Go to the main menu
Skip to content
Go to bottom
REFERENCE LINKING PLATFORM OF KOREA S&T JOURNALS
> Journal Vol & Issue
Journal of the Korea Institute of Information Security and Cryptology
Journal Basic Information
Journal DOI :
Korea Institutes of Information Security and Cryptology
Editor in Chief :
Volume & Issues
Volume 21, Issue 6 - Dec 2011
Volume 21, Issue 5 - Oct 2011
Volume 21, Issue 4 - Aug 2011
Volume 21, Issue 3 - Jun 2011
Volume 21, Issue 2 - Apr 2011
Volume 21, Issue 1 - Feb 2011
Selecting the target year
Public Key Encryption with Equality Test with Designated Tester
Lee, Young-Min ; Koo, Woo-Kwon ; Rhee, Hyun-Sook ; Lee, Dong-Hoon ;
Journal of the Korea Institute of Information Security and Cryptology, volume 21, issue 5, 2011, Pages 3~13
In 2004, Boneh et.al. proposed a public key encryption with keyword search (PEKS) scheme which enables a server to test whether a keyword used in generating a ciphertext by a sender is identical to a keyword used in generating a query by a receiver or not. Yang et. al. proposed a probabilistic public key encryption with equality test (PEET) scheme which enables to test whether one message of ciphertext generated by one public key is identical to the other message generated by the other public key or not. If the message is replaced to a keyword, PEET is not secure against keyword guessing attacks and does not satisfy IND-CP A security which is generally considered in searchable encryption schemes. In this paper, we propose a public key encryption with equality test with designated tester (dPEET) which is secure against keyword guessing attacks and achieves IND-CPA security.
Differential Fault Analysis on Block Cipher ARIA-128
Park, Se-Hyun ; Jeong, Ki-Tae ; Lee, Yu-Seop ; Sung, Jae-Chul ; Hong, Seok-Hie ;
Journal of the Korea Institute of Information Security and Cryptology, volume 21, issue 5, 2011, Pages 15~25
A differential fault analysis(DFA) is one of the most important side channel attacks on block ciphers. Most block ciphers, such as DES, AES, ARIA, SEED and so on., have been analysed by this attack. In 2008, Wei et al. proposed the first DFA on ARIA-128. Their attack can recover the 128-bit secrey key by about 45 faulty ciphertexts. In this paper, we propose an improved DFA on ARIA-128. We can recover the 12S-bit secret key by only 4 faulty ciphertexts with the computational complexity of O(
A Key Recovery Attack on HMAC using Fault Injection Attack
Jeong, Ki-Tae ; Lee, Yu-Seop ; Sung, Jae-Chul ; Hong, Seok-Hie ;
Journal of the Korea Institute of Information Security and Cryptology, volume 21, issue 5, 2011, Pages 27~33
At FDTC'05 and CISC-W'10, the authors showed that if they decrease the number of rounds of AES and Triple-DES by using the fault injections, it is possible to recover the secret key of the target algorithms, respectively. In this paper, we propose a key recovery attack on HMAC by using the main idea of these attacks. This attack is applicable to HMAC based on MD-family hash functions and can recover the secret key with the negligible computational complexity. Particularly, the attack result on HMAC-SHA-2 is the first known key recovery attack result on this algorithm.
Correlation Power Analysis Attacks on the Software based Salsa20/12 Stream Cipher
Park, Young-Goo ; Bae, Ki-Seok ; Moon, Sang-Jae ; Lee, Hoon-Jae ; Ha, Jae-Cheul ; Ahn, Mahn-Ki ;
Journal of the Korea Institute of Information Security and Cryptology, volume 21, issue 5, 2011, Pages 35~45
The Salsa20/12 stream cipher selected for the final eSTREAM portfolio has a better performance than software implementation of AES using an 8-bit microprocessor with restricted memory space, In the theoretical approach, the evaluation of exploitable timing vulnerability was 'none' and the complexity of side-channel analysis was 'low', but there is no literature of the practical result of power analysis attack. Thus we propose the correlation power analysis attack method and prove the feasibility of our proposed method by practical experiments, We used an 8-bit RISC AVR microprocessor (ATmegal128L chip) to implement Salsa20/12 stream cipher without any countermeasures, and performed the experiments of power analysis based on Hamming weight model.
Efficient implementation of AES CTR Mode for a Mobile Environment
Park, Jin-Hyung ; Paik, Jung-Ha ; Lee, Dong-Hoon ;
Journal of the Korea Institute of Information Security and Cryptology, volume 21, issue 5, 2011, Pages 47~58
Recently, there are several technologies for protecting information in the lightweight device, One of them, the AES algorithm and CRT mode, is used for numerous services(e,g, OMA DRM, VoIP, IPTV) as encryption technique for preserving confidentiality. Although it is possible that the AES algorithm CRT mode can parallel process transmitting data, IPTV Set-top Box or Mobile Device that uses these streaming service has limited computation-ability. So optimizing crypto algorithm and enhancing its efficiency for those environment have become an important issue. In this paper, we propose implementation method that can improve efficiency of the AES-CRT Mode by improving algorithm logics. Moreover, we prove the performance of our proposal on the mobile device which has limited capability.
Three Phase Dynamic Current Mode Logic against Power Analysis Attack
Kim, Hyun-Min ; Kim, Hee-Seok ; Hong, Seok-Hee ;
Journal of the Korea Institute of Information Security and Cryptology, volume 21, issue 5, 2011, Pages 59~69
Since power analysis attack which uses a characteristic that power consumed by crypto device depends on processed data has been proposed, many logics that can block these correlation originally have been developed. DRP logic has been adopted by most of logics maintains power consumption balanced and reduces correlation between processed data and power consumption. However, semi-custom design is necessary because recently design circuits become more complex than before. This design method causes unbalanced design pattern that makes DRP logic consumes unbalanced power consumption which is vulnerable to power analysis attack. In this paper, we have developed new logic style which adds another discharge phase to discharge two output nodes at the same time based on DyCML to remove this unbalanced power consumption. Also, we simulated 1bit fulladder to compare proposed logic with other logics to prove improved performance. As a result, proposed logic is improved NED and NSD to 60% and power consumption reduces about 55% than any other logics.
Hash-based Authentication Protocol for RFID Applicable to Desynchronization between the Server and Tag with efficient searching method
Kwon, Hye-Jin ; Kim, Hae-Mun ; Jeong, Seon-Yeong ; Kim, Soon-Ja ;
Journal of the Korea Institute of Information Security and Cryptology, volume 21, issue 5, 2011, Pages 71~82
The RFID system provides undeniable advantages so that it is used for various application. However recent RFID system is vulnerable to some attacks as eavesdropping, replay attack, message hijacking, and tag tampering, because the messages are transmitted through the wireless channel and the tags are cheap. Above attacks cause the tag and reader impersonation, denial of service by invalidating tag, and the location tracking concerning bearer of tags, A lot of RFID authentication protocol bas been proposed to solve the vulnerability. Since Weis, Sanna, Rivest, and Engel, proposed the bash-based RFID authentication protocol, many researchers have improved hash-based authentication protocol and recent bash-based authentication protocols provide security and desirable privacy. However, it remains open problem to reduce the tag identification time as long as privacy and security are still guaranteed. Here we propose a new protocol in which the tags generate the message depending on the state of previous communitions between tag and reader. In consequence, our protocol allows a server to identify a tag in a reasonable amount of time while ensuring security and privacy, To be specific, we reduced the time for the server to identify a tag when the last session finished abnormally by at least 50% compared with other bash-based schemes that ensure levels of security and privacy similar to ours.
Practical and Secure Yoking-Proof Protocol for RFID
Ham, Hyoung-Min ; Song, Joo-Seok ;
Journal of the Korea Institute of Information Security and Cryptology, volume 21, issue 5, 2011, Pages 83~94
Yoking proof is a concept proposed by A. Juels in 2004. It proves that a pair of tags are scanned simultaneously by one reader. After the first yoking proof protocol is proposed by A. Juels, replay attack vulnerabilities of yoking proof are considered and many other yoking proof schemes are proposed to improve it. However, compared with the first yoking proof scheme which emphasizes protocol efficiency due to the limited performance of tags, other yoking proof protocols need more computing power and storage of the tags. We propose two security protocols that consider both the general condition and limited performance of tags. The proposed scheme can protect the tags from replay attack and Brute-force attack as well. Moreover, many pairs of tags or several tag groups can be proved at the same time by executing the protocol only once.
A Study on Smart Grid and Cyber Security Strategy
Lee, Sang-Keun ;
Journal of the Korea Institute of Information Security and Cryptology, volume 21, issue 5, 2011, Pages 95~108
Smart Grids are intelligent next generating Electric Power System (EPS) that provide environment-friendliness, high-efficiency, and high-trustworthiness by integrating information and communication technology with electric power technology. Smart grids help to supply power more efficiently and safely than past systems by bilaterally exchanging information between the user and power producer. In addition, it alleviates environmental problems by using renewable energy resources. However, smart grids have many cyber security risks because of the bilateral service, the increase of small and medium-sized energy resources, and the installation of multi-sensors or control devices. These cyber risks can cause critical problems within a national grid through even small errors. Therefore, in order to reduce these risks, it is necessary to establish a cyber security strategy and apply it from the developmental stage to the implementation stage. This thesis analyzes and recommends security strategy in order to resolve the security risks. By applying cyber security strategy to a smart grid, it will provide a stepping-stone to creating a safe and dependable smart grid.
A Study on Roles of CERT and ISAC for enhancing the Security of Smart Mobile Office
Lee, Keun-Young ; Park, Tae-Hyoung ; Lim, Jong-In ;
Journal of the Korea Institute of Information Security and Cryptology, volume 21, issue 5, 2011, Pages 109~127
Mobile Office is a new type of working method in the workplace that can be used at any time or anywhere by connecting to the network with mobile devices. This allows people to do their jobs without their physical presence in their offices to use computers. The elements in mobile office environment are advancing. They include the widespread distribution of the smart phones, the network enhancing strategy in a ubiquitous environment and expansion of the wireless internet; however, there are not enough security guidelines or policies against these threats on the new environment, the mobile office, although there is the revitalization policy of smart work supported by the government. CERT and ISAC, the known security system as of now, could be used for the secure mobile office, In this paper, suggestions are to be provided for strengthening the security of smart mobile office by analysing the functions of CERT and ISAC.
A Study of Online User Identification Based on One-Time Password with Guaranteeing Unlinkability
Kim, Jung-Dong ; Cho, Kwan-Tae ; Lee, Dong-Hoon ;
Journal of the Korea Institute of Information Security and Cryptology, volume 21, issue 5, 2011, Pages 129~139
Recently by the privacy & data security law, when a user registers the online membership, we need to take action to check a progress of identification without resident registration number. On the most of websites, I-PIN is used by identification instead of the resident registration number. However, I-PIN causes dangerous situations if someone steals the ID and a password, the personal data can be easy to exposure. In this paper, we propose the OTP, which can solve all these problems by guaranteeing the identification of unlinkability. This type of method would help the process of membership registration without fixed data like ID and a password in online so it would be very useful to security of private data.
Profile Management System for Contact Information Privacy in Social Network Service
Youn, Taek-Young ; Hong, Do-Won ;
Journal of the Korea Institute of Information Security and Cryptology, volume 21, issue 5, 2011, Pages 141~148
Recently, various social network services have been grown. Among them, personal relationships based social network services such as Facebook and Twitter make a remarkable growth of industry. In such services, users' profiles are very important for establishing the relationship between two users. However some information in a user's profile causes the leakage of the user's privacy, and thus we have to deal with the information in the profile. Especially, we have to treat contact information, such as the phone number and the e-mail address, very carefully since an adversary can use the information to violate the user's privacy in real life. In this paper, we propose two profile management systems that can enhance the privacy of users in social network services. We compare our systems with existing profile management techniques in well-known social network services such as Facebook and Twitter, and show that our systems provide enhanced privacy.
A study on the algorithms to achieve the data privacy based on some anonymity measures
Kang, Ju-Sung ; Kang, Jin-Young ; Yi, Ok-Yeon ; Hong, Do-Won ;
Journal of the Korea Institute of Information Security and Cryptology, volume 21, issue 5, 2011, Pages 149~160
Technique based on the notions of anonymity is one of several ways to achieve the goal of privacy and it transforms the original data into the micro data by some group based methods. The first notion of group based method is
-anonymity, and it is enhanced by the notions of
-diversity and t-closeness. Since there is the natural tradeoff between privacy and data utility, the development of practical anonymization algorithms is not a simple work and there is still no noticeable algorithm which achieves some combined anonymity conditions. In this paper, we provides a comparative analysis of previous anonymity and accuracy measures. Moreover we propose an algorithm to achieve
-diversity by the block merging method from a micro-data achieving
An Enhanced Forward Security on JK-RFID Authentication Protocol
Jeon, Dong-Ho ; Choi, Seoung-Un ; Kim, Soon-Ja ;
Journal of the Korea Institute of Information Security and Cryptology, volume 21, issue 5, 2011, Pages 161~168
In 2009, Jeon et al proposed the lightweight strong authentication and strong privacy protocol, where the tag requrires only simple bitwise operations and random number generator. JK-RFID authentication protocol provides strong security: eavesdropping, replay, spoofing, Location tracking, DoS attack and forward security. Nevertheless, this paper points out the vulnerability of the forward security and improve the process of key updating. As a result, proposes an enhanced JK-RFID authentication protocol providing forward security and verify its satisfaction. In addition, a security and an efficiency of the proposed scheme analyze. Since partial adjustments of the key updating operation in JK-RFID authentication protocol, our protocol improve the forward security.
A Framework and Guidelines for Personal Data Breach Notification Act
Lee, Chung-Hun ; Ko, Yu-Mi ; Kim, Beom-Soo ;
Journal of the Korea Institute of Information Security and Cryptology, volume 21, issue 5, 2011, Pages 169~179
Recent personal data breach incidences draw the public's attention to their privacy and personal rights. The new personal data protection law effective in September 2009 imposes additional legal responsibility on personal data controllers and processors. For instance, if a data breach occurs, this new law requires that the processors must notify individuals (data subjects) and data protection authorities of the nature of incidents. This research reviews the U.S. forty six state laws and related acts, and offers a framework for managing incidents. This framework includes five major components: (1) type of personal data required to be reported and notified, (2) the ultimate subject notifying data subjects, (3) event occurrence and notification time phases, (4) notification message details, and (5) direct/indirect communication media. Along with this framework, we also offer directions for effective/manageable guidelines on data breach notification act.
Anonymous Qualification Verifying Method on Web Environment
Lee, Yun-Kyung ; Hwang, Jung-Yeon ; Chung, Byung-Ho ; Kim, Jeong-Nyeo ;
Journal of the Korea Institute of Information Security and Cryptology, volume 21, issue 5, 2011, Pages 181~195
There's a controversy about an invasion of privacy which includes a leakage of private information and linking of user's behavior on internet. Although many solutions for this problem are proposed, we think anonymous authentication, authorization, and payment mechanism is the best solution for this problem. In this paper, we propose an effective anonymity-based method that achieves not only authentication but also authorization. Our proposed method uses anonymous qualification certificate and group signature method as an underlying primitive, and combines anonymous authentication and qualification information. An eligible user is legitimately issued a group member key pair through key issuing process and issued some qualification certificates anonymously, and then, he can take the safe and convenience web service which supplies anonymous authentication and authorization. The qualification certificate can be expanded according to application environment and it can be used as payment token.
A Study on Critical Success Factors for Implementing Governance of Personal Information Protection
Kim, Jung-Duk ; Hwang, Soo-Ha ;
Journal of the Korea Institute of Information Security and Cryptology, volume 21, issue 5, 2011, Pages 197~203
Personal information protection need to be addressed in terms of enterprise-wide and business issues, not just an information processing issue. Therefore, governance of personal information protection, which stress the importance of top management's roles aud responsibilities for personal information protection, has been noticed as an important agenda to resolve. The paper defines the concept of personal information protection governance and proposes the severn critical success factors (CSFs) for implementing the governance scheme. The proposed CSFs are tested in terms of feasibility and materiality by using the focus group interviews.