet
Description
year
BizPaynow Integrated sales solution development B/O, partner-web development, homepage
renewal
2015
Timonet mobile app (for Galaxy Gear) development
2015
BizPaynow upgrade
LGU+
Paynow 2nd upgrade, update additional functions of app, store manager, internal
administrators.
2014
UpayNOW
LGU+
Development of app, which uses smartphone or dongle to utilize mobile POS, which is
available of card payment.
2013
Development of app, on-off-integrated payment mobile app of KB kook-min card.
2013
KB card APP-card
KB card
UpayNOW update
LGU+
Reconfigure multi devices (iPhone, iPad, Android Phone, Pad – HomeBoy) to work properly
at all resolutions.
2013
UpayNOW update
LGU+
Development of customer-specific features to meet the needs of multiple customer
requirements
2013
KB card
– SK C&C
KB card – 6 kinds of mobile services release
2011
T-monet
Charging system of Seoul mobile traffic card
2011
Settlement between Timonet and Samsung card
2010
KB card internet service
systems – 6 app
Timonet mobile web
Samsung card T money
adjustment
Samsung card
- T-monet
24
Project info.
Banking, Payment System
Project subject
Virtual exchange integration
Client
Pusan National
University
Industry-Academic
Cooperation Foundation
Description
year
Integration of Virtual Exchange and Derivatives
2009
Timonet IT system integration
T-monet
Separate networks and business operation between Seoul traffic card and Timonet
2009
Merchant settlement system
T-monet
Upgrade merchant settlement with regards to T-cash
2009
T-cash coupon issuance
system
T-monet
Develop T-cash; recharging coupon and using as game-cash
2008
Develop hands-on solution of derivative trading
2008
Hands-on system for
derivatives trading system
Pusan National
University
Industry-Academic
Cooperation Foundation
25
Project info.
IoT
Project subject
Client
Description
Power-Manager App Dev
DawonDNS
Parking Management S/W
Implementation
Seevider
year
Development of IoT App, which is integrated with Smart Plug.
2015
Development of IoT Software, which is integrated with parking management camera.
2015
26
Project info.
Mobile App
Project subject
[an-bang] Service
Development
Client
Description
KamSung
Demo app
MagnaChip
Customer Service for
Windows 8
-
Usage measurement for
Window 8
SKT
SKc&C
LGU+
year
Development of [an-bang] web, mobile service, which interconnects renters and tenants of
rooms in Seoul of Korea.
2014
Development of ‘Demo App’ for new magna-chip (flip model).
2013
Development of web-app, which services some of T-world features with Windows 8 MBAE
app.
2013
Development of app, which measures the amount of usage and provides customer-related
subscription information with Windows 8 MBAE app.
2013
Korea Taxi meter
AHOPE
For passenger convenience, provides the estimated cost of taxi and routed path through GPS.
2013
RDP client
AHOPE
Remote connection app to Windows (iOS, Android)
2013
face-fortune teller
AHOPE
Fortune telling app, which unitizing the results of analyzing the face of person.
2012
Artwork of [팀 풍경]
[팀풍경]
- Etype
Development of cartoon producing application (contest of SBA, 2013)
2012
It can be automatically notified to police of sailing through GPS of captain, when fishery boats
are about to depart from.
2010
Departure Automation
NFFC
- KT
27
Location and Contact
CGV
KB Kookmin
bank
Sejong Hotel
UNIQLO
Hoehyun
Station
Myeong-dong
Station Exit 2
Seoul prince
hotel
Toegyero
underground
roadway
Myeong-dong
Station Exit 1
Address
1st Fl., Hotel Prince Seoul Annex, 11-8, 22gil
Toegyero, Jung-gu, Seoul, South Korea
Korea Electric Power
Corporation
Contact
Underpassage
entrance of
Namsan No.1
YeongJin Building
TEL : +82. 2. 556. 4801, FAX : +82. 2. 556. 4802
Homepage
http://www.ahope.net
E-Mail
Seoul namsan
elementary school
[email protected]
28

슬라이드 1 - Ahope Co., Ltd.

Transcription

Similar documents

Silego Technology - Globalpress Electronics Summit

ePlayslip Quick Reference Sheet

Able2Extract Mobile on iOS

J.P. Uniac mobile!

Go www.boyscoutscampcard.com

FX Networks relied upon the TCS On

oking Masked crusad er lo o too wine and din e... C a M ng, of eeks

VSCO CAM - Camryn Prows Photos

Wade Smith, Director, Products Development and Management

XH558 4.0 Features - Vulcan To The Sky