Go to the main menu
Skip to content
Go to bottom
REFERENCE LINKING PLATFORM OF KOREA S&T JOURNALS
> Journal Vol & Issue
Journal of the Korea Institute of Information Security and Cryptology
Journal Basic Information
Journal DOI :
Korea Institutes of Information Security and Cryptology
Editor in Chief :
Volume & Issues
Volume 13, Issue 6 - Dec 2003
Volume 13, Issue 5 - Oct 2003
Volume 13, Issue 4 - Aug 2003
Volume 13, Issue 3 - Jun 2003
Volume 13, Issue 2 - Apr 2003
Volume 13, Issue 1 - Feb 2003
Selecting the target year
A Study on the Development of the Information Security Department Curriculum for Junior College
Journal of the Korea Institute of Information Security and Cryptology, volume 13, issue 6, 2003, Pages 3~15
This study aims at the development of new curricula for information security department at colleges. For this purpose, the curricula for information security of the seven colleges in Korea were first examined. Then, questionnaires from the fifteen information security companies and professors were put into place. With these results, a new curricula for the information security department was developed. A curriculum that developed in this study will also provide changes and improvements for the future curricula of information suity department at colleges in Korea.
The information process on labor and the protection of information human rights
Journal of the Korea Institute of Information Security and Cryptology, volume 13, issue 6, 2003, Pages 17~32
The information drive of the businesses requires new alternatives in that the promotion of business efficiency through information process technologies ends up conflicting with the protection of information human rights on laborers' side. Nevertheless, apathy on information protection has a tendency to be distorted by the efficiency of the businesses. Should the capital and mass media warn economic red lights, political circles with uneasiness would ignore the significance of information protection on the behalf of business efficiency. Therefore, the importance of information protection is considered a smaller interest than that of business efficiency with the infringements of human rights on laborers' side arising. Informatization of the businesses along with the developments of information process technologies has enabled the management to monitor and control the behaviors of laborers. This new problem needs to establish both information protection mechanism and institutional devices to regulate those labor controls. The security of business activity without human rights infringement warrants both basic rights of the public and spirit of the Constitution. The study suggests the establishment and revision of laws suitable to the period of information human rights. On top of that, the establishment of the basic law for information protection of individuals' with the common principle that integrates the related laws and rules on-off line is needed. This will warrant the active participation of labor unions and create specific alternatives for information protection.
Real-time Watermarking Algorithm using Multiresolution Statistics for DWT Image Compressor
Journal of the Korea Institute of Information Security and Cryptology, volume 13, issue 6, 2003, Pages 33~43
In this paper, we proposed a real-time watermarking algorithm to be combined and to work with a DWT(Discrete Wavelet Transform)-based image compressor. To reduce the amount of computation in selecting the watermarking positions, the proposed algorithm uses a pre-established look-up table for critical values, which was established statistically by computing the correlation according to the energy values of the corresponding wavelet coefficients. That is, watermark is embedded into the coefficients whose values are greater than the critical value in the look-up table which is searched on the basis of the energy values of the corresponding level-1 subband coefficients. Therefore, the proposed algorithm can operate in a real-time because the watermarking process operates in parallel with the compression procession without affecting the operation of the image compression. Also it improved the property of losing the watermark and the efficiency of image compression by watermark inserting, which results from the quantization and Huffman-Coding during the image compression. Visual recognizable patterns such as binary image were used as a watermark The experimental results showed that the proposed algorithm satisfied the properties of robustness and imperceptibility that are the major conditions of watermarking.
Design of Online Certificate Revocation Information Transfer using Verifier Lists
Journal of the Korea Institute of Information Security and Cryptology, volume 13, issue 6, 2003, Pages 45~54
A public key certificate may be revoked before its validity period due to causes like the owner identification information change or the private key damage. Since a certificate has long valid time relatively, it is possible to become revoked during lifetime of certificate. The main technical issue in the public key infrastructure is how to handle the status of the certificate. We propose a simple mechanism for online certificate status validation that is suited to the financial network The characteristic of the proposed method is to broadcast certificate revocation information by using verifier list. The experimental results provide the same realtime as OCSP(Online Certificate Status Protocol). The proposed mechanism reduces the network load for certificate status validation in highly concentrated unbearable network
A Secure Digital Signature Delegation Scheme using CAs
Journal of the Korea Institute of Information Security and Cryptology, volume 13, issue 6, 2003, Pages 55~65
To perform the certificate validation processing on the user-side application induces the very considerable overhead because of the complex and time-consuming characteristic of the validation processing. Especially, the verification for digital signature over a certificate can be the major reason of the overhead, since the verification accompanies with the cryptographic calculation over each certificate on the certificate path. In this paper, we propose a new certificate validation scheme can reduce the overhead caused by user-side certificate validation processing and improve the utilization of CAs. As the result, our proposed scheme can not only reduces the overhead for the validation processing by decreasing the cryptographic calculation but also improves the utilization of CAs by employing them to the validation processing.
Implementation of authentication mechanism for 3GPP, 3GPP2 on java card
Journal of the Korea Institute of Information Security and Cryptology, volume 13, issue 6, 2003, Pages 67~75
The development of mobile phone is growing fast in the all over the world. Besides the basic voice communication, many multimedia services and global roaming service are capable in the 3rd generation mobile telecommunication. Because mobile phone has been the essential tool to communicate, the protection of privacy and the safe transmission are critical ones. In synchronous, asynchronous mode IMT2000 service, the mechanism of mutual authentication and generation of cipher key and integrity key are implemented in smart card chip called UIM, USIM. In this paper, we describe the authentication mechanism of 3GPP and 3CPP2 and its implementation results. Then, we specify a few problems which are not defined in standard
Design of Fault-tolerant MA Migration Scheme based on Encrypted Checkpoints
Journal of the Korea Institute of Information Security and Cryptology, volume 13, issue 6, 2003, Pages 77~84
A mobile agent is a program which represents a user in a network and is capable of migrating from one node to another node, performing computations on behalf of the user. In this paper, we suggest a scheme that can safely recover mobile agent using the checkpoint that is saved at the platform that it visited previously and restart its execution from the abnormal termination point of the mobile agent. For security, mobile agent uses its public key to encrypt the checkpoint and the home platform uses the private key of the mobile agent to decrypt the encrypted checkpoints at the recovery stage. When home platform receives the checkpoint of the mobile agent, home platform verifies the checkpoint using message digest. Home platform verifies the correctness of the checkpoint by comparing the message digest generated at checkpoint mention time with the message digest generated at mobile agent recovery time.
Design of Accounting and Security Sessions for IEEE 802.11 Network
Journal of the Korea Institute of Information Security and Cryptology, volume 13, issue 6, 2003, Pages 85~96
Wireless LAM in itself is vulnerable to eavesdropping and modification attack, and thus, IEEE 802.11i and IEEE 802. 1x/1aa have been defined to secure the wireless channel. These protocols accompanied by RADIUS and EAP-TLS provide users of wireless LAM with integrity and confidentiality services, and also they perform authentication and access control of wireless ports. In this paper, we suggest a method to implement accounting session using authentication session of IEEE 802. 1x and accounting state machine is designed with the accounting session. Also, we propose a key exchange mechanism to establish secure channel between stations and an access point. The mechanism is designed to be inter-operable with IEEE 802. 1aa.
A Study on Distributed OCSP for minimizing the load of OCSP Server based on PKI
Journal of the Korea Institute of Information Security and Cryptology, volume 13, issue 6, 2003, Pages 97~106
The important factor in Public-Key Infrastructure is the authentication to correspondent. We receive the digital certificate for authentication between each other, and then we check the existence of validity on the certificate by Certification Revocation List(CRL). But, To use CRL is the scheme used in offline status. So, it is impossible to refer to the latest information and the CRL scheme which is used after downloading is variously unsuitable to getting bigger of the CRL size as time goes on. Therefore, we prefer OCSP(Online Certificate Status Protocol) used in online to CRL used in offline. Consequently, we propose the scheme which provides the request of fast verification in case of requesting the verification on the certificate by owning the same update information to Certificate Registry and distributed OCSP.
Secure Handover Using Inter-Access Point Protocol in Wireless LAN
DaeHun Nyang ;
Journal of the Korea Institute of Information Security and Cryptology, volume 13, issue 6, 2003, Pages 107~112
Handover in IEEE 802.11 requires repeated authentication and key exchange procedures, which are an obstacle to seamless services of wireless LAM. We propose a fast authentication and key exchange mechanism using IEEE 802.11f. Especially, by proposing a modified version of the 4-way handshake of IEEE 802.11i, we solve the perfect forward secrecy problem that arises when the pre-authentication is adopted. The scheme can be implemented only using the Context Block of IEEE 802.11f and the 4-way handshake of IEEE 802.11i without involving authentications server's interaction or non-standard behavior between access points. Our scheme is applicable to devices not supporting the us-authentication of IEEE 802.11i and also, it can substitute the pre-authentication when the pre-authentication is failed.
On the Security or a Mobile Payment System Proposed at WISA 2002
Journal of the Korea Institute of Information Security and Cryptology, volume 13, issue 6, 2003, Pages 113~119
In WISA 2002, Ham et al. proposed a one-way mobile payment system. They claimed that the electronic cash of the system satisfies unforgeability and double spending prevention. In this paper, we point out that their system is not secure as they claimed by showing that the forgery of payment scripts is possible.
A Study on Tracing-Threshold of Public-Key Traitor-Tracing Schemes
Journal of the Korea Institute of Information Security and Cryptology, volume 13, issue 6, 2003, Pages 121~127
The threshold value of the traitor-tracing schemes means a maximum number of traitors whose identities can be uniquely exposed using the tracing scheme. In the traitor-tracing scheme based on an error-correcting code, which is focused at this paper, the threshold value is determined by the error-correcting capability of the underlying error-correcting code. Analyzed in terms of a combinatorial property of the tracing scheme is the resulting effect on the tracing scheme when the collusion size is over the threshold value, and a possibility of two disjoint groups of users making an identical unauthorized decryption key is shown.
Design and Implementation of Anomaly Traffic Control framework based on Linux Netfilter System and CBQ Routing Mechanisms
Journal of the Korea Institute of Information Security and Cryptology, volume 13, issue 6, 2003, Pages 129~140
Recently viruses and various hacking tools that threat hosts on a network becomes more intelligent and cleverer, and so the various security mechanisms against them have ken developed during last decades. To detect these network attacks, many NIPSs(Network-based Intrusion Prevention Systems) that are more functional than traditional NIDSs are developed by several companies and organizations. But, many previous NIPSS are hewn to have some weakness in protecting important hosts from network attacks because of its incorrectness and post-management aspects. The aspect of incorrectness means that many NIPSs incorrectly discriminate between normal and attack network traffic in real time. The aspect of post-management means that they generally respond to attacks after the intrusions are already performed to a large extent. Therefore, to detect network attacks in realtime and to increase the capability of analyzing packets, faster and more active responding capabilities are required for NIPS frameworks. In this paper, we propose a framework for real-time intrusion prevention. This framework consists of packet filtering component that works on netfilter in Linux kernel and traffic control component that have a capability of step-by-step control over abnormal network traffic with the CBQ mechanism.
Efficient Self-Healing Key Distribution Scheme
Journal of the Korea Institute of Information Security and Cryptology, volume 13, issue 6, 2003, Pages 141~148
The self-healing key distribution scheme with revocation capability proposed by Staddon et al. enables a dynamic group of users to establish a group key over an unreliable network, and has the ability to revoke users from and add users to the group while being resistant to collusion attacks. In such a protocol, if some packet gets lost, users ale still capable of recovering the group key using the received packets without requesting additional transmission from the group manager. In this scheme, the storage overhead at each group member is O(
1og p) and the broadcast message size of a group manager is O( ((m
+mt)log p), where m is the number of sessions, t is the maximum number of colluding group members, and p is a prime number that is large enough to accommodate a cryptographic key. In this paper we describe the more efficient self-healing key distribution scheme with revocation capability, which achieves the same goal with O(mlog p) storage overhead and O((
+mt)log p) communication overhead. We can reduce storage overhead at each group member and the broadcast message size of the group manager without adding additional computations at user's end and group manager's end.
A Study on Efficient ID-based Partially Blind Signature
Journal of the Korea Institute of Information Security and Cryptology, volume 13, issue 6, 2003, Pages 149~161
Partially blind signature scheme allows the signer to insert non-removable common information into his blind signature. Blind signatures providing with both users privacy and data authenticity are one of key parts of information systems, such anonymous electronic cash and electronic voting as typical examples. Partially blind signature, with which all expired e-cash but for still-alive can be removed from the banks database, copes well with the problem of unlimited growth of the banks' database in an electronic cash system. In this paper we propose an efficient ID-based partially blind signature scheme using the Weil-pairing on Gap Diffie-Hellman group. The security of our scheme relies on the hardness of Computational Diffie-Hellman Problem. The proposed scheme provides higher efficiency than existing partially blind signature schemes by using three-pass protocol between two participants, the signer and requesters also by reducing the computation load. Thus it can be efficiently used in wireless environment.
A Design and Analysis of Authentication Scheme for Tolerating Packet Loss in the Multicast Environment
Journal of the Korea Institute of Information Security and Cryptology, volume 13, issue 6, 2003, Pages 163~172
Proposed in this paper is an authentication mechanism for multimedia streaming data in the Intemet multicast environment. The multicast authentication mechanism is coupled with the packet-level forward error correction code which has been recently applied for a reliable multicast transport transmission. Associated with this, Reed-Solomon erasure code is chosen for tolerating packet loss so that each of the received packets can be authenticated independently of the lost packets.
Advanced ICMP Traceback Mechanism Against DDoS Attack in Router
Journal of the Korea Institute of Information Security and Cryptology, volume 13, issue 6, 2003, Pages 173~186
Distributed Denial-of-Service(DDoS) attack prevent users from accessing services on the target network by spoofing its origin source address with a large volume of traffic. The objective of IP Traceback is to determine the real attack sources, as well as the full path taken by the attack packets. Existing IP Traceback methods can be categorized as proactive or reactive dating. Proactive tracing(such as packet marking and messaging) prepares information for tracing when packets are in transit. Reactive tracing starts tracing after an attack is detected. In this paper, we propose a 'advanced ICW Traceback' mechanism, which is based on the modified pushback system with secure router mechanism. Proposed mechanism can detect and control DDoS traffic on router and can generate ICMP Traceback message for reconstructing origin attack source, by which we can diminish network overload and enhance Traceback performance.