• Title, Summary, Keyword: cryptographic

Search Result 730, Processing Time 0.032 seconds

A Study on the Policy of Cryptographic Module Verification Program (암호모듈 검증 정책에 관한 연구)

  • Choi, Myeong-Gil;Jeong, Jae-Hun
    • Journal of the Korea Academia-Industrial cooperation Society
    • /
    • v.12 no.1
    • /
    • pp.255-262
    • /
    • 2011
  • The advancement of information and communication technology has caused a few dysfunction such as hacking. To keep an organization from a harmful hacking, demands for cryptographic modules have been increased. However, the evaluation criteria of cryptographic modules in Korea have been less firmly established. It is difficult for the consumers of cryptographic module to choose an appropriate cryptographic module, and to establish interoperability between applications and cryptographic modules. This study analyzes evaluation criteria, evaluation processes and evaluation policy of CMVP(Cryptographic Module Verification Program) in the advanced countries. The paper suggests a policy for Korea CMVP, in resulting a provision of foundations for international standard and cooperations for international cryptographic policies and systems.

암호 모듈 평가 프로그램(CMVP) 분석과 소개

  • 김석우;정성민;박성근;김일준
    • The Magazine of the IEIE
    • /
    • v.30 no.6
    • /
    • pp.624-637
    • /
    • 2003
  • CMVP(Cryptographic Module Validation Program) validates cryptographic modules to FIPS 140-1, 2, and other FIPS cryptography based standards. This paper gives an overview of the CMVP, cryptographic modules, cryptographic algorithms, and the applicable standards. This provides a brief overview of the security requirements that must be met by each cryptographic module that is submitted to a CMT laboratory for conformance testing and describes the Cryptographic Algorithm Testing.

  • PDF

Study on Selftest Requirements in Cryptographic Module Validation Program with FIPS-OpenSSL Source Code Analysis (FIPS-OpenSSL 코드 분석을 통한 암호모듈 자가시험 보안요구사항 분석)

  • Seo, Seog Chung
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.29 no.5
    • /
    • pp.985-996
    • /
    • 2019
  • This paper analyzes the source code of FIPS-OpenSSL cryptographic module approved as FIPS cryptographic module in USA and shows how the selftest requirements are implemented as software cryptographic library with respect to pre-operational test and conditional tests. Even though FIPS-OpenSSL follows FIPS 140-2 standard, lots of security requirements are similar between FIPS 140-2 and Korean cryptographic module validation standards. Therefore, analysis from this paper contributes to help Korean cryptographic module vendors develop correct and secure selftest functions on their own cryptographic modules, which results in reducing the test period.

The Considerable Security Issues on the Security Enforcement of Cryptographic Technology in Finance Fields (금융부문 암호기술의 안전성 강화를 위한 보안고려사항)

  • Kim, Young-Tae;Lee, Su-Mi;Noh, Bong-Nam
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.19 no.4
    • /
    • pp.137-142
    • /
    • 2009
  • By known attacks against cryptographic technology and decline of security, internal and external major institutions have defined their recommendations in kinds, expiration, safe parameters of cryptographic technology and so on. Internal financial fields will change some cryptographic technology to follow these recommendations. To keep strong security of financial systems against sudden security changes of cryptographic technology, this article finds pre-steps : status of applied cryptographic technology, selection of vulnerable cryptographic technology. And plans for management of cryptographic technology in financial fields will be proposed.

An Experimental Study of Private Key and Secret Key Disclosure Vulnerability in Cryptographic Service Provider(CSP) Module (Cryptographic Service Provider(CSP) 모듈의 개인키/비밀키 노출 취약점에 대한 실험적 연구)

  • Park, Jin-Ho;Cho, Jae-Ik;Im, Eul-Gyu
    • Convergence Security Journal
    • /
    • v.7 no.3
    • /
    • pp.61-70
    • /
    • 2007
  • In Windows operating system, CSPs(Cryptographic Service Providers) are provided for offering a easy and convenient way of using an various cryptographic algorithms to applications. The applications selectively communicate with various CSPs through a set of functions known as the Crypto API(Cryptographic Application Program Interface). During this process, a secure method, accessing data using a handle, is used in order to prevent analysis of the passing parameters to function between CryptoAPI and CSPs. In this paper, our experiment which is using a novel memory traceback method proves that still there is a vulnerability of private key and secret key disclosure in spite of the secure method above-mentioned.

  • PDF

Lightweight and adaptable solution for security agility

  • Vasic, Valter;Mikuc, Miljenko;Vukovic, Marin
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.10 no.3
    • /
    • pp.1212-1228
    • /
    • 2016
  • Secure communication is an important aspect of today's interconnected environments and it can be achieved by the use of cryptographic algorithms and protocols. However, many existing cryptographic mechanisms are tightly integrated into communication protocols. Issues emerge when security vulnerabilities are discovered in cryptographic mechanisms because their replacement would eventually require replacing deployed protocols. The concept of cryptographic agility is the solution to these issues because it allows dynamic switching of cryptographic algorithms and keys prior to and during the communication. Most of today's secure protocols implement cryptographic agility (IPsec, SSL/TLS, SSH), but cryptographic agility mechanisms cannot be used in a standalone manner. In order to deal with the aforementioned limitations, we propose a lightweight cryptographically agile agreement model, which is formally verified. We also present a solution in the Agile Cryptographic Agreement Protocol (ACAP) that can be adapted on various network layers, architectures and devices. The proposed solution is able to provide existing and new communication protocols with secure communication prerequisites in a straightforward way without adding substantial communication overhead. Furthermore, it can be used between previously unknown parties in an opportunistic environment. The proposed model is formally verified, followed by a comprehensive discussion about security considerations. A prototype implementation of the proposed model is demonstrated and evaluated.

Implementation of IPSec Cryptographic Processor Based AMBA Architecture (AMBA(Advanced Microcontroller Bus Architecture) 기반의 IPSec 암호 프로세서의 구현)

  • Hwang, Jae-Jin;Choi, Myung-Ryul
    • Proceedings of the KIEE Conference
    • /
    • /
    • pp.123-125
    • /
    • 2004
  • The importance for Internet security has being increased and the Internet Protocol Security (IPSec) standard, which incorporates cryptographic algorithms, has been developed as one solution to this problem. IPSec provides security services in IP-Layer using IP Authentication Header (AH) and IP Encapsulation Security Payload (ESP). In this paper, we propose IPSec cryptographic processor design based AMBA architecture. Our design which is comprised Rijndael cryptographic algorithm and HAMC-SHA-1 authentication algorithm supports the cryptographic requirements of IP AH, IP ESP, and any combination of these two protocols. Also, our IPSec cryptographic processor operates as AMBA AHB Slave. We designed IPSec cryptographic processor using Xilinx ISE 5.2i and VHDL, and implemented our design using Xilinx's FPGA Vertex XCV600E.

  • PDF

Hardware Implementation of A Cryptographic System for Contents Protection (콘텐츠 보호용 암호가속카드의 설계 및 구현)

  • Lee Wan-Bok;Roh Chang-Hyun;Kim Joo-Han
    • Proceedings of the Korea Contents Association Conference
    • /
    • /
    • pp.543-547
    • /
    • 2005
  • Implementing a hardware cryptographic system is strongly required to assure high Qualify contents security. Not only because the many of the prevalent cryptographic algorithms require much computation time but also software implementations of cryptographic systems do not guarantee high performance, we need to design a hardware cryptographic system with a dedicated crypto-chip. This paper describes a case study of implementing a PCI cryptographic card which supports cryptographic algorithms such as 3DES, AES, SEED.

  • PDF

Design of Cryptographic Hardware Architecture for Mobile Computing

  • Kim, Moo-Seop;Kim, Young-Sae;Cho, Hyun-Sook
    • Journal of Information Processing Systems
    • /
    • v.5 no.4
    • /
    • pp.187-196
    • /
    • 2009
  • This paper presents compact cryptographic hardware architecture suitable for the Mobile Trusted Module (MTM) that requires low-area and low-power characteristics. The built-in cryptographic engine in the MTM is one of the most important circuit blocks and contributes to the performance of the whole platform because it is used as the key primitive supporting digital signature, platform integrity and command authentication. Unlike personal computers, mobile platforms have very stringent limitations with respect to available power, physical circuit area, and cost. Therefore special architecture and design methods for a compact cryptographic hardware module are required. The proposed cryptographic hardware has a chip area of 38K gates for RSA and 12.4K gates for unified SHA-1 and SHA-256 respectively on a 0.25um CMOS process. The current consumption of the proposed cryptographic hardware consumes at most 3.96mA for RSA and 2.16mA for SHA computations under the 25MHz.

Evaluation system of dynamically changing cryptographic algorithms using the SEBSW-1:PCI-based encryption and decryption PC board

  • Kajisaki, Hirotsugu;Kurokawa, Takakazu
    • Proceedings of the IEEK Conference
    • /
    • /
    • pp.145-148
    • /
    • 2002
  • In a network communication process, cryptographic algorithms play important role for secure process. This paper presents a new system architecture named "DCCS." This system can handle flexible operations of both cryptographic algorithms and the keys. For experimental evaluation, two representative cryptographic algorithms DES and Triple-DES are designed and implemented into an FPGA chip on the SEBSW-1. Then the developed board is confirmed to change its cryptographic algorithms dynamically. Also its throughput confirmed the ability of the real-time net-work use of the designed system.

  • PDF