Go to the main menu
Skip to content
Go to bottom
REFERENCE LINKING PLATFORM OF KOREA S&T JOURNALS
> Journal Vol & Issue
Journal of the Korea Institute of Information Security and Cryptology
Journal Basic Information
Journal DOI :
Korea Institutes of Information Security and Cryptology
Editor in Chief :
Volume & Issues
Volume 25, Issue 6 - Dec 2015
Volume 25, Issue 5 - Oct 2015
Volume 25, Issue 4 - Aug 2015
Volume 25, Issue 3 - Jun 2015
Volume 25, Issue 2 - Apr 2015
Volume 25, Issue 1 - Feb 2015
Selecting the target year
Optimized Binary Field Reduction Algorithm on 8-bit ATmega128 Processor
Park, Dong-Won ; Kwon, Heetaek ; Hong, Seokhie ;
Journal of the Korea Institute of Information Security and Cryptology, volume 25, issue 2, 2015, Pages 241~251
DOI : 10.13089/JKIISC.2015.25.2.241
In public-key cryptographic system based on finite field arithmetic, it is very important to challenge for implementing high speed operation. In this paper, we focused on 8-bit ATmega128 processor and concentrated on enhancing efficiency of reduction operation which uses irreducible polynomial
. We propose optimized reduction algorithms which are designed to reduce repeated memory accesses by calculating final reduced values of Fast reduction. There are 53%, 55% improvement when proposed algorithm is implemented using assembly language, compare to previous Fast reduction algorithm.
Side-Channel Attacks on LEA with reduced masked rounds
Park, Myungseo ; Kim, Jongsung ;
Journal of the Korea Institute of Information Security and Cryptology, volume 25, issue 2, 2015, Pages 253~260
DOI : 10.13089/JKIISC.2015.25.2.253
The side-channel attack is widely known as an attack on implementations of cryptographic algorithms using additional side-channel information such as power traces, electromagnetic waves and sounds. As a countermeasure of side channel attack, the masking method is usually used, however full-round masking makes the efficiency of ciphers dramatically decreased. In order to avoid such a loss of efficiency, one can use reduced-round masking. In this paper, we describe a side channel attack on the lightweight block cipher LEA with the first one~six rounds masked. Our attack is based on differentials and power traces which provide knowledge of Hamming weight for the intermediate data computed during the enciphering of plaintexts. According to our experimental result, it is possible to recover 25 bits of the first round key in LEA-128.
Study for improving attack Complexity against RSA Collision Analysis
Sim, Bo-Youn ; Won, Yoo-Seung ; Han, Dong-Guk ;
Journal of the Korea Institute of Information Security and Cryptology, volume 25, issue 2, 2015, Pages 261~270
DOI : 10.13089/JKIISC.2015.25.2.261
In information security devices, such as Smart Cards, vulnerabilities of the RSA algorithm which is used to protect the data were found in the Side Channel Analysis. The RSA is especially vulnerable to Power Analysis which uses power consumption when the algorithm is working. Typically Power Analysis is divided into SPA(Simple Power Analysis) and DPA(Differential Power Analysis). On top of this, there is a CA(Collision Analysis) which is a very powerful attack. CA makes it possible to attack using a single waveform, even if the algorithm is designed to secure against SPA and DPA. So Message blinding, which applies the window method, was considered as a countermeasure. But, this method does not provide sufficient safety when the window size is small. Therefore, in this paper, we propose a new countermeasure that provides higher safety against CA. Our countermeasure is a combination of message and exponent blinding which is applied to the window method. In addition, through experiments, we have shown that our countermeasure provides approximately 124% higher attack complexity when the window size is small. Thus it can provide higher safety against CA.
Safety Analysis of Various Padding Techniques on Padding Oracle Attack
Kim, Kimoon ; Park, Myungseo ; Kim, Jongsung ; Lee, Changhoon ; Moon, Dukjae ; Hong, Seokhee ;
Journal of the Korea Institute of Information Security and Cryptology, volume 25, issue 2, 2015, Pages 271~278
DOI : 10.13089/JKIISC.2015.25.2.271
We use various types of cryptographic algorithms for the protection of personal and sensitive informations in the application environments, such as an internet banking and an electronic commerce. However, recent researches were introduced that if we implement modes of operation, padding method and other cryptographic implementations in a wrong way, then the critical information can be leaked even though the underlying cryptographic algorithms are secure. Among these attacking techniques, the padding oracle attack is representative. In this paper, we analyze the possibility of padding oracle attacks of 12 kinds of padding techniques that can be applied to the CBC operation mode of a block cipher. As a result, we discovered that 3 kinds were safe padding techniques and 9 kinds were unsafe padding techniques. We propose 5 considerations when designing a safe padding techniques to have a resistance to the padding oracle attack through the analysis of three kinds of safe padding techniques.
A study on the managed security services(MSS) method for energy-based SCADA Systems
Jang, Jeong-Woo ; Kim, Woo-Suk ; Yoon, Ji-Won ;
Journal of the Korea Institute of Information Security and Cryptology, volume 25, issue 2, 2015, Pages 279~292
DOI : 10.13089/JKIISC.2015.25.2.279
In this study, we propose an effective network managed security services model that can detect a presence of potential malicious codes inside the energy-based SCADA Systems. Especially, by analyzing the data obtained in the same environment of SCADA Systems, we develop detection factors to applicable to the managed security services and propose the method for the network managed security services. Finally, the proposed network managed security services model through simulation proved possibility to detect malicious traffic in SCADA systems effectively.
Designing SMS Phishing Profiling Model
Jeong, Youngho ; Lee, Kukheon ; Lee, Sangjin ;
Journal of the Korea Institute of Information Security and Cryptology, volume 25, issue 2, 2015, Pages 293~302
DOI : 10.13089/JKIISC.2015.25.2.293
With the attack information collected during SMS phishing investigation, this paper will propose SMS phishing profiling model applying criminal profiling. Law enforcement agencies have used signature analysis by apk file hash and analysis of C&C IP address inserted in the malware. However, recently law enforcement agencies are facing the challenges such as signature diversification or code obfuscation. In order to overcome these problems, this paper examined 169 criminal cases and found out that 89% of serial number in cert.rsa and 80% of permission file was reused in different cases. Therefore, the proposed SMS phishing profiling model is mainly based on signature serial number and permission file hash. In addition, this model complements the conventional file hash clustering method and uses code similarity verification to ensure reliability.
Study on the near-real time DNS query analyzing system for DNS amplification attacks
Lee, Ki-Taek ; Baek, Seung-Soo ; Kim, Seung-Joo ;
Journal of the Korea Institute of Information Security and Cryptology, volume 25, issue 2, 2015, Pages 303~311
DOI : 10.13089/JKIISC.2015.25.2.303
DNS amplification is a new type of DDoS Attack and nowadays the attack occurs frequently. The previous studies showed the several detection ways such as the traffic analysis based on DNS queries and packet size. However, those methods have some limitations such as the uncertainty of packet size which depends on IP address type and vulnerabilities against distributed amplification attack. Therefore, we proposed a novel traffic analyzing algorithm using Success Rate and implemented the query analyzing system.
A Unknown Phishing Site Detection Method in the Interior Network Environment
Park, Jeonguk ; Cho, Gihwan ;
Journal of the Korea Institute of Information Security and Cryptology, volume 25, issue 2, 2015, Pages 313~320
DOI : 10.13089/JKIISC.2015.25.2.313
While various phishing attacks are getting to be increased in constant, their response methods still stay on the stage of responding after identifying an attack. To detect a phishing site ahead of an attack, a method has been suggested with utilizing the Referer header field of HTTP. However, it has a limitation to implement a traffic gathering system for each of prospective target hosts. This paper presents a unknown phishing site detection method in the Interior network environment. Whenever a user try to connect a phishing site, its traffic is pre-processed with considering of the characteristics of HTTP protocol and phishing site. The phishing site detection phase detects a suspicious site under phishing with analysing HTTP content. To validate the proposed method, some evaluations were conducted with 100 phishing URLs along with 100 normal URLs. The experimental results show that our method achieves higher phishing site detection rate than that of existing detection methods, as 66% detection rate for the phishing URLs, and 0% false negative rate for the normal URLs.
Function partitioning methods for malware variant similarity comparison
Park, Chan-Kyu ; Kim, Hyong-Shik ; Lee, Tae Jin ; Ryou, Jae-Cheol ;
Journal of the Korea Institute of Information Security and Cryptology, volume 25, issue 2, 2015, Pages 321~330
DOI : 10.13089/JKIISC.2015.25.2.321
There have been found many modified malwares which could avoid detection simply by replacing a sequence of characters or a part of code. Since the existing anti-virus program performs signature-based analysis, it is difficult to detect a malware which is slightly different from the well-known malware. This paper suggests a method of detecting modified malwares by extending a hash-value based code comparison. We generated hash values for individual functions and individual code blocks as well as the whole code, and thus use those values to find whether a pair of codes are similar in a certain degree. We also eliminated some numeric data such as constant and address before generating hash values to avoid incorrectness incurred from them. We found that the suggested method could effectively find inherent similarity between original malware and its derived ones.
A Study on Regulations Status and Improving of Municipalities by Privacy Type
Yoo, Jung-Hoon ; Han, Keunhee ;
Journal of the Korea Institute of Information Security and Cryptology, volume 25, issue 2, 2015, Pages 331~342
DOI : 10.13089/JKIISC.2015.25.2.331
In this paper, Seoul(25 regions), Jeonbuk(14 regions), Busan(16 regions) of 277 agencies for the based local governments were selected and reviewed an ordinance status and related laws. Based on information systems of self-regulation, the ordinance within the self-regulation for each region is being operated in the annexed form analyzed by the survey. A total of four categories(resident registration numbers, cell phone number, home number, income) by reference to the part that refused to disclose personal information, the survey analysis. Through this, The government manager who is frequently job rotation and consulting staff can understand and review the regulations by proposing the improving solution of the municipal rules. In addition, I suggested control item addition so that they can facilitate the municipal format revised review and verify the annexed form using Personal Information Management System.
A Study on Information Access Control Policy Based on Risk Level of Security Incidents about IT Human Resources in Financial Institutions
Sim, Jae-Yoon ; Lee, Kyung-Ho ;
Journal of the Korea Institute of Information Security and Cryptology, volume 25, issue 2, 2015, Pages 343~361
DOI : 10.13089/JKIISC.2015.25.2.343
The financial industry in South Korea has witnessed a paradigm shift from selling traditional loan/deposit products to diversified consumption channels and financial products. Consequently, personification of financial services has accelerated and the value of finance-related personal information has risen rapidly. As seen in the 2014 card company information leakage incident, most of major finance-related information leakage incidents are caused by personnel with authorized access to certain data. Therefore, it is strongly required to confirm whether there are problems in the existing access control policy for personnel who can access a great deal of data, and to complement access control policy by considering risk factors of information security. In this paper, based on information of IT personnel with access to sensitive finance-related data such as job, position, sensitivity of accessible data and on a survey result, we will analyze influence factors for personnel risk measurement and apply data access control policy reflecting the analysis result to an actual case so as to introduce measures to minimize IT personnel risk in financial companies.
Assessment Method of Step-by-Step Cyber Security in the Software Development Life Cycle
Seo, Dal-Mi ; Cha, Ki-Jong ; Shin, Yo-Soon ; Jeong, Choong-Heui ; Kim, Young-Mi ;
Journal of the Korea Institute of Information Security and Cryptology, volume 25, issue 2, 2015, Pages 363~374
DOI : 10.13089/JKIISC.2015.25.2.363
Instrumentation and control(I&C) system has been mainly designed and operated based on analog technologies in existing Nuclear Power Plants(NPPs). However, As the development of Information Technology(IT), digital technologies are gradually being adopted in newly built NPPs. I&C System based on digital technologies has many advantages but it is vulnerable to cyber threat. For this reason, cyber threat adversely affects on safety and reliability of I&C system as well as the entire NPPs. Therefore, the software equipped to NPPs should be developed with cyber security attributes from the initiation phase of software development life cycle. Moreover through cyber security assessment, the degree of confidence concerning cyber security should be measured and if managerial, technical and operational work measures are implemented as intended should be reviewed in order to protect the I&C systems and information. Currently the overall cyber security program, including cyber security assessment, is not established on I&C systems. In this paper, we propose cyber security assessment methods in the Software Development Life Cycle by drawing cyber security activities and assessment items based on regulatory guides and standard technologies concerned with NPPs.
An Empirical Study on Expectation Factors and Certification Intention of ISMS
Park, Kyeong-Tae ; Kim, Sehun ;
Journal of the Korea Institute of Information Security and Cryptology, volume 25, issue 2, 2015, Pages 375~381
DOI : 10.13089/JKIISC.2015.25.2.375
In the past few years, data leakage of information assets has become prominent issue. According to the NIS in South Korea, they found 375 cases of data leakage from 2003 to 2013, especially 49 of cases have been uncovered in 2013 alone. These criminals are increasing as time passes. Thus, it constitutes a reason for establishment, operation and certification of ISMS, even for private enterprises. The purpose of this study is to examine the factors influencing the certification intention of ISMS using EFA (Exploratory Factor Analysis) and regression analysis. We identified expectation factors for certification of ISMS from 13 elements using EFA (Strengthening practical ability & economic effect factor and Improvement of security level & handling incident factor). Next, we examined that the certification intention of ISMS using regression analysis. As a result of regression analysis, Strengthening practical ability & economic effect factor is not significant for the certification intention of ISMS (p<.05). Also, Improvement of security level & handling incident factor have a significant and positive effect on the certification intention of ISMS (p<.05).
A Proposal of Enhanced Personal Information Security management Framework of Consigning of Personal Information
Ko, Youngdai-Dai ; Lee, Sang-Jin ;
Journal of the Korea Institute of Information Security and Cryptology, volume 25, issue 2, 2015, Pages 383~393
DOI : 10.13089/JKIISC.2015.25.2.383
Recently, the number of companies consigning their personal information management work has been increasing; they consign the work for various reasons and purposes, for example, in order to reduce costs related to personal information managers, improve efficiency through professional performance and to improve service quality. As such, since the cases where an consigning agency - not the personal information manager - handles personal information are increasing due to the increase of consigning of the personal information management work, we need to concerned with and pay attention to how much such agency makes efforts for personal information protection. In this regard, this study suggests a plan for efficient management of the agency during the course of consigning work as well as a list of requirements for personal information protection to be considered in each phase of the following; establishment of personal information protection framework for all consigning work processes, selection of consigning agency, execution of consigning contract, operation and management of consigning work, and termination of contract.
A method for quantitative measuring the degree of damage by personal information leakage
Kim, Pyong ; Lee, Younho ; Khudaybergenov, Timur ;
Journal of the Korea Institute of Information Security and Cryptology, volume 25, issue 2, 2015, Pages 395~410
DOI : 10.13089/JKIISC.2015.25.2.395
This research defines the degree of the threat caused by the leakage of personal information in a quantitative way. The proposed definition classifies the individual items in a personal data, then assigns a risk value to each item. The proposed method considers the increase of the risk by the composition of the multiple items. We also deals with various attack scenarios, where the attackers seek different types of personal information. The concept of entropy applies to associate the degree of the personal information exposed with the total risk value. In our experiment, we measured the risk value of the Facebook users with their public profiles. The result of the experiment demonstrates that they are most vulnerable against stalker attacks among four possible attacks with the personal information.
A study on detection methodology of threat on cars from the viewpoint of IoT
Kwak, Byung Il ; Han, Mi Ran ; Kang, Ah Reum ; Kim, Huy Kang ;
Journal of the Korea Institute of Information Security and Cryptology, volume 25, issue 2, 2015, Pages 411~421
DOI : 10.13089/JKIISC.2015.25.2.411
These days, a conversion of the fast-advancing ICT (Information and Communications Technologies) and the IoT (Internet of Things) has been in progress. However, these conversion Technology could lead to many of the security threat existing in the ICT environment. The security threats of car in the IoT environment could cause the property damage and casualty. There are the inadequate preparations for the car security and the difficulty of detection for the security threats by itself. In this paper, we proposed the decision-making framework for the anomaly detection and found out what are the threats of car in the IoT environment. The discrimination of the factor, path and type of threats from the attack against the car should take priority over the self-inspection and the swift handling of the attack on control system.
The Proposal of IoT products tracking and inventory management system using IPv6 based on static IP
Lee, Jeong-Min ; Ahn, Jong-Chang ; Lee, Ook ;
Journal of the Korea Institute of Information Security and Cryptology, volume 25, issue 2, 2015, Pages 423~437
DOI : 10.13089/JKIISC.2015.25.2.423
The IPv6 which solved the exhaustion problem of IPv4's IP address is going to be used for many kinds of industries. As a result, there are some products which can be connected to other connectable things, it called Internet of Things (IoT). With growing new propagated products including networking, each product can get an IP address of IPv6, which means it is possible that things also have their own IP addresses. Thus, IP address management system is more important and needs tracking and collecting system for unused products with IP addresses. This study suggests new distribution tracking and inventory management system for IoT products, which offers a current location of things and manages stocks in the warehouse with the static IP address and the location-based service.
Design and Implementation of The Capability Token based Access Control System in the Internet of Things
Lee, Bum-Ki ; Kim, Mi-Sun ; Seo, Jae-Hyun ;
Journal of the Korea Institute of Information Security and Cryptology, volume 25, issue 2, 2015, Pages 439~448
DOI : 10.13089/JKIISC.2015.25.2.439
IoT (Internet of Things) propels current networked communities into a advanced hyper-connected society/world where uniquely identifiable embedded computing devices are associated with the existing internet infrastructure. Therefore, the IoT services go beyond mere M2M (Machine-to-Machine communications) and should be able to empower users with more flexible communication capabilities over protocols, domains, and applications. In addition, The access control in IoT need a differentiated methods from the traditional access control to increase a security and dependability. In this paper, we describe implementation and design of the capability token based system for secure access control in IoT environments. In the proposed system, Authorities are symbolized into concepts of the capability tokens, and the access control systems manage the tokens, creation, (re)delegation and revocation. The proposed system is expected to decrease the process time of access control by using capability tokens.
Side channel Attacks on LEA and Its Countermeasures
Park, Jin-Hak ; Kim, Tae-Jong ; An, Hyun-Jin ; Won, Yoo-Seung ; Han, Dong-Guk ;
Journal of the Korea Institute of Information Security and Cryptology, volume 25, issue 2, 2015, Pages 449~456
DOI : 10.13089/JKIISC.2015.25.2.449
Recently, information security of IoT(Internet of Things) have been increasing to interest and many research groups have been studying for cryptographic algorithms, which are suitable for IoT environment. LEA(Lightweight Encryption Algorithm) developed by NSRI(National Security Research Institute) is commensurate with IoT. In this paper, we propose two first-order Correlation Power Analysis(CPA) attacks for LEA and experimentally demonstrate our attacks. Additionally, we suggest the mask countermeasure for LEA defeating our attacks. In order to estimate efficiency for the masked LEA, its operation cost is compared to operation time of masked AES.
Side Channel Attacks on HIGHT and Its Countermeasures
Kim, Tae-Jong ; Won, Yoo-Seung ; Park, Jin-Hak ; An, Hyun-Jin ; Han, Dong-Guk ;
Journal of the Korea Institute of Information Security and Cryptology, volume 25, issue 2, 2015, Pages 457~465
DOI : 10.13089/JKIISC.2015.25.2.457
Internet of Things(IoT) technologies should be able to communication with various embedded platforms. We will need to select an appropriate cryptographic algorithm in various embedded environments because we should consider security elements in IoT communications. Therefore the lightweight block cryptographic algorithm is essential for secure communication between these kinds of embedded platforms. However, the lightweight block cryptographic algorithm has a vulnerability which can be leaked in side channel analysis. Thus we also have to consider side channel countermeasure. In this paper, we will propose the scenario of side channel analysis and confirm the vulnerability for HIGHT algorithm which is composed of ARX structure. Additionally, we will suggest countermeasure for HIGHT against side channel analysis. Finally, we will explain how much the effectiveness can be provided through comparison between countermeasure for AES and HIGHT.
Design of Improved Authentication Protocol for Sensor Networks in IoT Environment
Kim, Deuk-Hun ; Kwak, Jin ;
Journal of the Korea Institute of Information Security and Cryptology, volume 25, issue 2, 2015, Pages 467~478
DOI : 10.13089/JKIISC.2015.25.2.467
Recently interest in Internet of Things(IoT) is increasing, and a variety of the security technologies that are suitable for Internet of Things has being studied. Especially sensor network area of the device is an increased using and diversified for a low specification devices because of characteristic of the Internet of Things. However, there is difficulty in directly applying the security technologies such as the current authentication technologies to a low specification device, so also increased security threats. Therefore, authentication protocol between entities on the sensor network communication in Internet of Things has being studied. In 2014, Porambage et al. suggested elliptic curve cryptography algorithm based on a sensor network authentication protocol for advance security of Internet of Things environment, but it is vulnerability exists. Accordingly, in this paper, we analyze the vulnerability in elliptic curve cryptography algorithm based on authentication protocol proposed by Porambage et al. and propose an improved authentication protocol for sensor networks in Internet of Things environment.
Group Key Management Method for Secure Device in Smart Home Environment
Ryu, Ho-Seok ; Kwak, Jin ;
Journal of the Korea Institute of Information Security and Cryptology, volume 25, issue 2, 2015, Pages 479~487
DOI : 10.13089/JKIISC.2015.25.2.479
According to IT development, smart home services is providing remote service, monitoring service and other various services through smart home devices based on network. But, smart home environment exists security threats such as data falsification, illegal authentication and invasion of privacy through a malicious device. Smart home is studying to prevent these security threats, but the studies of smart home environment security are still in early stage of development and the studies of group key management method is lacking in smart home. In this paper, we propose the group key management method for secure device in smart home.