Go to the main menu
Skip to content
Go to bottom
REFERENCE LINKING PLATFORM OF KOREA S&T JOURNALS
> Journal Vol & Issue
Journal of the Korea Institute of Information Security and Cryptology
Journal Basic Information
Journal DOI :
Korea Institutes of Information Security and Cryptology
Editor in Chief :
Volume & Issues
Volume 24, Issue 6 - Dec 2014
Volume 24, Issue 5 - Oct 2014
Volume 24, Issue 4 - Aug 2014
Volume 24, Issue 3 - Jun 2014
Volume 24, Issue 2 - Apr 2014
Volume 24, Issue 1 - Feb 2014
Selecting the target year
A LEA Implementation study on UICC-16bit
Kim, Hyun-Il ; Park, Cheolhee ; Hong, Dowon ; Seo, Changho ;
Journal of the Korea Institute of Information Security and Cryptology, volume 24, issue 4, 2014, Pages 585~592
DOI : 10.13089/JKIISC.2014.24.4.585
In this paper, we study the LEA block cipher system in UICC-16bit only. Also, we explain a key-schedule function and encryption/decryption structures, propose an advanced modified key-scheduling, and perform LEA in UICC-16bit that we proposed advanced modified key-scheduling. Also, we compare LEA with ARIA that proposed domestic standard block cipher, and we evaluate the efficiency on the LEA algorithm.
Research on efficient HW/SW co-design method of light-weight cryptography using GEZEL
Kim, Sung-Gon ; Kim, Hyun-Min ; Hong, Seok-Hie ;
Journal of the Korea Institute of Information Security and Cryptology, volume 24, issue 4, 2014, Pages 593~605
DOI : 10.13089/JKIISC.2014.24.4.593
In this paper, we propose the efficient HW/SW co-design method of light-weight cryptography such as HIGHT, PRESENT and PRINTcipher using GEZEL. At first the symmetric cryptographic algorithms were designed using the GEZEL language which is efficiently used for HW/SW co-design. And for the improvement of performance the HW optimization theory such as unfolding, retiming and so forth were adapted to the cryptographic HW module conducted by FSMD. Also, the operation modes of those algorithms were implemented using C language in 8051 microprocessor, it can be compatible to various platforms. For providing reliable communication between HW/SW and preventing the time delay the improved handshake protocol was chosen for enhancing the performance of the connection between HW/SW. The improved protocol can process the communication-core and cryptography-core on the HW in parallel so that the messages can be transmitted to SW after HW operation and received from SW during encryption operation.
2D - 3D Human Face Verification System based on Multiple RGB-D Camera using Head Pose Estimation
Kim, Jung-Min ; Li, Shengzhe ; Kim, Hak-Il ;
Journal of the Korea Institute of Information Security and Cryptology, volume 24, issue 4, 2014, Pages 607~616
DOI : 10.13089/JKIISC.2014.24.4.607
Face recognition is a big challenge in surveillance system since different rotation angles of the face make the difficulty to recognize the face of the same person. This paper proposes a novel method to recognize face with different head poses by using 3D information of the face. Firstly, head pose estimation (estimation of different head pose angles) is accomplished by the POSIT algorithm. Then, 3D face image data is constructed by using head pose estimation. After that, 2D image and the constructed 3D face matching is performed. Face verification is accomplished by using commercial face recognition SDK. Performance evaluation of the proposed method indicates that the error range of head pose estimation is below 10 degree and the matching rate is about 95%.
Efficient Malware Detector for Android Devices
Lee, Hye Lim ; Jang, Soohee ; Yoon, Ji Won ;
Journal of the Korea Institute of Information Security and Cryptology, volume 24, issue 4, 2014, Pages 617~624
DOI : 10.13089/JKIISC.2014.24.4.617
Smart phone usage has increased exponentially and open source based Android OS occupy significant market share. However, various malicious applications that use the characteristic of Android threaten users. In this paper, we construct an efficient malicious application detector by using the principle component analysis and the incremental k nearest neighbor algorithm, which consider an required permission, of Android applications. The cross validation is exploited in order to find a critical parameter of the algorithm. For the performance evaluation of our approach, we simulate a real data set of Contagio Mobile.
A mechanism for end-to-end secure communication in heterogeneous tactical networks
Park, Cheol-Yong ; Kim, Ki-Hong ; Ryou, Jae-Cheol ;
Journal of the Korea Institute of Information Security and Cryptology, volume 24, issue 4, 2014, Pages 625~634
DOI : 10.13089/JKIISC.2014.24.4.625
Tactical networks is being operated in configuration that consisting of a variety of characteristics communication equipments and heterogeneous networks. In this configurations, end-to-end communication can be achieved using interworking gateway for converting the data format of the network and using encryption algorithm of the networks. The use of mechanism results in a problem that secure data cannot be transferred directly, reprocessing and processing delay of communication in heterogeneous tactical networks. That is, for encoding and decoding of data, the decryption of encrypted data and re-encryption processing must be required at the gateway between different networks. In this paper proposes to mechanism for end-to-end secure communication in heterogeneous tactical networks. Using the proposed method, end-to-end secure communication between heterogeneous tactical networks(PSTN-UHF networks) which removes the necessity of a gateway for converting data into data formats suitable for network to remove a transmission delay factor and enable real-time voice and data communication and achieve end-to-end security for heterogeneous tactical networks. we propose a novel mechanism for end-to-end secure communication over PSTN and UHF networks and evaluate against the performance of conventional mechanism. Our proposal is confirmed removal of security vulnerabilities, end-to-end secure communication in heterogeneous tactical networks.
A Study on Protecting for forgery modification of User-input on Webpage
Yu, Chang-Hun ; Moon, Jong-Sub ;
Journal of the Korea Institute of Information Security and Cryptology, volume 24, issue 4, 2014, Pages 635~643
DOI : 10.13089/JKIISC.2014.24.4.635
Most of the web-based services are provided by a web browser. A web browser receives a text-based web page from the server and translates the received data for the user to view. There are a myriad of add-ons to web browsers that extend browser features. The browser's add-ons may access web pages and make changes to the data. This makes web-services via web browsers are vulnerable to security threats. A web browser stores web page data in memory in the DOM structure. One method that prevents modifications to web page data applies hash values to certain parts in the DOM structure. However, a certain characteristic of web-pages renders this method ineffective at times. Specifically, the user-input data is not pre-determined, and the hash value cannot be calculated prior to user input. Thus the modification to the data cannot be prevented. This paper proposes a method that both detects and inhibits any attempt to change to user-input data. The proposed method stores user-input from the keyboard and makes a comparison with the data transmitted from the web browser to detect any anomalies.
Discrimination of SPAM and prevention of smishing by sending personally identified SMS(For financial sector)
Joo, Choon Kyong ; Yoon, Ji Won ;
Journal of the Korea Institute of Information Security and Cryptology, volume 24, issue 4, 2014, Pages 645~653
DOI : 10.13089/JKIISC.2014.24.4.645
The purpose of this study is to provide low-cost and highly effective methods for customers to pick out SMS(Short Message Service) messages sent by financial institutions among SPAM messages and Smishing, which have rapidly spread recently and have caused critical issues. Above all, the study aims to list problems and limitations of the past efforts and measures to block SPAM messages and provide one method to overcome those limitations. Also, the study aims to verify the effectiveness of the method by implementation of them and conducting surveys of a broad range of customers.
A study for improving database recovery ratio of Disaster Recovery System in financial industry
Kim, Jin-Ho ; Seo, Dong-Kyun ; Lee, Kyung-Ho ;
Journal of the Korea Institute of Information Security and Cryptology, volume 24, issue 4, 2014, Pages 655~667
DOI : 10.13089/JKIISC.2014.24.4.655
A disaster is the time-excess case that computerized service can tolerate a failure and financial industry is being set up the disaster recovery system based on the disaster recovery plan and the business continuity plan for preparing these disasters. However, existing system can not guarantee the business continuity when it comes to cyber terror. This paper analyzes the building type and building technology of disaster recovery system for the financial fields. Also this paper explain the type of data backup using online redo log and type of archive log backup using WORM storage. And this paper proposes the model of improved data recovery combining above two types. Lastly this paper confirm the effectiveness and reliability for proposal rocovery model through the implementation of the test environment.
A Business-Logic Separated Security Framework for Smart Banking
Seo, Dong-Hyun ; Lee, Sang-Jin ;
Journal of the Korea Institute of Information Security and Cryptology, volume 24, issue 4, 2014, Pages 669~679
DOI : 10.13089/JKIISC.2014.24.4.669
This study introduces server-side security-oriented framework for smart financial service. Most of domestic financial institutions providing e-banking services have employed server-side framework which implement service-oriented architecture. Because such architecture accommodates business and security requirements at the same time, institutions are struggling to cope with the security incidents efficiently. The thesis suggests that separating security areas from business areas in the frameworks makes users to be able to apply security policies in real time without considering how these policies may affect business transactions. Security-oriented frameworks support rapid and effective countermeasures against security threats. Furthermore, plans to avoid significant changes on existing system when institutions implement these frameworks are discussed in the report.
A Study on IT Outsourcing Policy Based on Operational Risks of Financial Industries
Choi, Chang-Lai ; Yun, Jang-Ho ; Lee, Kyung-Ho ;
Journal of the Korea Institute of Information Security and Cryptology, volume 24, issue 4, 2014, Pages 681~694
DOI : 10.13089/JKIISC.2014.24.4.681
For the continuous financial incidents occurred in 2011, Korean government has announced the amendment on electronic finance supervision regulation including human resources, organization and budget. The major part of the regulation is mainly focused on human resources and budget. It states that company has to employ at least 5 percent of IT staff out of total staff, and at least 5 percent of security staff in IT staff employment number. Budget for security should be at least 7 percent of total IT budgets. This paper studies IT outsourcing policy based on operational risks of financial industries caused by amendment of regulation. This paper provides the policy decision procedure for resolving the 3rd party problems and suggests the effective operation policy to 3rd party for the program quality improvement and case studies at the IT task classification.
Determinants of Willingness To Pay for Personal Information Protection
You, Seung Dong ; Yoo, Jinho ;
Journal of the Korea Institute of Information Security and Cryptology, volume 24, issue 4, 2014, Pages 695~703
DOI : 10.13089/JKIISC.2014.24.4.695
This paper studies the determinants of willingness to pay (WTP) for preventing personal information infringement. Most of previous studies only estimate the value of the WTP and, unlike them, this paper discusses personal information as an information good. Using a double-bounded dichotomous choice model, this paper empirically analyses the personal characteristics that determine the WTP for the protection of personal information. It contributes to the literature by proposing that gender, working status and communication cost are determinants for the WTP for the protection of personal information.
A Study on Application Structure for IT Operational Risk in Financial Institute
Cho, Seong-Cheol ; Nam, Cho-Yee ; Lee, Kyung-Ho ;
Journal of the Korea Institute of Information Security and Cryptology, volume 24, issue 4, 2014, Pages 705~719
DOI : 10.13089/JKIISC.2014.24.4.705
Recently the importance of operational risk is gradually increasing in risk management of financial institute. Especially the service interruption caused by system failure can lead to customer complaints, decrease of profit and customer secession. Thus, financial industry makes diverse effort to minimize the impact caused by the system failure of IT application. Common modules are used in IT system in financial industry to exclude redundant development and to use the system efficiently. However, when a failure in common module is occurred, the risk that affects all the tasks using the common module exists. In this study, the damage affected by a failure in application program is prevented separating common module which has a large risk by task in the perspective of IT operational risk. In order to cope with damage, the research on the factors related to common module is conducted and proposes the separating common module standard for decrease of operational risk of the financial IT.
A Study on Reforming the National Personal Identification Number System : The Unconnected Random Personal Identification Number System
Han, Mun-Jung ; Jang, GyeHyun ; Hong, Seokhie ; Lim, Jong-In ;
Journal of the Korea Institute of Information Security and Cryptology, volume 24, issue 4, 2014, Pages 721~737
DOI : 10.13089/JKIISC.2014.24.4.721
The Resident Registration Number(RRN) system has been effectively acted as a national identification system since it was enforced. On the other hand, there are some problems such as leakages of personal informations including RRNs on a large scale and each RRN makes a pair with each person in all areas of the society. Nevertheless leakages of them might cause a big damage, there is no radical countermeasure for they are never changed in actual fact. In Republic of Korea, a RRN acts as a primary key of a database, so it has to be protected by severing the connectivity between leaked RRNs and the other personal data. In this paper, the Unconnected Random Personal Identification Number system is proposed for preventing damage of data spills by removing a dependency which the RRN has. Furthermore, this paper suggests the solutions against some potential issues in the system.
An Efficient-keyword-searching Technique over Encrypted data on Smartphone Database
Kim, Jong-Seok ; Choi, Won-Suk ; Park, Jin-Hyung ; Lee, Dong-Hoon ;
Journal of the Korea Institute of Information Security and Cryptology, volume 24, issue 4, 2014, Pages 739~751
DOI : 10.13089/JKIISC.2014.24.4.739
We are using our smartphone for our business as well as ours lives. Thus, user's privacy data and a company secret are stored at smartphone. By the way, the saved data on smartphone database can be exposed to a malicous attacker when a malicous app is installed in the smartphone or a user lose his/her smartphone because all data are stored as form of plaintext in the database. To prevent this disclosure of personal information, we need a database encryption method. However, if a database is encrypted, it causes of declining the performance. For example, when we search specific data in condition with encrypted database, we should decrypt all data stored in the database or search sequentially the data we want with accompanying overhead. In this paper, we propose an efficient and searchable encryption method using variable length bloom filter under limited resource circumstances(e.g., a smartphone). We compare with existing searchable symmetric encryption. Also, we implemented the proposed method in android smartphone and evaluated the performance the proposed method. As a result through the implementation, We can confirm that our method has over a 50% improvement in the search speed compared to the simple search method about encrypted database and has over a 70% space saving compared to the method of fixed length bloom filter with the same false positive rate.
An Efficient New Format-Preserving Encryption Algorithm to encrypt the Personal Information
Song, Kyung-Hwan ; Kang, Hyung-Chul ; Sung, Jae-Chul ;
Journal of the Korea Institute of Information Security and Cryptology, volume 24, issue 4, 2014, Pages 753~763
DOI : 10.13089/JKIISC.2014.24.4.753
Recently financial institutions and large retailers have a large amount of personal information leakage accident occurred one after another, and the damage is a trend of increasing day by day. Regulation such as enforcing the encryption of the personal identification information are strengthened. Efficient technology to encrypt personal information is Format-preserving encryption. Typical encryption expand output data length than input data length and change a format. Format Preserving Encryption is an efficient method to minimize database and application modification, because it makes preserve length and format of input data. In this paper, to encrypt personal information efficiently, we propose newly Format Preserving Encryption using Block cipher mode of operation.