• Title, Summary, Keyword: Crypto library

Search Result 30, Processing Time 0.03 seconds

Design and Implementation of Java Crypto Provider for Android Platform (안드로이드 플랫폼을 위한 자바 보안 프로바이더 설계 및 구현)

  • Son, Mikyung;Kang, Namhi
    • The Journal of Korean Institute of Communications and Information Sciences
    • /
    • v.37C no.9
    • /
    • pp.851-858
    • /
    • 2012
  • Java crypto library such as SUN JCA/JCE or BC JCE is generally used to implement secure applications for smart devices using Android platform. Programming functions written by Java language are launched and executed inside Java Virtual Machine (JVM), thereby difficult to use system hardware specific functionalities and degrading performance as well. In case of crypto primitive, few secure applications can use crypto primitive executing in JVM because both amount of computing and complexity of such primitives are very high. From the aspect of performance, in particular, time sensitive real time applications such as streaming services or secure application frequently applying public key based crypto algorithm cannot use Java crypto library. To solve the problem, we design and implement crypto library which employ JNI and NDK methods to directly access functions that implemented by native language such as C or C++. The proposed Java Crypto provider supports faster execution. Also developer can use our provider in the same way by writing traditional Java crypto library.

Analysis of SSL Communication Process in CNG Crypto Library (CNG 암호 라이브러리에서의 SSL 통신과정 분석)

  • Lee, Kyungroul;Oh, Insu;Lee, Sun-Young;Yim, Kangbin
    • The Journal of Korean Institute of Communications and Information Sciences
    • /
    • v.42 no.5
    • /
    • pp.1027-1037
    • /
    • 2017
  • By a spread of utilizing environment of the CNG library, it is required to analyze its vulnerability. For this reason, in this paper, we analyzed SSL communication process in CNG library. This study is expected to draw vulnerabilities and security threats and improve security criteria for various applications to fully take advantage of the CNG library.

Vulnerability Analysis on the CNG Crypto Library (CNG 암호 라이브러리의 보안 취약점 분석)

  • Lee, Kyungroul;Oh, Insu;Lee, Sun-Young;Yim, Kangbin
    • The Journal of Korean Institute of Communications and Information Sciences
    • /
    • v.42 no.4
    • /
    • pp.838-847
    • /
    • 2017
  • CNG which was released as a substitute of the previous CAPI (Cryptography API) library from Microsoft is constructed with individual modules based on the plug-in architecture, this means CNG is exceedingly helpful in the cost of development as well as the facility of extension. On the opposite side of these advantages, considerations on security issues are quite insufficient. Therefore, a research on security assurance is strongly required in the environment of distributing and utilizing the CNG library, hence, we analyze possible security vulnerabilities on the CNG library. Based on analyzed vulnerabilities, proof-of-concept tools are implemented and vulnerabilities are verified using them. Verified results are that contents of mail, account information of mail server, and authentication information of web-sites such as Amazon, E-bay, Google, and Facebook are exposed in Outlook program and Internet Explorer program using CNG library. We consider that the analyzed result in this paper can improve the security for various applications using CNG library.

A Software Implementation of The Elliptic Curve Digital Signature Algorithm on a Embedded System (임베디드 시스템에서의 ECDSA(Elliptic Curve Digital Signature Algorithm) 구현)

  • Kim, Hyeon-Ik;Kim, Yong-Min;Jeong, Seok-Won;Lee, Sang-Jin;Jeong, Chang-Hun
    • Proceedings of the KIEE Conference
    • /
    • /
    • pp.1014-1017
    • /
    • 2003
  • In this paper, after the crypto acceleration board of the server-termination type is designed, we implement the Elliptic Curve Digital Signature Algorithm on the board that serves data integrity and user authentication. For implementing ECDSA, we use crypto co-processor, MPC180, to reduce the computation burden of main Processor (MPC860) on the board. By using crypto co-processor, the computation efficiency in case prime field is improved more between 90 and 100 times than the software library and between 20 and 90 times in case binary field. Our result is expect to apply for SSL acceleration board.

  • PDF

A Study of Coverage Improvement for Library Fuzzing (라이브러리 퍼징의 커버리지 향상 방법 연구)

  • Kim, Seoyoung;Cho, Mingi;Kim, Jongshin;Kwon, Taekyoung
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.30 no.6
    • /
    • pp.1079-1085
    • /
    • 2020
  • Fuzzing is used to find vulnerabilities for a library. Because library fuzzing only tests the implemented functions, in order to achieve higher code coverage, additional functions that are not implemented should be implemented. However, if a function is added without regard to the calling relationship of the functions in the library, a problem may arise that the function that has already been tested is added. We propose a novel method to improve the code coverage of library fuzzing. First, we analyze the function call graph of the library to efficiently add the functions for library fuzzing, and additionally implement a library function that has not been implemented. Then, we apply a hybrid fuzzing to explore for branches with complex constraints. As a result of our experiment, we observe that the proposed method is effective in terms of increasing code coverage on OpenSSL, mbedTLS, and Crypto++.

Design of an Optimal RSA Crypto-processor for Embedded Systems (내장형 시스템을 위한 최적화된 RSA 암호화 프로세서 설계)

  • 허석원;김문경;이용석
    • The Journal of Korean Institute of Communications and Information Sciences
    • /
    • v.29 no.4A
    • /
    • pp.447-457
    • /
    • 2004
  • This paper proposes a RSA crypto-processor for embedded systems. The architecture of the RSA crypto-processor should be used relying on Big Montgomery algorithm, and is supported by configurable bit size. The RSA crypto-processor includes a RSA control signal generator, an optimal Big Montgomery processor(adder, multiplier). We use diverse arithmetic unit (adder, multiplier) algorithm. After we compared the various results, we selected the optimal arithmetic unit which can be connected with ARM core-processor. The RSA crypto-processor was implemented with Verilog HDL with top-down methodology, and it was verified by C language and Cadence Verilog-XL. The verified models were synthesized with a Hynix 0.25${\mu}{\textrm}{m}$, CMOS standard cell library while using Synopsys Design Compiler. The RSA crypto-processor can operate at a clock speed of 51 MHz in this worst case conditions of 2.7V, 10$0^{\circ}C$ and has about 36,639 gates.

Security Verification of Korean Open Crypto Source Codes with Differential Fuzzing Analysis Method (차분 퍼징을 이용한 국내 공개 암호소스코드 안전성 검증)

  • Yoon, Hyung Joon;Seo, Seog Chung
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.30 no.6
    • /
    • pp.1225-1236
    • /
    • 2020
  • Fuzzing is an automated software testing methodology that dynamically tests the security of software by inputting randomly generated input values outside of the expected range. KISA is releasing open source for standard cryptographic algorithms, and many crypto module developers are developing crypto modules using this source code. If there is a vulnerability in the open source code, the cryptographic library referring to it has a potential vulnerability, which may lead to a security accident that causes enormous losses in the future. Therefore, in this study, an appropriate security policy was established to verify the safety of block cipher source codes such as SEED, HIGHT, and ARIA, and the safety was verified using differential fuzzing. Finally, a total of 45 vulnerabilities were found in the memory bug items and error handling items, and a vulnerability improvement plan to solve them is proposed.

An Efficient Hardware Implementation of ARIA Block Cipher Algorithm (블록암호 알고리듬 ARIA의 효율적인 하드웨어 구현)

  • Kim, Dong-Hyeon;Shin, Kyung-Wook
    • Proceedings of the Korean Institute of Information and Commucation Sciences Conference
    • /
    • /
    • pp.91-94
    • /
    • 2012
  • This paper describes an efficient implementation of ARIA crypto algorithm which is a KS (Korea Standards) block cipher algorithm. The ARIA crypto-processor supports three master key lengths of 128/192/256-bit specified in the standard. To reduce hardware complexity, a hardware sharing is employed, which shares round function in encryption/decryption module with key initialization module. It reduces about 20% of gate counts when compared with straightforward implementation. The ARIA crypto-processor is verified by FPGA implementation, and synthesized with a 0.13-${\mu}m$ CMOS cell library. It has 33,218 gates and the estimated throughput is about 640 Mbps at 100 MHz.

  • PDF

Building an Electronic Approval Module Using Multi-Level Security (다중등급 보안 정책을 적용한 전자결재 모듈의 개발)

  • 김진성;안병혁
    • The Journal of Information Systems
    • /
    • v.11 no.1
    • /
    • pp.175-198
    • /
    • 2002
  • This paper is to develop a security module for electronic approval systems. Electronic documents are created, transmitted and saved in the company's intranet computer network. Transmitting electronic documents, however, brings us a security problem. Communications among various computer systems are exposed to many security threats. Those threats are eavesdropping, repudiation, replay back etc. The main purpose of this paper is to develop a module which provides the security of electronic documents while they are passed from one place to another This paper applies Multi-Level security to the electronic approval system that guarantees security of electronic documents from many threats. Multi-Level security controls the access to the documents by granting security level to subject users and object electronic documents. To prevent possible replay back attacks, this paper also uses one time password to the system. The security module is composed of client program and server one. The module was developed using Microsoft Visual Basic 6.0 and Microsoft SQL Server 7.0. The code uses Richard Bondi's WCCO(Wiley CryptoAPI COM Objects) library functions which enables Visual Basic to access Microsoft CryptoAPI.

  • PDF

A Crypto-processor Supporting Multiple Block Cipher Algorithms (다중 블록 암호 알고리듬을 지원하는 암호 프로세서)

  • Cho, Wook-Lae;Kim, Ki-Bbeum;Bae, Gi-Chur;Shin, Kyung-Wook
    • Journal of the Korea Institute of Information and Communication Engineering
    • /
    • v.20 no.11
    • /
    • pp.2093-2099
    • /
    • 2016
  • This paper describes a design of crypto-processor that supports multiple block cipher algorithms of PRESENT, ARIA, and AES. The crypto-processor integrates three cores that are PRmo (PRESENT with mode of operation), AR_AS (ARIA_AES), and AES-16b. The PRmo core implementing 64-bit block cipher PRESENT supports key length 80-bit and 128-bit, and four modes of operation including ECB, CBC, OFB, and CTR. The AR_AS core supporting key length 128-bit and 256-bit integrates two 128-bit block ciphers ARIA and AES into a single data-path by utilizing resource sharing technique. The AES-16b core supporting key length 128-bit implements AES with a reduced data-path of 16-bit for minimizing hardware. Each crypto-core contains its own on-the-fly key scheduler, and consecutive blocks of plaintext/ciphertext can be processed without reloading key. The crypto-processor was verified by FPGA implementation. The crypto-processor implemented with a $0.18{\mu}m$ CMOS cell library occupies 54,500 gate equivalents (GEs), and it can operate with 55 MHz clock frequency.