Go to the main menu
Skip to content
Go to bottom
REFERENCE LINKING PLATFORM OF KOREA S&T JOURNALS
> Journal Vol & Issue
Journal of the Korea Institute of Information Security and Cryptology
Journal Basic Information
Journal DOI :
Korea Institutes of Information Security and Cryptology
Editor in Chief :
Volume & Issues
Volume 20, Issue 6 - Dec 2010
Volume 20, Issue 5 - Oct 2010
Volume 20, Issue 4 - Aug 2010
Volume 20, Issue 3 - Jun 2010
Volume 20, Issue 2 - Apr 2010
Volume 20, Issue 1 - Feb 2010
Selecting the target year
A Consideration on Verification and Extension of Fermat's Factorization
Jung, Seo-Hyun ; Jung, Sou-Hwan ;
Journal of the Korea Institute of Information Security and Cryptology, volume 20, issue 3, 2010, Pages 3~8
There are some efficient brute force algorithm for factorization. Fermat's factorization is one of the way of brute force attack. Fermat's method works best when there is factor near the square-root. This paper shows that why Fermat's method is effective and verify that there are only one answer. Because there are only one answer, we can start Fermat's factorization anywhere. Also, we convert from factorization to finding square number.
One-Time Virtual Card Number Generation & Transaction Protocol using Integrated Authentication Center
Seo, Seung-Hyun ;
Journal of the Korea Institute of Information Security and Cryptology, volume 20, issue 3, 2010, Pages 9~21
Recently, famous online shopping websites were hit by hacking attack, and many users' personal information such as ID, password, account number, personal number, credit card number etc. were compromised. Hackers are continuing to attack online shopping websites, and the number of victims of these hacking is increasing. Especially, the exposure of credit card numbers is dangerous, because hackers maliciously use disclosed card numbers to gain money. In 2007 Financial Cryptography Conference, Ian Molly et al. firstly proposed dynamic card number generator, but it doesn't meet reuse resistant. In this paper, we analyzed security weaknesses of Ian Molly's scheme, and we proposed a new one-time virtual card number generator using a mobile device which meets security requirements of one-time virtual card numbers. Then, we propose one-time credit card number generation and transaction protocol using Integrated Authentication Center for user convenience and security enhancement.
Maximizing WSQ Compression Rate by Considering Fingerprint Image Quality
Hong, Seung-Woo ; Lee, Sung-Ju ; Chung, Yong-Wha ; Choi, Woo-Yong ; Moon, Dae-Sung ; Moon, Ki-Young ; Jin, Chang-Long ; Kim, Hak-Il ;
Journal of the Korea Institute of Information Security and Cryptology, volume 20, issue 3, 2010, Pages 23~30
Compression techniques can be applied to large-scale fingerprint systems to store or transmit fingerprint data efficiently. In this paper, we investigate the effects of FBI WSQ fingerprint image compression on the performance of a fingerprint verification system using multiple linear regressions. We propose a maximum compression using fingerprint image quality score. Based on the experiments, we can confirm that the proposed approach can compress the fingerprint images up to 3 times more than the fixed compression ratio without significant degradation of the verification accuracy.
An IP Traceback "M"echanism with "E"nhanced "I"ntegrity for IPv6-based NGN Environment
Jang, Jae-Hoon ; Yeo, Don-Gu ; Choi, Hyun-Woo ; Youm, Heung-Youl ;
Journal of the Korea Institute of Information Security and Cryptology, volume 20, issue 3, 2010, Pages 31~41
It is difficult to identify attacker's real location when the attacker spoofs IP address in current IPv4-based Internet environment. If the attacks such as DDoS happen in the Internet, we can hardly expect the protection scheme to respond to these attacks in active or real-time manner. Many traceback techniques have been proposed to protect against these attacks, but most traceback schemes were designed to work with the IPv4-based Internet and found to be lack of verification of whether the traceback related information is forged or not. Few traceback schemes for IPv6-based network environment have been suggested, but it has these disadvantages that needs more study. In this paper, we propose the reliable IP traceback scheme supporting integrity of traceback-related information in IPv6 network environment, simulate it, and compare our proposed scheme with exsisting traceback mechanisms in terms of overhead and functionality.
Incentive Mechanism based on Game Theory in Kad Network
Wang, Xu ; Ni, Yongqing ; Nyang, Dae-Hun ;
Journal of the Korea Institute of Information Security and Cryptology, volume 20, issue 3, 2010, Pages 43~52
The Kad network is a peer-to-peer (P2P) network which implements the Kademlia P2P overlay protocol. Nowadays, the Kad network has attracted wide concern as a popular architecture for file sharing systems. Meanwhile, many problems have been coming out in these file sharing systems such as freeriding of users, uploading fake files, spreading viruses, and so on. In order to overcome these problems, we propose an incentive mechanism based on game theory, it establishes a more stable and efficient network environment for Kad users. Users who share valuable resources receive rewards by increasing their credits, while others who supply useless or harmful files are punished. This incentive mechanism in Kad network can be used to detect and prevent malicious behaviors of users and encourage honest interaction among users.
Proposal of a Mutual Authentication and Key Management Scheme based on SRP protocol
Choi, Hyun-Woo ; Yeo, Don-Gu ; Jang, Jae-Hoon ; Youm, Heung-Youl ;
Journal of the Korea Institute of Information Security and Cryptology, volume 20, issue 3, 2010, Pages 53~65
Conditional Access System (CAS) is a core security mechanism of IPTV SCP (Service and Content Protection) which enables only authenticated user to be able to watch the broadcasting contents. In the past, it was general that CAS was built in Set-Top Box (STB) as hardware or as a detachable cable card. However, numerous researches in Downloadable CAS (DCAS), where users can download CAS code in their STB through their network, have been recently conducted widely due to the lack of security and scalability problem. In this paper, the security requirements of OpenCable based DCAS which is typical example of downloadable IPTV SCP will be derived, the novel authentication and key management scheme will be proposed by using the Authentication Proxy (AP) which is the core DCAS. Also, the benefits of the proposed system will be evaluated by comparison and analysis with preceding research.
A Lightweight Key Agreement Protocol between Smartcard and Set-Top Box for Secure Communication in IPTV Broadcasting
Lee, Hoon-Jung ; Son, Jung-Gap ; Oh, Hee-Kuck ;
Journal of the Korea Institute of Information Security and Cryptology, volume 20, issue 3, 2010, Pages 67~78
CAS(Conditional Access System) is used in Pay-TV System to prohibit unauthorized user(s) accessing the contents in IPTV broadcasting environment. In the CAS, Smartcard transfers CW which is necessary in the process of descrambling the scrambled program to STB. CW hacking problem is one of the most serious problems in pay-TV system. There have been many researches on generating secure communication channel between smartcard and STB for secure transmitting, But they had problems in efficiency and security. In this paper, we propose a lightweight key agreement protocol based on a symmetric key algorithm. We show that our proposed protocol is more efficient than existing protocols by comparing the amount of computations, and analyzing the security requirement of the proposed protocol.
Timestamp Analysis of Windows File Systems by File Manipulation Operations
Bang, Je-Wan ; Yoo, Byeong-Yeong ; Lee, Sang-Jin ;
Journal of the Korea Institute of Information Security and Cryptology, volume 20, issue 3, 2010, Pages 79~91
In digital forensics, the creation time, last modified time, and last accessed time of a file or folder are important factors that can indicate events that have affected a computer system. The form of the time information varies with the file system, depending on the user's actions such as copy, transfer, or network transport of files. Specific changes of the time information may be of considerable help in analyzing the user's actions in the computer system. This paper analyzes changes in the time information of files and folders for different operations of the NTFS and attempts to reconstruct the user's actions.
Shoulder-Surfing Resistant Password Input Method for Mobile Environment
Kim, Chang-Soon ; Youn, Sun-Bum ; Lee, Mun-Kyu ;
Journal of the Korea Institute of Information Security and Cryptology, volume 20, issue 3, 2010, Pages 93~104
The advent of various mobile devices and mobile services has caused diversification of information stored in a mobile device, e.g., SMS, photos, movies, addresses, e-mails, digital certificates, and so on. Because mobile devices are lost or stolen easily, user authentication is critical to protect the information stored in mobile devices. However, the current user authentication methods using Personal Identification Numbers (PINs) and passwords are vulnerable to Shoulder Surfing Attacks (SSAs), which enables an attacker to obtain user's information. Although there are already several SSA-resistant authentication methods in the literature, most of these methods lack of usability. Moreover, they are not suitable for use in mobile devices. In this paper, we propose a user friendly password input method for mobile devices which is secure against SSA. We also perform user tests and compare the security and usability of the proposed method with those of the existing password input methods.
Practical Privacy-Preserving DBSCAN Clustering Over Horizontally Partitioned Data
Kim, Gi-Sung ; Jeong, Ik-Rae ;
Journal of the Korea Institute of Information Security and Cryptology, volume 20, issue 3, 2010, Pages 105~111
We propose a practical privacy-preserving clustering protocol over horizontally partitioned data. We extend the DBSCAN clustering algorithm into a distributed protocol in which data providers mix real data with fake data to provide privacy. Our privacy-preserving clustering protocol is very efficient whereas the previous privacy-preserving protocols in the distributed environments are not practical to be used in real applications. The efficiency of our privacy-preserving clustering protocol over horizontally partitioned data is comparable with those of privacy-preserving clustering protocols in the non-distributed environments.
Secure and Energy-Efficient MPEG Encoding using Multicore Platforms
Lee, Sung-Ju ; Lee, Eun-Ji ; Hong, Seung-Woo ; Choi, Han-Na ; Chung, Yong-Wha ;
Journal of the Korea Institute of Information Security and Cryptology, volume 20, issue 3, 2010, Pages 113~120
Content security and privacy protection are important issues in emerging network-based video surveillance applications. Especially, satisfying both real-time constraint and energy efficiency with embedded system-based video sensors is challenging since the battery-operated sensors need to compress and protect video content in real-time. In this paper, we propose a multicore-based solution to compress and protect video surveillance data, and evaluate the effectiveness of the solution in terms of both real-time constraint and energy efficiency. Based on the experimental results with MPEG2/AES software, we confirm that the multicore-based solution can improve the energy efficiency of a singlecore-based solution by a factor of 30 under the real-time constraint.
State of Art on Security Protocols for Fast Mobile IPv6
You, Il-Sun ; Hori, Yoshiaki ; Sakurai, Kouichi ;
Journal of the Korea Institute of Information Security and Cryptology, volume 20, issue 3, 2010, Pages 121~134
With the help of various Layer 2 triggers, Fast Handover for Mobile IPv6 (FMIPv6) considerably reduces the latency and the signaling messages incurred by the handover. Obviously, if not secured, the protocol is exposed to various security threats and attacks. In order to protect FMIPv6, several security protocols have been proposed. To our best knowledge, there is lack of analysis and comparison study on them though the security in FMIPv6 is recognized to be important. Motivated by this, we provide an overview of the security protocols for FMIPv6, followed by the comparison analysis on them. Also, the security threats and requirements are outlined before the protocols are explored. The comparison analysis result shows that the protocol presented by You, Sakurai and Hori is more secure than others while not resulting in high computation overhead. Finally, we introduce Proxy MIPv6 and its fast handover enhancements, then emphasizing the need for a proper security mechanism for them as a future work.
Chosen Message Attack on the RSA-CRT Countermeasure Based on Fault Propagation Method
Baek, Yi-Roo ; Ha, Jae-Cheol ;
Journal of the Korea Institute of Information Security and Cryptology, volume 20, issue 3, 2010, Pages 135~140
The computation using Chinese Remainder Theorem in RSA cryptosystem is well suited in the digital signature or decryption processing due to its low computational load compared to the case of general RSA without CRT. Since the RSA-CRT algorithm is vulnerable to many fault insertion attacks, some countermeasures against them were proposed. Among several countermeasures, Yen et al. proposed two schemes based on fault propagation method. Unfortunately, a new vulnerability was founded in FDTC 2006 conference. To improve the original schemes, Kim et al. recently proposed a new countermeasure in which they adopt the AND operation for fault propagation. In this paper, we show that the proposed scheme using AND operation without checking procedure is also vulnerable to fault insertion attack with chosen messages.