Go to the main menu
Skip to content
Go to bottom
REFERENCE LINKING PLATFORM OF KOREA S&T JOURNALS
> Journal Vol & Issue
Journal of the Korea Institute of Information Security and Cryptology
Journal Basic Information
Journal DOI :
Korea Institutes of Information Security and Cryptology
Editor in Chief :
Volume & Issues
Volume 14, Issue 6 - Dec 2004
Volume 14, Issue 5 - Oct 2004
Volume 14, Issue 4 - Aug 2004
Volume 14, Issue 3 - Jun 2004
Volume 14, Issue 2 - Feb 2004
Volume 14, Issue 1 - Feb 2004
Selecting the target year
A Rule Protecting Scheme with Symmetric Cryptosystem for Intrusion Detection System
Son Hyung-Seo ; Kim Hyun-Sung ; Bu Ki-Dong ;
Journal of the Korea Institute of Information Security and Cryptology, volume 14, issue 6, 2004, Pages 3~13
Kvarnstrom et al.
proposed a rule protection scheme by using one-way hash function to protect rules in security systems over ubiquitous environment. Son et at.
also prooposed a rule protection scheme for Snort, which is one of the most common IDS. These schemes provide security only for the header information but not for its contents. To solve this problem, this paper presents a scheme based on the symmetric cryptosystem over Snort not only for the header information but also contents. This paper uses the key management based on PCMCIA security module proposed
for the symmetric cryptosystem. Our scheme could be adjusted to other security systems, which use the rule based detection.
A Certificate Verification Method based on the Attribute Certificates
Park ChongHwa ; Kim JiHong ; Lee ChulSoo ; Kim Dongkyoo ;
Journal of the Korea Institute of Information Security and Cryptology, volume 14, issue 6, 2004, Pages 15~24
Electronic commerce is widely used with the development of information communication technologies in internet using public key certificates. And the study for access control in Web application and DB system is also progressed actively. There are many verification method for PKC(Public Key Certificates), which are CRL, OCSP, SCVP and others. But their certificates verification methods for PKC cannot to be applied to PMI(Privilege Management Infrastructure) which is using AC(Attribute certificates) because of synchronization of PKC and AC. It is because AC has no public key, AC Verifier must get the PKC and verify the validity on PKC and AC. So in this paper we proposed the new AC-based certificate verification model. which provide the synchronization in two certificates(AC and PKC).
Generation of Maximum Length Cellular Automata
Choi Un-Sook ; Cho Sung-Jin ;
Journal of the Korea Institute of Information Security and Cryptology, volume 14, issue 6, 2004, Pages 25~30
Linear cellular automata(CA) which generate maximum-length cycles, have wide applications in generation of pseudo-random patterns, signature analysis, cryptography and error correcting codes etc. Linear CA whose characteristic polynomial is primitive has been studied. In this paper Ive propose a effective method for generation of a variety of maximum-length CA(MLCA). And we show that the complemented CA's derived from a linear MLCA are all MLCA. Also we analyze the Properties of complemented MLCA. And we prove that the number of n-cell MLCA is ø(2
An Implementation of NEIS′DB Security Using RBAC based on PMI
Ryoo Du-Gyu ; Moon Bong-Keun ; Jun Moon-Seog ;
Journal of the Korea Institute of Information Security and Cryptology, volume 14, issue 6, 2004, Pages 31~45
Public Key Infrastructure(PKI) provides a strong authentication. Privilege Management Infrastructure(PMI) as a new technology can provide user's attribute information. The main function of PMI is to give more specified authority and role to user. To authenticate net and role, we have used digital signature. Role Based Access Control(RBAC) is implemented by digital signature. RBAC provides some flexibility for security management. NEIS(National Education Information System) can not always provide satisfied quality of security management. The main idea of the proposed RNEIS(Roll Based NEIS) is that user's role is stored in AC, access control decisions are driven by authentication policy and role. Security manager enables user to refer to the role stored in user's AC, admits access control and suggests DB encryption by digital signature.
Analysis of Developing Methodology on the Security Software by Comparing Function for Security Protocol Code Generation Tools
Jang Seung-Ju ; Ryu Dae-hyun ; Lee Chul-Sool ; Park Il-Hwan ;
Journal of the Korea Institute of Information Security and Cryptology, volume 14, issue 6, 2004, Pages 47~56
Automatic code generating function for security protocol of SPEAR II and IFAD VDM-SL Toolbox supporting formal specification is presented in this paper. Among the functions of these tools we compare and analyze the aspects of functions, users, operation and code generation. And we suggest direction to the developing of safe security S/W. The automatic code generating function for security protocol gives the direction for developing of the safe secure software in formal specification method.
Status-Based RFID Authentication Protocol
Yoo Sung Ho ; Kim KiHyun ; Hwang Yong Ho ; Lee Pil Joong ;
Journal of the Korea Institute of Information Security and Cryptology, volume 14, issue 6, 2004, Pages 57~68
Recently, Radio Frequency Identification (RFID) systems stands in the spotlight of industry as a common and useful tool in manufacturing, supply chain management (SCM) and stock management. In the near future, low-cost RFID Electronic Product Code; (EPC) or smart-labels may be a practical replacement for optical barcodes on consumer items. However, manufacturing cheap and small RFID tags, and developing secure RFID authentication Protocols are problems which need to be solved. In spite of advances in semiconductor technology, computation and storage ability of the tag are so limited that it is difficult and too expensive to apply existing crypto-systems to RFID tags. Thus it is necessary to create a new protocol which would require less storage space and lower computation costs and that is secure in the RFID system's environments. In this paper, we propose a RFID authentication protocol that is secure against location tracking and spoofing attacks. Our protocol can be used as a practical solution for privacy protection because it requires less computations in database than the previous RFID authentication protocol.
Provably Secure Tree-Based Centralized Group Key Distribution: Security Model and Modular Approach
Kim Hyun-Jeong ; Lee Su-Mi ; Lee Dong Hoon ;
Journal of the Korea Institute of Information Security and Cryptology, volume 14, issue 6, 2004, Pages 69~78
During the last decade, security models have been defined for two- and three-parity key exchange protocols. Currently there is a growing research interest in security models for group key management schemes. While various security models and provably secure protocols have been proposed for distributed group key exchange schemes, no results are hewn for centralized group key distribution schemes in spite of their theoretical and practical importance. We describe security requirements and a formal security model for centralized group key distribution scheme: we define the model on the channel controlled by adversaries with the ability of strong user corruption. In the security model, we propose a conversion module which can transform centralized tree-based group key distribution schemes in the literature to provably secure centralized tree-based group key distribution schemes.
A Hardware Implementation for Real-Time Fingerprint Identification
Kim Kichul ; Kim Min ; Chung Yongwha ; Pan Sung Bum ;
Journal of the Korea Institute of Information Security and Cryptology, volume 14, issue 6, 2004, Pages 79~89
Fingerprint identification consists of user enrollment phase storing user's fingerprint in a database and user identification phase making a candidate list for a given fingerprint. straightforward approach to perform the user identification phase is to scan the entire database sequentially, and takes times for large-scale databases. In this paper, we develop a hardware design which can perform the user identification phase in real-time. Our design employs parallel processing techniques and has been implemented on a PCI-based platform containing an FPGA and SDRAMs. Based on the performance evaluation, our hardware implementation can provide a scalability and perform the fingerprint identification in real-time.
A Government Agency Environment Protects Information System Design using Intrusion Prevention System and Role-Base Security Policy
Ahn Joung Choul ;
Journal of the Korea Institute of Information Security and Cryptology, volume 14, issue 6, 2004, Pages 91~103
The survey of network firewall system has been focused on the deny policy that protects information from the unlicensed and the intrusion detection system. Government has solved several firewall problems as building the intranet separated from the intranet. However, the new firewall system would been satisfied both the denialpolicy and information share with the public, according as government recently emphasizes electronic service. Namely, it has to provide the functions such as the information exchange among divisions, partial share of information with the public, network connection and the interception of illegal access. Also, it considers the solution that protects system from hacking by inner user and damage of virus such as Worm. This Paper suggests the protects information system using the intrusion prevention system and role-based security policy to support the partial opennessand the security that satisfied information share among governments and public service.
Message Authentication Code based on k-invertible Matrices
Lee Hee Jung ; Kim Tae Gwon ;
Journal of the Korea Institute of Information Security and Cryptology, volume 14, issue 6, 2004, Pages 105~110
MAC is used for data origin authentication or message integrity protection. In Crypto'03 Cary and Venkatesan introduced new MAC based on unimodular matrix groups. It is to encrypt messages using private keys and to encrypt them again using public keys which are matrices whose determinants are
1. These matrices have property called k-invertible. This k effects on the collision probability of this new MAC. The smaller k is, the less collisions occur. Cary shows 6-invertible matrices, and 10-invertible matrices whose components are only 1, 0, -1. In this paper we figure out sufficient conditions about choosing 4 matrices among special 22 matrices. Also, we introduce 5-invertible matrices whose components are 1, 0, -1. Those have better efficiency and security.
Analysis of hash functions based on cellular automata
Jeong Kitae ; Lee Jesang ; Chang Donghoon ; Sung Jaechul ; Lee Sangjin ;
Journal of the Korea Institute of Information Security and Cryptology, volume 14, issue 6, 2004, Pages 111~123
A hash function is a function that takes bit strings of arbitrary length to bit string of fixed length. A cellular automata is a finite state machine and has the property of generating pseudorandom numbers efficiently by combinational logics of neighbour cells. In  and , hash functions based on cellular automata which can be implemented efficiently in hardware were proposed. In this paper, we show that we can find collisions of these hash functions with probability 0.46875 and 0.5 respectively.
Elliptic Curve Scalar Multiplication Resistant against Side Channel Attacks
Kim Tae Hyun ; Jang Sang-Woon ; Kim Woong Hee ; Park Young-Ho ;
Journal of the Korea Institute of Information Security and Cryptology, volume 14, issue 6, 2004, Pages 125~134
When cryptosystem designers implement devices that computing power or memory is limited such as smart cards, PDAs and so on, not only he/she has to be careful side channel attacks(SCA) but also the cryptographic algorithms within the device has to be efficient using small memory. For this purpose, countermeasures such as Moiler's method, Okeya-Takagi's one and overlapping window method, based on window method to prevent SCA were proposed. However, Moiler's method and Okeya-Talngi's one require additional cost to prevent other SCA such as DPA, Second-Order DPA, Address-DPA, and so on since they are immune to only SPA. Also, overlapping window method has a drawback that requires big memory. In this paper, we analyze existing countermeasures and propose an efficient and secure countermeasure that is immune to all existing SCA using advantages of each countermeasure. Moreover, the proposed countermeasure can enhance the efficiency using mixed coordinate systems.
A spam mail blocking method using URL frequency analysis
Baek Ki-young ; Lee Chul-soo ; Ryou Jae-cheol ;
Journal of the Korea Institute of Information Security and Cryptology, volume 14, issue 6, 2004, Pages 135~148
Recently, it is difficult to block the spam mail that changes variously with past spam distinction method by words. To solve such problem, This paper propose the method of generating spam distinction rule using URL frequency analysis. It is consist of collecting spam, drawing URL that get into characteristic from collected spam mail. URL noonalizing, generating spam distinction rule by time frequency, and blocking mail. It can effectively block various types of spam mail and various forms of spam mail that change.