• Journal of Korea Multimedia Society
• /
• v.17 no.1
• /
• pp.52-59
• /
• 2014

These days, smart card management system(SCMS) have been broadly used for security conformability, efficiency of issuance management, key management and expert management in the smart card market. SCMS is composed of card management, issuance management, key management, application management, and issuers management systems. SCMS enables card issuers from banks, credit card companies, and telecommunications companies to provide these cards to card users. And then SCMS enables card users to download new programs to chips for use of these cards successively and provide related smart card data in safety and efficiency. In this paper, we propose a framework for security assessment and an efficient method for security improvement through fault analysis which is more effective.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.16 no.4
• /
• pp.59-68
• /
• 2006

Although the cryptographic algorithms in IC chip such as smart card are secure against mathematical analysis attack, they are susceptible to side channel attacks in real implementation. In this paper, we analyze the security of smart card using a developed experimental tool which can perform power analysis attacks and fault insertion attacks. As a result, raw smart card implemented SEED and ARIA without any countermeasure is vulnerable against differential power analysis(DPA) attack. However, in fault attack about voltage and clock on RSA with CRT, the card is secure due to its physical countermeasures.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.14 no.5
• /
• pp.37-47
• /
• 2004

The security of personal informations has been an important issue since the field of smart card applications has been expanded explosively. The security of smart card is based on cryptographic algorithms, which are highly required to be implemented into hardware for higher speed and stronger security. In this paper, a SEED cryptographic processor is designed by employing one round key generation block which generates 16 round keys without key registers and one round function block which is used iteratively. Both the round key generation block and the F function are using only one G function block with one 5${\times}$l MUX sequentially instead of 5 G function blocks. The proposed SEED processor has been implemented such that each round operation is divided into seven sub-rounds and each sub-round is executed per clock. Functional simulation of the proposed cryptographic processor has been executed using the test vectors which are offered by Korea Information Security Agency. In addition, we have evaluated the proposed SEED processor by executing VHDL synthesis and FPGA board test. The die area of the proposed SEED processor decreases up to approximately 40% compared with the conventional processor.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2015.10a
• /
• pp.689-692
• /
• 2015

네트워크 기술과 연산 능력을 가진 IC 칩 등의 발전으로 다양한 방식의 원격 사용자 인증 기법이 제안되었다. 기존의 패스워드 기반의 인증 방식은 서버가 사용자를 인증하기 위한 패스워드 테이블을 저장하고 있어야 되는 단점과 해당 테이블이 노출되었을 때 발생할 수 있는 보안 위협 문제점으로 인해 최근에는 스마트카드를 활용하는 인증 방식으로 대체되고 있다. 2013년에 Go와 Lee는 스마트카드를 활용하는 기존 인증 기법들의 취약점들을 분석하고 위장 공격과 패스워드 추측 공격에 대해 안전한 새로운 원격 사용자 인증 방식을 제안하였다. 본 논문에서는 Go와 Lee가 제안한 사용자 인증 기법을 살펴보고 해당 기법이 가진 취약점을 보인다.

• Journal of Digital Contents Society
• /
• v.14 no.1
• /
• pp.81-88
• /
• 2013

The increase of the smartphone users has popularized the mobile payment and the mobile credit card users are rapidly getting increased. The mobile credit cards that currently used provide its users with the service through downloading mobile credit card information into USIM. The mobile credit card saved in USIM has the minimized information for the security and is based on PKI. However certificate-based payment system has a complicated procedure and costs a lot of money to manage the certificates and CRL(Certificate Revocation List). Furthermore, It can be a obstacle to develop local e-commerce in Korea because it is hard for foreigners to use them. We propose the secure and efficient mobile credit card payment protocol based on certificateless signcryption which solve the problem of certificate use.

• Journal of radiological science and technology
• /
• v.42 no.5
• /
• pp.379-385
• /
• 2019

Radiation is used for various purposes such as cancer therapy, research of industrial and drugs. However, in case of radiation accidents such as terrorism, collapsing nuclear plant by natural disasters like Fukushima in 2011, very high radiation does expose to human and could lead to death. For this reason, many people are concerning about radiation exposures. Therefore, assessment and research of retrospective radiation dose to human by various path is an necessary task to be continuously developed. Radiation exposure for workers in radiation fields can be generally measured using a personal exposure dosimeter such as TLD, OSLD. However, general people can't be measured radiation doses when they are exposed to radiation. And even if radiation fields workers, when they do not in possession personal dosimeter, they also can't be measured exposure dose immediately. In this study, we conduct retrospective research on reconstruction of dose after exposure by using smart chip card of personal items through Optically Stimulated Luminescence (OSL). The OSL signal of smart chip card shows linear response from 0.06 Gy to 15 Gy and results of fading rate 45 %, 48% for 24 and 48 hours due to the natural emission of radiation in sample, respectively. The minimum detectable limit (MDD) was 0.38 mGy. This values are expected to use as correction values for reconstruction of exposure dose.

• The KIPS Transactions:PartA
• /
• v.19A no.1
• /
• pp.51-60
• /
• 2012

IC(Integrated circuits)card, generally be named smard card, embedded MPU(Micro Processor Unit) of small-size, memory, EEPROM, Card Operating System(COS) and security algorithm. The IC card is used in almost all industry such as a finance(credit, bank, stock etc.), a traffic, a communication, a medical, a electronic passport, a membership management and etc. Recently, a application field of IC card is on the increase by method for payments of T-commerce, as T-commerce is becoming a new growth engine of the broadcating industry by trend of broadcasting and telecommunication convergence, smart mechanization of TV. For example, we can pay in IC credit card(or IC cash card) on T-Commerce. or we can be provided TV banking service in IC cash card such as ATM. However, so far, T-commerce payment services have weakness in security such as storage and disclosure of card information as well as dropping sharply about custom ease because of taking advantage of card information input method using remote control. To solve this problem, This paper developed processing payment module for implementing TV electronic payment system using IC credit card payment standard, EMV.

• Journal of the Institute of Electronics and Information Engineers
• /
• v.49 no.9
• /
• pp.55-64
• /
• 2012

Until now, Side Channel Attack has been known to be effective to crack decrypt key such as smart cards, electronic passports and e-ID card based on Chip. Combination of Masking and shuffling methods have been proposed practical countermeasure. Newly, S.Tillich suggests biased-mask using template attack(TA) to attack AES with masking and shuffling. However, an additional assumption that is acquired template information previously for masking value is necessary in order to apply this method. Moreover, this method needs to know exact time position of the target masking value for higher probability of success. In this paper, we suggest new practical method called Biasing Power Analysis(BPA) to find a secret key of AES based on masking-shuffling method. In BPA, we don't use time position and template information from masking value. Actually, we do experimental works of BPA attack to 128bit secret key of AES based on masking-shuffling method performed MSP430 Chip and we succeed in finding whole secret key. The results of this study will be utilized for next-generation ID cards to verify physical safety.

• Review of KIISC
• /
• v.19 no.2
• /
• pp.53-62
• /
• 2009

최근 금융권을 포함한 여러 분야에서 스마트카드의 활용이 급증함에 따라 IC 칩을 내장한 카드의 부채널 공격에 대한 안전성이 이슈가 되고 있다. 부채널 공격이란 IC 카드와 같은 저 전력의 정보보호 장치에 암호 알고리듬을 구현하였을 때 누출되는 연산 시간, 소비 전력, 전자파 등의 부채널 정보를 이용하여 구현된 암호 알고리듬의 비밀 정보를 알아내는 공격 방법이다. Kocher에 의해 부채널 공격이 소개된 이후, 많은 연구 그룹들에 의해 이론적인 연구와 실험적인 연구가 이루어져 왔다. 본 고에서는 시파 분석 공격, 전력 분석 공격, 전자파 분석 공격, 오류 분석 공격 등의 다양한 부채널 공격 방법들과 최근까지의 부채널 공격 실험 동향에 대해서 소개하고 국내외 연구 그룹들에 의해 진행된 실험 결과들을 고찰한다. 또한, 보유하고 있는 부채널 공격에 필요한 실험 장비와 지금까지의 부채널 공격 실험 결과들을 소개한다.

• Journal of Intelligence and Information Systems
• /
• v.20 no.2
• /
• pp.163-178
• /
• 2014

Following research proposes "Virtualization of Smart Cards (ViSCa)" which is a security system that aims to provide a multi-device platform for the deployment of services that require a strong security protocol, both for the access & authentication and execution of its applications and focuses on analyzing Virtualization of Smart Cards (ViSCa) platform-based mobile payment service by comparing with other similar cases. At the present day, the appearance of new ICT, the diffusion of new user devices (such as smartphones, tablet PC, and so on) and the growth of internet penetration rate are creating many world-shaking services yet in the most of these applications' private information has to be shared, which means that security breaches and illegal access to that information are real threats that have to be solved. Also mobile payment service is, one of the innovative services, has same issues which are real threats for users because mobile payment service sometimes requires user identification, an authentication procedure and confidential data sharing. Thus, an extra layer of security is needed in their communication and execution protocols. The Virtualization of Smart Cards (ViSCa), concept is a holistic approach and centralized management for a security system that pursues to provide a ubiquitous multi-device platform for the arrangement of mobile payment services that demand a powerful security protocol, both for the access & authentication and execution of its applications. In this sense, Virtualization of Smart Cards (ViSCa) offers full interoperability and full access from any user device without any loss of security. The concept prevents possible attacks by third parties, guaranteeing the confidentiality of personal data, bank accounts or private financial information. The Virtualization of Smart Cards (ViSCa) concept is split in two different phases: the execution of the user authentication protocol on the user device and the cloud architecture that executes the secure application. Thus, the secure service access is guaranteed at anytime, anywhere and through any device supporting previously required security mechanisms. The security level is improved by using virtualization technology in the cloud. This virtualization technology is used terminal virtualization to virtualize smart card hardware and thrive to manage virtualized smart cards as a whole, through mobile cloud technology in Virtualization of Smart Cards (ViSCa) platform-based mobile payment service. This entire process is referred to as Smart Card as a Service (SCaaS). Virtualization of Smart Cards (ViSCa) platform-based mobile payment service virtualizes smart card, which is used as payment mean, and loads it in to the mobile cloud. Authentication takes place through application and helps log on to mobile cloud and chooses one of virtualized smart card as a payment method. To decide the scope of the research, which is comparing Virtualization of Smart Cards (ViSCa) platform-based mobile payment service with other similar cases, we categorized the prior researches' mobile payment service groups into distinct feature and service type. Both groups store credit card's data in the mobile device and settle the payment process at the offline market. By the location where the electronic financial transaction information (data) is stored, the groups can be categorized into two main service types. First is "App Method" which loads the data in the server connected to the application. Second "Mobile Card Method" stores its data in the Integrated Circuit (IC) chip, which holds financial transaction data, which is inbuilt in the mobile device secure element (SE). Through prior researches on accept factors of mobile payment service and its market environment, we came up with six key factors of comparative analysis which are economic, generality, security, convenience(ease of use), applicability and efficiency. Within the chosen group, we compared and analyzed the selected cases and Virtualization of Smart Cards (ViSCa) platform-based mobile payment service.