Go to the main menu
Skip to content
Go to bottom
REFERENCE LINKING PLATFORM OF KOREA S&T JOURNALS
> Journal Vol & Issue
Journal of the Korea Institute of Information Security and Cryptology
Journal Basic Information
Journal DOI :
Korea Institutes of Information Security and Cryptology
Editor in Chief :
Volume & Issues
Volume 14, Issue 6 - Dec 2004
Volume 14, Issue 5 - Oct 2004
Volume 14, Issue 4 - Aug 2004
Volume 14, Issue 3 - Jun 2004
Volume 14, Issue 2 - Feb 2004
Volume 14, Issue 1 - Feb 2004
Selecting the target year
DoS-Resistance Authentication Protocol for Wreless LAN
Journal of the Korea Institute of Information Security and Cryptology, volume 14, issue 5, 2004, Pages 3~10
A Wireless Lan has an importance of access control, because we can use wireless Internet via AP(Access Point). Moreover, to use wireless LAN, we will go through authentication process of EAP. DoS(Denial of Service) attack is one of the fatal attack about these AP access and authentication process. That is, if malicious attacker keeps away access of AP or consumes memory of server and calculation ability of CPU and etc. compulsorily in authentication process, legal user can't get any services. In this paper, we presents the way of protection against the each attack that is classified into access control, allocation of resource, attack on authentication protocol. The first thing, attack to access control, is improved by pre-verification and the parameter of security level. The second, attack of allocation of resource, is done by partial stateless protocol. And the weak of protocol is done by time-stamp and parameter of access limitation.
An User Authorization Mechanism using an Attribute Certificate in the IPSec-VPN System
Journal of the Korea Institute of Information Security and Cryptology, volume 14, issue 5, 2004, Pages 11~21
To authorize IPSec-VPN Client in Client-to-Gateway type of the IPSec-VPN system, it can be normally used with ID/Password verification method or the implicit authorization method that regards implicitly IPSec-VPN gateway as authorized one in case that the IPSec-VPN client is authenticated. However, it is necessary for the Client-to-Gateway type of the IPSec-VPN system to have a more effective user authorization mechanism because the ID/Password verification method is not easy to transfer the ID/Password information and the implicit authorization method has the vulnerability of security. This paper proposes an effective user authorization mechanism using an attribute certificate and designs a user authorization engine. In addition, it is implemented in this study. The user authorization mechanism for the IPSec-VPN system proposed in this study is easy to implement the existing IPSec-VPN system. Moreover, it has merit to guarantee the interoperability with other IPSec-VPN systems. Furthermore, the user authorization engine designed and implemented in this paper will provide not only DAC(Discretional Access Control) and RBAC(Role-Based Access Control) using an attribute certificate, but also the function of SSO(Single-Sign-On).
Split Password-Based Authenticated Key Exchange
Journal of the Korea Institute of Information Security and Cryptology, volume 14, issue 5, 2004, Pages 23~36
This paper presents a password based authentication and key exchange protocol which can be used for both authenticating users and exchanging session keys for a subsequent secure communication over an untrusted network. Our idea is to increase a randomness of the password verification data, i.e., we split the password, and then amplify the split passwords in the high entropy-structured password verification data. And in order to prevent the verifier-compromised attack, we construct our system such that the password verification data is encrypted with the verifier's key and the private key of verifier used to encrypt it is stored in a secure place like a smart cards. Also we propose the distributed password authentication scheme utilizing many authentication servers in order to prevent the server-compromised attack occurred when only one server is used. Furthermore, the security analysis on the proposed protocol has been presented as a conclusion.
Implementation of a High Performance SEED Processor for Smart Card Applications
Journal of the Korea Institute of Information Security and Cryptology, volume 14, issue 5, 2004, Pages 37~47
The security of personal informations has been an important issue since the field of smart card applications has been expanded explosively. The security of smart card is based on cryptographic algorithms, which are highly required to be implemented into hardware for higher speed and stronger security. In this paper, a SEED cryptographic processor is designed by employing one round key generation block which generates 16 round keys without key registers and one round function block which is used iteratively. Both the round key generation block and the F function are using only one G function block with one 5
l MUX sequentially instead of 5 G function blocks. The proposed SEED processor has been implemented such that each round operation is divided into seven sub-rounds and each sub-round is executed per clock. Functional simulation of the proposed cryptographic processor has been executed using the test vectors which are offered by Korea Information Security Agency. In addition, we have evaluated the proposed SEED processor by executing VHDL synthesis and FPGA board test. The die area of the proposed SEED processor decreases up to approximately 40% compared with the conventional processor.
Performance Enhancement Scheme for RR Protocol in MIPv6
Journal of the Korea Institute of Information Security and Cryptology, volume 14, issue 5, 2004, Pages 49~56
An Internet draft, named RR(Return Routability) protocol, proposed to IETF mobileip WG, in order to establish an optimal path to MN(Mobile Node) by securely sending the BU(Binding Update) message to CN(Correspondent Node). However, it has some problems with initiating the protocol by the MN: it causes to increases in communication load in the home network, to increases communication delay between MN and CN, and increases in communication load due to unnecessary message exchanges. To resolve the problems, this paper proposes an alternative scheme for the RR protocol in MIPv6. The proposed scheme is devised to start the protocol by HA on receiving the first packet from CN. It decreases the route optimization overhead by reducing the number of BU messages as well as the communication time. Beside these advantages, this scheme provides the same security grade as the original RR protocol.
Related-Key Rectangle Attacks on Reduced Rounds of SHACAL-1
Journal of the Korea Institute of Information Security and Cryptology, volume 14, issue 5, 2004, Pages 57~68
The rectangle attack and the related-key attack on block ciphers are well-known to be very powerful. In this paper we combine the rectangle attack with the related-key attack. Using this combined attack we can attack the SHACAL-1 cipher with 512-bit keys up to 59 out of its 80 rounds. Our 59-round attack requires a data complexity of
chosen plaintexts and a time complexity of
encryptions, which is faster than exhaustive search.
The Bayesian Framework based on Graphics for the Behavior Profiling
Journal of the Korea Institute of Information Security and Cryptology, volume 14, issue 5, 2004, Pages 69~78
The change of attack techniques paradigm was begun by fast extension of the latest Internet and new attack form appearing. But, Most intrusion detection systems detect only known attack type as IDS is doing based on misuse detection, and active correspondence is difficult in new attack. Therefore, to heighten detection rate for new attack pattern, the experiments to apply various techniques of anomaly detection are appearing. In this paper, we propose an behavior profiling method using Bayesian framework based on graphics from audit data and visualize behavior profile to detect/analyze anomaly behavior. We achieve simulation to translate host/network audit data into BF-XML which is behavior profile of semi-structured data type for anomaly detection and to visualize BF-XML as SVG.
Analysis on CC Evaluation Demand and Selection of IT Security Products to be evaluated under CC Scheme in Korea
Journal of the Korea Institute of Information Security and Cryptology, volume 14, issue 5, 2004, Pages 79~95
The Common Criteria can be used as a guideline for one CCRA member to avoid re-evaluating IT security products which were already evaluated by other CCRA members. In this paper, we have analyzed the evaluated IT security products under CC scheme in several nations, such as Unite States, Great Britain and Australia. and defined new category of the IT security products for the domestic CC evaluation. And we have analyzed the domestic and international market on the information security products, have conducted a poll to receive opinions and demands of the Korean industries for Korea policy decision maker to select the possible IT security products which will be evaluated in Korea under CC scheme. As a conclusion, we have selected 15 IT products based on the response to a poll by the industries, the market size, the evaluation amount demanded by the user, manufacturer, and evaluator, to select the possible IT security product under CC schemes in Korea during next 5 years. Moreover, the characteristics, the benefit, and the demerit of the selected IT products were analyzed. This paper can be used as a guideline document for Korea policy decision maker to select the IT products to be evaluated under CC scheme in Korea for next 5 years.
SoC Implementation of Fingerprint Feature Extraction System with Ridge Following
Journal of the Korea Institute of Information Security and Cryptology, volume 14, issue 5, 2004, Pages 97~107
This paper presents an System-on-Chip(SoC) implementation of fingerprint feature extraction system. Typical fingerprint feature extraction systems employ binarization and thinning processes which cause many extraction errors for low qualify fingerprint images and degrade the accuracy of the entire fingerprint recognition system. To solve these problems, an algorithm directly following ridgelines without the binarization and thinning process has been proposed. However, the computational requirement of the algorithm makes it hard to implement it on SoCs by using software only. This paper presents an implementation of the ridge-following algorithm onto SoCs. The algorithm has been modified to increase the efficiency of hardwares. Each function block of the algorithm has been implemented in hardware or in software by considering its computational complexity, cost and utilization of the hardware, and efficiency of the entire system. The fingerprint feature extraction system has been developed as an IP for SoCs, hence it can be used on many kinds of SoCs for smart cards.
Shared Key and Public Key based Mobile Agent Authentication Scheme supporting Multiple Domain in Home Network Environments
Journal of the Korea Institute of Information Security and Cryptology, volume 14, issue 5, 2004, Pages 109~119
The home network environment can be defined as a network environment, connecting digital home devices such as computer systems, digital appliances, and mobile devices. In this kind of home network environments, there will be numerous local/remote interactions to monitor and control the home network devices and the home gateway. Such an environment may result in communication bottleneck. By applying the mobile agents that can migrate among the computing devices autonomously and work on behalf of the user, remote interactions and network traffics can be reduced enormously. The mobile agent authentication is necessary to apply mobile agent concept to the home network environments, as a prerequisite technology for authorization or access control to the home network devices and resources. The existing mobile agent systems have mainly used the public key based authentication scheme, which is not suitable to the home network environments, composed of digital devices of limited computation capability. In this paper, we propose a shared key based mobile agent authentication scheme for single home domain and expand the scheme to multiple domain environments with the public key based authentication scheme. Application of the shared key encryption scheme to the single domain mobile agent authentication enables to authenticate the mobile agent with less overhead than the public key based authentication scheme.
Side channel attack on the Randomized Addition-Subtraction Chains
Journal of the Korea Institute of Information Security and Cryptology, volume 14, issue 5, 2004, Pages 121~133
In [15,16], Okeya and Sakurai showed that the randomized addition-subtraction chains countermeasures  are vulnerable to SPA attack. In this paper, we show that Okeya and Sakurai's attack algorithm [15,16] has two latent problems which need to be considered. We further propose new powerful concrete attack algorithms which are different from [15,16,19]. From our implementation results for standard 163-bit keys, the success probability for the simple version with 20 AD sequences is about 94% and with 30 AD sequences is about 99%. Also, the success probability for the complex version with 40 AD sequences is about 94% and with 70 AD sequences is about 99%.
Partial Key Exposure Attack on Unbalanced RSA with small CRT exponent
Journal of the Korea Institute of Information Security and Cryptology, volume 14, issue 5, 2004, Pages 135~140
In Crypto 2002 May analyzed the relation between the size of two primes and private key in unbalanced RSA with small CRT exponent. Also in Crypto 2003 he showed that if
4/ amount of most significant bits(least significant bits) of
is exposed in balanced RSA with CRT, N can be factored. To prove this he used Howgrave-Graham's Theorem. In this paper we show that if
4/ amount of
, p is smaller than q, and bigger than
to avoid May's attack, is exposed in unbalanced RSA with small CRT exponent, it is enough to expose
. We use Coppersmith's theorem with unbalanced primes.s.
A Design and Analysis of PKCS #11 supporting the KCDSA mechanism
Journal of the Korea Institute of Information Security and Cryptology, volume 14, issue 5, 2004, Pages 141~151
According to the improvemnent of electronic commerce, the requirements of security devices are becoming increasingly pervasive. The security API must design easily and securely to support a compatibility feature between security devices. It is chosen the PKCS #11 interface by RSA Labs that shows the compatibility and extensibility standards of many application product and implementation, and supported KCDSA mechanism which is a korean digital signature standard. And the PKCS #11 security API defines new key management function which provides more secure key management ability. We suggest the object attributes and templates of KCDSA private and public key object, generate and verify digital signature using KCDSA mechanism. The PKCS #11 supporting KCDSA mechanism is designed, implemented using C-Language, tested a performance, and analyzed the security and compatibiltiy feature.
An Efficient Packet Encryption Scheme Based on Security Requirement Level
Journal of the Korea Institute of Information Security and Cryptology, volume 14, issue 5, 2004, Pages 153~164
Under a large-scale client-server service environment, e.g., online games, encrypting data for acquiring information security often causes overload to the server and hence degradation of the service itself. Therefore, for reducing encryption payload, it is necessary to use adequately an efficient encryption scheme with respect to the security requirements of transmission data. In this paper, we propose a packet encryption scheme using multiple cryptosystems to realize such capability, which assigns a different cryptosystem according to the security requirements level. The proposed encryption scheme is applicable to internet services with heavy traffic ratios in which different kinds of data packets are incessantly transmitted between clients and servers. To show its effectiveness and superiority, the performance of the proposed encryption scheme is verified by experiments.
An Efficient Certificateless Public Key Encryption Scheme
Journal of the Korea Institute of Information Security and Cryptology, volume 14, issue 5, 2004, Pages 165~176
Al-Riyami and Paterson
suggested the new public key paradigm which is called the certificateless public key system. This system takes the advantages of both traditional PKC and ID-based PKC. It does not require the use of certificates of the public key and does not have the key escrow problem caused from the ID-based cryptosystem. In this paper, we propose an efficient certificateless public key encryption scheme which satisfies mutual authentication. The security of our protocol is based on the hardness of two problems; the computational Diffie-Hellman problem(CDHP) and the bilinear Diffie-Hellman problem(BDHP). We also give a formal security model for both confidentiality and unforgeability, and then show that our scheme is probably secure in the random oracle model.