Go to the main menu
Skip to content
Go to bottom
REFERENCE LINKING PLATFORM OF KOREA S&T JOURNALS
> Journal Vol & Issue
Journal of the Korea Institute of Information Security and Cryptology
Journal Basic Information
Journal DOI :
Korea Institutes of Information Security and Cryptology
Editor in Chief :
Volume & Issues
Volume 26, Issue 4 - Aug 2016
Volume 26, Issue 3 - Jun 2016
Volume 26, Issue 2 - Apr 2016
Volume 26, Issue 1 - Feb 2016
Selecting the target year
Simple Credit Card Payment Protocols Based on SSL and Passwords
Kim, Seon Beom ; Kim, Min Gyu ; Park, Jong Hwan ;
Journal of the Korea Institute of Information Security and Cryptology, volume 26, issue 3, 2016, Pages 563~572
DOI : 10.13089/JKIISC.2016.26.3.563
Recently, a plenty of credit card payment protocols have been proposed in Korea. Several features of proposed protocols include: using passwords for user authentication in stead of official certificate for authenticity, and no need to download additional security module via ActiveX into user's devices. In this paper, we suggest two new credit card payment protocols that use both SSL(Security Socket Layer) as a standardized secure transaction protocol and password authentication to perform online shopping and payment. The first one is for the case where online shopping mall is different from PG(Payment Gateway) and can be compared to PayPal-based payment methods, and the second one is for the case where online shopping mall is the same as PG and thus can be compared to Amazon-like methods. Two proposed protocols do not require users to perform any pre-registration process which is separate from an underlying shopping process, instead users can perform both shopping and payment into a single process in a convenient way. Also, users are asked to input a distinct payment password, which increases the level of security in the payment protocols. We believe that two proposed protocols can help readers to better understand the recent payment protocols that are suggested by various vendors, and to analyze the security of their payment protocols.
IAM Architecture and Access Token Transmission Protocol in Inter-Cloud Environment
Kim, Jinouk ; Park, Jungsoo ; Yoon, Kwonjin ; Jung, Souhwan ;
Journal of the Korea Institute of Information Security and Cryptology, volume 26, issue 3, 2016, Pages 573~586
DOI : 10.13089/JKIISC.2016.26.3.573
With the adoption of cloud computing, the number of companies that take advantage of cloud computing has increased. Additionally, various of existing service providers have moved their service onto the cloud and provided user with various cloud-based service. The management of user authentication and authorization in cloud-based service technology has become an important issue. This paper introduce a new technique for providing authentication and authorization with other inter-cloud IAM (Identity and Access Management). It is an essential and easy method for data sharing and communication between other cloud users. The proposed system uses the credentials of a user that has already joined an organization who would like to use other cloud services. When users of a cloud provider try to obtain access to the data of another cloud provider, part of credentials from IAM server will be forwarded to the cloud provider. Before the transaction, Access Agreement must be set for granting access to the resource of other Organization. a user can access the resource of other organization based on the control access configuration of the system. Using the above method, we could provide an effective and secure authentication system on the cloud.
A New Scalar Recoding Method against Side Channel Attacks
Ryu, Hyo Myoung ; Cho, Sung Min ; Kim, TaeWon ; Kim, Chang han ; Hong, Seokhie ;
Journal of the Korea Institute of Information Security and Cryptology, volume 26, issue 3, 2016, Pages 587~601
DOI : 10.13089/JKIISC.2016.26.3.587
In this paper we suggest method for scalar recoding which is both secure against SPA and DPA. Suggested method is countermeasure to power analysis attack through scalar recoding using negative expression. Suggested method ensures safety of SPA by recoding the operation to apply same pattern to each digit. Also, by generating the random recoding output according to random number, safety of DPA is ensured. We also implement precomputation table and modified scalar addition algorithm for addition to protect against SPA that targets digit's sign. Since suggested method itself can ensure safety to both SPA and DPA, it is more effective and efficient. Through suggested method, compared to previous scalar recoding that ensures safety to SPA and DPA, operation efficiency is increased by 11%.
Design of Extendable QCA 4-to-2 Encoder Based on Majority Gate
Kim, Tae-Hwan ; Jeon, Jun-Cheol ;
Journal of the Korea Institute of Information Security and Cryptology, volume 26, issue 3, 2016, Pages 603~608
DOI : 10.13089/JKIISC.2016.26.3.603
Encoding means converting or processing form or format of information into the other forms to standardize, secure, improve processing speed, store saving spaces and etc. Also, Encoding is converting the information so as to do transmit other form on the sender's information to the receiver in Information-Communication. The device that is conducting the processing is called the encoder. In this dissertation, proposes an encoder of the most basic 4-to-2 encoder. proposed encoder consists of two OR-gate and the proposed structure designs and optimize the spacing of the cell for the purpose of minimizing noise between wiring. Through QCADesigner conducts simulation of the proposed encoder and analyzes the results confirm the effectiveness.
A Brief Consideration on the Security of Hash-Based Authenticator
Byun, Jin Wook ;
Journal of the Korea Institute of Information Security and Cryptology, volume 26, issue 3, 2016, Pages 609~612
DOI : 10.13089/JKIISC.2016.26.3.609
Authenticated key exchange protocol achieves its authentication by using hash-based authenticator with input of common message and session key that agrees between participants. In the letter, we show that this approach cannot satisfy the entire security, through a recent example protocol that is proposed by Tsai et al, 2014, if the input of authenticator has been insecurely designed.
Error Control Protocol and Data Encryption Mechanism in the One-Way Network
Ha, Jaecheol ; Kim, Kihyun ;
Journal of the Korea Institute of Information Security and Cryptology, volume 26, issue 3, 2016, Pages 613~621
DOI : 10.13089/JKIISC.2016.26.3.613
Since the error control problem is a critical and sensitive issue in the one-way network, we can adopt a forward error correction code method or data retransmission method based on the response of reception result. In this paper, we propose error control method and continuous data transmission protocol in the one-way network which has unidirectional data transmission channel and special channel to receive only the response of reception result. Furthermore we present data encryption and key update mechanism which is based on the pre-shared key distribution scheme and suggest some ASDU(Application Service Data Unit) formats to implement it in the one-way network.
A Study of Implementing Efficient Rotation for ARX Lightweight Block Cipher on Low-level Microcontrollers
Kim, Minwoo ; Kwon, Taekyoung ;
Journal of the Korea Institute of Information Security and Cryptology, volume 26, issue 3, 2016, Pages 623~630
DOI : 10.13089/JKIISC.2016.26.3.623
Heterogeneous IoT devices must satisfy a certain level of security for mutual connections and communications. However, a performance degradation of cryptographic algorithms in resource constrained devices is inevitable and so an optimization or efficient implementation method is necessary. In this paper, we study an efficient implementation method for rotation operations regarding registers for running ARX lightweight block ciphers. In a practical sense, we investigate the performance of modified rotation operations through experiments using real experiment devices. We show the improved performance of modified rotation operations and discover the significant difference in measured performance between simulations and real experiments, particularly for 16-bit MSP microcontrollers.
Efficient Optimization Method for Polynomial Selection
Kim, Suhri ; Kwon, Heetaek ; Lee, Yongseong ; Chang, Nam Su ; Yoon, Kisoon ; Kim, Chang Han ; Park, Young-Ho ; Hong, Seokhie ;
Journal of the Korea Institute of Information Security and Cryptology, volume 26, issue 3, 2016, Pages 631~643
DOI : 10.13089/JKIISC.2016.26.3.631
Currently, General Number Field Sieve(GNFS) is known as the most efficient way for factoring large numbers. CADO-NFS is an open software based on GNFS, that was used to factor RSA-704. Polynomial selection in CADO-NFS can be divided into two stages - polynomial selection, and optimization of selected polynomial. However, optimization of selected polynomial in CADO-NFS is an immense procedure which takes 90% of time in total polynomial selection. In this paper, we introduce modification of optimization stage in CADO-NFS. We implemented precomputation table and modified optimization algorithm to reduce redundant calculation for faster optimization. As a result, we select same polynomial as CADO-NFS, with approximately 40% decrease in time.
Methodology for Intercepting the Ransomware Attacks Using File I/O Intervals
Youn, Jung-moo ; Jo, Je-geong ; Ryu, Jae-cheol ;
Journal of the Korea Institute of Information Security and Cryptology, volume 26, issue 3, 2016, Pages 645~653
DOI : 10.13089/JKIISC.2016.26.3.645
Ransomware was first created in 1999, but its existence become widely known in Korean by 2015. As information and communication technology have developed, the storage capacity of computer has enlarged, it accordingly is getting more important to effectively manage these information, rather than the information itself. In such situation, the ransomware break into other people's computer and encrypt an files without a user's permission. So, it adversely affect the user. In this paper, we monitor an access of a specific process to the file. And on the basis of this monitoring information, we detect whether the abnormal approach happened. Through the detection result, we block the permission about access to the file for a specific process. Using this method, we propose a blocking technique for the ransomeware's abnormal approach and encryption to the files.
An Analysis of Detection of Malicious Packet Dropping and Detour Scheme in IoT based on IPv6
Choi, Jaewoo ; Kwon, Taekyoung ;
Journal of the Korea Institute of Information Security and Cryptology, volume 26, issue 3, 2016, Pages 655~659
DOI : 10.13089/JKIISC.2016.26.3.655
In this paper, we propose new detection and detour methods against packet drop attacks for availability in the Internet of Things (IoT) based on the IEEE 802.15.4e and RPL protocol standards that employ IPv6. We consider the rank value of RPL and the consecutive packet drops to improve the detection metrics, and also take into account the use of both sibling and child nodes on a RPL routing path to construct the detour method. Our simulation results show that the proposed detection method is faster than the previous result, and the detour method improves the detour success rate.
A Method to Improve Energy Efficiency for IoT Using SSL/TLS on Wireless Network
Chung, Jin Hee ; Cho, Tae Ho ;
Journal of the Korea Institute of Information Security and Cryptology, volume 26, issue 3, 2016, Pages 661~666
DOI : 10.13089/JKIISC.2016.26.3.661
The Internet of Things (IoT) is an infrastructure of physical objects that could be connected to the Internet. Most of these are low performance to ensure a reasonable cost for the smart physical objects. Thus, these devices usually use a lightweight messaging protocol: message queue telemetry transport with SSL/TLS. Cipher suites in device are fixed by default and selected based on preference in SSL/TLS. However, the selected cipher suite provides high security level more than expected. This limitation causes energy waste and overhead of devices. In order to counter this problem, we proposed fuzzy logic based cipher suite decision method to improve energy efficiency. Our proposed method saved 36.03% energy.
A Study on Detecting of an Anonymity Network and an Effective Counterstrategy in the Massive Network Environment
Seo, Jung-woo ; Lee, Sang-jin ;
Journal of the Korea Institute of Information Security and Cryptology, volume 26, issue 3, 2016, Pages 667~678
DOI : 10.13089/JKIISC.2016.26.3.667
Due to a development of the cable/wireless network infra, the traffic as big as unable to compare with the past is being served through the internet, the traffic is increasing every year following the change of the network paradigm such as the object internet, especially the traffic of about 1.6 zettabyte is expected to be distributed through the network in 2018. As the network traffic increases, the performance of the security infra is developing together to deal with the bulk terabyte traffic in the security equipment, and is generating hundreds of thousands of security events every day such as hacking attempt and the malignant code. Efficiently analyzing and responding to an event on the attack attempt detected by various kinds of security equipment of company is one of very important assignments for providing a stable internet service. This study attempts to overcome the limit of study such as the detection of Tor network traffic using the existing low-latency by classifying the anonymous network by means of the suggested algorithm about the event detected in the security infra.
A Practical Attack on In-Vehicle Network Using Repacked Android Applications
Lee, Jung Ho ; Woo, Samuel ; Lee, Se Young ; Lee, Dong Hoon ;
Journal of the Korea Institute of Information Security and Cryptology, volume 26, issue 3, 2016, Pages 679~691
DOI : 10.13089/JKIISC.2016.26.3.679
As vehicle started to contain many different communication devices, collecting external information became possible in IoT environment. In such environment, remotely controling vehicle is possible when vehicle information is obtained by looking in to vehicle network through smart device. However, android based smart device applications are vulnerable to malicious modulation and redistribution. Modulated android application can lead to vehicle information disclosure that could bring about vehicle control accident which becomes threat to drivers. furthermore, since vehicles today does not contain security methods to protect it, they are very vulnerable to security threats which can cause serious damage to users and properties. In this paper, many different vehicle management android applications that are sold in Google Play has been analyzed. With this information, possible threats that could happen in vehicle management applications are being analysed to prove the risks. the experiment is done on actual vehicle to prove the risks. Also, access control method to protect the vehicle against malicious actions that could happen through external network in IoT environment is suggested in the paper.
Coward Analysis based Spam SMS Detection Scheme
Oh, Hayoung ;
Journal of the Korea Institute of Information Security and Cryptology, volume 26, issue 3, 2016, Pages 693~700
DOI : 10.13089/JKIISC.2016.26.3.693
Analyzing characteristics of spam text messages had limitations since spam datasets are typically difficult to obtain publicly and previous studies focused on spam email. Although existing studies, such as through the use of spam e-mail characterization and utilization of data mining techniques, there are limitations that influence is limited to high spam detection techniques using a single word character. In this paper, we reveal the characteristics of the spam SMS based on experiment and analysis from different perspectives and propose coward analysis based spam SMS detection scheme with a publicly disclosed spam SMS from the University of Singapore. With the extensive performance evaluations, we show false positive and false negative of the proposed method is less than 2%.
Study on Privacy in the IPTV Broadcasting Service
Lee, Jinhyuk ; Kim, Seungjoo ;
Journal of the Korea Institute of Information Security and Cryptology, volume 26, issue 3, 2016, Pages 701~712
DOI : 10.13089/JKIISC.2016.26.3.701
Jeon, Changuk ; Yoo, Jinho ;
Journal of the Korea Institute of Information Security and Cryptology, volume 26, issue 3, 2016, Pages 713~724
DOI : 10.13089/JKIISC.2016.26.3.713
In providing services by using informations of each client, business managers have duties to maintain the personal information under the procedure of collecting, storing, using/providing, and destroying them. Besides, they also have duties to inform their clients, the subject of the personal information, of how to manage and use their client's informations. In this study, the privacy policies, stipulated at domestic and foreign portals will be compared with one another, and the differences between domestic and foreign portals will be shown. The implication in each field and categories of domestic web sites will be found.
A Study on Introducing Security Certification for Control Systems
Choi, Hoyeol ; Kim, Daeyeong ; Shin, Hyungjune ; Hahn, Changhee ; Hur, Junbeom ;
Journal of the Korea Institute of Information Security and Cryptology, volume 26, issue 3, 2016, Pages 725~734
DOI : 10.13089/JKIISC.2016.26.3.725
SCADA(Supervisory Control and Data Acquisition) system is widely used for remote monitoring and control throughout the domestic industry. Due to a recent breach of security on SCADA systems, such as Stuxnet, the need of correctly established secure certification of a control system is growing. Currently, EDSA-CRT (Embedded Device Security Assurance-Communication Robustness Test), which tests the ability to provide core services properly in a normal/abnormal network protocol, is only focused on the testing of IP-based protocols such as IP, ARP, TCP, etc. Thus, in this paper, we propose test requirements for DNP3 protocol based on EDSA-CRT. Our analysis show that the specific test cases provide plentiful evidences that DNP3 should follow based on its functional requirements. As a result, we propose 33 specific test case for DNP3 protocol.
A Preliminary Research on the Impact of Perception of Personal Information Leakage Incidents on the Behavior of Individual Information Management in the Mobile Banking Contexts
Kim, Jungduk ; Lim, Se-Hun ;
Journal of the Korea Institute of Information Security and Cryptology, volume 26, issue 3, 2016, Pages 735~744
DOI : 10.13089/JKIISC.2016.26.3.735
Recently, personal information leakage incidents with increased usage of mobile services are increasing. Personal information leakage incidents can have a significant impact on an individual's mobile banking services. Accordingly, we examine relationships among individual's psychological characteristics, intention and behavior regarding compliance in an individual's perception on personal information leakage incidents in mobile banking contexts. In this study, for explaining our research model and understanding with personal psychology and behavior in mobile banking contexts, we adopted two theories, theory of interpersonal behavior and stimulus-response theory. We collected the 55 data using online surveyor and then analyzed structural equation model in order to find causal relationships among research variables. The results of this study should be useful to the mobile banking services companies in promoting service users to follow the information privacy policies.
Redundancy assessment of PIMS and PIPL by parsing
Kim, So-Ra ; Kim, Tae-Sung ;
Journal of the Korea Institute of Information Security and Cryptology, volume 26, issue 3, 2016, Pages 745~756
DOI : 10.13089/JKIISC.2016.26.3.745
As infringement accidents of personal information have often occurred and estimates of damages are too large, the government introduces many certifications related with personal information management system for protecting personal information. Among them, PIMS and PIPL share many points in common, so many complaints about duplicate regulation have been suggested. This study evaluates the duplication of two certifications in order to examine redundancy between PIMS and PIPL both of which have been controversial.
An Analysis of Password Meters for Domestic Web Sites
Kim, KyoungHoon ; Kwon, Taekyoung ;
Journal of the Korea Institute of Information Security and Cryptology, volume 26, issue 3, 2016, Pages 757~767
DOI : 10.13089/JKIISC.2016.26.3.757
Password authentication is the representative user authentication method and particularly text-based passwords are most widely used. Unfortunately, most users select weak passwords and so many web sites provide a password meter that measures password strength to derive the users to select strong passwords. However, some metering results are not consistent and incorrect strength feedbacks are made. In this paper, we tackle these problems regarding password meters and present an improvement direction.
A Study on the Short Term Curriculum for Strengthening Information Security Capability in Public Sector
Yun, Joobeom ;
Journal of the Korea Institute of Information Security and Cryptology, volume 26, issue 3, 2016, Pages 769~776
DOI : 10.13089/JKIISC.2016.26.3.769
Recently, cyber attacks are continuously threatening the cyberspace of the state across the border. Such cyber attacks show a surface which is intelligent and sophisticated level that can paralyze key infrastructure in the country. It can be seen well in cases, such as hacking threat of nuclear power plant, 3.20 cyber terrorism. Especially in public institutions of the country in which there is important information of the country, advanced prevention is important because the large-scale damage is expected to such cyber attacks. Technical support is also important, but by improving the cyber security awareness and security expert knowledge through the cyber security education to the country's public institutions workers is important to raise the security level. This paper suggest education courses for the rise of the best security effect through a short-term course for the country's public institutions workers.
A Case Study on Program Outcomes Assessment of Information Security Program for Engineering Education Accreditation
Chung, Weonil ; Oh, Soo-Hyun ; Kim, Hwankoo ;
Journal of the Korea Institute of Information Security and Cryptology, volume 26, issue 3, 2016, Pages 777~785
DOI : 10.13089/JKIISC.2016.26.3.777
Engineering education accreditation addresses evaluation for program outcomes according to educational objectives and assessment process, which students are expected to obtain by the time of graduation in order to train international competitive engineers with continuous quality improvement in engineering programs. This paper shows a case study of a program outcomes assessment system including performance criteria, evaluation process, document system and continuous quality improvement process and an achievement evaluation by the assessment system for program outcomes in Information Security Program of Hoseo university.
Teaching Book and Tools of Elementary Network Security Learning using Gamification Mechanism
Lee, Donghyeok ; Park, Namje ;
Journal of the Korea Institute of Information Security and Cryptology, volume 26, issue 3, 2016, Pages 787~797
DOI : 10.13089/JKIISC.2016.26.3.787
This paper is directed for the information security education of the elementary students. The dependence on human involvement and human behavior to protect information assets necessitates an information security education to make the awareness of their roles and responsibilities towards information security. The information security education is needed even to elementary school students. The information security learning model integrating knowledge, attitudes, and ways to practice was developed, and the teaching plan and learning material hand-out were accordingly made out. As the test result analysis, it was verified that the developed teaching tools of elementary network security learning using gamification mechanism was effective to help the students learn the knowledge, attitudes, skills and ways to practice.
A Study on the Distribution Estimation of Personal Data Leak Incidents
Hwang, Yoon-hee ; Yoo, Jinho ;
Journal of the Korea Institute of Information Security and Cryptology, volume 26, issue 3, 2016, Pages 799~808
DOI : 10.13089/JKIISC.2016.26.3.799
To find the pattern of personal data leak incidents and confirm which distribution is suitable for, this paper searched the personal data leak incidents reported by the media from 2011 to 2014. Based on result, this research estimated the statistical distribution using the 'K-S Statistics' and tested the 'Goodness-of-Fit'. As a result, the fact that in 95% significance level, the Poisson & Exponential distribution have high 'Goodness-of-Fit' has been proven quantitatively and, this could find it for major personal data leak incidents to occur 12 times in a year on average. This study can be useful for organizations to predict a loss of personal data leak incidents and information security investments and furthermore, this study can be a data for requirements of the cyber-insurance.
A Case Study of the Impact of a Cybersecurity Breach on a Smart Grid Based on an AMI Attack Scenario
Jun, Hyo-Jung ; Kim, Tae-Sung ;
Journal of the Korea Institute of Information Security and Cryptology, volume 26, issue 3, 2016, Pages 809~820
DOI : 10.13089/JKIISC.2016.26.3.809
The smart grid, a new open platform, is a core application for facilitating a creative economy in the era of the Internet of Things (IoT). Advanced Metering Infrastructure (AMI) is one of the components of the smart grid and a two-way communications infrastructure between the main utility operator and customer. The smart meter records consumption of electrical energy and communicates that information back to the utility for monitoring and billing. This paper investigates the impact of a cybersecurity attack on the smart meter. We analyze the cost to the smart grid in the case of a smart meter attack by authorized users based on a high risk scenario from NESCOR. Our findings could be used by policy makers and utility operators to create investment decision-making models for smart grid security.
Research Trends in Economic Effects of Information Security Certification: Focused on the ISMS (Information Security Management System)
Kong, Hee-Kyung ; Jun, Hyo-Jung ; Lee, Song-Ha ; Kang, Min-Seong ; Kim, Tae-Sung ;
Journal of the Korea Institute of Information Security and Cryptology, volume 26, issue 3, 2016, Pages 821~835
DOI : 10.13089/JKIISC.2016.26.3.821
This study investigates the domestic and international research trends to analyze the economic effects of various information security certification systems. Results of the study can suggest future research topics for researchers, and help make rational decision-making on introducing information security management systems for practitioners.
Effects of Lifelog Experience on Technology Satisfaction and Perception of Right to be Forgotten
Yoon, Il-han ; Kwon, Sun-dong ;
Journal of the Korea Institute of Information Security and Cryptology, volume 26, issue 3, 2016, Pages 837~852
DOI : 10.13089/JKIISC.2016.26.3.837
This study examined the life-log related ICT in terms of both positive effects and adverse effects. As results, from the perspective of positive effects, experience of using life-log related ICT affects the usefulness of ICT, whereas usefulness of ICT affects satisfaction of ICT. From the perspective of adverse effects, experience of using life-log related ICT affects concern over privacy, whereas concern over privacy affects the awareness of the right to be forgotten. And, Internet privacy efficacy moderates the impact of experience of using life-log related ICT and the impact of concern over privacy.