Go to the main menu
Skip to content
Go to bottom
REFERENCE LINKING PLATFORM OF KOREA S&T JOURNALS
> Journal Vol & Issue
Journal of the Korea Institute of Information Security and Cryptology
Journal Basic Information
Journal DOI :
Korea Institutes of Information Security and Cryptology
Editor in Chief :
Volume & Issues
Volume 23, Issue 6 - Dec 2013
Volume 23, Issue 5 - Oct 2013
Volume 23, Issue 4 - Aug 2013
Volume 23, Issue 3 - Jun 2013
Volume 23, Issue 2 - Apr 2013
Volume 23, Issue 1 - Feb 2013
Selecting the target year
An Improved One Round Authenticated Group Key Agreement
Kim, Ho-Hee ; Kim, Soon-Ja ;
Journal of the Korea Institute of Information Security and Cryptology, volume 23, issue 1, 2013, Pages 3~10
DOI : 10.13089/JKIISC.2013.23.1.003
Several identity-based and authenticated key agreement protocols have been proposed. It remains at issue to design secure identity based and authenticated key agreement protocols. In this paper, we propose a one round authenticated group key agreement protocol which uses one more key pair as well as the public key and private key of typical IBE(Identity-Based Encryption) system. The proposed protocol modified Shi et al.'s protocol and He et al.'s protocol. The public and private keys and the signature process of our protocol are simpler than them of their protocols. Our protocol is secure and more efficient than their protocols in communication and computation costs.
A tamper resistance software mechanism using MAC function and dynamic link key
Park, Jae-Hong ; Kim, Sung-Hoon ; Lee, Dong-Hoon ;
Journal of the Korea Institute of Information Security and Cryptology, volume 23, issue 1, 2013, Pages 11~18
DOI : 10.13089/JKIISC.2013.23.1.011
In order to prevent tampering and reverse engineering of executive code, this paper propose a new tamper resistant software mechanism. This paper presents a cryptographic MAC function and a relationship which has its security level derived by the importance of code block instead of by merely getting the encryption and decryption key from the previous block. In this paper, we propose a cryptographic MAC function which generates a dynamic MAC function key instead of the hash function as written in many other papers. In addition, we also propose a relationships having high, medium and low security levels. If any block is determined to have a high security level then that block will be encrypted by the key generated by the related medium security level block. The low security block will be untouched due to efficiency considerations. The MAC function having this dynamic key and block relationship will make analyzing executive code more difficult.
Analysis of Security Vulnerability in Home Trading System, and its Countermeasure using Cell phone
Choi, Min Keun ; Cho, Kwan Tae ; Lee, Dong Hoon ;
Journal of the Korea Institute of Information Security and Cryptology, volume 23, issue 1, 2013, Pages 19~32
DOI : 10.13089/JKIISC.2013.23.1.019
As cyber stock trading grows rapidly, stock trading using Home Trading System have been brisk recently. Home Trading System is a heavy-weight in the stock market, and the system has shown 75% and 40% market shares for KOSPI and KOSDAQ, respectively. However, since Home Trading System focuses on the convenience and the availability, it has some security problems. In this paper, we found that the authentication information in memory remains during the stock trading and we proposed its countermeasure through two-channel authentication using a mobile device such as a cell phone.
Privacy-Preserving k-Bits Inner Product Protocol
Lee, Sang Hoon ; Kim, Kee Sung ; Jeong, Ik Rae ;
Journal of the Korea Institute of Information Security and Cryptology, volume 23, issue 1, 2013, Pages 33~43
DOI : 10.13089/JKIISC.2013.23.1.033
The research on data mining that can manage a large amount of information efficiently has grown with the drastic increment of information. Privacy-preserving data mining can protect the privacy of data owners. There are several privacy-preserving association rule, clustering and classification protocols. A privacy-preserving association rule protocol is used to find association rules among data, which is often used for marketing. In this paper, we propose a privacy-preserving k-bits inner product protocol based on Shamir's secret sharing.
Identity-based Strong Designated Verifier Signature Scheme from Lattices
Noh, Geontae ; Chun, Ji Young ; Jeong, Ik Rae ;
Journal of the Korea Institute of Information Security and Cryptology, volume 23, issue 1, 2013, Pages 45~56
DOI : 10.13089/JKIISC.2013.23.1.045
When a signer signs a message, strong designated verifier signature allows the signer to designate a verifier. Only the designated verifier can make sure that the signature is generated by the signer. In addition, no one except the designated verifier can know the signature generated by some signer. In this paper, we propose an identity-based strong designated verifier signature scheme where users' public keys are identities. Our proposed scheme is the first identity-based strong designated verifier scheme from lattices. Naturally, our proposed scheme is secure against quantum computing attacks and has low computational complexity.
A Study on the Design and Implementation of an Digital Evidence Collection Application on Windows based computer
Lee, SeungWon ; Roh, YoungSup ; Han, Changwoo ;
Journal of the Korea Institute of Information Security and Cryptology, volume 23, issue 1, 2013, Pages 57~67
DOI : 10.13089/JKIISC.2013.23.1.057
Lately, intrusive incidents (including system hacking, viruses, worms, homepage alterations, and data leaks) have not involved the distribution of an virus or worm, but have been designed to acquire private information or trade secrets. Because an attacker uses advanced intelligence and attack techniques that conceal and alter data in a computer, the collector cannot trace the digital evidence of the attack. In an initial incident response first responser deals with the suspect or crime scene data that needs investigative leads quickly, in accordance with forensic process methodology that provides the identification of digital evidence in a systematic approach. In order to an effective initial response to first responders, this paper analyzes the collection data such as user usage profiles, chronology timeline, and internet data according to CFFPM(computer forensics field triage process model), proceeds to design, and implements a collection application to deploy the client/server architecture on the Windows based computer.
Collaborative security response by interworking between multiple security solutions
Kim, JiHoon ; Lim, Jong In ; Kim, Huy Kang ;
Journal of the Korea Institute of Information Security and Cryptology, volume 23, issue 1, 2013, Pages 69~79
DOI : 10.13089/JKIISC.2013.23.1.069
Recently, many enterprises are suffering from advanced types of malware and their variants including intelligent malware that can evade the current security systems. This addresses the fact that current security systems have limits on protecting advanced and intelligent security threats. To enhance the overall level of security, first of all, it needs to increase detection ratio of each security solution within a security system. In addition, it is also necessary to implement internetworking between multiple security solutions to increase detection ratio and response speed. In this paper, we suggest a collaborative security response method to overcome the limitations of the previous Internet service security solutions. The proposed method can show an enhanced result to respond to intelligent security threats.
A method for the protection of the message in social network service(SNS) using access control and hash-chain
Jeong, Hanjae ; Won, Dongho ;
Journal of the Korea Institute of Information Security and Cryptology, volume 23, issue 1, 2013, Pages 81~88
DOI : 10.13089/JKIISC.2013.23.1.081
As social network service(SNS) has grown rapidly, the variety information being shared through SNS. However, the privacy of individuals can be violated due to the shared information through a SNS or the post written in the past at the SNS. Although, many researches concerned about it, they did not suggest key management and access control especially. In this paper, we propose the method for the protection of the message in SNS using access control and hash-chain.
Economic Analysis on Effects of Cyber Information Security in Korea: Focused on Estimation of National Loss
Shin, Jin ;
Journal of the Korea Institute of Information Security and Cryptology, volume 23, issue 1, 2013, Pages 89~96
DOI : 10.13089/JKIISC.2013.23.1.089
Recent DDoS attacks and private informations leaked show that everyday life is interwoven with cyberspace and we are becoming more vulnerable to cyber attacks. Therefore, a systematic understanding of cyber damage structure is very important and damage loss estimation method should be developed to establish solid cyber security protection system. In this study, economic loss caused by cyber attacks are surveyed based on the analysis of existing studies and try to develop a reasonable methods to estimate economic effects of cyber security protection in Korea. Potential economic loss of Korea by cyber attacks may be situated between 10 billion and 40 billion dollars. But more sophisticated system should be established to estimate economic effects of cyber protection for proper policy decision making.
Study on the personal Information Retrieval of Smartphone Messenger Service
Kang, Sunghoon ; Kim, Seungjoo ;
Journal of the Korea Institute of Information Security and Cryptology, volume 23, issue 1, 2013, Pages 97~107
DOI : 10.13089/JKIISC.2013.23.1.097
The recent increase in smartphone usage has ignited the development of new applications which have changed the way of living in this internet era in the world. Almost all users which have smartphone have used many kinds of applications for lots of part. Especially, Social Network Service is the most popular part for smartphone users. The greater part of smartphone users take messenger service for smartphone. This kinds of applications provide to manage as deactivation of user or change of device. When users take to manage their information, their information would be deleted securely. If secure deletion didn't work correctly and released, their personal information can be easily abused to by others through various means such as internet phishing. In this paper, we analysis that the messenger application's management function keeps on the Personal Information Protection Act and suggest to prevent legally and technically for user's personal information and privacy.
Control items modeling methodology to establish core technology management system and successfully operating suggestions for institutional improvement
Shin, Dong-Hyuk ; Shim, Mina ; Lim, Jong-In ;
Journal of the Korea Institute of Information Security and Cryptology, volume 23, issue 1, 2013, Pages 109~126
DOI : 10.13089/JKIISC.2013.23.1.109
Recently the core technology leakage continues to increase. It is critical issue relating to national competitiveness rely on the company's competitiveness as well as both survival and competitiveness of company. So other countries have impyz roved their laws consistently to solve these problems. And recently our country amended the law. In the paper, we will analyze world's various laws and institutions relating industrial core technologies. And this paper will provide the suggestion to settle and to develop our country's industrial core technology's protection by refer to other laws.
A Study in the Improvement and Analysis Problem of Privacy Impact Assessment Qualification Criteria: focus on Similarity Analysis between Similar Certificates and Certification System of Privacy Impact Assessment
Kim, Erang ; Shim, Mina ; Lim, Jong In ;
Journal of the Korea Institute of Information Security and Cryptology, volume 23, issue 1, 2013, Pages 127~142
DOI : 10.13089/JKIISC.2013.23.1.127
Since Personal Information Protection Act came into effect on September 2011, PIA(Privacy Impact Assessment) of public institutions has become obliged. Therefore, an increasing demand for PIA professionals is being expected. In domestic, however, no specialized certificates exist and therefore similar certificates have become a requirement for PIA professionals. Henceforth, however, the system based on these similar certificates is to be an obstacle to advancing PIA. Therefore, this study analyzes the sufficiency of current similar certificates compared with the PIA qualification requirements. And then, analyzes the validity of allowance as similar certificates by using this outcome of the validity. As this comparison draws a clear gap between PIA qualification and similar certificates, this paper suggest three suggestions to improve current qualification. Three suggestions are expected to contribute a qualitative improvement of the PIA industry.