Go to the main menu
Skip to content
Go to bottom
REFERENCE LINKING PLATFORM OF KOREA S&T JOURNALS
> Journal Vol & Issue
Journal of the Korea Institute of Information Security and Cryptology
Journal Basic Information
Journal DOI :
Korea Institutes of Information Security and Cryptology
Editor in Chief :
Volume & Issues
Volume 19, Issue 6 - Dec 2009
Volume 19, Issue 5 - Oct 2009
Volume 19, Issue 4 - Aug 2009
Volume 19, Issue 3 - Jun 2009
Volume 19, Issue 2 - Apr 2009
Volume 19, Issue 1 - Feb 2009
Selecting the target year
Efficient Bit-Parallel Polynomial Basis Multiplier for Repeated Polynomials
Chang, Nam-Su ; Kim, Chang-Han ; Hong, Seok-Hie ;
Journal of the Korea Institute of Information Security and Cryptology, volume 19, issue 6, 2009, Pages 3~15
Recently, Wu proposed a three small classes of finite fields
for low-complexity bit-parallel multipliers. The proposed multipliers have low-complexities compared with those based on the irreducible pentanomials. In this paper, we propose a new Repeated Polynomial(RP) for low-complexity bit-parallel multipliers over
. Also, three classes of Irreducible Repeated polynomials are considered which are denoted, respectively, by case 1, case 2 and case3. The proposed RP bit-parallel multiplier has lower complexities than ones based on pentanomials. If we consider finite fields that have neither a ESP nor a trinomial as an irreducible polynomial when
. Then, in Wu''s result, only 11 finite fields exist for three types of irreducible polynomials when
. However, in our result, there are 181, 232, and 443 finite fields of case 1, 2 and 3, respectively.
Security Analysis of Two Certificateless Signature Schemes
Lee, Ju-Hee ; Shim, Kyung-Ah ; Lee, Hyang-Sook ;
Journal of the Korea Institute of Information Security and Cryptology, volume 19, issue 6, 2009, Pages 17~22
Certificateless cryptography eliminates the need of certificacates in the public key crytosystems and solves the inherent key escrow problem in identity-based cryptosystems. This paper demonstrates that two certificateless signature schemes proposed by Guo et al. and Wang et al. respectively are insecure against key replacement attacks by a type I adversary. We show that the adversary who can replace a signer's public key can forge signatures under the replaced public key. We then make a suggestion to prevent the attacks.
Efficient RSA-Based PAKE Procotol for Low-Power Devices
Lee, Se-Won ; Youn, Taek-Young ; Park, Yung-Ho ; Hong, Seok-Hie ;
Journal of the Korea Institute of Information Security and Cryptology, volume 19, issue 6, 2009, Pages 23~35
Password-Authenticated Key Exchange (PAKE) Protocol is a useful tool for secure communication conducted over open networks without sharing a common secret key or assuming the existence of the public key infrastructure (PKI). It seems difficult to design efficient PAKE protocols using RSA, and thus many PAKE protocols are designed based on the Diffie-Hellman key exchange (DH-PAKE). Therefore it is important to design an efficient PAKE based on RSA function since the function is suitable for designing a PAKE protocol for imbalanced communication environment. In this paper, we propose a computationally-efficient key exchange protocol based on the RSA function that is suitable for low-power devices in imbalanced environment. Our protocol is more efficient than previous RSA-PAKE protocols, required theoretical computation and experiment time in the same environment. Our protocol can provide that it is more 84% efficiency key exchange than secure and the most efficient RSA-PAKE protocol CEPEK. We can improve the performance of our protocol by computing some costly operations in offline step. We prove the security of our protocol under firmly formalized security model in the random oracle model.
Efficient Message Authentication Scheme for VANET
Yoo, Young-Jun ; Lee, Jun-Ho ; Lee, Dong-Hoon ;
Journal of the Korea Institute of Information Security and Cryptology, volume 19, issue 6, 2009, Pages 37~47
In VANET, each vehicle can obtain traffic information from other vehicles or infrastructure, and they frequently exchange life-critical safety message. Therefore, it is necessary among vehicles to establish a secure channel for keeping the driver's safe and protecting the channel against several attack challenges. TSVC is a representative scheme which needs low communication and computation to be performed. But, there is a delay when verifying the messages because it is designed based on TESLA. Thus, it is not acceptable to use TSVC for sending the time-critical messages. In this paper, we propose a novel message authentication scheme which reduces a delay for the verification of messages. Therefore, the proposed scheme can be suitable to transmitting time-critical messages. Furthermore, the scheme supports to privacy preservation and can robust against DoS attacks.
Real-time Integrity for Vehicle Black Box System
Kim, Yun-Gyu ; Kim, Bum-Han ; Lee, Dong-Hoon ;
Journal of the Korea Institute of Information Security and Cryptology, volume 19, issue 6, 2009, Pages 49~61
Recently, a great attention has been paid to a vehicle black box device in the auto markets since it provides an accident re-construction based on the data which contains audio, video, and some meaningful driving informations. It is expected that the device will get to promote around commercial vehicles and the market will greatly grow within a few years. Drivers who equips the device in their car believes that it can find the origin of an accident and help an objective judge. Unfortunately, the current one does not provide the integrity of the data stored in the device. That is the data can be forged or modified by outsider or insider adversary because it is just designed to keep the latest data produced by itself. This fact cause a great concern in car insurance and law enforcement, since the unprotected data cannot be trusted. To resolve the problem, in this paper, we propose a novel real-time integrity protection scheme for vehicle black box device. We also present the evaluation results by simulation using our software implementation.
Fault Analysis Attacks on Control Statement of RSA Exponentiation Algorithm
Gil, Kwang-Eun ; Baek, Yi-Roo ; Kim, Hwan-Koo ; Ha, Jae-Cheol ;
Journal of the Korea Institute of Information Security and Cryptology, volume 19, issue 6, 2009, Pages 63~70
Many research results show that RSA system mounted using conventional binary exponentiation algorithm is vulnerable to some physical attacks. Recently, Schmidt and Hurbst demonstrated experimentally that an attacker can exploit secret key using faulty signatures which are obtained by skipping the squaring operations. Based on similar assumption of Schmidt and Hurbst's fault attack, we proposed new fault analysis attacks which can be made by skipping the multiplication operations or computations in looping control statement. Furthermore, we applied our attack to Montgomery ladder exponentiation algorithm which was proposed to defeat simple power attack. As a result, our fault attack can extract secret key used in Montgomery ladder exponentiation.
An Efficient Anonymous Routing Protocol Without Using Onion Technique in MANET
Lee, Sung-Yun ; Oh, Hee-Kuck ; Kim, Sang-Jin ;
Journal of the Korea Institute of Information Security and Cryptology, volume 19, issue 6, 2009, Pages 71~82
There have been a lot of researches on providing privacy in MANET (Mobile Ad hoc NETwork) using trapdoor, onion, and anonymous authentication. Privacy protection in MANET can be divided into satisfying ID privacy, location privacy, route privacy, and unlinkability between sessions. Most of the previous works, however, were unsatisfactory with respect to location privacy or route privacy. Moreover, in previous schemes, cryptographic operation cost needed to meet the privacy requirements was relatively high. In this paper, we propose a new efficient anonymous routing protocol that satisfies all the privacy requirements and reduces operation costs. The proposed scheme does not use onion or anonymous authentication techniques in providing privacy. We also provide a more accurate analysis of our scheme's efficiency by considering all the nodes involved in the route establishment.
Strong Yoking-Proof Protocol using Light-Weighted MAC
Cho, Chang-Hyun ; Lee, Jae-Sik ; Kim, Jae-Woo ; Jun, Moon-Seog ;
Journal of the Korea Institute of Information Security and Cryptology, volume 19, issue 6, 2009, Pages 83~92
Ari Juels proposed Yoking-Proof protocol for authenticating multiple tags simultaneously using RFID system. Because common Yoking-Proof methods authenticate by using MAC (Message Authentication Code), it is difficult to apply them to inexpensive tags. It is also difficult to implement common hash functions such as MD5 in inexpensive tags. So, Ari Juels also proposed a lightweighted Yoking-Proof method with only 1 authentication. However, Minimalist MAC, which is a lightweighted MAC used in the proposed method is for single-use, and the proposed structure is vulnerable to replay attacks. Therefore, in this study, the minimalist MAC using Lamport's digital signature scheme was adopted, and a new type of Yoking-Proof protocol was proposed where it uses tags that are safe from replay attacks while being able to save multiple key values.
A Ticket-based Authentication Mechanism Suitable for Fast 802.11 Handoff which use CAPWAP Architecture
Park, Chang-Seop ; Woo, Byung-Duk ;
Journal of the Korea Institute of Information Security and Cryptology, volume 19, issue 6, 2009, Pages 93~103
Recently, there is an increase in demand of real-time multimedia service in the WLAN environment, with a commercialization of IEEE 802.11n standard. However, the 802.1x authentication protocol is too slow to provide seamless real-time multimedia service, which defined in an IEEE 802.11i security standard. In this paper, a Ticket-based authentication mechanism in the CAPWAP(Control And Provisioning Wireless Access Point) architecture is introduced to support for the fast handoff.
Breaking character-based CAPTCHA using color information
Kim, Sung-Ho ; Nyang, Dae-Hun ; Lee, Kyung-Hee ;
Journal of the Korea Institute of Information Security and Cryptology, volume 19, issue 6, 2009, Pages 105~112
Nowadays, completely automated public turing tests to tell computers and humans apart(CAPTCHAs) are widely used to prevent various attacks by automated software agents such as creating accounts, advertising, sending spam mails, and so on. In early CAPTCHAs, the characters were simply distorted, so that users could easily recognize the characters. From that reason, using various techniques such as image processing, artificial intelligence, etc., one could easily break many CAPTCHAs, either. As an alternative, By adding noise to CAPTCHAs and distorting the characters in CAPTCHAs, it made the attacks to CAPTCHA more difficult. Naturally, it also made users more difficult to read the characters in CAPTCHAs. To improve the readability of CAPTCHAs, some CAPTCHAs used different colors for the characters. However, the usage of the different colors gives advantages to the adversary who wants to break CAPTCHAs. In this paper, we suggest a method of increasing the recognition ratio of CAPTCHAs based on colors.
The Study on the Security Model for ActiveX Control Management through Security Authentication
Park, Sung-Yong ; Moon, Jong-Sub ;
Journal of the Korea Institute of Information Security and Cryptology, volume 19, issue 6, 2009, Pages 113~119
In recent years, to provide visitors with the various and dynamic services, many ActiveX Controls are developed and distributed in most of the web sites such as e-Government Internet banking Portal in Korea. However, unsecure ActiveX Controls may be critical security threats on Internet User. Although hacking incidents increase sharply for these vulnerable ActiveX Controls, there are not enough national security actions or policies. Thus, in this paper we propose the technical method to design 'Security model for ActiveX Control Managemnet through Security Authentication' to be able safe and useful security management in three aspects of development distribution using.
The Evaluation for Web Mining and Analytics Service from the View of Personal Information Protection and Privacy
Kang, Daniel ; Shim, Mi-Na ; Bang, Je-Wan ; Lee, Sang-Jin ; Lim, Jong-In ;
Journal of the Korea Institute of Information Security and Cryptology, volume 19, issue 6, 2009, Pages 121~134
Consumer-centric marketing business is surely one of the most successful emerging business but it poses a threat to personal privacy. Between the service provider and the user there are many contrary issues to each other. The enterprise asserts that to abuse the privacy data which is anonymous there is not a problem. The individual only will not be able to willingly submit the problem which is latent. Web traffic analysis technology itself doesn't create issues, but this technology when used on data of personal nature might cause concerns. The most criticized ethical issue involving web traffic analysis is the invasion of privacy. So we need to inspect how many and what kind of personal informations being used and if there is any illegal treatment of personal information. In this paper, we inspect the operation of consumer-centric marketing tools such as web log analysis solutions and data gathering services with web browser toolbar. Also we inspect Microsoft explorer-based toolbar application which records and analyzes personal web browsing pattern through reverse engineering technology. Finally, this identified and explored security and privacy requirement issues to develop more reliable solutions. This study is very important for the balanced development with personal privacy protection and web traffic analysis industry.
The Threat Analysis and Security Guide for Private Information in Web Log
Ryeo, Sung-Koo ; Shim, Mi-Na ; Lee, Sang-Jin ;
Journal of the Korea Institute of Information Security and Cryptology, volume 19, issue 6, 2009, Pages 135~144
This paper discusses an issue of serious security risks at web log which contains private information, and suggests solutions to protect them. These days privacy is core information to produce value-added in information society. Its scope and type is expanded and is more important along with the growth of information society. Web log is a privacy information file enacted as law in South Korea. Web log is not protected properly in spite of that has private information It just is treated as residual product of web services. Many malicious people could gain private information in web log. This problem is occurred by no classified data and improper development of web application. This paper suggests the technical solutions which control data in development phase and minimizes that the private information stored in web log, and applies in operation environment. It is very efficient method to protect private information and to observe the law.
A Study on the Secure Plan of Security in SCADA Systems
Kim, Young-Jin ; Lee, Jung-Hyun ; Lim, Jong-In ;
Journal of the Korea Institute of Information Security and Cryptology, volume 19, issue 6, 2009, Pages 145~152
SCADA(Supervisory Control And Data Acquisition) systems are widely used for control and monitoring of critical infrastructures including electricity, gas and transportation. Any compromise in the security of SCADA systems could result in massive chaos and disaster at a national level if a malicious attacker takes the control of the system. Therefore, sound countermeasures must be provided when the SCADA systems are being developed as well as when they are being operated. Unlike general information processing system, SCADA systems have different service responses, communication protocols and network architectures and therefore a different approach should be applied to each SCADA systems that takes into consideration of each system's security characteristics and architectures. In addition, legal basis should be established to ensure the nationwide management of the systems security. This paper examines the vulnerabilites of SCADA systems and proposes action plans to protect the systems against cyber attacks.
An Empirical Research on Human Factor Management Indicators for Information Security
Cha, In-Hwan ; Kim, Jung-Duk ;
Journal of the Korea Institute of Information Security and Cryptology, volume 19, issue 6, 2009, Pages 153~160
This study is to develop a human resource (HR) security framework, and related HR security indicators in the context of information security. The HR security framework consists of three constructs, personnel assurance, personnel competence, and personnel security control. Based on the framework, HR security management indicators are derived as 26 indicators in 9 items out of 3 categories. An empirical research has been performed to verify the relevance and consistency between the indicators by conducting a questionnaire-based survey. Also, interrelationships between the proposed indicators and HR related security level were analyzed by the multiple regression analysis. As a result, the proposed hypothesis were mostly accepted, showing the significant relationships between the indicators and security level.
Technique and Implementation of Secure Downloadable Conditional Access System
Kang, Seong-Ku ; Park, Jong-Youl ; Paik, Eui-Hyun ; Park, Choon-Sik ; Ryou, Jae-Cheol ;
Journal of the Korea Institute of Information Security and Cryptology, volume 19, issue 6, 2009, Pages 161~174
IPTV provides their services only for their subscribers who have a eligibility to watch it by using Conditional Access System(CAS). CAS has been servicing their contents for subscribers by using set-top box or cable card so far, but these days, to solve the compatibility between kinds of devices, linkage with other services as DRM and confirming stability, the research of Downloadable CAS(DCAS) is being advanced steadily. On this paper, we analyse the vulnerability of DCAS based on the OpenCable and make up for the vulnerability in DCAS, then proposes to use secure DCAS system for IPTV. Also we show the result of the research and analyse the satisfaction of requirements.
Estimating Information Security Risk-Using Fuzzy Number Compromising Quantitative and Qualitative Methods
Pak, Ro-Jin ; Lee, Dong-Hoon ;
Journal of the Korea Institute of Information Security and Cryptology, volume 19, issue 6, 2009, Pages 175~184
There have been two methods of estimating computer related security risk such as qualitative and quantitative methods which have distinctive advantages or disadvantages. The former is too narrative and somehow abstract to implement and the latter produces concrete result but needs lots of data, so that it is needed to develop a method overcoming such difficulties. It is advised to mix such two methods in a proper way depending on the conditions of a computer system. In this article, a concept of fuzzy number is employed on the way of mixing the two methods and provide a simple example using fuzzy numbers. Simulation was conducted for an assumed model system and it is demonstrated how to calculated expected and unexpected risk.
The Security Analysis of Previous CRT-RSA Scheme on Modified Opcode and Operand Attack
Hur, Soon-Haeng ; Lee, Hyung-Sub ; Rhee, Hyun-Seung ; Choi, Dong-Hyun ; Won, Dong-Ho ; Kim, Seung-Joo ;
Journal of the Korea Institute of Information Security and Cryptology, volume 19, issue 6, 2009, Pages 185~190
As the use of RSA based on chinese remainder theorem(CRT-RSA) is being generalized, the security of CRT-RSA has been important. Since Bellcore researchers introduced the fault attacks on CRT-RSA, various countermeasures have been proposed. In 1999, Shamir firstly proposed a countermeasure using checking procedure. After Shamir's countermeasure was introduced, various countermeasures based on checking procedure have been proposed. However, Shamir's countermeasure was known to be vulnerable to the modified operand attack by Joey et al. in 2001, and the checking procedure was known to be vulnerable to the modified opcode attack by Yen et al. in 2003. Yen et al. proposed a new countermeasure without checking procedure, but their countermeasure was known to be also vulnerable to the modified operand attack by Yen and Kim in 2007. In this paper, we point out that pre, but countermeasures were vulnerable to the modified operand attack or the modified opcode attack.
Security analysis of Chang-Lee-Chiu's anonymous authentication scheme
Youn, Taek-Young ; Park, Young-Ho ;
Journal of the Korea Institute of Information Security and Cryptology, volume 19, issue 6, 2009, Pages 191~194
Recently, an anonymous authentication scheme has been proposed by Chang, Lee, and Chiu. In this paper, we show the insecurity of the scheme. To prove the insecurity of the scheme, we describe some attacks that can be used to recover an user's identity.
An Interactive Diffie-Hellman Problem and Its Application to Identification Scheme
Nyang, Dae-Hun ; Lee, Kyung-Hee ;
Journal of the Korea Institute of Information Security and Cryptology, volume 19, issue 6, 2009, Pages 195~199
This paper defines a new variation of CDH problem where an adversary interacts with a challenger and proves its security is equivalent to the CDH problem. This new problem is useful in designing a cryptographic protocol. To show the versatility of this problem, we present a new identification scheme. Finally, we show a decisional version of this protocol.