Go to the main menu
Skip to content
Go to bottom
REFERENCE LINKING PLATFORM OF KOREA S&T JOURNALS
> Journal Vol & Issue
Journal of the Korea Institute of Information Security and Cryptology
Journal Basic Information
Journal DOI :
Korea Institutes of Information Security and Cryptology
Editor in Chief :
Volume & Issues
Volume 22, Issue 6 - Dec 2012
Volume 22, Issue 5 - Oct 2012
Volume 22, Issue 4 - Aug 2012
Volume 22, Issue 3 - Jun 2012
Volume 22, Issue 2 - Apr 2012
Volume 22, Issue 1 - Feb 2012
Selecting the target year
A Fault Injection Attack on Stream Cipher A5/3
Jeong, Ki-Tae ; Lee, Yu-Seop ; Sung, Jae-Chul ; Hong, Seok-Hie ;
Journal of the Korea Institute of Information Security and Cryptology, volume 22, issue 1, 2012, Pages 3~10
In this paper, we propose a fault injection attack on stream cipher A5/3 used in GSM. The fault assumption of this attack is based on that of fault injection attacks proposed in FDTC'05 and CISC-W'10. This attack is applicable to A5/3 supporting 64/128-bit session key, respectively, and can recover the session key by using a small number of fault injections. These works are the first known key recovery attack results on A5/3.
The Fast and Secure Authentication Mechanism for Proxy Mobile IPv6
Park, Chang-Seop ; Kang, Hyun-Sun ;
Journal of the Korea Institute of Information Security and Cryptology, volume 22, issue 1, 2012, Pages 11~24
Without a proper protection mechanism for the signaling messages to be used for the mobility support in the Proxy Mobile IPv6 (PMIPv6), it is also vulnerable to several security attacks such as redirect attack, MITM (Man-In-The-Middle) attack, replay attack and DoS (Denial of Service) attack as in Mobile IPv6. In this paper, we point out some problems of previous authentication mechanisms associated with PMIPv6, and also propose a new fast and secure authentication mechanism applicable to PMIPv6. In addition, it is also shown that the proposed one is more efficient and secure than the previous ones.
Security Weaknesses of Handover Key Management in 3GPP LTE Network
Han, Chan-Kyu ; Choi, Hyoung-Kee ;
Journal of the Korea Institute of Information Security and Cryptology, volume 22, issue 1, 2012, Pages 25~31
LTE/SAE has presented the handover key management to revoke the compromised keys and to isolate corrupted network devices. In this paper, we identify that the handover key management is vulnerable to de-synchronization attacks, which is jeopardizing the forward secrecy of handover key management. Also, an adversary could prevent the UE from creating the secure link with eNodeB, which is delaying the handover procedure. In this paper, we present a counrermeasure to prevent above attacks, and analyze the performance issues of the proposed protocol.
Improved Differential Fault Analysis on Block Cipher PRESENT-80/128
Park, Se-Hyun ; Jeong, Ki-Tae ; Lee, Yu-Seop ; Sung, Jae-Chul ; Hong, Seok-Hie ;
Journal of the Korea Institute of Information Security and Cryptology, volume 22, issue 1, 2012, Pages 33~41
A differential fault analysis(DFA) is one of the most important side channel attacks on block ciphers. Most block ciphers, such as DES, AES, ARIA, SEED and so on., have been analysed by this attack. PRESENT is a 64-bit block cipher with 80/128-bit secret keys and has a 31-round SP-network. So far, several DFAs on PRESENT have been proposed. These attacks recovered 80, 128-bit secret keys of PRESENT with 8~64 fault injections. respectively. In this paper, we propose an improved DFA on PRESENT-80/128. Our attack can reduce the complexity of exhaustive search of PRESENT-80(resp. 128) to on average 1.7(resp.
) with 2(resp. 3) fault injections, From these results, our attack results are superior to known DFAs on PRESENT.
A Study of Key Pre-distribution Scheme in Hierarchical Sensor Networks
Choi, Dong-Min ; Shin, Jian ; Chung, Il-Yong ;
Journal of the Korea Institute of Information Security and Cryptology, volume 22, issue 1, 2012, Pages 43~56
Wireless sensor networks consist of numerous small-sized nodes equipped with limited computing power and storage as well as energy-limited disposable batteries. In this networks, nodes are deployed in a large given area and communicate with each other in short distances via wireless links. For energy efficient networks, dynamic clustering protocol is an effective technique to achieve prolonged network lifetime, scalability, and load balancing which are known as important requirements. this technique has a characteristic that sensing data which gathered by many nodes are aggregated by cluster head node. In the case of cluster head node is exposed by attacker, there is no guarantee of safe and stable network. Therefore, for secure communications in such a sensor network, it is important to be able to encrypt the messages transmitted by sensor nodes. Especially, cluster based sensor networks that are designed for energy efficient, strongly recommended suitable key management and authentication methods to guarantee optimal stability. To achieve secured network, we propose a key management scheme which is appropriate for hierarchical sensor networks. Proposed scheme is based on polynomial key pool pre-distribution scheme, and sustain a stable network through key authentication process.
Carving deleted voice data in mobile
Kim, Sang-Dae ; Byun, Keun-Duck ; Lee, Sang-Jin ;
Journal of the Korea Institute of Information Security and Cryptology, volume 22, issue 1, 2012, Pages 57~65
People leave voicemails or record phone conversations in their daily cell phone use. Sometimes important voice data is deleted by the user accidently, or purposely to cover up criminal activity. In these cases, deleted voice data must be able to be recovered for forensics, since the voice data can be used as evidence in a criminal case. Because cell phones store data that is easily fragmented in flash memory, voice data recovery is very difficult. However, if there are identifiable patterns for the deleted voice data, we can recover a significant amount of it by researching images of it. There are several types of voice data, such as QCP, AMR, MP4, etc.. This study researches the data recovery solutions for EVRC codec and AMR codec in QCP file, Qualcumm's voice data format in cell phone.
Research on Efficient Live Evidence Analysis System Based on User Activity Using Android Logging System
Hong, Il-Young ; Lee, Sang-Jin ;
Journal of the Korea Institute of Information Security and Cryptology, volume 22, issue 1, 2012, Pages 67~80
Recently as the number of smartphone user is growing rapidly, android is also getting more interest in digital forensic. However, there is not enough research on digital data acquisition and analysis based on android platform's unique characteristics so far. Android system stores all the related recent systemwide logs from the system components to applications in volatile memory, and therefore, the logs can potentially serve as important evidences. In this paper, we propose a digital data acquisition and analysis system for android which extracts meaningful information based on the correlation of android logs and user activities from a device at runtime. We also present an efficient search scheme to facilitate realtime analysis on site. Finally, we demonstrate how the proposed system can be used to reconstruct the sequence of user activities in a more intuitive manner, and show that the proposed search scheme can reduce overall search and analysis time approximately 10 times shorter than the normal regular search method.
A Study on the Multiplexing of a Communication Line for the Physical Load Balancing-Based Prevention of Infringement
Choi, Hee-Sik ; Seo, Woo-Seok ; Jun, Moon-Seog ;
Journal of the Korea Institute of Information Security and Cryptology, volume 22, issue 1, 2012, Pages 81~91
Presently in 2011, there are countless attacking tools oriented to invading security on the internet. And most of the tools are possible to conduct the actual invasion. Also, as the program sources attacking the weaknesses of PS3 were released in 2010 and also various sources for attacking agents and attacking tools such as Stuxnet Source Code were released in 2011, the part for defense has the greatest burden; however, it can be also a chance for the defensive part to suggest and develop methods to defense identical or similar patterned attacking by analyzing attacking sources. As a way to cope with such attacking, this study divides the network areas targeted for attack based on load balancing by the approach gateways and communication lines according to the defensive policies by attacking types and also suggests methods to multiply communication lines. The result of this paper will be provided as practical data to realize defensive policies based on high hardware performances through enhancing the price competitiveness of hardware infrastructure with 2010 as a start.
A Study of Stable Intrusion Detection for MANET
Yang, Hwan-Seok ; Yang, Jeong-Mo ;
Journal of the Korea Institute of Information Security and Cryptology, volume 22, issue 1, 2012, Pages 93~98
MANET composed of only moving nodes is concerned to core technology to construct ubiquitous computing environment. Also, it is a lack of security because of no middle infrastructure. So, it is necessary to intrusion detection system which can track malicious attack. In this study, cluster was used to stable intrusion detection, and rule about various attacks was defined to detect accurately attack that seems like network problem. Proposed method through experience was confirmed that stable detection rate was showed although number of nodes increase.
Privacy Leakage Monitoring System Design for Privacy Protection
Cho, Sung-Kyu ; Jun, Moon-Seog ;
Journal of the Korea Institute of Information Security and Cryptology, volume 22, issue 1, 2012, Pages 99~106
Numerous private corporations and public institutions are collecting personal information through the diverse methods for the purpose of sales, promotion and civil services, and using personal information for the profits of the organizations and services. However, due to immaturity of the technical, managerial measures and internal control for the collected personal information, the misuse, abuse and the leaks of personal information are emerged as major social issues, and the government also is promoting implementation of the act on the privacy protection by recognizing the importance of the personal information protection. This research describes on the measures to detect the anomaly by analyzing personal information treatment patterns managed by the organizations, and on the measures to coup with the leaks, misuse, and abuse of personal information. Particularly, this research is intended to suggest privacy leakage monitoring system design, which can be managed by making the elements related to personal information leaks to numeric core risk indexes to be measured objectively.
A Study on the Effective Countermeasures for Preventing Computer Security Incidents
Kang, Shin-Beom ; Lee, Sang-Jin ; Lim, Jong-In ;
Journal of the Korea Institute of Information Security and Cryptology, volume 22, issue 1, 2012, Pages 107~115
The level of information protection is relatively low, in comparison with the informatisation in this country. The budget for information protection is also quite marginal at 5% of the entire information-related policy budget. The passive information protection practices by companies, which focus more on the aftermaths, lead to repeated expenses for risk management. The responses to the violation of information protection should be changed from the current aftermaths-oriented focus to prevention and early detection of possible violations. We should also realize that the response to a violation of protected information is not a responsibility of an individual but a joint responsibility of the nation and the industry. South Korea has been working towards to building a systematic foundation since 2004 when guidelines were announced regarding the information protection policy and the safety diagnosis. The current level of safety policies cannot provide a perfect protection against actual violation cases in administrative, technological and physical ways. This research evaluates the level of prevention that the current systematic protection policy offers, and discusses its limitation and possible ways for improvement. It also recommends a list effective measures for protection against information violation that companies can employ to maintain the actual target safety level.
An Efficient Mixnet for Electronic Voting Systems
Jeon, Woong-Ryul ; Kim, Jee-Yeon ; Lee, Young-Sook ; Won, Dong-Ho ;
Journal of the Korea Institute of Information Security and Cryptology, volume 22, issue 1, 2012, Pages 117~130
Recently, smartphone has being most popular mobile device in mobile market, not around the world, but in domestic. In Korea, there are about 710 million people are using smartphone in 2010, and it is expected that about 1 billion people will use smartphone in next year. However, with exponential growth of smartphone, several security issues come to the fore. Because, the smartphone store various private information to provide user customized services, smartphone security can be regarded most critical issues than security of other devices. However, leak of awareness for security may cause many security accidents in present. Therefore, in this paper, we analyze security features of smartphone and propose a protection profile based on Common Criteria v3.1. Our work can be distributed for developer and user of smartphone to estimate security of smartphone.
A Cloud Storage Gateway to Guarantee the Confidentiality of User Data
Kim, Hong-Sung ; Kim, Hyong-Shik ;
Journal of the Korea Institute of Information Security and Cryptology, volume 22, issue 1, 2012, Pages 131~139
The cloud storage has the client lend and use the device as a form of service rather than owning it, and thus the client pays the charge for the service that he or she actually uses, making it beneficial over the self-managed data center. When the storage service is provided on public cloud, however, the clients does not have any control over the user data, which brings a problem of violating data confidentiality. In this paper, we propose a gateway that works between the public cloud and the client for the purpose of guaranteeing the confidentiality of user data stored in cloud. The gateway encrypts or decrypts, and then delivers the user data without the client's intervention. In addition, it provides the function of exchanging keys to allow the client to access through another gateway. The proposed idea has been tested on a commercial public cloud and verified to satisfy security and compatibility.
A Study on Operating the IaaS Cloud Computing in view of Integrated Security Management System
Choi, Ju-Young ; Park, Choon-Sik ; Kim, Myuhng-Joo ;
Journal of the Korea Institute of Information Security and Cryptology, volume 22, issue 1, 2012, Pages 141~153
In the recent years, various researches on the use cases of the cloud computing service have been achieved for its standardization. Notwithstanding, we need more additory effort to refine the operating mechanisms on the cloud computing environment. In this paper, we suggest an operating mechanism on IaaS cloud computing environment that is related to the integrated security management system. By using CloudStack 2.2.4 toolkit, we have built a test-bed for IaaS cloud computing service i.e., SWU-IaaS cloud computing environment. Through operating this hierarchical SWU-IaaS cloud computing environment, we have derived the attributes and the methods of its components. Its scenarios can be described in case of both normal state and abnormal state. At the end, a special scenario has been described when it receives a security event from the integrated security management system.
Information Security Management System on Cloud Computing Service
Shin, Kyoung-A ; Lee, Sang-Jin ;
Journal of the Korea Institute of Information Security and Cryptology, volume 22, issue 1, 2012, Pages 155~167
Cloud computing service is a next generation IT service which has pay-per-use billing model and supports elastically provisioning IT infra according to user demand. However it has many potential threats originating from outsourcing/supporting service structure that customers 'outsource' their own data and provider 'supports' infra, platform, application services, the complexity of applied technology, resource sharing and compliance with a law, etc. In activation of Cloud service, we need objective assessment standard to ensure safety and reliability which is one of the biggest obstacles to adopt cloud service. So far information security management system has been used as a security standard for a security management and IT operation within an organization. As for Cloud computing service it needs new security management and assessment different from those of the existing in-house IT environment. In this paper, to make a Information Security Management System considering cloud characteristics key components from threat management system are drawn and all control domain of existing information security management system as a control components are included. Especially we designed service security management to support service usage in an on-line self service environment and service contract and business status.