Go to the main menu
Skip to content
Go to bottom
REFERENCE LINKING PLATFORM OF KOREA S&T JOURNALS
> Journal Vol & Issue
Journal of the Korea Institute of Information Security and Cryptology
Journal Basic Information
Journal DOI :
Korea Institutes of Information Security and Cryptology
Editor in Chief :
Volume & Issues
Volume 18, Issue 6B - Dec 2008
Volume 18, Issue 6A - Dec 2008
Volume 18, Issue 5 - Oct 2008
Volume 18, Issue 4 - Aug 2008
Volume 18, Issue 3 - Jun 2008
Volume 18, Issue 2 - Apr 2008
Volume 18, Issue 1 - Feb 2008
Selecting the target year
Vulnerability of Two Password-based Key Exchange and Authentication Protocols against Off-line Password-Guessing Attacks
Shim, Kyung-Ah ; Lee, Hyang-Sook ; Lee, Ju-Hee ;
Journal of the Korea Institute of Information Security and Cryptology, volume 18, issue 1, 2008, Pages 3~10
Since a number of password-based protocols are using human memorable passwords they are vulnerable to several kinds of password guessing attacks. In this paper, we show that two password-based key exchange and authentication protocols are insecure against off-line password-guessing attacks.
A fingerprint Alignment with a 3D Geometric Hashing Table based on the fuzzy Fingerprint Vault
Lee, Sung-Ju ; Moon, Dae-Sung ; Kim, Hak-Jae ; Yi, Ok-Yeon ; Chung, Yong-Wha ;
Journal of the Korea Institute of Information Security and Cryptology, volume 18, issue 1, 2008, Pages 11~21
Biometrics-based user authentication has several advantages over traditional password-based systems for standalone authentication applications. This is also true for new authentication architectures known as crypto-biometric systems, where cryptography and biometrics are merged to achieve high security and user convenience at the same time. Recently, a cryptographic construct, called fuzzy vault, has been proposed for crypto-biometric systems. This construct aims to secure critical data(e.g., secret key) with the fingerprint data in a way that only the authorized user can access the secret by providing the valid fingerprint, and some implementations results for fingerprint have been reported. However, the previous results had some limitation of the provided security due to the limited numbers of chaff data fer hiding real fingerprint data. In this paper, we propose an approach to provide both the automatic alignment of fingerprint data and higher security by using a 3D geometric hash table. Based on the experimental results, we confirm that the proposed approach of using the 3D geometric hash table with the idea of the fuzzy vault can perform the fingerprint verification securely even with more chaff data included.
System Design and Implementation for Security Policy Management of Windows Based PC and Weakness Inspection
Park, Byung-Yeon ; Yang, Jong-Won ; Seo, Chang-Ho ;
Journal of the Korea Institute of Information Security and Cryptology, volume 18, issue 1, 2008, Pages 23~30
Attempt to protect personal computer from hacking, virus, worm, and the troy wooden horse is progressed variously. Nevertheless, it is very difficult fer public users to understand configurations to enhance security stability in windows based personal computer, and many security problem is due to there lack of recognize about information accessability, various kind of configuration, these necessity, and efficiency. Accordingly, it is demandded to develop an efficient system to protect networks and personal computer with automated method. In this paper, we derive problems of personal computer by analyzing various vulnerableness and policy on security, through which we design and implement the system to solve various windows system problem conveniently.
Investigation of Side Channel Analysis Attacks on Financial IC Cards
Kim, Chang-Kyun ; Park, Il-Hwan ;
Journal of the Korea Institute of Information Security and Cryptology, volume 18, issue 1, 2008, Pages 31~39
The development of next-generation resident registration cards, financial IC cards and administrative agency IC cards based on a smart card is currently coming out in Korea. However, the low-price IC cards without countermeasures against side channel analysis attacks are expected to be used fer cost reduction. This paper has investigated the side channel resistance of financial IC cards that are currently in use and have performed DPA attacks on the financial IC cards. We have been able to perform successful DPA attacks on these cards by using only 100 power measurement traces. From our experiment results, we have been able to extract the master key used for encryption of a count PIN number.
Systolic Architecture for Digit Level Modular Multiplication/Squaring over GF(
Lee, Jin-Ho ; Kim, Hyun-Sung ;
Journal of the Korea Institute of Information Security and Cryptology, volume 18, issue 1, 2008, Pages 41~47
This paper presents a new digit level LSB-first multiplier for computing a modular multiplication and a modular squaring simultaneously over finite field GF(
). To derive
digit level architecture when digit size is set to L, the previous algorithm is used and index transformation and merging the cell of the architecture are proposed. The proposed architecture can be utilized for the basic architecture for the crypto-processor and it is well suited to VLSI implementation because of its simplicity, regularity, and concurrency.
A Study on Hierarchical Distributed Intrusion Detection for Secure Home Networks Service
Yu, Jae-Hak ; Choi, Sung-Back ; Yang, Sung-Hyun ; Park, Dai-Hee ; Chung, Yong-Wha ;
Journal of the Korea Institute of Information Security and Cryptology, volume 18, issue 1, 2008, Pages 49~57
In this paper, we propose a novel hierarchical distributed intrusion detection system, named HNHDIDS(Home Network Hierarchical Distributed Intrusion Detection System), which is not only based on the structure of distributed intrusion detection system, but also fully consider the environment of secure home networks service. The proposed system is hierarchically composed of the one-class support vector machine(support vector data description) and local agents, in which it is designed for optimizing for the environment of secure home networks service. We support our findings with computer experiments and analysis.
Design and Implementation of the CDMA2000 1x EV-DO Security Layer to which applies 3GPP2 C.S0024-A v.2.0 Standard
Yang, Jong-Won ; Cho, Jin-Man ; Lee, Tae-Hoon ; Seo, Chang-Ho ;
Journal of the Korea Institute of Information Security and Cryptology, volume 18, issue 1, 2008, Pages 59~65
In security layer in the CDMA2000 1x EV-DO, a standard - C.S0024-a v2.0 is being accomplished under the project of 3GPP2(3rd Generation Partnership Project2). Therefore, a security device is needed to implement the security layer which is defined on the standard document for data transfer security between AT(Access Terminal) and AN(Access Network) on CDMA2000 1x EV-DO environment. This paper realizes the security layer system that can make safe and fast transfer of data between AT and AN. It could be applied to various platform environments by designing and implementing the Security Layer in the CDMA2000 1x EV-DO Security Layer to which applies C.S0024-A v2.0 of 3GPP2.
Encryption scheme suitable to RFID Systems based on EPC Generation2
Won, Tae-Youn ; Kim, Il-Jung ; Choi, Eun-Young ; Lee, Dong-Hoon ;
Journal of the Korea Institute of Information Security and Cryptology, volume 18, issue 1, 2008, Pages 67~75
RFID(Radio Frequency Identification) system is an automated identification system that consists of tags and readers. They communicate with each other by RF signal. As a reader can identify many tags in contactless manner using RF signal, RFID system is expected to do a new technology to substitute a bar-code system. But RFID system creates new threats to the security and privacy of individuals, Because tags and readers communicate with each other in insecure channel using RF signal. So many people are trying to study various manners to solve privacy problems against attacks, but it is difficult to apply to RFID system based on low-cost Gen2. Therefore, We will propose a new encryption scheme using matrix based on Gen2 in RFID system in paper, and We will analyze our encryption scheme in view of the security and efficiency through a simulation and investigate application environments to use our encryption scheme.
Low-cost Authentication Protocol Using Pre-synchronized Search Information in RFID System
Ha, Jae-Cheol ; Park, Jea-Hoon ; Ha, Jung-Hoon ; Kim, Hwan-Koo ; Moon, Sang-Jae ;
Journal of the Korea Institute of Information Security and Cryptology, volume 18, issue 1, 2008, Pages 77~87
Recently, many hash-based authentication protocols were presented to guarantee mutual authentication between tag and DB in RFID system. To be suitable for distributed DB environment, one generally uses fixed constant value as a tag ID. However, some existing protocols have security flaws or heavy computational loads in DB in order to search a tag ID. We propose a secure authentication protocol which is suitable for distributed DB environment by using unchangeable tag ID. The storage method of pre-synchronized information in DB at previous session is core idea of our proposal which gives low-cost ID search of DB at next session. In normal synchronization state, our protocol only requires 3 hash operations in tag and DB respectively.
IARAM: Internet Attack Representation And Mapping Mechanism for a Simulator
Lee, Cheol-Won ; Kim, Jung-Sik ; Kim, Dong-Kyu ;
Journal of the Korea Institute of Information Security and Cryptology, volume 18, issue 1, 2008, Pages 89~102
Internet becomes more and more popular, and most companies and institutes use web services for e-business and many other purposes. With the explosion of Internet, the attack of internet worm has grown. Simulation is one of the most widely used method to study internet worms. But, it is quite challenging to simulate very large-scale worm attacks because of various reasons. By this reason, we often use the modeling network simulation technique. But, it also has problem that it difficult to apply each worm attacks to simulation. In this paper, we propose worm attack representation and mapping methods for apply worm attack to simulation. The proposed method assist to achieve the simulation efficiency. And we can express each worm attacks more detail. Consequently, the simulation of worm attacks has the time-efficiency and the minuteness.
An Analysis of Replay Attack Vulnerability on Single Sign-On Solutions
Maeng, Young-Jae ; Nyang, Dae-Hun ;
Journal of the Korea Institute of Information Security and Cryptology, volume 18, issue 1, 2008, Pages 103~114
Single Sign-On is an authentication scheme that enables a user to authenticate once and then to access to the resources of multiple software systems without re-authentication. As web services are being integrated into a single groupware, more web sites are adopting for user convenience. However, these Single Sign-On services are very dependent upon the cookies and thus, simple eavesdropping enables attackers to hiject the user's session. Even worse, the attacker who hijacked one session can move to another site through the Single Sign-On. In this paper, we show the vulnerabilities of the top ranked sites regarding this point of view and also propose a way to protect a user's session.
Security Analysis on the Home Trading System Service and Proposal of the Evaluation Criteria
Lee, Yun-Young ; Choi, Hae-Lahng ; Han, Jeong-Hoon ; Hong, Su-Min ; Lee, Sung-Jin ; Shin, Dong-Hwi ; Won, Dong-Ho ; Kim, Seung-Joo ;
Journal of the Korea Institute of Information Security and Cryptology, volume 18, issue 1, 2008, Pages 115~137
As stock market gets bigger, use of HTS(Home Trading System) is getting increased in stock exchange. HTS provides lots of functions such as inquiry about stock quotations, investment counsel and so on. Thus, despite the fact that the functions fur convenience and usefulness are developed and used, security functions for privacy and trade safety are insufficient. In this paper, we analyze the security system of HTS service through the key-logging and sniffing and suggest that many private information is unintentionally exposed. We also find out a vulnerable point of the system, and show the advisable criteria of secure HTS.
Information security auditing Framework in Industrial control system
Lee, Chul-Soo ;
Journal of the Korea Institute of Information Security and Cryptology, volume 18, issue 1, 2008, Pages 139~148
Information technology have led to change the automation of large industrial control system as well as business system and environments. Industrial control system(ICS) is vital components of most nation's critical infrastructures such as electricity, natural gas, water, waste treatment, transportation and communication that are based of national security, safety of citizen and development of national economy According to the change of business environment, organizational management pushed integration all of the system include MIS and ICS. This situation led to use standard information technologies for ICS, this transition has been to expose ICS to the same vulnerabilities and threats that plague business system. Recently government obliged owners of the public information system to audit for safety, efficiency and effectiveness, and also obliged the owners of national infrastructure to improve their system security as a result of vulnerability analysis. But there doesn't prepare a security architecture and information security auditing framework of ICS fur auditing. In this paper, I suggested the security architecture and information security auditing framework for ICS in order to prepare the base of industrial system security auditing.
A Watermarking Algorithm of 3D Mesh Model Using Spherical Parameterization
Cui, Ji-Zhe ; Kim, Jong-Weon ; Choi, Jong-Uk ;
Journal of the Korea Institute of Information Security and Cryptology, volume 18, issue 1, 2008, Pages 149~159
In this paper, we propose a blind watermarking algorithm of 3d mesh model using spherical parameterization. Spherical parameterization is a useful method which is applicable to 3D data processing. Especially, orthogonal coordinate can not analyse the feature of the vertex coordination of the 3D mesh model, but this is possible to analyse and process. In this paper, the centroid center of the 3D model was set to the origin of the spherical coordinate, the orthogonal coordinate system was transformed to the spherical coordinate system, and then the spherical parameterization was applied. The watermark was embedded via addition/modification of the vertex after the feature analysis of the geometrical information and topological information. This algorithm is robust against to the typical geometrical attacks such as translation, scaling and rotation. It is also robust to the mesh reordering, file format change, mesh simplification, and smoothing. In this case, the this algorithm can extract the watermark information about
from the attacked model. This means it can be applicable to the game, virtual reality and rapid prototyping fields.