Go to the main menu
Skip to content
Go to bottom
REFERENCE LINKING PLATFORM OF KOREA S&T JOURNALS
> Journal Vol & Issue
Journal of the Korea Institute of Information Security and Cryptology
Journal Basic Information
Journal DOI :
Korea Institutes of Information Security and Cryptology
Editor in Chief :
Volume & Issues
Volume 18, Issue 6B - Dec 2008
Volume 18, Issue 6A - Dec 2008
Volume 18, Issue 5 - Oct 2008
Volume 18, Issue 4 - Aug 2008
Volume 18, Issue 3 - Jun 2008
Volume 18, Issue 2 - Apr 2008
Volume 18, Issue 1 - Feb 2008
Selecting the target year
Performance Analysis and Comparison of Stream Ciphers for Secure Sensor Networks
Yun, Min ; Na, Hyoung-Jun ; Lee, Mun-Kyu ; Park, Kun-Soo ;
Journal of the Korea Institute of Information Security and Cryptology, volume 18, issue 5, 2008, Pages 3~16
A Wireless Sensor Network (WSN for short) is a wireless network consisting of distributed small devices which are called sensor nodes or motes. Recently, there has been an extensive research on WSN and also on its security. For secure storage and secure transmission of the sensed information, sensor nodes should be equipped with cryptographic algorithms. Moreover, these algorithms should be efficiently implemented since sensor nodes are highly resource-constrained devices. There are already some existing algorithms applicable to sensor nodes, including public key ciphers such as TinyECC and standard block ciphers such as AES. Stream ciphers, however, are still to be analyzed, since they were only recently standardized in the eSTREAM project. In this paper, we implement over the MicaZ platform nine software-based stream ciphers out of the ten in the second and final phases of the eSTREAM project, and we evaluate their performance. Especially, we apply several optimization techniques to six ciphers including SOSEMANUK, Salsa20 and Rabbit, which have survived after the final phase of the eSTREAM project. We also present the implementation results of hardware-oriented stream ciphers and AES-CFB fur reference. According to our experiment, the encryption speeds of these software-based stream ciphers are in the range of 31-406Kbps, thus most of these ciphers are fairly acceptable fur sensor nodes. In particular, the survivors, SOSEMANUK, Salsa20 and Rabbit, show the throughputs of 406Kbps, 176Kbps and 121Kbps using 70KB, 14KB and 22KB of ROM and 2811B, 799B and 755B of RAM, respectively. From the viewpoint of encryption speed, the performances of these ciphers are much better than that of the software-based AES, which shows the speed of 106Kbps.
Light-Weight Password-Based Authenticated Key Exchange for Two Users using Different Passwords
Kwon, Jeong-Ok ; Kim, Ki-Tak ; Jeong, Ik-Rae ; Lee, Dong-Hoon ;
Journal of the Korea Institute of Information Security and Cryptology, volume 18, issue 5, 2008, Pages 17~30
In the paper, we consider password-based authenticated key exchange with different passwords, where the users do not share a password between themselves, but only with the server. The users make a session key using their different passwords with the help of the server. We propose an efficient password-based authenticated key exchange protocol with different passwords which achieves forward secrecy without random oracles. In fact this amount of computation and the number of rounds are comparable to the most efficient password-based authenticated key exchange protocol in the random oracle model. The protocol requires a client only to memorize a human-memorable password, and all other information necessary to run the protocol is made public.
Anonymity User Authentication Scheme with Smart Cards preserving Traceability
Kim, Se-Il ; Chun, Ji-Young ; Lee, Dong-Hoon ;
Journal of the Korea Institute of Information Security and Cryptology, volume 18, issue 5, 2008, Pages 31~39
Recently, remote user authentication schemes using smart cards has been researched to provide user privacy because of increasing interest and demands. Previously, provided authentication schemes were only concerned about providing user privacy against outside attackers, but the scheme. which guarantees user privacy against both a remote server and outside attackers, has been recently demanded because the user's information has leaked out through the service providers. When the remote server perceives a user doing a malicious act, the server should be able to trace the malicious user by receiving help from a trust agency. In this paper, we suggest a scheme which not only guarantees user privacy against both a remote server and outside attackers, but also provides traceable anonymity authentication.
An Attribute-Based Authentication Scheme Using Smart Cards
Yoo, Hye-Joung ; Rhee, Hyun-Sook ;
Journal of the Korea Institute of Information Security and Cryptology, volume 18, issue 5, 2008, Pages 41~47
In a network environment, when a user requests a server's service, he/she must pass an examination of user authentication. Through this process, the server can determine if the user can use the provided services and the exact access rights of this user in these services. In these authentication schemes, the security of private information became an important issue. For this reason, many suggestions have been made in order to protect the privacy of users and smart cards have been widely used for authentication systems providing anonymity of users recently. An remote user authentication system using smart cards is a very practical solution to validate the eligibility of a user and provide secure communication. However, there are no studies in attribute-based authentication schemes using smart cards so far. In this paper, we propose a novel user authentication scheme using smart cards based on attributes. The major merits include : (1) the proposed scheme achieves the low-computation requirement for smart cards; (2) user only needs to register once and can use permitted various services according to attributes; (3) the proposed scheme guarantees perfect anonymity to remote server.
Attribute-base Authenticated Key Agreement Protocol over Home Network
Lee, Won-Jin ; Jeon, Il-Soo ;
Journal of the Korea Institute of Information Security and Cryptology, volume 18, issue 5, 2008, Pages 49~57
User authentication and key agreement are very important components to provide secure home network service. Although the TTA adopted the EEAP-PW protocol as a user authentication and key transmission standard, it has some problems including not to provide forward secrecy. This paper first provides an analysis of the problems in EEAP-PW and then proposes a new attribute-based authenticated key agreement protocol, denoted by EEAP-AK. to solve the problems. The proposed protocol supports the different level of security by diversifying network accessibility for the user attribute after the user attribute-based authentication and key agreement protocol steps. It efficiently solves the security problems in the EEAP-PW and we could support more secure home network service than the EEAP-AK.
Measuring Level of Difficulty of Fingerprint Database based on Sample Quality
Ryu, Ji-Eun ; Jang, Ji-Hyeon ; Kim, Hak-Il ;
Journal of the Korea Institute of Information Security and Cryptology, volume 18, issue 5, 2008, Pages 59~69
The purpose of this paper is to measure the level of difficulty of fingerprint database based on sample quality. This paper proposes distribution of a sample quality analyzer and a difference of sample quality analyzer to measure the level of difficulty. Experimental results demonstrate that there are stronger correlation between matching performance and level of difficulty based on difference of sample quality than other measure. Especially, level of difficulty based on OQ Block of MPQ co-occurrence matrix shows highest correlation with matching performance, and moreover it can predict the matching performance of unknown databases.
A Study on Architecture of Access Control System with Enforced Security Control for Ubiquitous Computing Environment
Eom, Jung-Ho ; Park, Seon-Ho ; Chung, Tai-Myoung ;
Journal of the Korea Institute of Information Security and Cryptology, volume 18, issue 5, 2008, Pages 71~81
In the paper, we designed a context aware task-role based access control system(CAT-RACS) which can control access and prevent illegal access efficiently for various information systems in ubiquitous computing environment. CAT-RACS applied CA-TRBAC, which adds context-role concept for achieve policy composition by context information and security level attribute to be kept confidentiality of information. CA-TRBAC doesn't permit access when context isn't coincident with access control conditions, or role and task's security level aren't accord with object's security level or their level is a lower level, even if user's role and task are coincident with access control conditions. It provides security services of user authentication and access control, etc. by a context-aware security manager, and provides context-aware security services and manages context information needed in security policy configuration by a context information fusion manager. Also, it manages CA-TRBAC policy, user authentication policy, and security domain management policy by a security policy manager.
Privilege Management Technique for Unreliable Network Environments based on Tree Structure
Yang, Soo-Mi ;
Journal of the Korea Institute of Information Security and Cryptology, volume 18, issue 5, 2008, Pages 83~91
IISO/IEC 9594-8 defines the public key framework and attribute certificate framework. Attribute certificate framework deals with privilege management infrastructure(PMI). In PMI, for privilege management using attribute certificates, role assignment certificates and role specification certificates are used to assign and specify privileges independently. Role specification certificates includes privilege specifications and the details far privilege management of network environments. Privilege management of unreliable network environment tries to enhance the reliability and efficiency of privilege information transmission forwarding over unreliable routes in the presence of potentially faulty nodes and edges. Each node forms a role specification tree based on role specification relationship data collected from the network. In this paper privilege management cost with the role specification certificates tree structure is evaluated trying to reduce the overhead incurred by role creation and modification of privileges. The multicasting of packets are used for scalability. We establish management cost model taking into account the packet loss and node reliability which continuously join and leave for network. We present quantitative results which demonstrate the effectiveness of the proposed privilege management scheme.
Enhanced and Practical Alignment Method for Differential Power Analysis
Park, Jea-Hoon ; Moon, Sang-Jae ; Ha, Jae-Cheol ; Lee, Hoon-Jae ;
Journal of the Korea Institute of Information Security and Cryptology, volume 18, issue 5, 2008, Pages 93~101
Side channel attacks are well known as one of the most powerful physical attacks against low-power cryptographic devices and do not take into account of the target's theoretical security. As an important succeeding factor in side channel attacks (specifically in DPAs), exact time-axis alignment methods are used to overcome misalignments caused by trigger jittering, noise and even some countermeasures intentionally applied to defend against side channel attacks such as random clock generation. However, the currently existing alignment methods consider only on the position of signals on time-axis, which is ineffective for certain countermeasures based on time-axis misalignments. This paper proposes a new signal alignment method based on interpolation and decimation techniques. Our proposal can align the size as well as the signals' position on time-axis. The validity of our proposed method is then evaluated experimentally with a smart card chip, and the results demonstrated that the proposed method is more efficient than the existing alignment methods.
A Group Key based Authentication Protocol Providing Fast Handoff in IEEE 802.11
Lee, Chang-Yong ; Kim, Sang-Jin ; Oh, Hee-Kuck ; Park, Choon-Sik ;
Journal of the Korea Institute of Information Security and Cryptology, volume 18, issue 5, 2008, Pages 103~113
Reducing handoff latency is essential in providing seamless multimedia service in Wireless LAN based on the IEEE 802.11 standard. Reducing authentication delay is critical in reducing handoff latency. To this end, several authentication protocols for fBst handoff have been proposed. Mishra et al. used proactive key distribution to improve the authentication delay incurred in the current standard and Park et al. proposed a new authentication protocol based on Blom's key pre-distribution scheme. In this paper, we propose an enhanced authentication protocol based on Bresson et al.'s group key protocol. If a mobile node has previously access the network, our proposed protocol only requires simple hash operations in providing mutual authentication between a mobile node and access points. Our protocol is more efficient than Park et al.'s and Mishra et al.'s technique can be used in our protocol to further enhance our protocol.
A Design of Traceable and Privacy-Preserving Authentication in Vehicular Networks
Kim, Sung-Hoon ; Kim, Bum-Han ; Lee, Dong-Hoon ;
Journal of the Korea Institute of Information Security and Cryptology, volume 18, issue 5, 2008, Pages 115~124
In vehicular networks, vehicles should be able to authenticate each other to securely communicate with network-based infrastructure, and their locations and identifiers should not be exposed from the communication messages. however, when an accident occurs, the investigating authorities have to trace down its origin. As vehicles communicate not only with RSUs(Road Side Units) but also with other vehicles, it is important to minimize the number of communication flows among the vehicles while the communication satisfies the several security properties such as anonymity, authenticity, and traceability. In our paper, when the mutual authentication protocol is working between vehicles and RSUs, the protocol offers the traceability with privacy protection using pseudonym and MAC (Message Authentication Code) chain. And also by using MAC-chain as one-time pseudonyms, our protocol does not need a separate way to manage pseudonyms.
Easy to Search for Tags on Database and Secure Mutual Authentication Protocol for RFID system
Kwon, Hye-Jin ; Lee, Jae-Wook ; Jeon, Dong-Ho ; Kim, Soon-Ja ;
Journal of the Korea Institute of Information Security and Cryptology, volume 18, issue 5, 2008, Pages 125~134
A great number of RFID authentication protocols have been proposed for the secure RFID system. These are typically divided into three types according to primitive that they use : Hash-based, Re-encryption based, and XORing-based protocol. The well-known attacks in RFID system are eavesdropping. impersonating, location tracking, and so on. However, existing protocols could not provide security against above attacks, or it was not efficient to search for tags on database. Therefore, in this paper we present a protocol which is secure against above attacks by using hash function and makes Database search tags easily by attaining the state information of previous session through the shared values with all tags and database.
A Method for SQL Injection Attack Detection using the Removal of SQL Query Attribute Values
Lee, In-Yong ; Cho, Jae-Ik ; Cho, Kyu-Hyung ; Moon, Jong-Sub ;
Journal of the Korea Institute of Information Security and Cryptology, volume 18, issue 5, 2008, Pages 135~148
The expansion of the internet has made web applications become a part of everyday lift. As a result the number of incidents which exploit web application vulnerabilities are increasing. A large percentage of these incidents are SQL Injection attacks which are a serious security threat to databases with potentially sensitive information. Therefore, much research has been done to detect and prevent these attacks and it resulted in a decline of SQL Injection attacks. However, there are still methods to bypass them and these methods are too complex to implement in real web applications. This paper proposes a simple and effective SQL Query attribute value removal method which uses Static and Dynamic Analysis and evaluates the efficiency through various experiments.
P-RBACML : Privacy Enhancing Role-Based Access Control Policy Language Model
Lee, Young-Lok ; Park, Jun-Hyung ; Noh, Bong-Nam ; Park, Hae-Ryong ; Chun, Kil-Su ;
Journal of the Korea Institute of Information Security and Cryptology, volume 18, issue 5, 2008, Pages 149~160
A Study on the Development of Corporate Information Security Level Assessment Models
Lee, Hee-Myung ; Lim, Jong-In ;
Journal of the Korea Institute of Information Security and Cryptology, volume 18, issue 5, 2008, Pages 161~170
Despite the recent growth in size and frequency of damages caused by illegal information breaches, current business counter-measures and precautionary systems are greatly limited. Some major companies have developed Information Security Management Systems (ISMS) to safeguard their vital information; however, such measures are largely based on the ISO27001 and lacks in many aspects to grasp the holistic corporate security level and reinforce precautionary measures. The information protection level evaluation model introduced in this paper is a pragmatic evaluative tool that can be utilized to devise effective corporate information security precautionary measures and countermeasures, based on the BSC (Balanced ScoreCard) method for an actual and realistic corporate information security level evaluation possible.
A Study on Digital Evidence Transmission System for E-Discovery
Lee, Chang-Hoon ; Baek, Seung-Jo ; Kim, Tae-Wan ; Lim, Jong-In ;
Journal of the Korea Institute of Information Security and Cryptology, volume 18, issue 5, 2008, Pages 171~180
This paper also suggests the Digital Evidence Transmission System for E-Discovery which is suited to domestic environments in order to solve these problems and promote safe and convenient transmission of the electronic evidences. The suggested Digital Evidence Transmission System for E-Discovery is the system that submit digital evidences to Court's Sever through the Internet using Public Key Infrastructure and Virtual Private Network, and solves the problems - such as privileged and privacy data, trade secret of company, etc.
A Light-weight, Adaptive, Reliable Processing Integrity Audit for e-Science Grid
Jung, Im-Young ; Jung, Eun-Jin ;
Journal of the Korea Institute of Information Security and Cryptology, volume 18, issue 5, 2008, Pages 181~188
E-Science Grid is designed to cope with computation-intensive tasks and to manage a huge volume of science data efficiently. However, certain tasks may involve more than one grid can offer in computation capability or incur a long wait time on other tasks. Resource sharing among Grids can solve this problem with proper processing-integrity check via audit. Due to their computing-intensive nature, the processing time of e-Science tasks tends to be long. This potential long wait before an audit failure encourages earlier audit mechanism during execution in order both to prevent resource waste and to detect any problem fast. In this paper, we propose a Light-weight, Adaptive and Reliable Audit, LARA, of processing Integrity for e-Science applications. With the LARA scheme. researchers can verify their processing earlier and fast.
Group Key Management Scheme for Batch Operation
Kim, Dae-Youb ; Huh, Mi-Suk ; Ju, Hak-Soo ;
Journal of the Korea Institute of Information Security and Cryptology, volume 18, issue 5, 2008, Pages 189~193
Digital Contents Services based on Internet are developing into an ubiquitous television that allows subscribers to be able to enjoy digital contents anytime and anywhere However, illegal copies and distributions of digital contents are also increasing proportionally. To guarantee the stability of contents service, many technologies are being developed and installed. The efficient scheme to manage content encryption keys is one of them. In this paper, we propose an improved key management scheme to manage the members of groups. The proposed scheme has a minimized transmission overhead for batch operation to renew content encryption keys.
Credential Forging Attack against Privacy Enhancing Credential System in Nakazato-Wang-Yamamura '07
Nyang, Dae-Hun ; Lee, Kyung-Hee ;
Journal of the Korea Institute of Information Security and Cryptology, volume 18, issue 5, 2008, Pages 195~199
We present an attack which forges a credential without the help of the credential issuer in the protocol designed by Nakazato, Wang and Yamamura at ASIAN 2007 The attack avoids using the credential issuer's private key by taking advantage of the property of bilinear pairing. Implication of this collusion attack by user and verifiers also discussed.