Go to the main menu
Skip to content
Go to bottom
REFERENCE LINKING PLATFORM OF KOREA S&T JOURNALS
> Journal Vol & Issue
Journal of the Korea Institute of Information Security and Cryptology
Journal Basic Information
Journal DOI :
Korea Institutes of Information Security and Cryptology
Editor in Chief :
Volume & Issues
Volume 17, Issue 6 - Dec 2007
Volume 17, Issue 5 - Oct 2007
Volume 17, Issue 4 - Aug 2007
Volume 17, Issue 3 - Jun 2007
Volume 17, Issue 2 - Apr 2007
Volume 17, Issue 1 - Feb 2007
Selecting the target year
Software Security Testing using Block-based File Fault Injection
Choi, Young-Han ; Kim, Hyoung-Chun ; Hong, Soon-Jwa ;
Journal of the Korea Institute of Information Security and Cryptology, volume 17, issue 4, 2007, Pages 3~10
In this paper, we proposed the methodology for security testing using block-based file fault injection. When fault is inserted into software, we consider the format of file in order to efficiently reduce the error that is caused by mismatch of format of file. The Vulnerability the methodology focuses on is related to memory processing, such as buffer overflow, null pointer reference and so on. We implemented the automatic tool to apply the methodology to image file format and named the tool ImageDigger. We executed fault-injection focused on WMF and EMF file format using ImageDigger, and found 10 DOS(Denial of Service) in Windows Platform. This methodology can apply to block-based file format such as MS Office file.
A Study on Network Service Using Authorization Ticket in AAA system
Kang, Seo-Il ; Lee, Im-Yeong ;
Journal of the Korea Institute of Information Security and Cryptology, volume 17, issue 4, 2007, Pages 11~19
A ubiquitous network environment is a system where the user can avail of the network's services anytime, anywhere. To establish such an environment, studies continue being conducted on wireless communication technology and mobile terminals. The company that provides such services should have an established system for authentication, authorization and charging for users. This service is referred to as Authentication, Authorization, Accounting(AAA), and its aspects have been consistently studied. On the other hand, existing studies have been promoted with regard to the authentication and efficiency of the mobile terminal. One of the method is that the mobile terminal contacts to the home authentication server through the external authentication server every time it is required and; another one is to use a medium server to provide authentication in the middle between them. Thus, this study aims to determine the best method to use ticketing, where tickets are provided through a mobile terminal, complete with authentication and authorization features. Also, as it uses ticket, it can efficiently provide mobile verification processing.
Secure Quorum-based Location Service for Ad hoc Position-based Routing
Lim, Ji-Hwan ; Oh, Hee-Kuck ; Kim, Sang-Jin ;
Journal of the Korea Institute of Information Security and Cryptology, volume 17, issue 4, 2007, Pages 21~35
In ad hoc networks, position-based routing schemes, that use geographical positions of nodes, have been proposed to efficiently route messages. In these routing schemes, the location service is one of the key elements that determines and effects security and efficiency of the protocol. In this paper, we define security threats of location service and propose a new quorum based location service protocol. In our proposed protocol, nodes register their public keys in other nodes during the initialization phase and these registered keys are used to verify locations of other nodes and the messages exchanged. In this paper, we prove that our protocol is robust against traditional attacks and new attacks that may occur due to the use of position-based routing. We also analyze the efficiency of our protocol using various simulations.
Proactive Code Verification Protocol Using Empty Memory Deletion in Wireless Sensor Network
Choi, Young-Geun ; Kang, Jeon-Il ; Lee, Kyung-Hee ; Nyang, Dae-Hun ;
Journal of the Korea Institute of Information Security and Cryptology, volume 17, issue 4, 2007, Pages 37~46
The authentication in WSN(Wireless Sensor Network) usually means the entity authentication, but owing to the data centric nature of sensor network, much more importance must be put on the authentication(or attestation) for code of sensor nodes. The naive approach to the attestation is for the verifier to compare the previously known memory contents of the target node with the actual memory contents in the target node, but it has a significant drawback. In this paper, we show what the drawback is and propose a countermeasure. This scheme can verify the whole memory space of the target node and provides extremely low probability of malicious code's concealment without depending on accurate timing information unlike SWATT. We provide two modes of this verification method: BS-to-node and node-to-node. The performance estimation in various environments is shown.
Dynamic Pipe Hash Function
Kim, Hie-Do ; Won, Dong-Ho ;
Journal of the Korea Institute of Information Security and Cryptology, volume 17, issue 4, 2007, Pages 47~52
In this paper, we proposed a constrution that creates Dynamic Pipe Hash Function with a pipe hash function. To increase security lever, dynamic hash function take and additional compression function. Proposed hash function based on the piped hash function. Our proposed Dynamic Pipe Hash Function is as secure against multicollision attack as an ideal hash function. And it have advantage for a number of reasons because of variable digest size. For example, in digital signature protocol, If a user requires increased security by selecting a large key size, useing a dynamic hash function in a protocol make implementation much easier when it is mandated that the size of the digest by increased.
Advanced Multi-Pass Fast Correlation Attack on Stream Ciphers
Kim, Hyun ; Sung, Jae-Chul ; Lee, Sang-Jin ; Park, Hae-Ryong ; Chun, Kil-Soo ; Hong, Seok-Hie ;
Journal of the Korea Institute of Information Security and Cryptology, volume 17, issue 4, 2007, Pages 53~60
In a known plaintext scenario, fast correlation attack is very powerful attack on stream ciphers. Most of fast correlation attacks consider the cryptographic problem as the suitable decoding problem. In this paper, we introduce advanced multi-pass fast correlation attack which is based on the fast correlation attack, which uses parity check equation and Fast Walsh Transform, proposed by Chose et al. and the Multi-pass fast correlation attack proposed by Zhang et al. We guess some bits of initial states of the target LFSR with the same method as previously proposed methods, but we can get one more bits at each passes and we will recover the initial states more efficiently.
Estimation of relative evaluation effort ratios for each EALs in CC 2.3 and CC 3.1
Kou, Kab-Seung ; Kim, Young-Soo ; Lee, Gang-Soo ;
Journal of the Korea Institute of Information Security and Cryptology, volume 17, issue 4, 2007, Pages 61~74
In Common Criteria evaluation scheme, sponsor and evaluator should estimate evaluation cost and duration of IT security system evaluation in contracting the evaluation project. In this paper, We analyzed study result that achieve at 2003 and 2005, and utilized part of study result. And we empirically estimate relative evaluation effort ratios among evaluation assurance levels(
) in CC v2.3 and CC v3.1. Also, we estimate the ratios from 'developer action elements', adjusted 'content and presentation of evidence elements', and 'evaluator action elements 'for each assurance component. We, especially, use ratio of amount of effort for each 'evaluator action elements', that was obtained from real evaluators in KISA in 2003. Our result will useful for TOE sponsor as well as evaluation project manager who should estimate evaluation cost and duration for a specific EAL and type of TOE, in a new CC v3.1 based evaluation schem
A Secure Receipt Issuing Scheme for e-Voting with Improved Usability
Lee, Yun-Ho ; Lee, Kwang-Woo ; Park, Sang-Joon ; Kim, Seung-Joo ; Won, Dong-Ho ;
Journal of the Korea Institute of Information Security and Cryptology, volume 17, issue 4, 2007, Pages 75~88
Current electronic voting systems are not sufficient to satisfy trustworthy elections as they do not provide any proof or confirming evidence of their honesty. This lack of trustworthiness is the main reason why e-voting is not widespread even though e-voting is expected to be more efficient than the current plain paper voting. Many experts believe that the only way to assure voters that their intended votes are casted is to use paper receipts. In this paper, we propose an efficient scheme for issuing receipts to voters in an e-voting environment using the well-known cut-and-choose method. Our scheme does not require any special printers or scanners, nor frequent observations of voting machines. In addition, our scheme is more secure than the previous schemes.
The Security analysis and construction of correlation immune function with higher nonlinearity on stream cipher
Yang, Jeong-Mo ;
Journal of the Korea Institute of Information Security and Cryptology, volume 17, issue 4, 2007, Pages 89~95
There are various methods constructing correlation immune functions such as Siegenthaler's, Camion et al's and Seberry et al's. In particular, Soberry et al's is a method which directly constructs balanced correlation immune functions of any order using the theory of Hadamard matrices. In this paper, we have studied Seberry et al's method for constructing a correlation immune function on a higher dimensional space by combining known correlation immune functions on a lower dimensional space. Futhermore, we calculated the nonlinearity of functions which are constructed by combining of several correlation immune functions. That is, we have shown that the direct sum of two correlation immune functions and a combination of four correlation immune functions have higher nonlinearity in comparison with each functions. This functions in stream cipher are safe against correlation attacks.
Low Complexity Architecture for Fast-Serial Multiplier in
Cho, Yong-Suk ;
Journal of the Korea Institute of Information Security and Cryptology, volume 17, issue 4, 2007, Pages 97~102
In this paper, a new architecture for fast-serial
multiplier with low hardware complexity is proposed. The fast-serial multiplier operates standard basis of
and is faster than bit serial ones but with lower area complexity than bit parallel ones. The most significant feature of the fast-serial architecture is that a trade-off between hardware complexity and delay time can be achieved. But The traditional fast-serial architecture needs extra (t-1)m registers for achieving the t times speed. In this paper a new fast-serial multiplier without increasing the number of registers is presented.
Improved cryptanalysis of lightweight RFID mutual authentication Protocols LMAP,
Kwon, Dae-Sung ; Lee, Joo-Young ; Koo, Bon-Wook ;
Journal of the Korea Institute of Information Security and Cryptology, volume 17, issue 4, 2007, Pages 103~113
In this paper, we present a security analysis of Lightweight RFID Mutual Authentication Protocols-LMAP,
, EMAP. Based on simple logic operations, the protocols were designed to be suitable for lightweight environments such as RFID systems. In [8,9], it is shown that these protocols are vulnerable to do-synchronization attacks with a high probability. The authors also presented an active attack that partially reveals a tag's secret values including its ID. In this paper, we point out an error from  and show that their do-synchronization attack would always succeed. We also improve the active attack in  to show an adversary can compute a tag's ID as well as certain secret keys in a deterministic way. As for
and EMAP, we show that eavesdropping
consecutive sessions is sufficient to reveal a tag's essential secret values including its ID that allows for tracing, do-synchronization and/or subsequent impersonations.
A Study of Pervasive Roaming Services with Security Management Framework
Kim, Gwan-Yeon ; Hwang, Zi-On ; Kim, Yong ; Uhm, Yoon-Sik ; Park, Se-Hyun ;
Journal of the Korea Institute of Information Security and Cryptology, volume 17, issue 4, 2007, Pages 115~129
The ubiquitous and autonomic computing environments is open and dynamic providing the universal wireless access through seamless integration of software and system architectures. The ubiquitous computing have to offer the user-centric pervasive services according to the wireless access. Therefore the roaming services with the predefined security associations among all of the mobile devices in various networks is especially complex and difficult. Furthermore, there has been little study of security coordination for realistic autonomic system capable of authenticating users with different kinds of user interfaces, efficient context modeling with user profiles on Smart Cards, and providing pervasive access service by setting roaming agreements with a variety of wireless network operators. This paper proposes a Roaming Coordinator-based security management framework that supports the capability of interoperator roaming with the pervasive security services among the push service based network domains. Compared to traditional mobile systems in which a Universal Subscriber Identity Module(USIM) is dedicated to one service domain only, our proposed system with Roaming Coordinator is more open, secure, and easy to update for security services throughout the different network domains such as public wireless local area networks(PWLANs), 3G cellular networks and wireless metropolitan area networks(WMANs).
Fixing Security Flaws of URSA Ad hoc Signature Scheme
Yi, Jeong-Hyun ;
Journal of the Korea Institute of Information Security and Cryptology, volume 17, issue 4, 2007, Pages 131~136
Ad hoc networks enable efficient resource aggregation in decentralized manner, and are inherently scalable and fault-tolerant since they do not depend on any centralized authority. However, lack of a centralized authority prompts many security-related challenges. Moreover, the dynamic topology change in which network nodes frequently join and leave adds a further complication in designing effective and efficient security mechanism. Security services for ad hoc networks need to be provided in a scalable and fault-tolerant manner while allowing for membership change of network nodes. In this paper, we investigate distributed certification mechanisms using a threshold cryptography in a way that the functions of a CA(Certification Authority) are distributed into the network nodes themselves and certain number of nodes jointly issue public key certificates to future joining nodes. In the process, we summarize one interesting report  in which the recently proposed RSA-based ad hoc signature scheme, called URSA, contains unfortunate yet serious security flaws. We then propose new scheme by fixing their security flaws.