Go to the main menu
Skip to content
Go to bottom
REFERENCE LINKING PLATFORM OF KOREA S&T JOURNALS
> Journal Vol & Issue
Journal of the Korea Institute of Information Security and Cryptology
Journal Basic Information
Journal DOI :
Korea Institutes of Information Security and Cryptology
Editor in Chief :
Volume & Issues
Volume 17, Issue 6 - Dec 2007
Volume 17, Issue 5 - Oct 2007
Volume 17, Issue 4 - Aug 2007
Volume 17, Issue 3 - Jun 2007
Volume 17, Issue 2 - Apr 2007
Volume 17, Issue 1 - Feb 2007
Selecting the target year
Authenticated IGMP for Controlling Access to Multicast Distribution Tree
Park, Chang-Seop ; Kang, Hyun-Sun ;
Journal of the Korea Institute of Information Security and Cryptology, volume 17, issue 2, 2007, Pages 3~17
Receiver access control scheme is proposed to protect multicast distribution tree from DoS(Denial-of Service) attack induced by unauthorized use of IGMP(Internet group management protocol), by extending the security-related functionality of IGMP. Based on a specific network and business model adopted for commercial deployment of IP multicast applications, key management scheme is also presented for bootstrapping the proposed access control as well as accounting and billing for CP(Content Provider), NSP(Network Service Provider), and group members.
Design and Implementation of Secure Distribution System for Broadcasting Contents
Lee, Jin-Heung ; Lee, Hea-Ju ; Shin, Sang-Uk ;
Journal of the Korea Institute of Information Security and Cryptology, volume 17, issue 2, 2007, Pages 19~27
Broadcasting contents protection system for HDTV has many difficult to apply file encryption technology that using the existing DRM systems. Therefore, this system has to be processed as accommodative about broadcasting contents format such as TS and PS and so on. Also, this system must support efficient encryption technology and random access mode. In addition, this system must have suitable key distribution mechanism in broadcasting environment. In this paper, we propose and implement encryption/key distribution scheme applicable to encoder/decoder without changing the existing MPEG system.
Scoring Method of Fingerprint Image Quality using Classified Block-level Characteristics
Moon, Ji-Hyun ; Kim, Hak-Il ;
Journal of the Korea Institute of Information Security and Cryptology, volume 17, issue 2, 2007, Pages 29~40
The purpose of this research is to propose a method for scoring the quality of a fingerprint image using the local information derived from the fingerprint image. In previous works for the quality measuring, most of the quality scores are related to the performance of a matching algorithm, and this makes the quality result more subjective. The quality score of a fingerprint image proposed in this work is sensor-independent, source-independent and matcher-independent one, and this concept of fingerprint sample quality results in effective improvement of the system performance. In this research, a new definition of fingerprint image quality and a new method for measuring the quality are proposed. For the experiments, several sub-databases from FVCs are used and the proposed method showed reasonable results for the test database. The proposed method can be used in various systems for the numerous purposes since the quality scores generated by the proposed method are based on the idea that the quality of fingerprint should be sensor-independent, source-independent and matcher-independent.
Design and Implementation of USIM Security Module for the Wireless Network Interworking
Kim, Choon-Soo ;
Journal of the Korea Institute of Information Security and Cryptology, volume 17, issue 2, 2007, Pages 41~49
USIM(UMTS Subscriber Identity Module) technology that accept 3GPP(3rd Generation Partnership Project) standards for information security supports security function in 3GPP. Supported security functions of USIM are confidentiality of user identity, mutual authentication and key agreement between end user and network, confidentiality of user data and data integrity. It is very important technology in wireless network. It makes secure environment that user and service provider can use securely mobile service in network. In this paper, design and implementation USIM security module that supports common network access method and authentication protocol in 3GPP and WLAN(Wireless LAN) and AAA (3A-Authentication Authorization Accounting) server system based RADIUS.
A Design and Implementation of ROAD(RPC Object vulnerability Automatic Detector)
Yang, Jin-Seok ; Kim, Tae-Ghyoon ; Kim, Hyoung-Chun ; Hong, Soon-Jwa ;
Journal of the Korea Institute of Information Security and Cryptology, volume 17, issue 2, 2007, Pages 51~59
Software testing is the process of analyzing a software item to detect the differences between existing and required conditions and to evaluate the features of the software item. A traditional testing focuses on proper functionality, not security testing. Fuzzing is a one of many software testing techniques and security testing. Fuzzing methodology has advantage that low-cost, efficiency and so on. But fuzzing has defects such as intervening experts. Also, if there is no specification, fuzzing is impossible. ROAD Tool is automated testing tool for RPC(Remote Procedure Call) based protocol and software without specification. Existing tools are semi-automated. Therefore we must modify these tools. In this paper, we design and implement ROAD tool. Also we verify utility in testing results.
QoS Evaluation of Streaming Media in the Secure Wireless Access Network
Kim, Jong-Woo ; Shin, Seung-Wook ; Lee, Sang-Duck ; Han, Seung-Jo ;
Journal of the Korea Institute of Information Security and Cryptology, volume 17, issue 2, 2007, Pages 61~72
With the increasing growth of Internet and wireless IP networks, Multimedia systems need to be envisaged as information resources where users can access anywhere and anytime. However, efficient services in these multimedia systems are open and challenging research problem due to user mobility, limited resources in wireless devices and expensive radio bandwidth. To implement multimedia services over heterogeneous network, the IP header compression scheme can be used for saving bandwidth. In this paper, we present an efficient solution for header compression, which is modified form of ECRTP. It shows an architectural framework adopting modified ECRTP when IP tunneling network using GRE over IPSec is implemented. We have conducted simulations in order to analyze the effects of different header compression techniques while delivering real-time services to the wireless access network through secured IP Network. The impacts on performance have been investigated through a series of experiments.
Analysis on TMD-Tradeoff and State Entropy Loss of Stream Cipher MICKEY
Kim, Woo-Hwan ; Hong, Jin ;
Journal of the Korea Institute of Information Security and Cryptology, volume 17, issue 2, 2007, Pages 73~81
We give two weaknesses of a recently proposed streamcipher MICKEY. We show time-memory-data tradeoff is applicable. We also show that the state update function reduces entropy of the internal state as it is iterated, resulting in keystreams that start out differently but become merged together towards the end.
A Packet encryption scheme and extension of Cryptoki for connectionless packet network
Ko, Haeng-Seok ; Park, Sang-Hyun ; Kwon, Oh-Seok ;
Journal of the Korea Institute of Information Security and Cryptology, volume 17, issue 2, 2007, Pages 83~92
In connectionless packet network, if a sender encrypts packets by block chaining mode and send it to receiver, the receiver should decrypt packets in encrypted order that is not received order. Therefore, the performance and efficiency are lowered for crypto communication system. To solve this problem, we propose packet encryption scheme for connectionless packet network that can decrypt the packets independently, even if the received order of packets are changed or packets are missed. The scheme makes new IV(Initial Vector) using IV that created by key exchange process and salt that made by random number. We propose extended Cryptoki API that added packet encryption/decryption functions and mechanism for improving convenience and performance. We implement the scheme and get result that the performance increased about
times compare with in case of implementing using Cryptoki API in the test environment.
Lightweight IP Traceback Mechanism on IPv6 Network Environment
Heo, Joon ; Kang, Myung-Soo ; Hong, Choong-Seon ;
Journal of the Korea Institute of Information Security and Cryptology, volume 17, issue 2, 2007, Pages 93~102
A serious problem to fight DDoS attacks is that attackers use incorrect or spoofed IP addresses in the attack packets. Due to the stateless nature of the internet, it is a difficult problem to determine the source of these spoofed IP packets. The most of previous studies to prevent and correspond to DDoS attacks using the traceback mechanism have been accomplished in IPv4 environment. Even though a few studies in IPv6 environment were introduced, those have no detailed mechanism to cope with DDoS attacks. The mechanisms for tracing the origin of attacks in IPv6 networks have so many differences from those of IPv4 networks. In this paper we proposed a lightweight IP traceback mechanism in IPv6 network environment. When marking for traceback is needed, the router can generate Hop-by-Hop option and transmit the marked packet. We measured the performance of this mechanism and at the same time meeting the efficient marking for traceback.
A Handover Authentication Scheme initiated by Mobile Node for Heterogeneous FMIPv6 Mobile Networks
Choi, Jae-Duck ; Jung, Sou-Hwan ;
Journal of the Korea Institute of Information Security and Cryptology, volume 17, issue 2, 2007, Pages 103~114
The existing handover authentication schemes have authentication delay and overhead of the authentication server since they have been separately studied handover authentication at the link layer and the network layer. This paper proposes a handover authentication scheme initiated by Mobile Node on FMIPv6 based mobile access networks. The main idea of the paper is to generate a session key at the mobile node side, and transfer it to the next Access Router through the authentication server. Also, the scheme has a hierarchical key management at access router. There are two advantages of the scheme. First, the generated session key can be utilized for protecting the binding update messages and also for access authentication. Second, hierarchical key management at the access router reduced the handover delay time. The security aspects on the against PFS, PBS, and DoS attack of proposed scheme are discussed.
New Simple Power Analysis on scalar multiplication based on sABS recoding
Kim, Hee-Seok ; Kim, Sung-Kyoung ; Kim, Tae-Hyun ; Park, Young-Ho ; Lim, Jong-In ; Han, Dong-Guk ;
Journal of the Korea Institute of Information Security and Cryptology, volume 17, issue 2, 2007, Pages 115~123
In cryptographic devices like a smart-card whose computing ability and memory are limited, cryptographic algorithms should be performed efficiently. Scalar multiplication is very important operation in Elliptic Curve Cryptosystems, and so must be constructed in safety against side channel attack(SCA). But several countermeasures proposed against SCA are exposed weaknesses by new un-dreamed analysis. 'Double-and-add always scalar multiplication' algorithm adding dummy operation being known to secure against SPA is exposed weakness by Doubling Attack. But Doubling Attack cannot apply to sABS receding proposed by Hedabou, that is another countermeasure against SPA. Our paper proposes new strengthened Doubling Attacks that can break sABS receding SPA-countermeasure and a detailed method of our attacks through experimental result.
Source-Location Privacy in Wireless Sensor Networks
Lee, Song-Woo ; Park, Young-Hoon ; Son, Ju-Hyung ; Kang, Yu ; Choe, Jin-Gi ; Moon, Ho-Gun ; Seo, Seung-Woo ;
Journal of the Korea Institute of Information Security and Cryptology, volume 17, issue 2, 2007, Pages 125~137
This paper proposes a new scheme to provide the location privacy of sources in Wireless Sensor Networks (WSNs). Because the geographical location of a source sensor reveals contextual information on an 'event' in WSN, anonymizing the source location is an important issue. Despite abundant research efforts, however, about data confidentiality and authentication in WSN, privacy issues have not been researched well so far. Moreover, many schemes providing the anonymity of communication parties in Internet and Ad-hoc networks are not appropriate for WSN environments where sensors are very resource limited and messages are forwarded in a hop-by-hop manner through wireless channel. In this paper, we first categorize the type of eavesdroppers for WSN as Global Eavesdropper and Compromising Eavesdropper. Then we propose a novel scheme which provides the anonymity of a source according to the types of eavesdroppers. Furthermore, we analyze the degree of anonymity of WSN using the entropy-based modeling method. As a result, we show that the proposed scheme improves the degree of anonymity compared to a method without any provision of anonymity and also show that the transmission range plays a key role to hide the location of source sensors.
Anonymous Remote User Authentication Scheme with Smart Card
Kim, Se-Il ; Rhee, Hyun-Sook ; Lee, Dong-Hoon ;
Journal of the Korea Institute of Information Security and Cryptology, volume 17, issue 2, 2007, Pages 139~144
Due to the increasing use of Internet and spread of ubiquitous environment the security of private information became an important issue. For this reason, many suggestions have been made in order to protect the privacy of users. In the study of authentication system using a smart card which is one of the methods for protecting private information, the main idea is to offer user anonymity. In 2004, Das et al. suggested an authentication system that guarantees anonymity by using a dynamic ID for the first time. However, this scheme couldn't guarantee complete anonymity as the identity of the user became revealed at log-in phase. In 2005, Chien at al. suggested a authentication system that guarantees anonymity, but this was only safe to the outsider(attacker). In this paper, we propose a scheme that enables the mutual authentication between the user and the sewer by using a smart card. For the protection of the user privacy, we suggest an efficient user authentication system that guarantees perfect anonymity to both the outsider and remote server.
Security Analysis on the Implementation Vulnerabilities of I-PIN
Choi, Youn-Sung ; Lee, Yun-Ho ; Kim, Seung-Joo ; Won, Dong-Ho ;
Journal of the Korea Institute of Information Security and Cryptology, volume 17, issue 2, 2007, Pages 145~185
A resident registration number is used to confirm and prove his/her identity in a government/non-governmental agency. It is a essential requirement to become the registered member on internet website in Korea. It is serious problem that the resident registration number and name are outflowed in internet and misused by others. So the MIC(Ministry of Information and Communication) in Korea plans and operates the identification system using I-PIN that integrate 5 alternative methods of resident registration number. In this paper, we analyze the problem about the method of 5 I-PIN services and show the security analysis on the implementation vulnerabilities of I-PIN services. we also analyze 17 websites that provides identification system using I-PIN. Finally, we analyze the overall problem of I-PIN service and propose the countermeasure about the problem.