• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.6
• /
• pp.1247-1254
• /
• 2020

With the advent of the smart home era, equipment that provides confidentiality or performs authentication exists in various places in real life. Accordingly security against physical attacks is required for encryption equipment and authentication equipment. In particular, fault injection attack that artificially inject a fault from the outside to recover a secret key or bypass an authentication process is one of the very threatening attack methods. Fault sources used in fault injection attacks include lasers, electromagnetic, voltage glitches, and clock glitches. Fault injection attacks are classified into single fault injection attacks and multiple fault injection attacks according to the number of faults injected. Existing multiple fault injection systems generally use a single fault source. The system configured to inject a single source of fault multiple times has disadvantages that there is a physical delay time and additional equipment is required. In this paper, we propose a multiple fault injection system using heterogeneous fault sources. In addition, to show the effectiveness of the proposed system, the results of a multiple fault injection attack against Riscure's Piñata board are shown.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.6
• /
• pp.1157-1169
• /
• 2021

The disaster recovery refers to policies and procedures to ensure continuity of services and minimize loss of resources and finances in case of emergency situations such as natural disasters. In particular, the disaster recovery method by the cloud service provider has advantages such as management flexibility, high availability, and cost effectiveness. However, this method has a dependency on a service provider and has a structural limitation in which a user cannot be involved in personal data. In this paper, we propose a protocol using proxy re-encryption for data confidentiality by removing dependency on service providers by backing up user data using blockchain and distributed storage. The proposed method is implemented in Ethereum and IPFS environments, and presents the performance and cost required for backup and recovery operations.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.2
• /
• pp.163-170
• /
• 2022

LEA is a lightweight block cipher developed in Korea in 2013. In this paper, among block cipher operation methods, CTR operation mode and GCM operation mode that provides confidentiality and integrity are implemented. In the LEA-CTR operation mode, we propose an optimization implementation that omits the operation between states through the state fixation and omits the operation through the pre-operation by utilizing the characteristics of the fixed nonce value of the CTR operation mode. It also shows that the proposed method is applicable to the GCM operation mode, and implements the GCM through the implementation of the GHASH function using the Galois Field(2¹²⁸) multiplication operation. As a result, in the case of LEA-CTR to which the proposed technique is applied on 32-bit RISC-V, it was confirmed that the performance was improved by 2% compared to the previous study. In addition, the performance of the GCM operation mode is presented so that it can be used as a performance indicator in other studies in the future.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.2
• /
• pp.255-266
• /
• 2022

Messenger applications applied end-to-end encryption on their own to prevent message exposure to servers. Standardization of a group messaging protocol called Message Layer Security (MLS) with end-to-end encryption is being discussed for secure and efficient message communication. This paper performs safety checks based on the operation process and security requirements of MLS. Confidentiality to a middleman server, which is an essential security requirement in messenger communication, can be easily violated by a server administrator. We define a server administrator who is curious about the group's communication content as a curious admin and present an attack in which the admin obtains a group key from MLS. Reminds messenger application users that the server can view your communication content at any time. We discuss ways to authenticate between users without going through the server to prevent curious admin attacks.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.5
• /
• pp.737-750
• /
• 2022

The demands of Unmanned Aerial Vehicles (UAVs) are growing very rapidly with the era of the 4th industrial revolution. As the technology of the UAV improved with the development of artificial intelligence and semiconductor technology, it began to be used in various civilian fields such as hobbies, bridge inspections, etc from being used for special purposes such as military use. MAVLink (Macro Air Vehicle Link), which started as an open source project, is the most widely used communication protocol between UAV and ground control station. However, MAVLink does not include any security features such as encryption/decryption mechanism, so it is vulnerable to various security threats. Therefore, in this study, the block cipher is implemented in UAV to ensure confidentiality, and the results of the encryption and decryption performance evaluation in the UAV according to various implementation methods are analyzed. In addition, we proposed the security requirements in accordance with Common Criteria, which is an international recognized ISO standard.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.34 no.1
• /
• pp.41-52
• /
• 2024

Security audits of IPsec VPNs are crucial for identifying vulnerabilities caused by implementation flaws or misconfigurations, as well as investigating incidents. Nevertheless, auditing IPsec VPN presents noteworthy challenge due to the encryptiong of network contents which ensere confidentiality, integrity, authentications and more. Some researchers have suggested using man-in-the-middle(MITM) techniques to overcome this challenge. MITM techniques require direct participation in the network and prior knowledge of the pre-shared key for authentication. This causes temporary network disconnection for security audits, and it is impossible to analyse data collected before the audit. In this paper, we present an analysis technique aimed at ensuring network continuity without relying on a specific IPsec VPN topologies or authentication method. Therefore, it is anticipated that this approach will be effective, practical and adaptable for conducting IPsec VPN security

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.21 no.1
• /
• pp.205-214
• /
• 2017

In this paper, we proposed an iris-based authentication for smart healthcare service in secure telemedicine system. The medical and healthcare information's are very important data in telemedicine system from privacy information. thus, the proposed system provides a secure and convenient authentication method than the traditional ID/PW authentication method to a telemedicine system for age-related chronic diseases. When considering the peculiarities of the use of age-related chronic diseases convenience and healthcare environments, the proposed approach is difficult to secure than traditional ID/PW authentication method with the appropriate means to easily change when stolen or lost to others. In addition, the telemedicine system for the smart healthcare services is one of the types of privacy sensitive medical and health data. it is very important security needs in telemedicine system. Thus we protocol are offer high confidentiality and integrity than existing ID/PW method.

• The Journal of Society for e-Business Studies
• /
• v.20 no.2
• /
• pp.27-36
• /
• 2015

Current leakage of industrial technologies with revealing state secret against nation is gradually increasing and scope of the spill is diversified from technology-oriented leakage to new economic security sector like information and communication, electrical and electronic, defense industry, illegal export of strategic material, economic order disturbance by foreign country, infringement of intellectual property, etc. So the spill damage can affect not only leaked company but also national interests and entire domestic industry. According to statistics from National Industrial Security Center of National Intelligence Service, a major cause of technology leakage is not only by external things about hacking and malignant code, but internal leakage of former and current employees account for about 80%. And technology leakage due to temptation of money and personal interests followed by technology leakage of subcontractor is steadily increased. Most studies in the field of security have tended to focus on measuring security capability of company in order to prevent leakage core assets or developing measurement Indicators for management rather than security activities of the company members that is most important. Therefore, this study analyzes the effect of most underlying security education in security activities on security capabilities of enterprise. As a result, it indicates that security education have a positive(+) correlation with security capabilities.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.15 no.3
• /
• pp.605-612
• /
• 2011

Recently, cyber attacks against public communications networks are getting more complicated and varied. Moreover, in some cases, one country could make systematic attacks at a national level against another country to steal its confidential information and intellectual property. Therefore, the issue of cyber attacks is now regarded as a new major threat to national security. The conventional way of operating individual information security systems such as IDS and IPS may not be sufficient to cope with those attacks committed by highly-motivated attackers with significant resources. In this paper, we discuss the technologies and standard trends about actual cyber threat and response methods, design the collaborative response framework based on the security information sharing in the inter-domain environments. The computation method of network threat level based on the collaborative response framework is proposed. The network threats are be quickly detected and real-time response can be executed using the proposed computation method.

• Journal of Industrial Convergence
• /
• v.17 no.1
• /
• pp.1-6
• /
• 2019

Various cryptographic technologies have been proposed from ancient times and are developing in various ways to ensure the confidentiality of information. Due to exponentially increasing computer power, the encryption key is gradually increasing for security. Technology are being developed; however, security is guaranteed only in a short period of time. With the advent of the 4th Industrial Revolution, encryption technology is required in various fields. Recently, encryption technology using homomorphic encryption has attracted attention. Security threats arise due to the exposure of keys and plain texts used in the decryption processing for the operation of encrypted information. The homomorphic encryption can compute the data of the cipher text and secure process the information without exposing the plain text. When using the homomorphic encryption in processing big data like stored personal information in various services, security threats can be avoided because there is no exposure to key usage and decrypted information.