Go to the main menu
Skip to content
Go to bottom
REFERENCE LINKING PLATFORM OF KOREA S&T JOURNALS
> Journal Vol & Issue
Journal of the Korea Institute of Information Security and Cryptology
Journal Basic Information
Journal DOI :
Korea Institutes of Information Security and Cryptology
Editor in Chief :
Volume & Issues
Volume 22, Issue 6 - Dec 2012
Volume 22, Issue 5 - Oct 2012
Volume 22, Issue 4 - Aug 2012
Volume 22, Issue 3 - Jun 2012
Volume 22, Issue 2 - Apr 2012
Volume 22, Issue 1 - Feb 2012
Selecting the target year
An Improved Round Reduction Attack on Triple DES Using Fault Injection in Loop Statement
Choi, Doo-Sik ; Oh, Doo-Hwan ; Park, Jeong-Soo ; Ha, Jae-Cheol ;
Journal of the Korea Institute of Information Security and Cryptology, volume 22, issue 4, 2012, Pages 709~717
The round reduction on block cipher is a fault injection attack in which an attacker inserts temporary errors in cryptographic devices and extracts a secret key by reducing the number of operational round. In this paper, we proposed an improved round reduction method to retrieve master keys by injecting a fault during operation of loop statement in the Triple DES. Using laser fault injection experiment, we also verified that the proposed attack could be applied to a pure microprocessor ATmega 128 chip in which the Triple DES algorithm was implemented. Compared with previous attack method which is required 9 faulty-correct cipher text pairs and some exhaustive searches, the proposed one could extract three 56-bit secret keys with just 5 faulty cipher texts.
Network Forensic Evidence Generation and Verification Scheme
Kim, Hyung-Seok ; Kim, Eun-Jin ; Kim, Huy-Kang ;
Journal of the Korea Institute of Information Security and Cryptology, volume 22, issue 4, 2012, Pages 719~731
One of the most important point in the Internet crime investigation is tracing back and pointing out a criminal host. However, criminals can forge a crime record stored in the crime host, or can utilize malicious applications in order not to leave a crime record. In addition, criminals can change the source IP address of a crime host and deny their involvement. In this study, we suggests the Network Forensic Evidence Generation and Verification Scheme (NFEGVS) to rectify the current limitation of Network Forensic technologies. This scheme can prove who and when the crime has occurred. In addition, this prevents leaking of symmetric key for guaranteeing certification and integrity of Forensic Evidence by proposing the Timestamp Secret Key Distribution Scheme, and minimizes performance degradation of router when generating forensic evidence with the Flow-Based Selection Scheme. In this paper, we implement the proposed scheme and evaluate overall performance of the proposed system.
The Conversion method from ID-based Encryption to ID-based Dynamic Threshold Encryption
Kim, Mi-Lyoung ; Kim, Hyo-Seung ; Son, Young-Dong ; Lee, Dong-Hoon ;
Journal of the Korea Institute of Information Security and Cryptology, volume 22, issue 4, 2012, Pages 733~744
Dynamic threshold public-key encryption provides dynamic setting of the group of all users, receivers and the threshold value. Over recent years, there are many studies on the construction of scheme, called ID-based dynamic threshold encryption, which combines the ID-based encryption with dynamic threshold encryption. In this paper, we analyze the ID-based dynamic threshold encryption proposed by Xing and Xu in 2011, and show that their scheme has a structural problem. We propose a conversion method from ID-based encryption which uses the bilinear map to ID-based dynamic threshold encryption. Additionally, we prove this converted scheme has CPA security under the full model.
Secure Key Distribution Protocol for ZigBee Wireless Sensor Network
Oh, Su-Min ; Choi, Soo-Kyeong ; Kwon, Ye-Jin ; Park, Chang-Seop ;
Journal of the Korea Institute of Information Security and Cryptology, volume 22, issue 4, 2012, Pages 745~759
It is shown in this paper that Yuksel-Nielson's key distribution scheme is not secure against key de-synchronization attack even though their scheme supplement ZigBee-2007 specification's security problems. Furthermore, a new key distribution scheme is proposed, which is the one to fix the security weakness of Yuksel-Nielson's scheme, as well as its security and performance analysis to verify its effectiveness.
On the Security of Image-based CAPTCHA using Multi-image Composition
Byun, Je-Sung ; Kang, Jeon-Il ; Nyang, Dae-Hun ; Lee, Kyung-Hee ;
Journal of the Korea Institute of Information Security and Cryptology, volume 22, issue 4, 2012, Pages 761~770
CAPTCHAs(Completely Automated Public Turing tests to tell Computer and Human Apart) have been widely used for preventing the automated attacks such as spam mails, DDoS attacks, etc.. In the early stages, the text-based CAPTCHAs that were made by distorting random characters were mainly used for frustrating automated-bots. Many researches, however, showed that the text-based CAPTCHAs were breakable via AI or image processing techniques. Due to the reason, the image-based CAPTCHAs, which employ images instead of texts, have been considered and suggested. In many image-based CAPTCHAs, however, the huge number of source images are required to guarantee a fair level of security. In 2008, Kang et al. suggested a new image-based CAPTCHA that uses test images made by composing multiple source images, to reduce the number of source images while it guarantees the security level. In their paper, the authors showed the convenience of their CAPTCHA in use through the use study, but they did not verify its security level. In this paper, we verify the security of the image-based CAPTCHA suggested by Kang et al. by performing several attacks in various scenarios and consider other possible attacks that can happen in the real world.
Video Data Collection Scheme From Vehicle Black Box Using Time and Location Information for Public Safety
Choi, Jae-Duck ; Chae, Kang-Suk ; Jung, Sou-Hwan ;
Journal of the Korea Institute of Information Security and Cryptology, volume 22, issue 4, 2012, Pages 771~783
This paper proposes a scheme to collect video data of the vehicle black box in order to strengthen the public safety. The existing schemes, such as surveillance system with the fixed CCTV and car black box, have privacy issues, network traffic overhead and the storage space problems because all video data are sent to the central server. In this paper, the central server only collects the video data related to the accident or the criminal offense using the GPS information and time in order to investigation of the accident or the criminal offense. The proposed scheme addresses the privacy issues and reduces network traffic overhead and the storage space of the central server since the central server collects the video data only related to the accident and the criminal offense. The implementation and experiment shows that our service is feasible. The proposed service can be used as a component of remote surveillance system to prevent the criminal offense and to investigate the criminal offense.
Malicious Code Detection using the Effective Preprocessing Method Based on Native API
Bae, Seong-Jae ; Cho, Jae-Ik ; Shon, Tae-Shik ; Moon, Jong-Sub ;
Journal of the Korea Institute of Information Security and Cryptology, volume 22, issue 4, 2012, Pages 785~796
In this paper, we propose an effective Behavior-based detection technique using the frequency of system calls to detect malicious code, when the number of training data is fewer than the number of properties on system calls. In this study, we collect the Native APIs which are Windows kernel data generated by running program code. Then we adopt the normalized freqeuncy of Native APIs as the basic properties. In addition, the basic properties are transformed to new properties by GLDA(Generalized Linear Discriminant Analysis) that is an effective method to discriminate between malicious code and normal code, although the number of training data is fewer than the number of properties. To detect the malicious code, kNN(k-Nearest Neighbor) classification, one of the bayesian classification technique, was used in this paper. We compared the proposed detection method with the other methods on collected Native APIs to verify efficiency of proposed method. It is presented that proposed detection method has a lower false positive rate than other methods on the threshold value when detection rate is 100%.
Decision Support System to Detect Unauthorized Access in Smart Work Environment
Lee, Jae-Ho ; Lee, Dong-Hoon ; Kim, Huy-Kang ;
Journal of the Korea Institute of Information Security and Cryptology, volume 22, issue 4, 2012, Pages 797~808
In smart work environment, a company provides employees a flexible work environment for tele-working using mobile phone or portable devices. On the other hand, such environment are exposed to the risks which the attacker can intrude into computer systems or leak personal information of smart-workers' and gain a company's sensitive information. To reduce these risks, the security administrator needs to analyze the usage patterns of employees and detect abnormal behaviors by monitoring VPN(Virtual Private Network) access log. This paper proposes a decision support system that can notify the status by using visualization and similarity measure through clustering analysis. On average, 88.7% of abnormal event can be detected by this proposed method. With this proposed system, the security administrator can detect abnormal behaviors of the employees and prevent account theft.
Analysis of Defense Method for HTTP POST DDoS Attack base on Content-Length Control
Lee, Dae-Seob ; Won, Dong-Ho ;
Journal of the Korea Institute of Information Security and Cryptology, volume 22, issue 4, 2012, Pages 809~817
One of the OSI 7 Layer DDoS Attack, HTTP POST DDoS can deny legitimate service by web server resource depletion. This Attack can be executed with less network traffic and legitimate TCP connections. Therefore, It is difficult to distinguish DDoS traffic from legitimate users. In this paper, I propose an anomaly HTTP POST traffic detection algorithm and http each page Content-Length field size limit with defense method for HTTP POST DDoS attack. Proposed method showed the result of detection and countermeasure without false negative and positive to use the r-u-dead-yet of HTTP POST DDoS attack tool and the self-developed attack tool.
Real-time Phishing Site Detection Method
Sa, Joon-Ho ; Lee, Sang-Jin ;
Journal of the Korea Institute of Information Security and Cryptology, volume 22, issue 4, 2012, Pages 819~825
Nowadays many phishing sites contain HTTP links to victim web-site's contents such as images, bulletin board etc. to make the phishing sites look more real and similar to the victim web-site. We introduce a real-time phishing site detection system which makes use of the characteristic that the phishing sites' URLs flow into the victim web-site via the HTTP referer header field when the phishing site is visited. The detection system is designed to adopt an out-of-path network configuration to minimize effect on the running system, and a phishing site source code analysis technique to alert administrators in real-time when phishing site is detected. The detection system was installed on a company's web-site which had been targeted for phishing. As result, the detection system detected 40 phishing sites in 6 days of test period.
Design and Implementation of Analysis Techniques for Fragmented Pages in the Flash Memory Image of Smartphones
Park, Jung-Heum ; Chung, Hyun-Ji ; Lee, Sang-Jin ; Son, Young-Dong ;
Journal of the Korea Institute of Information Security and Cryptology, volume 22, issue 4, 2012, Pages 827~839
A cell phone is very close to the user and therefore should be considered in digital forensic investigation. Recently, the proportion of smartphone owners is increasing dramatically. Unlike the feature phone, users can utilize various mobile application in smartphone because it has high-performance operating system (e.g., Android, iOS). As acquisition and analysis of user data in smartphone are more important in digital forensic purposes, smartphone forensics has been studied actively. There are two way to do smartphone forensics. The first way is to extract user's data using the backup and debugging function of smartphones. The second way is to get root permission, and acquire the image of flash memory. And then, it is possible to reconstruct the filesystem, such as YAFFS, EXT, RFS, HFS+ and analyze it. However, this methods are not suitable to recovery and analyze deleted data from smartphones. This paper introduces analysis techniques for fragmented flash memory pages in smartphones. Especially, this paper demonstrates analysis techniques on the image that reconstruction of filesystem is impossible because the spare area of flash memory pages does not exist and the pages in unallocated area of filesystem.
User Authentication Protocol through Distributed Process for Cloud Environment
Jeong, Yoon-Su ; Lee, Sang-Ho ;
Journal of the Korea Institute of Information Security and Cryptology, volume 22, issue 4, 2012, Pages 841~849
Cloud computing that provides IT service and computer resource based on internet is now getting attention. However, the encrypted data can be exposed because it is saved in cloud server, even though it is saved as an encrypted data. In this paper, user certification protocol is proposed to prevent from illegally using of secret data by others while user who locates different physical position is providing secret data safely. The proposed protocol uses one way hash function and XOR calculation to get user's certification information which is in server when any user approaches to particular server remotely. Also it solves user security problem of cloud.
A Study on Detection Technique of Anomaly Signal for Financial Loan Fraud Based on Social Network Analysis
Wi, Choong-Ki ; Kim, Hyoung-Joong ; Lee, Sang-Jin ;
Journal of the Korea Institute of Information Security and Cryptology, volume 22, issue 4, 2012, Pages 851~868
After the financial crisis in 2008, the financial market still seems to be unstable with expanding the insolvency of the financial companies' real estate project financing loan in the aftermath of the lasted real estate recession. Especially after the illegal actions of people's financial institutions disclosed, while increased the anxiety of economic subjects about financial markets and weighted in the confusion of financial markets, the potential risk for the overall national economy is increasing. Thus as economic recession prolongs, the people's financial institutions having a weak profit structure and financing ability commit illegal acts in a variety of ways in order to conceal insolvent assets. Especially it is hard to find the loans of shareholder and the same borrower sharing credit risk in advance because most of them usually use a third-party's name bank account. Therefore, in order to effectively detect the fraud under other's name, it is necessary to analyze by clustering the borrowers high-related to a particular borrower through an analysis of association between the whole borrowers. In this paper, we introduce Analysis Techniques for detecting financial loan frauds in advance through an analysis of association between the whole borrowers by extending SNA(social network analysis) which is being studied by focused on sociology recently to the forensic accounting field of the financial frauds. Also this technique introduced in this pager will be very useful to regulatory authorities or law enforcement agencies at the field inspection or investigation.
Ji, Sun-Ho ; Kim, Huy-Kang ;
Journal of the Korea Institute of Information Security and Cryptology, volume 22, issue 4, 2012, Pages 869~882
A Study on Information Security Policy in the era of Smart Society
Kim, Dong-Wook ; Sung, Wook-Joon ;
Journal of the Korea Institute of Information Security and Cryptology, volume 22, issue 4, 2012, Pages 883~899
This study will propose the policy priorities of cyber information security by AHP(Analytic Hierarchy Process) survey. The policy categories for AHP survey consist in the foundation of information security and activity of information security(1st hierarchy). In the second hierarchy, the foundation of information security was classified into laws-system, human resources, h/w-s/w technology and sociocultural awareness. And the activity of information security was divided into infrastructure protection, privacy protection, related industry promotion, and national security. Information policy alternatives were composed of 16 categories in the third hierarchy. According to the AHP result, in the perspective of policy importance, the modification of related laws was the first agenda in the policy priority, better treatment of professionals was the second, and the re-establishment of policy system was the third. In the perspective of policy urgency, the re-establishment of policy system was the first item, the modification of related laws was the second, and better treatment of professionals is the third.
A Study on Self Assessment of Mobile Secure Coding
Kim, Dong-Won ; Han, Keun-Hee ;
Journal of the Korea Institute of Information Security and Cryptology, volume 22, issue 4, 2012, Pages 901~911
The removal of security vulnerabilities during the developmental stage is found to be much more effective and much more efficient than performing the application during the operational phase. The underlying security vulnerabilities in software have become the major cause of cyber security incidents. Thus, secure coding is drawing much attention for one of its abilities includes minimizing security vulnerabilities at the source code level. Removal of security vulnerabilities at the software's developmental stage is not only effective but can also be regarded as a fundamental solution. This thesis is a research about the methods of Mobile-Secure Coding Self Assessment in order to evaluate the security levels in accordance to the application of mobile secure coding of every individual, groups, and organizations.
A Study of Patient's Privacy Protection in U-Healthcare
Jeong, Yoon-Su ; Lee, Sang-Ho ;
Journal of the Korea Institute of Information Security and Cryptology, volume 22, issue 4, 2012, Pages 913~921
On the strength of the rapid development and propagation of U-healthcare service, the service technologies are full of important changes. However, U-healthcare service has security problem that patient's biometric information can be easily exposed to the third party without service users' consent. This paper proposes a distributed model according authority and access level of hospital officials in order to safely access patients' private information in u-Healthcare Environment. Proposed model can both limit the access to patients' biometric information and keep safe system from DoS attack using time stamp. Also, it can prevent patients' data spill and privacy intrusion because the main server simultaneously controls hospital officials and the access by the access range of officials from each hospital.
Comparative study of the privacy information protection policy - Privacy information basic laws and dedicated organizations -
Jeong, Dae-Kyeong ;
Journal of the Korea Institute of Information Security and Cryptology, volume 22, issue 4, 2012, Pages 923~939
In the information society, to serve the normal economic activity and to delivery the public service is to secure the privacy information. The government endeavors to support with the privacy protection laws and public organizations. This paper is to study the privacy protection policy in the major countries by analyzing the laws and organizations. At last, The study is to examine the policy tasks to support the privacy protection policy.