Go to the main menu
Skip to content
Go to bottom
REFERENCE LINKING PLATFORM OF KOREA S&T JOURNALS
> Journal Vol & Issue
Journal of the Korea Institute of Information Security and Cryptology
Journal Basic Information
Journal DOI :
Korea Institutes of Information Security and Cryptology
Editor in Chief :
Volume & Issues
Volume 21, Issue 6 - Dec 2011
Volume 21, Issue 5 - Oct 2011
Volume 21, Issue 4 - Aug 2011
Volume 21, Issue 3 - Jun 2011
Volume 21, Issue 2 - Apr 2011
Volume 21, Issue 1 - Feb 2011
Selecting the target year
Efficient Formulas for Cube roots in
for Pairing Cryptography
Cho, Young-In ; Chang, Nam-Su ; Kim, Chang-Han ; Park, Young-Ho ; Hong, Seok-Hie ;
Journal of the Korea Institute of Information Security and Cryptology, volume 21, issue 2, 2011, Pages 3~11
Evaluation of cube roots in characteristic three finite fields is required for Tate (or modified Tate) pairing computation. The Hamming weights (the number of nonzero coefficients) in the polynomial representations of
determine the efficiency of cube roots computation, where
is represented as
) is an irreducible trinomial. O. Ahmadi et al. determined the Hamming weights of
for all irreducible trinomials. In this paper, we present formulas for cube roots in
using the shifted polynomial basis(SPB). Moreover, we provide the suitable shifted polynomial basis bring no further modular reduction process.
Robust Fuzzy Fingerprint Vault System against Correlation Attack
Moon, Dae-Sung ; Chae, Seung-Hoon ; Chung, Yong-Wha ; Kim, Sung-Young ; Kim, Jeong-Nyeo ;
Journal of the Korea Institute of Information Security and Cryptology, volume 21, issue 2, 2011, Pages 13~25
Biometric-based authentication can provide strong security guarantee about the identity of users. However, security of biometric data is particularly important as the compromise of the data will be permanent. The fuzzy fingerprint vault system is one of the most popular solutions for protecting the fingerprint template stored in the database. Recently, however, this system is very susceptible to a correlation attack that finds the real minutiae using multiple fingerprint vaults enrolled for different applications. To solve this problem, we propose a robust fuzzy fingerprint vault system against the correlation attack. In this paper, we add chaff minutiae based on the relative information of minutiae such as direction, coordinate instead of adding randomly. Also, our proposed approach allow to add multiple chaff minutiae within tolerance box for enhanced security level. Experimental results show that the proposed approach can protect the correlation attack and achieve enhanced verification accuracy.
A Service Protection Scheme based on non-CAS for Mobile IPTV Service
Roh, Hyo-Sun ; Jung, Sou-Hwan ;
Journal of the Korea Institute of Information Security and Cryptology, volume 21, issue 2, 2011, Pages 27~35
Due to the advancement of IPTV technologies, Mobile IPTV service is needed to be supported for service and content protection. CAS is generally used in the IPTV service to protect service and content. However, the CAS is not efficient in the Mobile IPTV. The CAS needs too much bandwidth for Service Key update to the each subscriber. Moreover, the CAS is increasing computation burden for the service key refreshment in the key management server when the subscriber frequently changes of the IPTV service group. To solve the problems, we used hierarchical key structure based on pre-shared key that is securely stored into smart card or USIM and do not use the EMM for Service Key update. As a result, the proposed scheme decreases computation burden at the key management server and wireless bandwidth burden in the Mobile IPTV service.
Metamorphic Malware Detection using Subgraph Matching
Kwon, Jong-Hoon ; Lee, Je-Hyun ; Jeong, Hyun-Cheol ; Lee, Hee-Jo ;
Journal of the Korea Institute of Information Security and Cryptology, volume 21, issue 2, 2011, Pages 37~47
In the recent years, malicious codes called malware are having shown significant increase due to the code obfuscation to evade detection mechanisms. When the code obfuscation technique is applied to malwares, they can change their instruction sequence and also even their signature. These malwares which have same functionality and different appearance are able to evade signature-based AV products. Thus, AV venders paid large amount of cost to analyze and classify malware for generating the new signature. In this paper, we propose a novel approach for detecting metamorphic malwares. The proposed mechanism first converts malware's API call sequences to call graph through dynamic analysis. After that, the callgraph is converted to semantic signature using 128 abstract nodes. Finally, we extract all subgraphs and analyze how similar two malware's behaviors are through subgraph similarity. To validate proposed mechanism, we use 273 real-world malwares include obfuscated malware and analyze 10,100 comparison results. In the evaluation, all metamorphic malwares are classified correctly, and similar module behaviors among different malwares are also discovered.
Method to Extract Communication History in Instant Messenger
Lee, Jin-Kyung ; Han, Ji-Sung ; Lee, Sang-Jin ;
Journal of the Korea Institute of Information Security and Cryptology, volume 21, issue 2, 2011, Pages 49~60
Instant Messenger is one of the most popular communication service when translating message or data each other through Internet. For digital crime investigation, therefore, it is obviously important to obtain communication trace and contents derived from Instant Messenger. This is because that gathering traditional communication histories also have been important until now. However, extracting communication trace and contents are not easy because they are generally encrypted or obfuscated in local system, futhermore, sometimes they are located at server computer for Instant Messenger. This paper researches on extracting communication histories against NateOn, BuddyBuddy, Yahoo! messenger and Mi3 messenger, and obtaining user password or bypassing authentication system to Instant Messenger Service when a user use auto-login option.
A study on an investigation procedure of digital forensics for VMware Workstation's virtual machine and a method for a corrupted image recovery
Lim, Sung-Su ; Yoo, Byeong-Yeong ; Park, Jung-Heum ; Byun, Keun-Duck ; Lee, Sang-Jin ;
Journal of the Korea Institute of Information Security and Cryptology, volume 21, issue 2, 2011, Pages 61~70
Virtualization is a technology that uses a logical environment to overcome physical limitations in hardware. As a part of cost savings and green IT policies, there is a tendency in which recent businesses increase the adoption of such virtualization. In particular, regarding the virtualization in desktop, it is one of the most widely used technology at the present time. Because it is able to efficiently use various types of operating systems in a physical computer. A virtual machine image that is a key component of virtualization is difficult to investigate. because the structure of virtual machine image is different from hard disk image. Therefore, we need researches about appropriate investigation procedure and method based on technical understanding of a virtual machine. In this research, we suggest a procedure of investigation on a virtual machine image and a method for a corrupted image of the VMware Workstation that has the largest number of users.
The Windows Physical Memory Dump Explorer for Live Forensics
Han, Ji-Sung ; Lee, Sang-Jin ;
Journal of the Korea Institute of Information Security and Cryptology, volume 21, issue 2, 2011, Pages 71~82
Live data in physical memory can be acquired by live forensics but not by harddisk file-system analysis. Therefore, in case of forensic investigation, live forensics is widely used these days. But, existing live forensic methods, that use command line tools in live system, have many weaknesses; for instance, it is not easy to re-analyze and results can be modified by malicious code. For these reasons, in this paper we explain the Windows kernel architecture and how to analyze physical memory dump files to complement weaknesses of traditional live forensics. And then, we design and implement the Physical Memory Dump Explorer, and prove the effectiveness of our tool through test results.
Security Analysis against RVA-based DPA Countermeasure Applied to
Seo, Seog-Chung ; Han, Dong-Guk ; Hong, Seok-Hie ;
Journal of the Korea Institute of Information Security and Cryptology, volume 21, issue 2, 2011, Pages 83~90
Recently, pairings over elliptic curve have been applied for various ID-based encryption/signature/authentication/key agreement schemes. For efficiency, the
pairings over GF(
) (P = 2, 3) were invented, however, they are vulnerable to side channel attacks such as DPA because of their symmetric computation structure compared to other pairings such as Tate, Ate pairings. Several countermeasures have been proposed to prevent side channel attacks. Especially, Masaaki Shirase's method is very efficient with regard to computational efficiency, however, it has security flaws. This paper examines closely the security flaws of RVA-based countermeasure on
Pairing algorithm from the implementation point of view.
A Round Reduction Attack on Triple DES Using Fault Injection
Choi, Doo-Sik ; Oh, Doo-Hwan ; Bae, Ki-Seok ; Moon, Sang-Jae ; Ha, Jae-Cheol ;
Journal of the Korea Institute of Information Security and Cryptology, volume 21, issue 2, 2011, Pages 91~100
The Triple Data Encryption Algorithm (Triple DES) is an international standard of block cipher, which composed of two encryption processes and one decryption process of DES to increase security level. In this paper, we proposed a Differential Fault Analysis (DFA) attack to retrieve secret keys using reduction of last round execution for each DES process in the Triple DES by fault injections. From the simulation result for the proposed attack method, we could extract three 56-bit secret keys using exhaustive search attack for
candidate keys which are refined from about 9 faulty-correct cipher text pairs. Using laser fault injection experiment, we also verified that the proposed DFA attack could be applied to a pure microprocessor ATmega 128 chip in which the Triple DES algorithm was implemented.
A Study on Building an Integration Security System Applying Virtual Clustering
Seo, Woo-Seok ; Park, Dea-Woo ; Jun, Moon-Seog ;
Journal of the Korea Institute of Information Security and Cryptology, volume 21, issue 2, 2011, Pages 101~110
Recently, an attack to an application incapacitates the intrusion detection rule, the defense policy for a network and database and induces intrusion incidents. Thus, it is necessary to study integration security to ensure the security of an internal network and database from that attack. This article is about building an integration security system to prevent an attack to an application set with intrusion detection rules. It responds to network-based attack through detection, disperses attack with the internal integration security system through virtual clustering and load balancing, and sets up defense policy for attacking destination packets, analyzes and records attack packets, and updates rules through monitoring and analysis. Moreover, this study establishes defense policy according to attacking types to settle access traffic through virtual machine partition policy and suggests an integration security system applied to prevent attack and tests its defense. The result of this study is expected to provide practical data for integration security defense for hacking attack from outside.
A study on neutralization malicious code using Windows Crypto API and an implementation of Crypto API hooking tool
Song, Jung-Hwan ; Hwang, In-Tae ;
Journal of the Korea Institute of Information Security and Cryptology, volume 21, issue 2, 2011, Pages 111~117
Advances in encryption technology to secret communication and information security has been strengthened. Cryptovirus is the advent of encryption technology to exploit. Also, anyone can build and deploy malicious code using windows CAPI. Cryptovirus and malicious code using windows CAPI use the normal windows API. So vaccine software and security system are difficult to detect and analyze them. This paper examines and make hooking tool against Crytovirus and malicious code using windows CAPI.
Implementation of High Performance TCP Proxy Logic against TCP Flooding Attack on Network Interface Card
Kim, Byoung-Koo ; Kim, Ik-Kyun ; Kim, Dae-Won ; Oh, Jin-Tae ; Jang, Jong-Soo ; Chung, Tai-Myoung ;
Journal of the Korea Institute of Information Security and Cryptology, volume 21, issue 2, 2011, Pages 119~129
TCP-related Flooding attacks still dominate Distributed Denial of Service Attack. It is a great challenge to accurately detect the TCP flood attack in hish speed network. In this paper, we propose the NIC_Cookie logic implementation, which is a kind of security offload engine against TCP-related DDoS attacks, on network interface card. NIC_Cookie has robustness against DDoS attack itself and it is independent on server OS and external network configuration. It supports not IP-based response method but packet-level response, therefore it can handle attacks of NAT-based user group. We evaluate that the latency time of NIC_Cookie logics is
seconds and we show 2Gbps wire-speed performance through a benchmark test.
Optimized DES Core Implementation for Commercial FPGA Cluster System
Jung, Eun-Gu ; Park, Il-Hwan ;
Journal of the Korea Institute of Information Security and Cryptology, volume 21, issue 2, 2011, Pages 131~138
The previous FPGA cluster systems for a brute force search of DES keyspace have showed cost efficient performance, but the research on optimized implementation of the DES algorithm on a single FPGA has been insufficient. In this paper, the optimized DES implementation for a single FPGA of the commercial FPGA cluster system with 77 Xilinx Virtex5-LX50 FPGAs is proposed. Design space exploration using the number of pipeline stages in a DES core, the number of DES cores and the maximum clock frequency of a DES core is performed which leads to integrating 16 DES cores running at 333MHz. Also low power design is applied to reduce the loss of performance caused by limitation of power supply on each FPGA which results in fitting 8 DES cores running at 333MHz. When the proposed DES implementations would be used in the FPGA cluster system, it is estimated that the DES key would be found at most 2.03 days and 4.06 days respectively.
Development of Secure Access Control System for Location Information on Smart Phone
Jang, Won-Jun ; Lee, Hyung-Woo ;
Journal of the Korea Institute of Information Security and Cryptology, volume 21, issue 2, 2011, Pages 139~147
More convenient and value-added application services can be provided to user in case of using location-based service on Smart phone. However, privacy problem will be happen when an application disclosures the personal location information. Therefore, each user should securely control and manage his own personal location information by specifying access control list and profiles. In this study, we implemented personal location information self-control protocol and developed secure personal location management system with OTP based authentication procedure.
A Power Analysis Attack Countermeasure Not Using Masked Table for S-box of AES, ARIA and SEED
Han, Dong-Guk ; Kim, Hee-Seok ; Song, Ho-Geun ; Lee, Ho-Sang ; Hong, Seok-Hie ;
Journal of the Korea Institute of Information Security and Cryptology, volume 21, issue 2, 2011, Pages 149~156
In the recent years, power analysis attacks were widely investigated, and so various countermeasures have been proposed. In the case of block ciphers, masking methods that blind the intermediate values in the en/decryption computations are well-known among these countermeasures. But the cost of non-linear part is extremely high in the masking method of block cipher, and so the countermeasure for S-box must be efficiently constructed in the case of AES, ARIA and SEED. Existing countermeasures for S-box use the masked S-box table to require 256 bytes RAM corresponding to one S-box. But, the usage of the these countermeasures is not adequate in the lightweight security devices having the small size of RAM. In this paper, we propose the new countermeasure not using the masked S-box table to make up for this weak point. Also, the new countermeasure reduces time-complexity as well as the usage of RAM because this does not consume the time for generating masked S-box table.