Go to the main menu
Skip to content
Go to bottom
REFERENCE LINKING PLATFORM OF KOREA S&T JOURNALS
> Journal Vol & Issue
Journal of the Korea Institute of Information Security and Cryptology
Journal Basic Information
Journal DOI :
Korea Institutes of Information Security and Cryptology
Editor in Chief :
Volume & Issues
Volume 19, Issue 6 - Dec 2009
Volume 19, Issue 5 - Oct 2009
Volume 19, Issue 4 - Aug 2009
Volume 19, Issue 3 - Jun 2009
Volume 19, Issue 2 - Apr 2009
Volume 19, Issue 1 - Feb 2009
Selecting the target year
Side-Channel Attacks on AES Based on Meet-in-the-Middle Technique
Kim, Jong-Sung ; Hong, Seok-Hie ; Lee, Sang-Jin ;
Journal of the Korea Institute of Information Security and Cryptology, volume 19, issue 2, 2009, Pages 3~9
In this paper we introduce a new side-channel attack using block cipher cryptanalysis named meet-in-the middle attack. Using our new side-channel technique we introduce side-channel attacks on AES with reduced masked rounds. That is, we show that AES with reduced 10 masked rounds is vulnerable to side channel attacks based on an existing 4-round function. This shows that one has to mask the entire rounds of the 12-round 192-bit key AES to prevent our attacks. Our results are the first ones to analyze AES with reduced 10 masked rounds.
Power analysis attacks against NTRU and their countermeasures
Song, Jeong-Eun ; Han, Dong-Guk ; Lee, Mun-Kyu ; Choi, Doo-Ho ;
Journal of the Korea Institute of Information Security and Cryptology, volume 19, issue 2, 2009, Pages 11~21
The NTRU cryptosystem proposed by Hoffstein et al. in 1990s is a public key cryptosystem based on hard lattice problems. NTRU has many advantages compared to other public key cryptosystems such as RSA and elliptic curve cryptosystems. For example, it guarantees high speed encryption and decryption with the same level of security, and there is no known quantum computing algorithm for speeding up attacks against NTRD. In this paper, we analyze the security of NTRU against the simple power analysis (SPA) attack and the statistical power analysis (STPA) attack such as the correlation power analysis (CPA) attack First, we implement NTRU operations using NesC on a Telos mote, and we show how to apply CPA to recover a private key from collected power traces. We also suggest countermeasures against these attacks. In order to prevent SPA, we propose to use a nonzero value to initialize the array which will store the result of a convolution operation. On the other hand, in order to prevent STPA, we propose two techniques to randomize power traces related to the same input. The first one is random ordering of the computation sequences in a convolution operation and the other is data randomization in convolution operation.
On the Weight and Nonlinearity of Quadratic Rotation Symmetric Boolean Functions
Kim, Hyeon-Jin ; Jung, Chang-Ho ; Park, Il-Hwan ;
Journal of the Korea Institute of Information Security and Cryptology, volume 19, issue 2, 2009, Pages 23~30
Recently, rotation symmetric Boolean functions have attracted attention since they are suitable for fast evaluation and show good cryptographic properties. For example, important problems in coding theory were settled by searching the desired functions in the rotation symmetric function space. Moreover, they are applied to designing fast hashing algorithms. On the other hand, for some homogeneous rotation symmetric quadratic functions of simple structure, the exact formulas for their Hamming weights and nonlinearity were found[2,8]. Very recently, more formulations were carried out for much broader class of the functions. In this paper, we make a further improvement by deriving the formula for the Hamming weight of quadratic rotation symmetric functions containing linear terms.
Public Key Encryption with Keyword Search in Multi-Receiver Setting
Rhee, Hyun-Sook ; Park, Jong-Hwan ; Rhee, Dong-Hoon ;
Journal of the Korea Institute of Information Security and Cryptology, volume 19, issue 2, 2009, Pages 31~38
To provide the privacy of a keyword, a public key encryption with keyword search(PEKS) firstly was propsed by Boneh et al. The PEKS scheme enables that an email sender sends an encrypted email with receiver's public key to an email server and a server can obtain the relation between the given encrypted email and an encrypted query generated by a receiver. In this email system, we easily consider the situation that a user sends the one identical encrypted email to multi-receiver like as group e-mail. Hwang and Lee proposed a searchable public key encryption considering multi-receivers. To reduce the size of transmission data and the server's computation is important issue in multi-receiver setting. In this paper, we propose an efficient searchable public key encryption for multi-receiver (mPEKS) which is more efficient and reduces the server's pairing computation.
Security Analysis of AES for Related-Key Rectangle Attacks
Kim, Jong-Sung ; Hong, Seok-Hie ; Lee, Chang-Hoon ;
Journal of the Korea Institute of Information Security and Cryptology, volume 19, issue 2, 2009, Pages 39~48
In this paper we improve previous related-key rectangle attacks on AES from 9 rounds to 10 rounds: Our attacks break the first 10 rounds of 12-round AES-192 with 256 related keys, a data complexity of
and a time complexity of
, and also break the first 10 rounds of 12-round AES-192 with 64 related keys, a data complexity of
and a time complexity of
, Our attacks are the best knoown attacks on AES-192.
Efficient Bit-Parallel Shifted Polynomial Basis Multipliers for All Irreducible Trinomial
Chang, Nam-Su ; Kim, Chang-Han ; Hong, Seok-Hie ; Park, Young-Ho ;
Journal of the Korea Institute of Information Security and Cryptology, volume 19, issue 2, 2009, Pages 49~61
Finite Field multiplication operation is one of the most important operations in the finite field arithmetic. Recently, Fan and Dai introduced a Shifted Polynomial Basis(SPB) and construct a non-pipeline bit-parallel multiplier for
. In this paper, we propose a new bit-parallel shifted polynomial basis type I and type II multipliers for
defined by an irreducible trinomial
. The proposed type I multiplier has more efficient the space and time complexity than the previous ones. And, proposed type II multiplier have a smaller space complexity than all previously SPB multiplier(include our type I multiplier). However, the time complexity of proposed type II is increased by 1 XOR time-delay in the worst case.
Improved Key-Recovery Attacks on HMAC/NMAC-MD4
Kang, Jin-Keon ; Lee, Je-Sang ; Sung, Jae-Chul ; Hong, Seok-Hie ; Ryu, Heui-Su ;
Journal of the Korea Institute of Information Security and Cryptology, volume 19, issue 2, 2009, Pages 63~74
In 2005, Wang et al. discovered devastating collision attacks on the main hash functions from the MD4 family. After the discovery of Wang, many analysis results on the security of existing hash-based cryptographic schemes are presented. At CRYPTO'07, Fouque, Leurent and Nguyen presented full key-recovery attacks on HMAC/NMAC-MD4 and NMAC-MD5. Such attacks are based on collision attacks on the underlying hash function, and the most expensive stage is the recovery of the outer key. At EUROCRYPT'08, Wang, Ohta and Kunihiro presented improved outer key recovery attack on HMAC/NMAC-MD4, by using a new near collision path with a high probability. This improves the complexity of the full key-recovery attack on HMAC/NMAC-MD4 which proposed by Fouque, Leurent and Nguyen at CRYPTO'07: The MAC queries decreases from
, and the number of MD4 computations decreases from
. In this paper, we propose improved outer key-recovery attack on HMAC/NMAC-MD4 with
MAC queries and
MD4 computations, by using divide and conquer paradigm.
An Empirical Study of Security for API in Windows Systems
Choi, Young-Han ; Kim, Hyoung-Chun ; Oh, Hyung-Geun ; Lee, Do-Hoon ;
Journal of the Korea Institute of Information Security and Cryptology, volume 19, issue 2, 2009, Pages 75~82
In this paper, we test for security targeting on APIs of Windows as that is used by many people worldwide. In order to test APIs in DLL fils of Windows OS, we propose Automated Windows API Fuzz Testing(AWAFT) that can execute fuzz testing automatically and implemented the practical tool for AWAFT. AWAFT focuses on buffer overflows and parsing errors of function parameters. Using the tool, we found 177 errors in the system folder of Windows XP SP2. Therefore, AWAFT is useful for security testing of Windows APIs. AWAFT can be applied to libraries of third party software in Windows OS for the security.
Design of Classification Methodology of Malicious Code in Windows Environment
Seo, Hee-Suk ; Choi, Joong-Sup ; Chu, Pill-Hwan ;
Journal of the Korea Institute of Information Security and Cryptology, volume 19, issue 2, 2009, Pages 83~92
As the innovative internet technologies and multimedia are being rapidly developed, malicious codes are a remarkable new growth part and supplied by various channel. This project presents a classification methodology for malicious codes in Windows OS (Operating System) environment, develops a test classification system. Thousands of malicious codes are brought in every day. In a result, classification system is needed to analyzers for supporting information which newly brought malicious codes are a new species or a variety. This system provides the similarity for analyzers to judge how much a new species or a variety is different to the known malicious code. It provides to save time and effort, to less a faulty analysis. This research includes the design of classification system and test system. We classify the malicious codes to 9 groups and then 9 groups divide the clusters according to the each property.
Improved AKA Protocol for Efficient Management of Authentication Data in 3GPP Network
Kim, Doo-Hwan ; Jung, Sou-Hwan ;
Journal of the Korea Institute of Information Security and Cryptology, volume 19, issue 2, 2009, Pages 93~103
In this paper, we propose a USIM-based Authentication Scheme for 3GPP Network Access. The proposed scheme improves the problems of existing authentication protocol in 3GPP Network such as sequence number synchronization problem, the storage overhead of authentication data, and bandwidth consumption between Serving Network and Home Network. Our proposal is based on the USIM-based Authentication and Key Agreement Protocol that is defined in 3GPP Specification. In our scheme, mobile nodes share a SK with Serving Network and use a time stamp when mobile nodes are performing an authentication procedure with Serving Network. By using time stamp, there is no reason for using sequence number to match the authentication vector between mobile nodes and networks. So, synchronization problem can be solved in our scheme. As well as our scheme uses an authentication vector, the storage overhead of authentication data in Serving Network and bandwidth consumption between networks can be improved.
A Low-weight Authentication Protocol using RFID for IPTV Users
Jeong, Yoon-Su ; Kim, Yong-Tae ; Park, Gil-Cheol ; Lee, Sang-Ho ;
Journal of the Korea Institute of Information Security and Cryptology, volume 19, issue 2, 2009, Pages 105~115
At the most recent, IPTV service is increasing, which isa communicative broadcasting fusion service that provides various multimedia contents interactively followed by user's request through super high-speed internet. For IPTV user service with high mobility, IPTV user's enrollment is essential. However, IPTV service provided to mobile users can't provide the certification of mobile user securely. This paper proposes light user certification protocol which can certificate mobile users by attaching RFID to IPTV STB for secure awareness of mobile users who get IPTV service. The proposed protocol prevent reply attack and man-in-the-middle attack from happening oftenin a wireless section by transmitting the result value hashed by hash function with both its' ID and random number received from tag after tag transmits random number which generated randomly in the process of certification of mobile user to IPTV STB.
Security Management Model for Protecting Personal Information for the Customer Contact Center
Kwon, Young-Kwan ; Youm, Heung-Youl ;
Journal of the Korea Institute of Information Security and Cryptology, volume 19, issue 2, 2009, Pages 117~125
In this paper, we analyze the Contact Center's specific-security characteristics, including the threat model and weakness and study effective security measures focussing on protecting customer's personal information. Also, we establish the information security management system to reduce the possibility of information leakage from the internal employee in advance. As a result, we propose the "Security management model for protecting personal information for customer Contact Center" that complies with current ISO/IEC JTC 1 ISMS 27000 series standards.
An Empirical Study on Factors Affecting the University Students' Software Piracy Intention
Jeon, Jin-Hwan ; Kim, Jong-Ki ;
Journal of the Korea Institute of Information Security and Cryptology, volume 19, issue 2, 2009, Pages 127~140
Recently, software piracy is one of the serious crimes for the digital materials. It makes economically devasting to the software industry and the market. In particular, it is a widespread phenomenon among university students in Korea and negative affects in measuring social and cultural level. Many studies have been focused on the users' intention of the software piracy for making anti-piracy policy. The purpose of this study is to investigate the factors affecting university students' software piracy intention. The survey includes responses from 271 university students in a school of business adminstration. The research model was estimated with multiple regression. The analysis showed results that user's characteristics, subjective norms, and perceived software quality were significantly related to intention of software piracy, but security policy was not. Perceived importance of intellectual property has negative impact on user's software piracy intention. Based on the findings, we suggest the implications for developing and implementing appropriate policies for anti-piracy.
A Simple Program of Domestic IT Product Evaluation Service
Go, Woong ; Lee, Dong-Bum ; Kwak, Jin ;
Journal of the Korea Institute of Information Security and Cryptology, volume 19, issue 2, 2009, Pages 141~153
Recently, public and national institutions establish secure system with installed and operational by IT products for security. They required the Common Criteria for assurance of IT products. However, many company hard to decide when IT products release and develop investment because of cost and spend-time problem. Therefore, in this paper, we analyze domestic and international IT products evaluation services, and proposes simplification IT products evaluation service compared with previous services.
Design and Implementation of Efficient DRM System for Contents Streaming based on H.264
Jung, Yoon-Hyun ; Oh, Soo-Hyun ;
Journal of the Korea Institute of Information Security and Cryptology, volume 19, issue 2, 2009, Pages 155~163
DRM system with streaming scheme has obtained it's priority due to generalized production and distribution of digital contents by development of multimedia device and internet. Previous DRM system with streaming scheme over-burdened the system by encrypting every data of the contents. This paper presents DRM system with new streaming scheme that is able to independently transmit encrypted contents to network protocol and maximize system function by encrypting only certain parts of data. Also, performance is analyzed through designing and implementing the proposed system.
Revisiting Path-Key Establishment of Random Key Predistribution for Wireless Sensor Networks
Kwon, Tae-Kyoung ; Lee, Jong-Hyup ; Song, Joo-Seok ;
Journal of the Korea Institute of Information Security and Cryptology, volume 19, issue 2, 2009, Pages 165~169
In this short paper, we revisit the random key predistribution methods for wireless sensor networks with regard to their intrinsic phase called the path-key establishment. First we show that the path-key establishment is less practical than expected and may degrade the performance of key establishment significantly. We then propose a novel path-key establishment method for those schemes and analyze its advantageous performance improvement.