Go to the main menu
Skip to content
Go to bottom
REFERENCE LINKING PLATFORM OF KOREA S&T JOURNALS
> Journal Vol & Issue
Journal of the Korea Institute of Information Security and Cryptology
Journal Basic Information
Journal DOI :
Korea Institutes of Information Security and Cryptology
Editor in Chief :
Volume & Issues
Volume 19, Issue 6 - Dec 2009
Volume 19, Issue 5 - Oct 2009
Volume 19, Issue 4 - Aug 2009
Volume 19, Issue 3 - Jun 2009
Volume 19, Issue 2 - Apr 2009
Volume 19, Issue 1 - Feb 2009
Selecting the target year
New Efficient Scalar Multiplication Algorithms Based on Montgomery Ladder Method for Elliptic Curve Cryptosystems
Cho, Sung-Min ; Seo, Seog-Chung ; Kim, Tae-Hyun ; Park, Yung-Ho ; Hong, Seok-Hie ;
Journal of the Korea Institute of Information Security and Cryptology, volume 19, issue 4, 2009, Pages 3~19
This paper proposes efficient scalar multiplication algorithms based on Montgomery ladder method. The proposed algorithm represents the scalar as ternary or quaternary and applies new composite formulas utilizing only x coordinate on affine coordinate system in order to improve performance. Furthermore, side-channel atomicity mechanism is applied on the proposed composite formulas to prevent simple power analysis. The proposed methods saves at least 26% of running time with the reduced number of storage compared with existing algorithms such as window-based methods and comb-based methods.
DPA-Resistant Low-Area Design of AES S-Box Inversion
Kim, Hee-Seok ; Han, Dong-Guk ; Kim, Tae-Hyun ; Hong, Seok-Hie ;
Journal of the Korea Institute of Information Security and Cryptology, volume 19, issue 4, 2009, Pages 21~28
In the recent years, power attacks were widely investigated, and so various countermeasures have been proposed, In the case of block ciphers, masking methods that blind the intermediate values in the algorithm computations(encryption, decryption, and key-schedule) are well-known among these countermeasures. But the cost of non-linear part is extremely high in the masking method of block cipher, and so the inversion of S-box is the most significant part in the case of AES. This fact make various countermeasures be proposed for reducing the cost of masking inversion and Zakeri's method using normal bases over the composite field is known to be most efficient algorithm among these masking method. We rearrange the masking inversion operation over the composite field and so can find duplicated multiplications. Because of these duplicated multiplications, our method can reduce about 10.5% gates in comparison with Zakeri's method.
Polymorphic Wonn Detection Using A Fast Static Analysis Approach
Oh, Jin-Tae ; Kim, Dae-Won ; Kim, Ik-Kyun ; Jang, Jong-Soo ; Jeon, Yong-Hee ;
Journal of the Korea Institute of Information Security and Cryptology, volume 19, issue 4, 2009, Pages 29~39
In order to respond against worms which are malicious programs automatically spreading across communication networks, worm detection approach by generating signatures resulting from analyzing worm-related packets is being mostly used. However, to avoid such signature-based detection techniques, usage of exploits employing mutated polymorphic types are becoming more prevalent. In this paper, we propose a novel static analysis approach for detecting the decryption routine of polymorphic exploit code, Our approach detects a code routine for performing the decryption of the encrypted original code which are contained with the polymorphic exploit code within the network flows. The experiment results show that our approach can detect polymorphic exploit codes in which the static analysis resistant techniques are used. It is also revealed that our approach is more efficient than the emulation-based approach in the processing performance.
Application of the Recursive Contract Net Protocol for the Threshold Value Determination in Wireless Sensor Networks
Seo, Hee-Suk ;
Journal of the Korea Institute of Information Security and Cryptology, volume 19, issue 4, 2009, Pages 41~49
In ubiquitous sensor networks, sensor nodes can be compromised by an adversary since they are deployed in hostile environments. False sensing reports can be injected into the network through these compromised nodes, which may cause not only false alarms but also the depletion of limited energy resource in the network. In the security solutions for the filtering of false reports, the choice of a security threshold value which determines the security level is important. In the existing adaptive solutions, a newly determined threshold value is broadcasted to the whole nodes, so that extra energy resource may be consumed unnecessarily. In this paper, we propose an application of the recursive contract net protocol to determine the threshold value which can provide both energy efficiency and sufficient security level. To manage the network more efficiently, the network is hierarchically grouped, and the contract net protocol is applied to each group. Through the protocol, the threshold value determined by the base station using a fuzzy logic is applied only where the security attack occurs on.
The Traffic Analysis of P2P-based Storm Botnet using Honeynet
Han, Kyoung-Soo ; Lim, Kwang-Hyuk ; Im, Eul-Gyu ;
Journal of the Korea Institute of Information Security and Cryptology, volume 19, issue 4, 2009, Pages 51~61
Recently, the cyber-attacks using botnets are being increased, Because these attacks pursue the money, the criminal aspect is also being increased, There are spreading of spam mail, DDoS(Distributed Denial of Service) attacks, propagations of malicious codes and malwares, phishings. leaks of sensitive informations as cyber-attacks that used botnets. There are many studies about detection and mitigation techniques against centralized botnets, namely IRC and HITP botnets. However, P2P botnets are still in an early stage of their studies. In this paper, we analyzed the traffics of the Peacomm bot that is one of P2P-based storm bot by using honeynet which is utilized in active analysis of network attacks. As a result, we could see that the Peacomm bot sends a large number of UDP packets to the zombies in wide network through P2P. Furthermore, we could know that the Peacomm bot makes the scale of botnet maintained and extended through these results. We expect that these results are used as a basis of detection and mitigation techniques against P2P botnets.
Estimating Direct Costs of Enterprises by Personal Information Security Breaches
Yoo, Jin-Ho ; Jie, Sang-Ho ; Lim, Jong-In ;
Journal of the Korea Institute of Information Security and Cryptology, volume 19, issue 4, 2009, Pages 63~75
Recently personal information security breaches by unauthorised access, mistakenly disclosure or stolen become more frequent and the scale of the economic loss of such incidents is growing. Assessing economic loss of personal information security breaches is needed for decision making of information security investment This paper presents a framework to analyze economic impact of personal information security breaches and develops formula for each element to empirically calculate the economic loss. We also compared annual economic loss of Korea with that of Japan to develop some implications.
Considering Information Security Professionals' Career to Analyze Knowledge and Skills Requirements
Yoo, Hye-Won ; Kim, Tae-Sung ;
Journal of the Korea Institute of Information Security and Cryptology, volume 19, issue 4, 2009, Pages 77~89
As the awareness on the information security has been well developed, there have been various studies on effective training and management of the information security workforce. But, one of the most important things for the effective training is to develop education programs based on knowledge and skills requirements for information security professionals. This study aims to analyze the required and possessed levels of knowledge and skills for information security professionals' career. For this study, we selected 71 critical knowledge and skills for information security professionals by literature review and Delphi method, and we conducted a survey of information security knowledge and skills requirements for information security professionals to perform their jobs. As a result, we analyzed the current status of the information security professionals' knowledge and skills level and suggested some guidelines for educating information security professionals by their job career.
UML 2.0 Statechart based Modeling and Analysis of Finite State Model for Cryptographic Module Validation
Lee, Gang-soo ; Jeong, Jae-Goo ; Kou, Kab-seung ;
Journal of the Korea Institute of Information Security and Cryptology, volume 19, issue 4, 2009, Pages 91~103
A cryptographic module (CM) is an implementation of various cryptographic algorithms and functions by means of hardware or software, When a CM is validated or certified under the CM validation program(CMVP), a finite state model(FSM) of the CM should be developed and provided, However, guides or methods of modeling and analysis of a FSM is not well-known, because the guide is occasionally regarded as a proprietary know-how by developers as well as verifiers of the CM. In this paper, we propose a set of guides on modeling and analysis of a FSM, which is needed for validation of a CM under CMVP, and a transition test path generation algorithm, as well as implement a simple modeling tool (CM-Statecharter). A FSM of a CM is modeled by using the Statechart of UML 2.0, Statechart, overcoming weakness of a FSM, is a formal and easy specification model for finite state modeling of a CM.
Self Generable Conditionally Anonymous Authentication System for VANET
Kim, Sang-Jin ; Lim, Ji-Hwan ; Oh, Hee-Kuck ;
Journal of the Korea Institute of Information Security and Cryptology, volume 19, issue 4, 2009, Pages 105~114
Messages exchanged among vehicles must be authenticated in order to provide collision avoidance and cooperative driving services in VANET. However, digitally signing the messages can violate the privacy of users. Therefore, we require authentication systems that can provide conditional anonymity. Recently, Zhang et al. proposed conditionally anonymous authentication system for VANET using tamper-resistant hardware. In their system, vehicles can generate identity-based public keys by themselves and use them to sign messages. Moreover, they use batch verification to effectively verify signed messages. In this paper, we provide amelioration to Zhang et al.'s system in the following respects. First, we use a more efficient probabilistic signature scheme. Second, unlike Zhang et al., we use a security proven batch verification scheme. We also provide effective solutions for key revocation and anonymity revocation problems.
Profiling of Cyber-crime by Psychological View
Lim, Chae-Ho ; Kim, Jee-Young ; Choi, Jin-Hyuk ;
Journal of the Korea Institute of Information Security and Cryptology, volume 19, issue 4, 2009, Pages 115~124
Internet is in rapid growth from technology to total social environment, so technical and syntax based cyber crime is evolved but also psychological and semantic based one is showing. In this paper, we analyze the cyber-crime cases announced by police, then classify it into social and technical influence. After that, we study the profiling method on psychological view point of cyber-crimes. We expect that it is possible to classify cyber-crimes into the categories rapidly and take less time to analyze and response.
Rule-base Expert System for Privacy Violation Certainty Estimation
Kim, Jin-Hyung ; Lee, Alexander ; Kim, Hyung-Jong ; Hwang, Jun ;
Journal of the Korea Institute of Information Security and Cryptology, volume 19, issue 4, 2009, Pages 125~135
Logs from various security system can reveal the attack trials for accessing private data without authorization. The logs can be a kind of confidence deriving factors that a certain IP address is involved in the trial. This paper presents a rule-based expert system for derivation of privacy violation confidence using various security systems. Generally, security manager analyzes and synthesizes the log information from various security systems about a certain IP address to find the relevance with privacy violation cases. The security managers' knowledge handling various log information can be transformed into rules for automation of the log analysis and synthesis. Especially, the coverage of log analysis for personal information leakage is not too broad when we compare with the analysis of various intrusion trials. Thus, the number of rules that we should author is relatively small. In this paper, we have derived correlation among logs from IDS, Firewall and Webserver in the view point of privacy protection and implemented a rule-based expert system based on the derived correlation. Consequently, we defined a method for calculating the score which represents the relevance between IP address and privacy violation. The UI(User Interface) expert system has a capability of managing the rule set such as insertion, deletion and update.
The Considerable Security Issues on the Security Enforcement of Cryptographic Technology in Finance Fields
Kim, Young-Tae ; Lee, Su-Mi ; Noh, Bong-Nam ;
Journal of the Korea Institute of Information Security and Cryptology, volume 19, issue 4, 2009, Pages 137~142
By known attacks against cryptographic technology and decline of security, internal and external major institutions have defined their recommendations in kinds, expiration, safe parameters of cryptographic technology and so on. Internal financial fields will change some cryptographic technology to follow these recommendations. To keep strong security of financial systems against sudden security changes of cryptographic technology, this article finds pre-steps : status of applied cryptographic technology, selection of vulnerable cryptographic technology. And plans for management of cryptographic technology in financial fields will be proposed.