Go to the main menu
Skip to content
Go to bottom
REFERENCE LINKING PLATFORM OF KOREA S&T JOURNALS
> Journal Vol & Issue
Journal of the Korea Institute of Information Security and Cryptology
Journal Basic Information
Journal DOI :
Korea Institutes of Information Security and Cryptology
Editor in Chief :
Volume & Issues
Volume 14, Issue 6 - Dec 2004
Volume 14, Issue 5 - Oct 2004
Volume 14, Issue 4 - Aug 2004
Volume 14, Issue 3 - Jun 2004
Volume 14, Issue 2 - Feb 2004
Volume 14, Issue 1 - Feb 2004
Selecting the target year
The Design and Implementation of Module supporting Trusted Channel in Secure Operating System Environment
Journal of the Korea Institute of Information Security and Cryptology, volume 14, issue 3, 2004, Pages 3~12
Secure operating system is a special operating system that integrates some security functions(i.e. access control, user authentication, audit-trail and etc.) with normal operating system in order to protect system from various attacks. But it doesn't consider my security of network traffic. To guarantee the security of the whole system, network traffic must be protected by a certain way and IPsec is a representative technology for network security. However, it requires administrator's carefulness in managing security policies and the key management mechanism is very heavy as well as complicated. Moreover, it doesn't have a suitable framework for delivery of security information for access control mechanism. So we propose a simple trusted channel mechanism for secure communication between secure operating systems. It provides confidentiality md authentication for network traffic and ability to deliver security information. It is implemented at the kernellevel of IP layer and the simplicity of the mechanism can minimize the overhead of trusted channel processing.
Key Exchange Protocols for Domestic Broadband Satellite Access Network
Journal of the Korea Institute of Information Security and Cryptology, volume 14, issue 3, 2004, Pages 13~25
The key exchange protocols are very crucial tools to provide the secure communication in the broadband satellite access network. They should be required to satisfy various requirements such as security, key confirmation, and key freshness. In this paper, we present the guideline of security functions in BSAN(Broadband Satellite Access Network), and analyze the specification of the security primitives and the hey exchange Protocols for the authenticated key agreement between RCST(Return Channel Satellite Terminal) and NCC(fretwork Control Centre). In addition, we propose the security specification for a domestic broad satellite network based on the analysis on the analysis profile of ETSI(European Telecommunications Standards Institute) standards. The key exchange protocols proposed in ETSI standard are vulnerable to man-in-the-middle attack and they don't provide key confirmation. To overcome this shortcoming, we propose the 4 types of the key exchange protocols which have the resistant to man-in-the-middle-attack, key freshness, and key confirmation, These proposed protocols can be used as a key exchange protocol between RCST and NCC in domestic BSAN. These proposed protocols are based on DH key exchange protocol, MTI(Matsumoto, Takashima, Imai) key exchange protocol, and ECDH(Elliptic Curve Diffie-Hellman).
Research on Applying Code Signing Technology to National PKI
Journal of the Korea Institute of Information Security and Cryptology, volume 14, issue 3, 2004, Pages 27~40
Nowadays most web rages provide various services by downloading the applications program such as ActiveX Control or Java Applet. To provide code integrity and publisher authentication of downloaded software in internet, we need code signing technology. In this paper, Authenticode technology of Microsoft is lust analyzed. Based on the analysis, we propose code signing certificate profile and applying method for National Public Key Infrastructure.
The Optimal Normal Elements for Massey-Omura Multiplier
Journal of the Korea Institute of Information Security and Cryptology, volume 14, issue 3, 2004, Pages 41~48
Finite field multiplication and division are important arithmetic operation in error-correcting codes and cryptosystems. The elements of the finite field GF(
) are represented by bases with a primitive polynomial of degree m over GF(2). We can be easily realized for multiplication or computing multiplicative inverse in GF(
) based on a normal basis representation. The number of product terms of logic function determines a complexity of the Messay-Omura multiplier. A normal basis exists for every finite field. It is not easy to find the optimal normal element for a given primitive polynomial. In this paper, the generating method of normal basis is investigated. The normal bases whose product terms are less than other bases for multiplication in GF(
) are found. For each primitive polynomial, a list of normal elements and number of product terms are presented.
An Anonymous asymmetric public key traitor tracing scheme
Journal of the Korea Institute of Information Security and Cryptology, volume 14, issue 3, 2004, Pages 49~61
In broadcast encryption schemes, traceability is a useful property to trace authorized subscribers, called traitors, who collude for manufacturing a pirate decoder. Unfortunately, this is usually achieved with a sacrifice of a privacy. Most traitor tracing schemes in the literature have been developed without considering a subscriber's anonymity, which is one of important requirements for electronic marketplaces to offer similar privacy as current marketplace. It would be unsatisfactory for the subscriber to reveal his/her identity to purchase multimedia contents. In this paper we propose an anonymous broadcast encryption scheme, where a user can subscribe anonymously and one purchases multimedia contents without giving a lot of information about his lifestyle, habits, and etc, but anonymity control is provided, i.e., a data supplier can date traitors.
An Efficient Authentication Scheme for Multicast Packet using Recovery Layer
Journal of the Korea Institute of Information Security and Cryptology, volume 14, issue 3, 2004, Pages 63~73
This paper proposes an efficient authentication scheme for multicast packet using recovery layer to provide source authentication. The problems of the existing schemes are as follows ： TESLA requires time synchronization between the sender and the receiver, md hash-based schemes have high communication overheads due to additional hash values and require many buffers and delay for verification on receivers. Our main focus is reducing the buffer size, communication and computation burden of the receiver. The proposed scheme in this paper is highly robust to packet loss using the recovery layer based on XOR operation. It also provides low communication overhead, low verification cost, non-repudiation of the origin, immediate verification and robustness against DoS attack on the receiver.
Related Key Differential Attacks on 32-Round GOST
Journal of the Korea Institute of Information Security and Cryptology, volume 14, issue 3, 2004, Pages 75~84
In this paper, we present a related key differential attack on Full-round GOST Firstly, we present a distinguishing attack on full rounds of GOST, which can distinguish it from random oracle with probability 1- 64
using a related key differential characteristic. We will also show that H. Seki et al.'s idea can be applied to attack on 31 rounds of GOST combining our related key differential characteristic. Lastly, we propose a related key differential attack on full rounds of GOST. In this attack we can recover 12 bits of the master key with
chosen plaintexts and
encryption times for the 91.7% expectation of success rate.
A Methodology for CC-based Security Requirements Analysis and Specification by using Misuse Case Model
Journal of the Korea Institute of Information Security and Cryptology, volume 14, issue 3, 2004, Pages 85~100
All information system is information security system that enforced security function. To improve qualify of information security system, suity requirement analysis and specification must be Performed by consistently and typically at early requirement analysis step. In this paper, we propose a security requirements analysis and specification model and process by using Misuse Case Model that extends UML's Use Case Model. And, we propose a cost-effective security product selection algorithm that security product is sufficient of all constructed security functional requirements. It may raise quality of information security system that developed through proposed model and process.
Dynamic Simulation on a Network Security Simulator using SSFNet
Journal of the Korea Institute of Information Security and Cryptology, volume 14, issue 3, 2004, Pages 101~106
Recently, a network defense simulator becomes essential in studying cyber incidents because the cyber terror become more and more interesting. The network defense simulator is a tool to estimate damages and an effectiveness of a defense mechanism by modeling network intrusions and defense mechanisms. Using this tool, users can find efficient ways of preventing a cyber terror and recovering from the damage. Previous simulators start the simulation after entire scenario has made and been loaded to simulation engine. However, in this way it can't model human judgement and behavior, and it can't simulate the real cyber terror very well. In this paper, we have added a dynamic simulation component to our previous network security simulator. This component improved accurate modeling of network intrusions and defense behaviors. We have also proposed new modified architecture of the simulation system. Finally we have verified correct simulation results from stammer worn simulation.
Impossible Differential Attack on 30-Round SHACAL-2
Journal of the Korea Institute of Information Security and Cryptology, volume 14, issue 3, 2004, Pages 107~115
SHACAL-2 is a 256 bit block cipher with various key sizes based on the hash function SHA-2. Recently, it was recommended as one of the NESSIE selections. UP to now, no security flaws have been found in SHACAL-2. In this paper, we discuss the security of SHACAL-2 against an impossible differential attack. We propose two types of 14 round impossible characteristics and using them we attack 30 round SHACAL-2 with 512 bit 18y. This attack requires 744 chosen plaintexs and has time complexity of 2
30 round SHACAL-2 encryptions
Saturation Attacks on the reduced 5-round KASUMI
Journal of the Korea Institute of Information Security and Cryptology, volume 14, issue 3, 2004, Pages 118~124
KASUMI is a 64-bit iterated block cipher with a 128-bit key size and 8 rounds Feistel structure. In this paper, we describe saturation attacks on the five round KASUMI, which requires 10
chosen plaintexts and
computational complexity We also improve this attack using meet-in-the-middle technique. This attack requires 7
chosen plaintexts and
computational complexity. Futhermore, we attack KASUMI by controlling the value of the fixed part of the key. This attack needs 3
chosen plaintexts and
A Study on PKI Mechanisms with distributed CA for IEEE 802.15.3 High Rate WPAN
Journal of the Korea Institute of Information Security and Cryptology, volume 14, issue 3, 2004, Pages 125~135
IEEE 802.15.3 High Rate WPAN is a mechanism for wireless home network such as PDAs, digital video camcoder, etc. While symmetric keys are used for MAC layer security, the process of establishing a secure membership or a secure relationship is outside of the scope of the standard. In addition, to prepare for ubiquitous environment in the near future, it is important to study the process of establishing a secure relationship between DEVs in different dependent piconets. This paper propose a secure model and a process of establishing a secure relationship using PKI without a ousted certificate authority
Efficient security mechanism in 3GPP-WLAN interworking
Journal of the Korea Institute of Information Security and Cryptology, volume 14, issue 3, 2004, Pages 137~144
3GPP(3rd Generation Project Partnership)-WLAN(Wireless Local Area Network) interworking refers to the utilization of resources and access to services within the 3GPP system by the WLAN UE(User Equipment) and user respectively. The intent of 3GPP-WLAN Interworking is to extend 3GPP services and functionality to the WALN access environment. We propose an efficient mechanism for the setup of UE-initiated tunnels in 3GPP-WLAN interworking. The proposed mechanism is based on a secret key which is pre-distributed in the process of authentication and key agreement between UE and 3GPP AAA(Authentication, Authorization Accounting) server. Therefore it can avoid modular exponentiation and public key signature which need a large amount of computation in UE. Also the proposed scheme provides mutual authentication and session key establishment between UE and PDGW(Packet Data Gateway).
Secure Oblivious Transfer Protocol-based Digital Fingerprinting Against Conspiracy Attack
Journal of the Korea Institute of Information Security and Cryptology, volume 14, issue 3, 2004, Pages 145~153
Digital fingerprinting schemes are cryptographic methods that a seller can identify a traitor who illegally redistributed digital contents by embedding it into buyer's information. Recently, Josep Domingo-Ferrer suggested an anonymous digital fingerprinting scheme based on committed oblivious transfer protocol. It is significant in the sense that it is completely specified from a computation point of view and is thus readily implementable. But this scheme has the serious problem that it cannot provide the security of buyers. In this paper, we first show how to break the existing committed oblivious transfer-based fingerprinting schemes and then suggest secure fingerprinting scheme by introducing oblivious transfer protocol with two-lock cryptosystem based on discrete logarithm. All computations are performed efficiently and the security degree is strengthened in our proposal.