Go to the main menu
Skip to content
Go to bottom
REFERENCE LINKING PLATFORM OF KOREA S&T JOURNALS
> Journal Vol & Issue
Journal of the Korea Institute of Information Security and Cryptology
Journal Basic Information
Journal DOI :
Korea Institutes of Information Security and Cryptology
Editor in Chief :
Volume & Issues
Volume 20, Issue 6 - Dec 2010
Volume 20, Issue 5 - Oct 2010
Volume 20, Issue 4 - Aug 2010
Volume 20, Issue 3 - Jun 2010
Volume 20, Issue 2 - Apr 2010
Volume 20, Issue 1 - Feb 2010
Selecting the target year
A New Type of Differential Fault Analysis on DES Algorithm
So, Hyun-Dong ; Kim, Sung-Kyoung ; Hong, Seok-Hie ; Kang, Eun-Sook ;
Journal of the Korea Institute of Information Security and Cryptology, volume 20, issue 6, 2010, Pages 3~13
Differential Fault Analysis (DFA) is widely known for one of the most efficient method analyzing block cipher. In this paper, we propose a new type of DFA on DES (Data Encryption Standard). DFA on DES was first introduced by Biham and Shamir, then Rivain recently introduced DFA on DES middle rounds (9-12 round). However previous attacks on DES can only be applied to the encryption process. Meanwhile, we first propose the DFA on DES key-schedule. In this paper, we proposed a more efficient DFA on DES key schedule with random fault. The proposed DFA method retrieves the key using a more practical fault model and requires fewer faults than the previous DFA on DES.
The Performance Advancement of Power Analysis Attack Using Principal Component Analysis
Kim, Hee-Seok ; Kim, Hyun-Min ; Park, Il-Hwan ; Kim, Chang-Kyun ; Ryu, Heui-Su ; Park, Young-Ho ;
Journal of the Korea Institute of Information Security and Cryptology, volume 20, issue 6, 2010, Pages 15~21
In the recent years, various researches about the signal processing have been presented to improve the performance of power analysis. Among these signal processing techniques, the research about the signal compression is not enough than a signal alignment and a noise reduction; even though that can reduce considerably the computation time for the power analysis. But, the existing compression method can sometimes reduce the performance of the power analysis because those are the unsophisticated method not considering the characteristic of the signal. In this paper, we propose the new PCA (principal component analysis)-based signal compression method, which can block the loss of the meaningful factor of the original signal as much as possible, considering the characteristic of the signal. Also, we prove the performance of our method by carrying out the experiment.
The Recovery and Analysis of Digital Data in Digital Multifunction Copiers with a Digital Forensics Perspective
Park, Il-Shin ; Kang, Cheul-Hoon ; Choi, Sung-Jin ;
Journal of the Korea Institute of Information Security and Cryptology, volume 20, issue 6, 2010, Pages 23~32
Caused by the development of IT environment, the frequency of using the embedded machines is increasing in our regular life. A typical example of these embedded machines is a Multi Function Copier and it has various functions; it is used as copier, scanner, fax machine, and file server. We would like to check the existence of and the way to abstract the data that may have been saved through using the scanner of the multi function printer and discuss how to use those data as the evidence.
Design of Security Framework for Next Generation IPTV Services
Lee, Seung-Min ; Nah, Jae-Hoon ; Seo, Dong-Il ;
Journal of the Korea Institute of Information Security and Cryptology, volume 20, issue 6, 2010, Pages 33~42
With the emergence of increasingly complex networks and diverse user terminals, demand for the next generation IPTV service is rapidly growing. It enables any content to seamlessly be reused on the diverse terminals as well as be broadcasted in real-time through the complex networks. In this paper, a novel security framework is proposed for the real-time and reusable IPTV services. The proposed framework is advantageous over the conventional content protection techniques in easily producing the scalable content with lightweight, perceptual, transcodable, and adjustable security features. It does not only ensure end-to-end security over the entire service range based on a single security mechanism, but also can control a level of security while dynamically transcoding the original content. This approach basically performs selective encryption during and after the compression using scalable video coding. The suitability of the proposed approach is demonstrated through experiments with a practical service scenario. Therefore, it is expected that security technology alone could practically contribute to creating new business opportunities for IPTV services.
A Study on Extracting the Document Text for Unallocated Areas of Data Fragments
Yoo, Byeong-Yeong ; Park, Jung-Heum ; Bang, Je-Wan ; Lee, Sang-Jin ;
Journal of the Korea Institute of Information Security and Cryptology, volume 20, issue 6, 2010, Pages 43~51
It is meaningful to investigate data in unallocated space because we can investigate the deleted data. Consecutively complete file recovery using the File Carving is possible in unallocated area, but noncontiguous or incomplete data recovery is impossible. Typically, the analysis of the data fragments are needed because they should contain large amounts of information. Microsoft Word, Excel, PowerPoint and PDF document file's text are stored using compression or specific document format. If the part of aforementioned document file was stored in unallocated data fragment, text extraction is possible using specific document format. In this paper, we suggest the method of extracting a particular document file text in unallocated data fragment.
Privacy Weakness Analysis of Delegation-Based Authentication Protocol
Youn, Taek-Young ; Kim, Chang-Han ;
Journal of the Korea Institute of Information Security and Cryptology, volume 20, issue 6, 2010, Pages 53~57
Recently, Lee et al. proposed a delegation-based authentication protocol for secure and private roaming service in global mobility networks. In this paper, we show that the protocol cannot protect the privacy of an user even though the protocol provides the user anonymity. To prove the weakness, we show that the protocol cannot provide the unlinkability and also examine the weakness of the protocol caused by the lack of the unlinkability.
A Fault Injection Attack on the For Statement in AES Implementation
Park, Jea-Hoon ; Bae, Ki-Seok ; Oh, Doo-Hwan ; Moon, Sang-Jae ; Ha, Jae-Cheol ;
Journal of the Korea Institute of Information Security and Cryptology, volume 20, issue 6, 2010, Pages 59~65
Since an attacker can occur an error in cryptographic device during encryption process and extract secret key, the fault injection attack has become a serious threat in chip security. In this paper, we show that an attacker can retrieve the 128-bits secret key using fault injection attack on the for statement of final round key addition in AES implementation. To verify possibility of our proposal, we implement the AES system on ATmega128 microcontroller and try to inject a fault using laser beam. As a result, we can extract 128-bits secret key through just one success of fault injection.
Study on Problem and Improvement of Legal and Policy Framework for Smartphone Electronic Finance Transaction - Focused on Electronic Financial Transaction Act -
Choi, Seung-Hyeon ; Kim, Kang-Seok ; Seol, Hee-Kyung ; Yang, Dae-Wook ; Lee, Dong-Hoon ;
Journal of the Korea Institute of Information Security and Cryptology, volume 20, issue 6, 2010, Pages 67~81
As wide propagation of smartphones, e-commerce with smartphones increases rapidly. Such as transfer or stock trade systems. It has prospect that most of financial companies going to offer e-commerce systems via smartphones. And e-commerce via smartphones will be increased, hence the nature of smartphone that can be used whenever, wherever. However, legislation of e-commerce in Korea does not reflect these characteristics of smartphones, because it has set standards in regular PC. So that this study is security threat and feature of smartphones considering that the current legal system will use Certificate constraints, ensuring the safety of e-commerce and install security programs for protection of users, e-commerce responsible for the accident analysis has focused on the issues presented for this improvement.
National Institution's Information Security Management on the Smart phone use environment
Kim, Ji-Sook ; Lim, Jong-In ;
Journal of the Korea Institute of Information Security and Cryptology, volume 20, issue 6, 2010, Pages 83~96
The rapid spread of smart phone in recent years changes not only personal life but also work environment of organizations. Moreover, smart phone provoke service combination between industries and transit the digital paradigm in our society because of the character that anyone can develop or use the application of smart phone. Under these circumstances, the government hastens the construction of mobile-government in order to improve national services and communication with people. However, since security threats on smart phone become more critical recently, we should hurry the counter measures against mobile threats or we will face obstacles to the activation of mobile-government. On this article, we suggest the methods of information security and the Mobile-government Information Security Management System(M-ISMS) on the smart phone use environment for building up the secure and convenient mobile system in the national institution.
A Study on the Copyright Protection Liability of Online Service Provider and Filtering Measure
Oh, Yeong-Woo ; Jang, Gye-Hyun ; Kwon, Hun-Yeong ; Lim, Jong-In ;
Journal of the Korea Institute of Information Security and Cryptology, volume 20, issue 6, 2010, Pages 97~109
Although the primary liability for online copyright infringement may fall on the individual who illegally copies, transfers, and/or distributes the copyrighted content, the issue of indirect liability for Online Service Providers (OSPS) that provide a channel for the distribution of illegal content has recently come under the spotlight. Currently, in an effort to avoid liability for indirect copyright infringement and improve their reputation, most OSPs have voluntarily applied filtering technology. Under the Copyright Act of Korea, special types of OSPS including P2P and Web-based Hard Drive (WebHard) are required to incorporate filtering technology, and may be charged with penalties if found without one. However, despite the clear need for filtering mechanisms, several arguments have been set forth that question the efficacy and appropriateness of the system. As such, this paper discusses the liability theory adopted in the US. -a leader in internet technology development-and analyzes the scope of liability and filtering related regulations in our copyright law. In addition, this paper considers the current applications of filtering as well as limits of the applied filtering technology in OSPS today. Finally, we make four suggestions to improve filtering in Korea, addressing issues such as clarifying the limits and responsibilities of OSPS, searching for cooperative solutions between copyright holders and OSPS, standardizing the filtering technology to enable compatibility among different filtering techniques, and others.
Protection Profile for Smart Meters: Vulnerability and Security Requirements Analysis
Jung, Chul-Jo ; Eun, Sun-Ki ; Choi, Jin-Ho ; Oh, Soo-Hyun ; Kim, Hwan-Koo ;
Journal of the Korea Institute of Information Security and Cryptology, volume 20, issue 6, 2010, Pages 111~125
There is a growing interest in "smart grid" technology, especially after the government recently announced "low-carbon green-growth industry" project. A smart grid uses "smart meters", which can be deployed in any power-consuming places like homes and factories. It has been shown that smart meters have several security weaknesses. There is, however, no protection profile available for smart meters, which means that safety with using them is not guaranteed at all. This paper analyzes vulnerabilities of smart meters and the relevant attack methods, thereby deriving the security functions and requirements for smart meters. Finally, we propose a protection profile based on Common Criterion v3.l for smart meters.
A study of the ISCS(Information Security Check Service) on performance measurement model and analysis method
Jang, Sang-Soo ; Shin, Seung-Ho ; Noh, Bong-Nam ;
Journal of the Korea Institute of Information Security and Cryptology, volume 20, issue 6, 2010, Pages 127~146
This report has continuously improved in Information Security Level of Information Communication Service Companies which are applicable to Information Security Safety Inspection System. Also, it presents a decided methodology after verified propriety and considered the pre-research or expropriation by being developed the way of Information Security Safety Result Measurement. Management territory weighted value was established and it was given according to the point of view and the strategy target and the and outcome index to consider overall to a measurement item. Accordingly, an outome to the Information Security Check Service is analyzed by this paper and measurement model and oucome analysis methodology are shown with this, and gives help to analyze an outcome. Also it make sure the the substantial information security check service will be accomplished, prevent a maintenance accident beforehand and improve an enterprise outcome independently by institutional system performance securement and enterprise.g corporate performance.
A Study on the Design of Security Metrics for Source Code
Seo, Dong-Su ;
Journal of the Korea Institute of Information Security and Cryptology, volume 20, issue 6, 2010, Pages 147~155
It has been widely addressed that static analysis techniques can play important role in identifying potential security vulnerability reside in source code. This paper proposes the design and application of security metrics that use both vulnerability information extracted from the static analysis, and significant factors of information that software handles. The security metrics are useful for both developers and evaluators in that the metrics help them identity source code vulnerability in early stage of development. By effectively utilizing the security metrics, evaluators can check the level of source code security, and confirm the final code depending on the characteristics of the source code and the security level of information required.
Economic Effects of Advance Diagnosis for Information Security: A Case Study
Kong, Hee-Kyung ; Kim, Tae-Sung ;
Journal of the Korea Institute of Information Security and Cryptology, volume 20, issue 6, 2010, Pages 157~169
As the information society changes into the ubiquitous computing society, the importance of information security has increased. Governments and enterprises are carrying out various information security activities to operate their information asset effectively. Since 2006, the Korean government has implemented 'Advance Diagnosis' policy to analyze the vulnerability of the information security from the early stage of the information system development to secure the information stability. This study proposes an analyzing framework for the economic effects of Advance Diagnosis for Information Security and presents an illustrative application em a real Advance Diagnosis case. The results of this study can be applied to secure the economic justification of government policies for the security of information systems.
Trust Authority(TA) Establishment Strategy for Domestic IPTV Service in iCAS environment
Choi, Hyun-Woo ; Jung, Young-Gon ; Yeo, Don-Gu ; Youm, Heung-Youl ;
Journal of the Korea Institute of Information Security and Cryptology, volume 20, issue 6, 2010, Pages 171~181
The iCAS specification that download CAS s/w image from the IPTV provider's server to the IPTV devices provides compatibility and service mobility between the IPTV service providers. However, to ensure mobility of the device, a TA(Trust Authority) within an IPTV eco-system that is capable of systematically managing keys or certificates is required. In the Legacy CAS, solution providers for CAS play a critical role of carrying out the TA. However, in order to standardize the device mobility, a TA should be established by implementing iCAS technology that manages the entire IPTV eco-system including iCAS. In this paper, we analysis TA issues related iCAS commercialization, and propose TA establishment strategy for IPTV service in iCAS environment.
A Study on Analysis and Control of Circumvent Connection to the Private Network of Corporation
Lee, Chul-Won ; Kim, Huy-Kang ; Lim, Jong-In ;
Journal of the Korea Institute of Information Security and Cryptology, volume 20, issue 6, 2010, Pages 183~194
A company's private network protected by a firewall and NAT(Network Address Translation) is not accessible directly through an external internet. However, as Reverse Connection technology used by NetCat extends to the technologies such as SSH Tunnel or HTTP Tunnel, now anyone can easily access a private network of corporation protected by a firewall and NAT. Furthermore, while these kinds of technologies are commercially stretching out to various services such as a remote control and HTTP Tunnel, security managers in a company or general users are confused under the circumstances of inner or outer regulation which is not allowed to access to an internal system with a remote control. What is more serious is to make a covert channel invading a company's private network through a malicious code and all that technologies. By the way, what matters is that a given security system such as a firewall cannot shield from these perceived dangers. So, we analyze the indirect access of technological methods and the status quo about a company's internal network and find a solution to get rid of the related dangers.
A Study on the Applicability of Anonymous Authentication Schemes for Fine-Grained Privacy Protection
Ki, Ju-Hee ; Hwang, Jung-Yeon ; Shim, Mi-Na ; Jeong, Dae-Kyeong ; Lim, Jong-In ;
Journal of the Korea Institute of Information Security and Cryptology, volume 20, issue 6, 2010, Pages 195~208
As information communication technologies have highly advanced, a large amount of user sensitive information can be easily collected and unexpectedly distributed. For user-friendly services, a service provider requires and processes more user information. However known privacy protection models take on a passive attitude toward user information protection and often involve serious weaknesses. In reality, information exposure by unauthorised access and mistakenly disclosure occurs frequently. In this paper, we study on the applicability of anonymous authentication services for fine-grained user privacy protection. We analyze authentication schemes and classify them according to the level of privacy newly defined in this paper. In addition, we identify security requirements that a privacy protection scheme based on anonymous authentication can achieve within legal boundary.
Evaluating the Efficiency of Information Security Organizations in Public Sector Using DEA Models
Park, Tea-Hyoung ; Yoon, Ki-Chan ; Moon, Sin-Yong ; Lim, Jong-In ;
Journal of the Korea Institute of Information Security and Cryptology, volume 20, issue 6, 2010, Pages 209~220
Evaluating performance in public sector aims to enhance the efficiency of organizations. Evaluating the efficiency which is the ratio between input and output, organizations set directions of improvement. This research applied Data Envelopment Analysis(DEA) useful to evaluating the efficiency of organizations in public sector. Decision Making Units(DMU) of this research are 21 Information Security Organizations of departments/agencies. As the results, the mean of efficiency score of 21 DMUs is a little more than 50%. Means of departments(8 DMUs) and agencies/committees(11 DMUs) are similar to the total efficiency score. For these results, the decision makers of the information security organizations in public sector have to strive to improve the inefficiency.
Development of S-SLA's Grading Indicator based on the Analyses of IPS's Security Functions
Yi, Wan-Suk ; Go, Woong ; Won, Dong-Ho ; Kwak, Jin ;
Journal of the Korea Institute of Information Security and Cryptology, volume 20, issue 6, 2010, Pages 221~235
Internet service providers provide various security services, such as firewall, intrusion detection, intrusion prevention, anti-virus, along with their main Internet services. Those security service users have no idea what kind of quality services they are guaranteed. And therefore, Internet users interest in Security Service Level Agreement(SLA) increases as their interest in secure Internet service increases. However, there wasn't any researches in the S-SLA area domestically and there are only limited SLA indexes related to system or service maintenances at the moment. Therefore, this paper analyses security functions in IPS services and categorize them into common and independent security functions. Finally to improve quality of security services, this paper proposes S-SLA indexes depending on the different security levels. This will be subdivide into agreement on security service.
Development of S-SLA based on the Analyses of Security Functions for Anti-virus System
Yi, Wan-Suck ; Lee, Dong-Bum ; Won, Dong-Ho ; Kwak, Jin ;
Journal of the Korea Institute of Information Security and Cryptology, volume 20, issue 6, 2010, Pages 237~249
If one analyzes recent cyber incidents including personal information infringement cases, it seems like actual attack is targeting Internet service providers but actually they are targeting Internet service users. For many users, all the services were not provided to them as they have signed for in the contract or personal informations, which users have provided to service providers when signing contracts, were disclosed to public without users' consent causing aftereffect. As a result, importance of S-SLA indexes, which is to be included in the SLA to be signed between a user and a service provider, is ever more increasing. Especially, if there is a S-SLA indexes for anti-virus services, service providers have to provide a high quality of service as they have signed in the SLA. However, there wasn't any researches in the S-SLA area domestically and there are only limited SLA indexes related to system or service maintenances at the moment. Therefore, this paper analyses security functions in anti-virus services and proposes S-SLA indexes for different security level.
Research on the Domestic and Foreign Legislation about Secondary Use Protection for Personal Health Information
Park, Han-Na ; Jung, Boo-Geum ; Lee, Dong-Hoon ; Chung, Kyo-Il ;
Journal of the Korea Institute of Information Security and Cryptology, volume 20, issue 6, 2010, Pages 251~260
Through the convergence of medical services and the IT technique, the patient's personal health information computerization has been rapidly spread with propagation of electronic medical record(EHR). In addition, by entering u-health, the demand of the secondary use for public health, medical research, and medical service using electronic patient health care records are increasing. The personal health information secondary uses for the development of academic medical area and service, are very good thing. But, carelessly to use personal health information, the patient privacy would be damaged. However, there are not yet systematic studies about secondary use of personal health information. Therefore, in this paper, we analyze the difference of the internal and external bill for personal medical data secondary use and propose the direction of the medical service development and preservation of the individual's privacy.
A Study on Threat factors of Information Security in Social Network Service by Analytic Hierarchy Process
Sung, Ki-Hoon ; Kong, Hee-Kyung ; Kim, Tae-Han ;
Journal of the Korea Institute of Information Security and Cryptology, volume 20, issue 6, 2010, Pages 261~270
As the usage of social network service(SNS) increases recently, great attention has been shown to the information security in SNS. However, there has been little investment in SNS environment for security while preferential investment to attract subscribers has been made so far. Moreover, there is still a lack of confidence for investment effect and an absence of framework to analyze the threat factors of information security in SNS. In this paper, we propose to model for decision-making standard of SNS information security investment by the AHP. The result shows that 'service image' is the most important criterion for the decision of SNS information security. It also shows that 'Profile-squatting and reputation slander through ID thefts' and 'Corporate espionage' are important threat factors in SNS information security.
A Study on National Control Policy for the Use of Encryption Technologies by an Accused Person
Baek, Seung-Jo ; Lim, Jong-In ;
Journal of the Korea Institute of Information Security and Cryptology, volume 20, issue 6, 2010, Pages 271~288
In this paper, we study the dysfunctions of cryptography as dual-use goods and national domestic encryption control policies like key recovery system and decryption order. And we examine risks of the breach of the peoples' constitutional rights like the right to privacy in these policies and analyze these policies by applying the principle of the ban on the over-restriction. Finally, we propose the direction and requirements of our national domestic encryption control policy that maintains the balance of peoples' constitutional rights and investigatory powers.