Go to the main menu
Skip to content
Go to bottom
REFERENCE LINKING PLATFORM OF KOREA S&T JOURNALS
> Journal Vol & Issue
Journal of the Korea Institute of Information Security and Cryptology
Journal Basic Information
Journal DOI :
Korea Institutes of Information Security and Cryptology
Editor in Chief :
Volume & Issues
Volume 21, Issue 6 - Dec 2011
Volume 21, Issue 5 - Oct 2011
Volume 21, Issue 4 - Aug 2011
Volume 21, Issue 3 - Jun 2011
Volume 21, Issue 2 - Apr 2011
Volume 21, Issue 1 - Feb 2011
Selecting the target year
Considering Barrier Overhead in Parallelizing AES-CCM
Chung, Yong-Wha ; Kim, Sang-Choon ;
Journal of the Korea Institute of Information Security and Cryptology, volume 21, issue 3, 2011, Pages 3~9
In this paper, we propose workload partitioning methods in parallelizing AES-CCM which is proposed as the wireless encryption and message integrity standard IEEE 802.11i. In parallelizing AES-CCM having data dependency, synchronizations among processors are required, and multi-core processors have a very large range of synchronization performance. We propose and compare the performance of various workload partitioning methods by considering both the computational characteristics of AES-CCM and the synchronization overhead.
Efficient Fault Injection Attack to the Miller Algorithm in the Pairing Computation using Affine Coordinate System
Bae, Ki-Seok ; Park, Jea-Hoon ; Sohn, Gyo-Yong ; Ha, Jae-Cheol ; Moon, Sang-Jae ;
Journal of the Korea Institute of Information Security and Cryptology, volume 21, issue 3, 2011, Pages 11~25
The Miller algorithm is employed in the typical pairing computation such as Weil, Tate and Ate for implementing ID based cryptosystem. By analyzing the Mrabet's attack that is one of fault attacks against the Miller algorithm, this paper presents au efficient fault attack in Affine coordinate system, it is the most basic coordinates for construction of elliptic curve. The proposed attack is the effective model of a count check fault attack, it is verified to work well by practical fault injection experiments and can omit the probabilistic analysis that is required in the previous counter fault model.
Power Analysis Attacks on the Stream Cipher Rabbit
Bae, Ki-Seok ; Ahn, Man-Ki ; Park, Jea-Hoon ; Lee, Hoon-Jae ; Moon, Sang-Jae ;
Journal of the Korea Institute of Information Security and Cryptology, volume 21, issue 3, 2011, Pages 27~35
Design of Sensor nodes in Wireless Sensor Network(WSN) should be considered some properties as electricity consumption, transmission speed, range, etc., and also be needed the protection against various attacks (e.g., eavesdropping, hacking, leakage of customer's secret data, and denial of services). The stream cipher Rabbit, selected for the final eSTREAM portfolio organized by EU ECRYPT and selected as algorithm in part of ISO/IEC 18033-4 Stream Ciphers on ISO Security Standardization recently, is a high speed stream cipher suitable for WSN. Since the stream cipher Rabbit was evaluated the complexity of side-channel analysis attack as 'Medium' in a theoretical approach, thus the method of power analysis attack to the stream cipher Rabbit and the verification of our method by practical experiments were described in this paper. We implemented the stream cipher Rabbit without countermeasures of power analysis attack on IEEE 802.15.4/ZigBee board with 8-bit RISC AVR microprocessor ATmega128L chip, and performed the experiments of power analysis based on difference of means and template using a Hamming weight model.
Selection of Detection Measure using Traffic Analysis of Each Malicious Botnet
Jang, Dae-Il ; Kim, Min-Soo ; Jung, Hyun-Chul ; Noh, Bong-Nam ;
Journal of the Korea Institute of Information Security and Cryptology, volume 21, issue 3, 2011, Pages 37~44
Recently malicious activities that is a DDoS, spam, propagation of malware, steeling person information, phishing on the Internet are related malicious botnet. To detect malicious botnet, Many researchers study a detection system for malicious botnet, but these applies specific protocol, action or attack based botnet. In this reason, we study a selection of measurement to detec malicious botnet in this paper. we collect a traffic of malicious botnet and analyze it for feature of network traffic. And we select a feature based measurement. we expect to help a detection of malicious botnet through this study.
Detect H1TP Tunnels Using Support Vector Machines
He, Dengke ; Nyang, Dae-Hun ; Lee, Kyung-Hee ;
Journal of the Korea Institute of Information Security and Cryptology, volume 21, issue 3, 2011, Pages 45~56
Hyper Text Transfer Protocol(HTTP) is widely used in nearly every network when people access web pages, therefore HTTP traffic is usually allowed by local security policies to pass though firewalls and other gateway security devices without examination. However this characteristic can be used by malicious people. With the help of HTTP tunnel applications, malicious people can transmit data within HTTP in order to circumvent local security policies. Thus it is quite important to distinguish between regular HTTP traffic and tunneled HTTP traffic. Our work of HTTP tunnel detection is based on Support Vector Machines. The experimental results show the high accuracy of HTTP tunnel detection. Moreover, being trained once, our work of HTTP tunnel detection can be applied to other places without training any more.
A WLAN Pre-Authentication Scheme Based on Fast Channel Switching for 3G-WLAN Interworking
Baek, Jae-Jong ; Kim, Hyo-Jin ; Song, Joo-Seok ;
Journal of the Korea Institute of Information Security and Cryptology, volume 21, issue 3, 2011, Pages 57~66
The current trend of the handover authentication delay time is gradually increased according to the interworking between 3G cellular network and WLANs. Therefore, authentication mechanism minimized in delay is required to perform the seamless handover and support the inter-subnet and inter-domain handover. In this paper, we propose a novel pre-authentication scheme based on the fast channel switching which directly performs the authentication with the next access point in advance. In addition, the proposed scheme is efficient in the inter-domain handover and can be easily implemented in current WLANs since it just modifies the client side of user. To analysis and evaluate our scheme, we compare the packet loss ratio and the delay time with the two standard 802.11 authentication schemes. The analytical results show that our scheme is approximate 10 times more effective than the standard schemes in packet loss and the delay time is minimized down to 0.16 msec.
An Architecture of a Dynamic Cyber Attack Tree: Attributes Approach
Eom, Jung-Ho ;
Journal of the Korea Institute of Information Security and Cryptology, volume 21, issue 3, 2011, Pages 67~74
In this paper, we presented a dynamic cyber attack tree which can describe an attack scenario flexibly for an active cyber attack model could be detected complex and transformed attack method. An attack tree provides a formal and methodical route of describing the security safeguard on varying attacks against network system. The existent attack tree can describe attack scenario as using vertex, edge and composition. But an attack tree has the limitations to express complex and new attack due to the restriction of attack tree's attributes. We solved the limitations of the existent attack tree as adding an threat occurrence probability and 2 components of composition in the attributes. Firstly, we improved the flexibility to describe complex and transformed attack method, and reduced the ambiguity of attack sequence, as reinforcing composition. And we can identify the risk level of attack at each attack phase from child node to parent node as adding an threat occurrence probability.
Fast Group Rekeying Scheme for Secure Multicast in Wireless Sensor Networks
NamGoong, Wan ; Cho, Kwan-Tae ; Lee, Dong-Hoon ;
Journal of the Korea Institute of Information Security and Cryptology, volume 21, issue 3, 2011, Pages 75~88
Messages need to transmit to the neighbors securely in wireless sensor network, because a sensor node is deployed in hostile area. Thus it is necessary to support secure communication. One of the most important communication part is secure multicast. Especially, group rekeying is a big problem for multicast key management. So, group rekeying must be proceed securely when secrete information is exposed by attacker. Many group rekeying schemes have been studied for ad hoc networks. However, these schemes are Ill1desirable in WSNs. In this paper, we proposed a novel group rekeying scheme in WSNs that it has very powerful security.
A Study on Minimizing Infection of Web-based Malware through Distributed & Dynamic Detection Method of Malicious Websites
Shin, Hwa-Su ; Moon, Jong-Sub ;
Journal of the Korea Institute of Information Security and Cryptology, volume 21, issue 3, 2011, Pages 89~100
As the Internet usage with web browser is more increasing, the web-based malware which is distributed in websites is going to more serious problem than ever. The central type malicious website detection method based on crawling has the problem that the cost of detection is increasing geometrically if the crawling level is lowered more. In this paper, we proposed a security tool based on web browser which can detect the malicious web pages dynamically and support user's safe web browsing by stopping navigation to a certain malicious URL injected to those web pages. By applying these tools with many distributed web browser users, all those users get to participate in malicious website detection and feedback. As a result, we can detect the lower link level of websites distributed and dynamically.
Study for Tracing Zombie PCS and Botnet Using an Email Spam Trap
Jeong, Hyun-Cheol ; Kim, Huy-Kang ; Lee, Sang-Jin ; Oh, Joo-Hyung ;
Journal of the Korea Institute of Information Security and Cryptology, volume 21, issue 3, 2011, Pages 101~115
A botnet is a huge network of hacked zombie PCs. Recognizing the fact that the majority of email spam is sent out by botnets, a system that is capable of detecting botnets and zombie PCS will be designed in this study by analyzing email spam. In this study, spam data collected in "an email spam trail system", Korea's national spam collection system, were used for analysis. In this study, we classified the spam groups by the URLs or attached files, and we measured how much the group has the characteristics of botnet and how much the IPs have the characteristics of zombie PC. Through the simulation result in this study, we could extract 16,030 zombie suspected PCs for one hours and it was verified that email spam can provide considerably useful information in tracing zombie PCs.
A Study on the policy counterplan of Cross Border Financial Information Transfer according to FTA
Lee, Jung-Hun ; Park, Seok-Hoon ; Lim, Jong-In ;
Journal of the Korea Institute of Information Security and Cryptology, volume 21, issue 3, 2011, Pages 117~130
In a situation where worldwide free trade between countries has expanded recently, our country is being rapidly pushed FTA agreements with the financial developed countries such as United States, EU. According to the agreement, the user information of foreign financial companies in Korea is expected to be transfered overseas. In this paper, we need to define the scope and the definition about the transfer of information and analyze the relating domestic and foreign laws preparing for Cross Border Financial Information Transfer. Also, we review the expected issues about the transfer of information divided into institutional and technical sectors and arc presented the policy implication such as differentiation of regulatory information, enactment and amendment of Personal Information Protection Law(Draft) and related regulations, ensuring the safety of financial companies, raise the standard guidelines of the transfer of information. We refers to the needs for policy formulation to differentiate our privacy information from financial information to protect the privacy of users. The proposed countermeasures in this paper is expected to be helpful the measures to prepare for other institutions such as banks and supervisory authorities prepare for the future Cross Border Financial Information Transfer according to PTA.
A Study on Contents Sharing Mechanism based on Proxy Re-Encryption Scheme using the Smart Card
Park, Seung-Hwan ; Koo, Woo-Kwon ; Kim, Ki-Tak ; Mun, Hye-Ran ; Lee, Dong-Hoon ;
Journal of the Korea Institute of Information Security and Cryptology, volume 21, issue 3, 2011, Pages 131~141
OMA(Open Mobile Alliance) is one of the most active group about DRM technology in mobile device field. OMA announced an OMA-DRM v 2.1 standardization in 2007. After then OMA announced OMA-SRM(Secure Removable Media) and SCE(Secure Contents Exchanges) that are the extension of OMA-DRM v2.1. In SCE, a user can form user domain to share contents and rights. So the user can share contents and rights with not only the the OMA-DRM v2.1 but also home devices like mobile phones, personal computers and audios. In this paper, we analyze a sharing technology of OMA-DRM and SCE, and then propose key distribution method using proxy re-encryption and smart card to use shared contents and rights.
The Method of Recovery for Deleted Record in the Unallocated Space of SQLite Database
Jeon, Sang-Jun ; Byun, Keun-Duck ; Bang, Je-Wan ; Lee, Guen-Gi ; Lee, Sang-Jin ;
Journal of the Korea Institute of Information Security and Cryptology, volume 21, issue 3, 2011, Pages 143~154
SQLite is a small sized database engine largely used in embedded devices and local application software. The availability of portable devices, such as smartphones, has been extended over the recent years and has contributed to growing adaptation of SQLite. This implies a high likelihood of digital evidences acquired during forensic investigations to include SQLite database files. Where intentional deletion of sensitive data can be made by a suspect, forensic investigators need to recover deleted records in SQLite at the best possible. This study analyzes data management rules used by SQLite and the structure of deleted data in the system, and in turn suggests a recovery Tool of deleted data. Further, the study examines major SQLite suited software as it validates feasible possibility of deleted data recovery.
A Study on Notary System for Web Postings Digital Evidences
Kim, Ah-Reum ; Kim, Yeog ; Lee, Sang-Jin ;
Journal of the Korea Institute of Information Security and Cryptology, volume 21, issue 3, 2011, Pages 155~163
Rumor or abusive web postings in internet has become a social issue. Web postings may be proposed on evidence in form of a screenshot in libel suit, but a screenshot can be easily modified by computer programs. A person can make ill use of the screenshot which is modified deliberately original contents to opposite meaning in a lawsuit. That makes an innocent person to be punished because it can have difficulties to verify despite analyzing the server data. A screenshot of web postings is likely to fail to prove its authenticity and it is not able to reflect the fact. If notarization for web postings is offered, clear and convincing evidence can be submitted in a court. So, related techniques and policies should be established In this paper, we propose some technical and legal conditions and design for notarization and archive system of web postings for litigation.
Reliability Verification of Evidence Analysis Tools for Digital Forensics
Lee, Tae-Rim ; Shin, Sang-Uk ;
Journal of the Korea Institute of Information Security and Cryptology, volume 21, issue 3, 2011, Pages 165~176
In this paper, we examine the reliability verification procedure of evidence analysis tools for computer forensics and test the famous tools for their functional requirements using the verification items proposed by standard document, TIAK.KO-12.0112. Also, we carry out performance evaluation based on test results and suggest the way of performance improvement for evidence analysis tools. To achieve this, we first investigate functions that test subjects can perform, and then we set up a specific test plan and create evidence image files which contain the contents of a verification items. We finally verify and analyze the test results. In this process, we can discover some weaknesses of most of analysis tools, such as the restoration for deleted & fragmented files, the identification of the file format which is widely used in the country and the processing of the strings composed of Korean alphabet.
Analysis on a New Intrinsic Vulnerability to Keyboard Security
Lee, Kyung-Roul ; Yim, Kang-Bin ;
Journal of the Korea Institute of Information Security and Cryptology, volume 21, issue 3, 2011, Pages 177~182
This paper introduces a possibility for attackers to acquire the keyboard scan codes through using the RESEND command provided by the keyboard hardware itself, based on the PS/2 interface that is a dominant interface for input devices. Accordingly, a keyboard sniffing program using the introduced vulnerability is implemented to prove the severeness of the vulnerability, which shows that user passwords can be easily exposed. As one of the intrinsic vulnerabilities found on the existing platforms, for which there were little considerations on the security problems when they were designed, it is required to consider a hardware approach to countermeasure the introduced vulnerability.
Encryption of MPEG using Error Propagation by a Receiver
Jeong, Seo-Hyun ; Lee, Sung-Ju ; Chung, Young-Wha ; Kim, Sang-Chun ; Min, Byoung-Ki ;
Journal of the Korea Institute of Information Security and Cryptology, volume 21, issue 3, 2011, Pages 183~188
According to increased multimedia data(i.e., MPEG video stream) in mobile application, protecting data becomes an important problem in the multimedia data delivery. SECMPEG is a selective encryption approach for protecting multimedia data. However, the computational overhead of SECMPEG's security level 3 is quite large because it encrypts the whole I-frames whose size is relatively larger than P/B-frames. Therefore, we need to analyze the characteristics of MPEG2 standard and derive an effective encryption of the I-frames. In this paper, we propose a slice-level, selective encryption approach by using the error-propagation characteristics of I-frames by a receiver. Our experimental results show that the proposed approach can reduce the execution time of SECMPEG's security level 3 by a factor of 30 without degradation of the security.