• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.6
• /
• pp.1431-1441
• /
• 2016

In case of ARX based block cipher algorithms with masking countermeasures, there is a need for a method to convert between Boolean masking and arithmetic masking. However, to apply masking countermeasures to ARX based algorithms is less efficient compared to masked AES with single masking method because converting between Boolean and arithmetic masking has high computation time. This paper shows performance results on 32-bit platform implementations of LEA with various masking conversion countermeasures against first order side channel attacks. In the implementation point of view, this paper presents computation time comparison between actual measurement value and theoretical one. This paper also confirms that the masked implementations of LEA are secure against first order side channel attacks by using a T-test.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.19 no.1
• /
• pp.43-51
• /
• 2009

In 1998, Kocher et al. introduced Differential Power Attack on block ciphers. This attack allows to extract secret key used in cryptographic primitives even if these are executed inside tamper-resistant devices such as smart card. At FSE 2003 and 2004, Akkar and Goubin presented several masking methods, randomizing the first few and last few($3{\sim}4$) rounds of the cipher with independent random masks at each round and thereby disabling power attacks on subsequent inner rounds, to protect iterated block ciphers such as DES against Differential Power Attack. Since then, Handschuh and Preneel have shown how to attack Akkar's masking method using Differential Cryptanalysis. This paper presents how to combine Truncated Differential Cryptanalysis and Power Attack to extract the secret key from intermediate unmasked values and shows how much more efficient our attacks are implemented than the Handschuh-Preneel method in term of reducing the number of required plaintexts, even if some errors of Hamming weights occur when they are measured.

• Journal of Internet Computing and Services
• /
• v.6 no.3
• /
• pp.1-16
• /
• 2005

This paper propose not only MDIT(Mobile Digital Investment Trust) agent design for Trust Investment under Mobile E-commerce environment, but also the symmetric key algorithm 3BC(Bit, Byte and Block Cypher) and the public encryption algorithm F2mECC for solving the problems of memory capacity, CPU processing time, and security that mobile environment has. In Particular, the MDIT Security Agent is the banking security project that introduces the concept of investment trust in mobile e-commerce, This mobile security protocol creates a shared secrete key using F2mECC and then it's value is used for 3BC that is block encryption technique. The security and the processing speed of MDIT agent are enhanced using 3BC and F2mECC.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.6
• /
• pp.1305-1317
• /
• 2019

Although encryption for data protection is essential in the big data platform environment of public institutions and corporations, much performance verification studies on encryption algorithms considering actual big data workloads have not been conducted. In this paper, we analyzed the performance change of AES, ARIA, and 3DES for each of six workloads of big data by adding data and nodes in MongoDB environment. This enables us to identify the optimal block-based cryptographic algorithm for each workload in the big data platform environment, and test the performance of MongoDB by testing various workloads in data and node configurations using the NoSQL Database Benchmark (YCSB). We propose an optimized architecture that takes into account.

• Journal of the Korea Society of Computer and Information
• /
• v.25 no.1
• /
• pp.87-92
• /
• 2020

Various devices, which are powerful computer and low-performance sensors, is connected to IoT network. Accordingly, applying mutual authentication for devices and data encryption method are essential since illegal attacks are existing on the network. But cryptographic methods such as symmetric key and public key algorithms, hash function are not appropriate to low-performance devices. Therefore, this paper proposes blockchain-based lightweight IoT mutual authentication protocol for the low-performance devices.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.3
• /
• pp.533-543
• /
• 2018

In this paper, we propose an MILP-based method for Optimal Probability of Bit-based Differential Characteristic in SP(Substitution-permutation) ciphers based on Automatic Differential Characteristic Searching Method of Sasaki, et al. In [13], they used input/output variables and probability variables seperatably, but we simplify searching procedure by putting them(variables) together into linear inequalities. Also, In order to decrease the more linear inequalities, we choose Espresso algorithm among that used by Sasaki, et al(Quine-McCluskey algorithm & Espresso algorithm). Moreover, we apply our method to GIFT-64, GIFT-128, SKINNY-64, and we obtained results in the GIFT(Active S-boxs : 6, Probabilities : $2^{-11.415}$) compared with the existing one.(Active S-boxs : 5, Probabilities : unknown). In case of SKINNY-64, we can't find better result, but can find same result compared with the existing one.

• Journal of KIISE:Computing Practices and Letters
• /
• v.7 no.4
• /
• pp.372-381
• /
• 2001

In this paper SEED, the Korea Standard 128-bit block cipher algorithm is implemented with VHDL and mapped into one FPGA. SEED consists of round key generation block, F function block, G function block, round processing block, control block and I/O block. The designed SEED is realized in an FPGA but we design it technology-independently so that ASIC or core-based implementation is possible. SEED requires many hardware resources which may be impossible to realize in one FPGA. So it is necessary to minimize hardware resources. In this paper only one G function is implemented and is used for both the F function block and the round key block. That is, by using one G function sequentially, we can realize all the SEED components in one FPGA. The used cell rate after synthesis is 80% in Altem FLEXI0KlOO. The resulted design has 28Mhz clock speed and 14.9Mbps performance. The SEED hardware is technology-independent and no other external component is needed. Thus, it can be applied to other SEED implementations and cipher systems which use SEED.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.18 no.5
• /
• pp.3-16
• /
• 2008

A Wireless Sensor Network (WSN for short) is a wireless network consisting of distributed small devices which are called sensor nodes or motes. Recently, there has been an extensive research on WSN and also on its security. For secure storage and secure transmission of the sensed information, sensor nodes should be equipped with cryptographic algorithms. Moreover, these algorithms should be efficiently implemented since sensor nodes are highly resource-constrained devices. There are already some existing algorithms applicable to sensor nodes, including public key ciphers such as TinyECC and standard block ciphers such as AES. Stream ciphers, however, are still to be analyzed, since they were only recently standardized in the eSTREAM project. In this paper, we implement over the MicaZ platform nine software-based stream ciphers out of the ten in the second and final phases of the eSTREAM project, and we evaluate their performance. Especially, we apply several optimization techniques to six ciphers including SOSEMANUK, Salsa20 and Rabbit, which have survived after the final phase of the eSTREAM project. We also present the implementation results of hardware-oriented stream ciphers and AES-CFB fur reference. According to our experiment, the encryption speeds of these software-based stream ciphers are in the range of 31-406Kbps, thus most of these ciphers are fairly acceptable fur sensor nodes. In particular, the survivors, SOSEMANUK, Salsa20 and Rabbit, show the throughputs of 406Kbps, 176Kbps and 121Kbps using 70KB, 14KB and 22KB of ROM and 2811B, 799B and 755B of RAM, respectively. From the viewpoint of encryption speed, the performances of these ciphers are much better than that of the software-based AES, which shows the speed of 106Kbps.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.2
• /
• pp.201-211
• /
• 2012

This paper addresses a Full Disk Encryption hardware processor for SATA HDD in a single FPGA design, and shows its experimental result using an FPGA board. The proposed processor mainly consists of two blocks: the first block processes XTS-AES block cipher which is the IEEE P1619 standard of storage media encryption and the second block executes the interface between SATA Host (PC) and Device (HDD). To minimize the performance degradation, we designed the XTS-AES block with the 4-stage pipelined structure which can process a 128-bit block per 4 clock cycles and has 4.8Gbps (max) performance. Also, we implemented the proposed design with Xilinx ML507 FPGA board and our experiment showed 140MB/sec read/write speed in Windows XP 32-bit and a SATA II HDD. This performance is almost equivalent with the speed of the direct SATA connection without FDE devices, hence our proposed processor is very suitable for SATA HDD Full Disk Encryption environments.

• The Journal of the Korea Contents Association
• /
• v.9 no.8
• /
• pp.91-98
• /
• 2009

This paper presents a solution to error avalanche of deciphering where radio noise brings random bit errors in encrypted image data under ubiquitous environment. The image capturing module is to be made comprising data compression and encryption features to reduce data traffic volume and to protect privacy. Block cipher algorithms may experience error avalanche: multiple pixel defects due to single bit error in an encrypted message. The new fault tolerant scheme addresses error avalanche effect exploiting a three-dimensional data shuffling process, which disperses error bits on many frames resulting in sparsely isolated errors. Averaging or majority voting with neighboring pixels can tolerate prominent pixel defects without increase in data volume due to error correction. This scheme has 33% lower data traffic load with respect to the conventional Hamming code based approach.