Go to the main menu
Skip to content
Go to bottom
REFERENCE LINKING PLATFORM OF KOREA S&T JOURNALS
> Journal Vol & Issue
Journal of the Korea Institute of Information Security and Cryptology
Journal Basic Information
Journal DOI :
Korea Institutes of Information Security and Cryptology
Editor in Chief :
Volume & Issues
Volume 19, Issue 6 - Dec 2009
Volume 19, Issue 5 - Oct 2009
Volume 19, Issue 4 - Aug 2009
Volume 19, Issue 3 - Jun 2009
Volume 19, Issue 2 - Apr 2009
Volume 19, Issue 1 - Feb 2009
Selecting the target year
An E-Mail Protocol Providing Forward Secrecy without Using Certificated Public Keys
Kwon, Jeong-Ok ; Koo, Young-Ju ; Jeong, Ik-Rae ; Lee, Dong-Hoon ;
Journal of the Korea Institute of Information Security and Cryptology, volume 19, issue 1, 2009, Pages 3~11
Forward secrecy in an e-mail system means that the compromising of the long-term secret keys of the mail users and mail servers does not affect the confidentiality of the previous e-mail messages. Previous forward-secure e-mail protocols used the certified public keys of the users and thus needed PKI(Public Key Infrastructure). In this paper, we propose a password-based authenticated e-mail protocol providing forward secrecy. The proposed protocol does not require certified public keys and is sufficiently efficient to be executed on resource-restricted mobile devices.
Multiple Impossible Differential Cryptanalysis of Block Cipher CLEFIA and ARIA
Choi, Joon-Geun ; Kim, Jong-Sung ; Sung, Jae-Chul ; Hong, Seok-Hie ;
Journal of the Korea Institute of Information Security and Cryptology, volume 19, issue 1, 2009, Pages 13~24
CLEFIA is a 128-bit block cipher which is proposed by SONY corporation and ARIA is a 128-bit block cipher which is selected as a standard cryptographic primitive. In this paper, we introduce new multiple impossible differential cryptanalysis and apply it to CLEFIA using 9-round impossible differentials proposed in , and apply it to ARIA using 4-round impossible differentials proposed in . Our cryptanalytic results on CLEFIA and ARIA are better than previous impossible differential attacks.
Study on Weak-Key Classes for KeeLoq
Lee, Yu-Seop ; Kim, Jong-Sung ; Hong, Seok-Hie ;
Journal of the Korea Institute of Information Security and Cryptology, volume 19, issue 1, 2009, Pages 25~32
KeeLoq is a very light block cipher with a 32-bit block and a 64-bit key. It is suitable for the wireless applications, and thus multiple automotive OEMs as Chrysler, GM, Honda, Toyota have used remote keyless entry systems and alarm systems in order to protect the their cars. In this paper, we introduce various weak-key classes that include
keys and exploit the slide attack to propose key-recovery attacks under these weak-key classes.
Conditionally Traceable Pseudonym Protocol based on Oblivious Transfer
Kang, Jeon-Il ; Nyang, Dae-Hun ; Lee, Kyung-Hee ;
Journal of the Korea Institute of Information Security and Cryptology, volume 19, issue 1, 2009, Pages 33~42
Recently, there have been many researches about anonymous credential systems for supporting the user anonymity. However, these systems only hold a high security level, even though they must be able to be applied to various application that might require access control, conditional traceability, etc. As new challenges to these systems, some researches that several entities store the link information that associates identities and pseudonyms each other have been performed. In this paper, based on the oblivious transfer, we suggest a new pseudonym protocol that solves the pseudonym exhaustion problem which the original pseudonym retrieval protocol suffers from. By using the universal re-encryption and one-way function, we can also archive other requirements like the pseudonym unlinkability from the outside.
Performance Improvement of Power Attacks with Truncated Differential Cryptanalysis
Kang, Tae-Sun ; Kim, Hee-Seok ; Kim, Tae-Hyun ; Kim, Jong-Sung ; Hong, Seok-Hie ;
Journal of the Korea Institute of Information Security and Cryptology, volume 19, issue 1, 2009, Pages 43~51
In 1998, Kocher et al. introduced Differential Power Attack on block ciphers. This attack allows to extract secret key used in cryptographic primitives even if these are executed inside tamper-resistant devices such as smart card. At FSE 2003 and 2004, Akkar and Goubin presented several masking methods, randomizing the first few and last few(
) rounds of the cipher with independent random masks at each round and thereby disabling power attacks on subsequent inner rounds, to protect iterated block ciphers such as DES against Differential Power Attack. Since then, Handschuh and Preneel have shown how to attack Akkar's masking method using Differential Cryptanalysis. This paper presents how to combine Truncated Differential Cryptanalysis and Power Attack to extract the secret key from intermediate unmasked values and shows how much more efficient our attacks are implemented than the Handschuh-Preneel method in term of reducing the number of required plaintexts, even if some errors of Hamming weights occur when they are measured.
Collision Attacks on Crypton and mCrypton
Kim, Tae-Woong ; Kim, Jong-Sung ; Jeong, Ki-Tae ; Sung, Jae-Chul ; Lee, Sang-Jin ;
Journal of the Korea Institute of Information Security and Cryptology, volume 19, issue 1, 2009, Pages 53~62
H. Gilbert et al. proposed a collision attack on 7-round reduced Rijndael. Applying this attack, we propose collision attacks on 8-round reduced Crypton, 8-round reduced mCrypton in this paper. Attacks on Crypton requires
time complexity with
chosen plaintexts, respectively. The attack on mCrypton requires
time complexity with
chosen plaintexts. These results are the best attacks on Crypton and mCrypton in published literatures.
Improved Security for Fuzzy Fingerprint Vault Using Secret Sharing over a Security Token and a Server
Choi, Han-Na ; Lee, Sung-Ju ; Moon, Dae-Sung ; Choi, Woo-Yong ; Chung, Yong-Wha ; Pan, Sung-Bum ;
Journal of the Korea Institute of Information Security and Cryptology, volume 19, issue 1, 2009, Pages 63~70
Recently, in the security token based authentication system, there is an increasing trend of using fingerprint for the token holder verification, instead of passwords. However, the security of the fingerprint data is particularly important as the possible compromise of the data will be permanent. In this paper, we propose an approach for secure fingerprint verification by distributing both the secret and the computation based on the fuzzy vault(a cryptographic construct which has been proposed for crypto-biometric systems). That is, a user fingerprint template which is applied to the fuzzy vault is divided into two parts, and each part is stored into a security token and a server, respectively. At distributing the fingerprint template, we consider both the security level and the verification accuracy. Then, the geometric hashing technique is applied to solve the fingerprint alignment problem, and this computation is also distributed over the combination of the security token and the server in the form of the challenge-response. Finally, the polynomial can be reconstructed from the accumulated real points from both the security token and the server. Based on the experimental results, we confirm that our proposed approach can perform the fuzzy vault-based fingerprint verification more securely on a combination of a security token and a server without significant degradation of the verification accuracy.
An Efficient Method for Detecting Denial of Service Attacks Using Kernel Based Data
Chung, Man-Hyun ; Cho, Jae-Ik ; Chae, Soo-Young ; Moon, Jong-Sub ;
Journal of the Korea Institute of Information Security and Cryptology, volume 19, issue 1, 2009, Pages 71~79
Currently much research is being done on host based intrusion detection using system calls which is a portion of kernel based data. Sequence based and frequency based preprocessing methods are mostly used in research for intrusion detection using system calls. Due to the large amount of data and system call types, it requires a significant amount of preprocessing time. Therefore, it is difficult to implement real-time intrusion detection systems. Despite this disadvantage, the frequency based method which requires a relatively small amount of preprocessing time is usually used. This paper proposes an effective method for detecting denial of service attacks using the frequency based method. Principal Component Analysis(PCA) will be used to select the principle system calls and a bayesian network will be composed and the bayesian classifier will be used for the classification.
A Secure and Efficient Roaming Mechanism for Centralized WLAN Environment
Park, Chang-Seop ; Woo, Byung-Duk ; Lim, Jeong-Mi ;
Journal of the Korea Institute of Information Security and Cryptology, volume 19, issue 1, 2009, Pages 81~92
Recently, there is a drastic increase in users interested in real-time multimedia services in the WLAN environment, as the demand of IEEE 802.11 WLAN-based services increases. However, the handoff delay based on 802.11i security policy is not acceptable for the seamless real-time multimedia services provided to MS frequently moving in the WLAN environment, and there is a possibility of DoS attacks against session key derivation process and handoff mechanism. In this paper, a secure and efficient handoff mechanism in the centralized WLAN environment is introduced to solve the security problems. The 4-way Handshake for both mutual authentication and session key derivation is replaced by the 2-way Reassociation process.
A Study on the Analysis and Detection Method for Protecting Malware Spreading via E-mail
Yang, Kyeong-Cheol ; Lee, Su-Yeon ; Park, Won-Hyung ; Park, Kwang-Cheol ; Lim, Jong-In ;
Journal of the Korea Institute of Information Security and Cryptology, volume 19, issue 1, 2009, Pages 93~101
This paper proposes the detection method of spreading mails which hacker injects malicious codes to steal the information. And I developed the 'Analysis model' which is decoding traffics when hacker's encoding them to steal the information. I researched 'Methodology of intrusion detection techniques' in the computer network monitoring. As a result of this simulation, I developed more efficient rules to detect the PCs which are infected malicious codes in the hacking mail. By proposing this security policy which can be applicable in the computer network environment including every government or company, I want to be helpful to minimize the damage by hacking mail with malicious codes.
A Study on the Improvement of Effectiveness in National Cyber Security Monitoring and Control Services
Kim, Young-Jin ; Lee, Su-Yeon ; Kwon, Hun-Yeong ; Lim, Jong-In ;
Journal of the Korea Institute of Information Security and Cryptology, volume 19, issue 1, 2009, Pages 103~111
Recently, cyber attacks against public communications networks are getting more complicated and varied. Moreover, in some cases, one country could make systematic attacks at a national level against another country to steal its confidential information and intellectual property. Therefore, the issue of cyber attacks is now regarded as a new major threat to national security. The conventional way of operating individual information security systems such as IDS and IPS may not be sufficient to cope with those attacks committed by highly-motivated attackers with significant resources. As a result, the monitoring and control of cyber security, which enables attack detection, analysis and response on a real-time basis has become of paramount importance. This paper discusses how to improve efficiency and effectiveness of national cyber security monitoring and control services. It first reviews major threats to the public communications network and how the responses to these threats are made and then it proposes a new approach to improve the national cyber security monitoring and control services.
Cognitive Approach to Anti-Phishing and Anti-Pharming
Kim, Ju-Hyun ; Maeng, Young-Jae ; Nyang, Dae-Hun ; Lee, Kyung-Hee ;
Journal of the Korea Institute of Information Security and Cryptology, volume 19, issue 1, 2009, Pages 113~124
Recently, lots of anti-phishing schemes have been developed. Several products identify phishing sites and show the results on the address bar of the internet browser, but they determine only by domain names or IP addresses. Although this kind of method is effective against recent DNS pharming attacks, there is still a possibility that hidden attacks which modifies HTML codes could incapacitate those anti-phishing programs. In this paper, the cognitive approach which compares images to decide phishing or pharming is presented, using system tray and balloon tips that are hard to fake with pop-ups or flash in order for users to compare pictures from connecting sites and system tray. It differs from an old method that a program analyzes IP or domains to judge if it is phishing or pharming, but observes if there were HTML code changing between plug-ins and a server.
Fuzzy Fingerprint Vault using Multiple Polynomials
Moon, Dae-Sung ; Choi, Woo-Yong ; Moon, Ki-Young ;
Journal of the Korea Institute of Information Security and Cryptology, volume 19, issue 1, 2009, Pages 125~133
Security of biometric data is particularly important as the compromise of the data will be permanent. To protect the biometric data, we need to store it in a non.invertible transformed version. Thus, even if the transformed version is compromised, its valid biometric data are securely remained. Fuzzy vault mechanism was proposed to provide cryptographic secure protection of critical data(e.g., encryption key) with the fingerprint data in a way that only the authorized user can access the critical data by providing the valid fingerprint. However, all the previous results cannot operate on the fingerprint image with a few minutiae, because they use fixed degree of the polynomial without considering the number of fingerprint minutiae. To solve this problem, we use adaptive degree of polynomial considering the number of minutiae. Also, we apply multiple polynomials to operate the fingerprint with a few minutiae. Based on the experimental results, we confirm that the proposed approach can enhance the security level and verification accuracy.
An Anti-Virus Vaccine Selection Model Based on Stackelberg Game
Sung, Si-Il ; Choi, In-Chan ;
Journal of the Korea Institute of Information Security and Cryptology, volume 19, issue 1, 2009, Pages 135~144
This paper deals with an information security problem that involves the strategies of both an attacker and an administrator of a web-based system. A game-theoretic model for the problem, based on an Stackelberg game environment, is presented. In the model, the administrator selects a set of anti-virus vaccines to cope with potential system attackers and the intruder chooses attacking modes that are most effective against the administrator's chosen set of vaccines. Moreover, the model considers a number of practical constraints, such as a budget limit on the vaccine purchase and a limit on the system performance. In addition, two different scenario analyses are provided, based on the results of the proposed model applied to a simulated pseudo-real-world data.