• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2014.05a
• /
• pp.267-270
• /
• 2014

As Smart Device research processes, the needs of information security in light devices is increasing. For example, Zigbee provide Information Security by applying $AES-CCM^*$ defined IEEE 802.15.4 standard. However, according to information security law in Korea, only devices with KCMVP certification can be used in government organization and facilities. Therefore, this paper provide a solution to apply ARIA-CCM and ARIA-GCM for KCMVP in reserved field of IEEE 802.15.4 standard. For analyzing performance, we provide the speed test result of ARIA-CCM and ARIA-GCM comparing with $AES-CCM^*$.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.14 no.6
• /
• pp.3-13
• /
• 2004

Kvarnstrom et al. ${in}^{[10]}$ proposed a rule protection scheme by using one-way hash function to protect rules in security systems over ubiquitous environment. Son et at. ${in}^{[5-6]}$ also prooposed a rule protection scheme for Snort, which is one of the most common IDS. These schemes provide security only for the header information but not for its contents. To solve this problem, this paper presents a scheme based on the symmetric cryptosystem over Snort not only for the header information but also contents. This paper uses the key management based on PCMCIA security module proposed ${by}^{[12]}$ for the symmetric cryptosystem. Our scheme could be adjusted to other security systems, which use the rule based detection.

• The KIPS Transactions:PartD
• /
• v.10D no.6
• /
• pp.1033-1040
• /
• 2003

In order to provode information services on M-Commerce, a payment solution with security function should be required. User's mobile terminals for using M-Commerce services are diversifying to cellular phone, PDA, Smart phone etc. Among them, intergration of PDA's interface and mobile connection overcomes the weak point of existing cullular phone depending on information via the internet. In this paper, the protocol for a credit card transaction on PDA using ECC is presented. Secure Card module on this protocol encrypts user's information such as private information, delivery information and credit card information and store them on PDA in order to free from inputting information whenever it is used. This scheme also offers security services on M-Commerce including authentication, confidentiality, integration, non-repudiation and so on.

• Korean Journal of Optics and Photonics
• /
• v.24 no.5
• /
• pp.262-270
• /
• 2013

In this paper, we propose a modified optical CBC(Cipher Block Chaining) encryption method using optical XOR logic operations. The proposed method is optically implemented by using dual encoding and a free-space interconnected optical logic gate technique in order to process XOR operations in parallel. Also, we suggest a CBC encryption/decryption optical module which can be fabricated with simple optical architecture. The proposed method makes it possible to encrypt and decrypt vast two-dimensional data very quickly due to the fast optical parallel processing property, and provides more security strength than the conventional electronic CBC algorithm because of the longer security key with the two-dimensional array. Computer simulations show that the proposed method is very effective in CBC encryption processing and can be applied to even ECB(Electronic Code Book) mode and CFB(Cipher Feedback Block) mode.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.4
• /
• pp.809-826
• /
• 2018

The entropy evaluation method for noise sources is one of the evaluation methods for the random number generator that is the essential element of modern cryptographic systems and cryptographic modules. The primary entropy evaluation methods outside of the country are more suitable to apply to hardware noise sources than software noise sources, and there is a difficulty in quantitative evaluation of entropy by software noise source. In this paper, we propose an entropy evaluation method that is suitable for software noise sources, considering characteristics of software noise sources. We select time-dependent noise sources that are software noise sources of Windows OS, and the heuristic analysis and experimental analysis are performed considering the characteristics of each time-dependent noise source. Based on these analyses, we propose an entropy harvest method from the noise source and the min-entropy estimation method as the entropy evaluation method for time-dependent noise sources. We also show how to use our entropy evaluation method in the Conditioning Component described in SP 800-90B of NIST(USA).

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.3
• /
• pp.331-340
• /
• 2021

As the communication industry develops, the development of SoC (System on Chip) is increasing. Accordingly, the paradigm of technology design of industries and companies is changing. In the existing process, companies purchased micro-architecture, but now they purchase ISA (Instruction Set Architecture), and companies design the architecture themselves. RISC-V is an open instruction set based on a reduced instruction set computer. RISC-V is equipped with ISA, which can be expanded through modularization, and an expanded version of ISA is currently being developed through the support of global companies. In this paper, we present benchmarking frameworks ARIA, LEA, and PIPO of Korean block ciphers in RISC-V. We propose implementation methods and discuss performance by utilizing the basic instruction set and features of RISC-V.

• Journal of the Korea Society of Computer and Information
• /
• v.5 no.4
• /
• pp.13-20
• /
• 2000

There are many security problems with Electronic Commerce since insecure public networks, especially Internet, are used. Therefore, for implementing secure Electronic Commerce, CAPI(Cryptographic Application Programming Interfaces) is expected to use various form of security applications. The Cryptographic Application Programming Interface supports cryptographic services for each level and various security services. The CSSM API(Common Security Service Management Application Programming Interface) Provides modularity, simplicity, and extensibility in terms of various add-in modules and interfaces in contract to other CAPIs. This paper proposed an applying method of CSSM API having various extensibility and supporting multi-platforms to Electronic Commerce. we describe encryption, digital signature operation of CSSM API's CSP interface and evaluate secureness by matching relation of theratening factors to security services.

• The Magazine of the IEIE
• /
• v.29 no.11
• /
• pp.1333-1342
• /
• 2002

최근 들어 컴퓨터 통신의 확산과 함께 인터넷의 사용이 전 세계적으로 급증함에 따라 인터넷의 용도는 지금까지의 학술 및 연구를 대상으로한 정보 공유의 목적에서 인터넷을 마케팅의 대상으로 보고 이를 상업적으로 이용하려는 시도가 증가하고 있다. 이미 선진 외국의 경우에는 Mon-dex, Visa cash, Proton 등의 다양한 전자화폐 상품이 개발되어 사용되고 있으나 국제 호환성의 측면에서는 아직 미미한 형편이며 국제간 통용이 가능한 개방형 전자화폐 시스템 개발은 매우 필요하다. 소액지불 시스템의 국제 표준규격으로 인정받고 있는 CEPS(Common Electronic Purse Specification) 기반의 개방형 전자화폐 teem 시스템은 EMV(Europay, Master, Visa) 규격을 준용하고, PKI 기반의 보안기능을 채택하여 지불거래시 반드시 확보되어야 할 거래 데이타의 비밀성, 무결성, 부인방지 기능과 PIN(Personal Identification Number)를 이용한 사용자 인증을 제공하며 구매거래시 IC카드와 가맹점의 구매 단말기(POS)와의 오프라인 동적데이타 인증 (Dynamic Data Authentication) 방식의 상호인증을 제공한다. 개방형 전자화폐 teem 시스템의 구성 모듈은 발급, 충전, 구매, 정산, 인증시스템으로 구성되어 있으며, 웹기반의 사용자 인터페이스를 제공하고 DES, 3-DES, SHA-1, RSA, SEED등 다양한 암호 모듈과 다양한 어플리케이션의 탐재가 가능한 Java Card를 기반으로 하고 있으며, VOP(Visa Open Platform) 2.0,1, Java Card API 2.1 지원하는 시스템이다.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2002.05a
• /
• pp.631-634
• /
• 2002

Video conference system has guided swiftness of information transmission and business processing taking away time and manufacturing drug of space that is happened that long-distance gather and talk. But, leakage of important meeting content, peculation etc., in that execute video-conferences can happen. Therefore, research about video conference system of safety is progressing under secure superhigh speed information communication fetters. This treatise studied about techniques to encipher videotex to prevent variation and outward flow of burn information, peculation etc., except general encryption notation such as user certification to have drawn problem about stability of general video conference system, and is used present as countermeasure about here. Used improved Vernam's encryption techniques to encrypt videotex.

• Journal of IKEEE
• /
• v.19 no.4
• /
• pp.610-616
• /
• 2015

In this paper, an electronic ID system satisfying security requirements of authentication certificate was designed using fingerprint recognition. The proposed electronic ID system generates a digital signature with forgery prevention, confidentiality, content integrity, and personal identification (=non-repudiation) using fingerprint information, and also encrypts, sends, and verify it. The proposed electronic ID system exploits fingerprint instead of user password, so it avoids leakage and hijacking. And it provides same legal force as conventional authentication certificate. The proposed electronic ID consists of 4 modules, i.e. HSM device, verification server, CA server, and RA client. Prototypes of all modules are designed and verified to have correct operation.