• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.14 no.5
• /
• pp.121-133
• /
• 2004

In [15,16], Okeya and Sakurai showed that the randomized addition-subtraction chains countermeasures [18] are vulnerable to SPA attack. In this paper, we show that Okeya and Sakurai's attack algorithm [15,16] has two latent problems which need to be considered. We further propose new powerful concrete attack algorithms which are different from [15,16,19]. From our implementation results for standard 163-bit keys, the success probability for the simple version with 20 AD sequences is about 94% and with 30 AD sequences is about 99%. Also, the success probability for the complex version with 40 AD sequences is about 94% and with 70 AD sequences is about 99%.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.6
• /
• pp.1081-1090
• /
• 2022

The face recognition model is used for identity recognition of smartphones, providing convenience to many users. As a result, the security review of the DNN model is becoming important, with adversarial attacks present as a well-known vulnerability of the DNN model. Adversarial attacks have evolved to decision-based attack techniques that use only the recognition results of deep learning models to perform attacks. However, existing decision-based attack technique[14] have a problem that requires a large number of queries when generating adversarial examples. In particular, it takes a large number of queries to approximate the gradient. Therefore, in this paper, we propose a method of generating adversarial examples using orthogonal space sampling and dimensionality reduction sampling to avoid wasting queries that are consumed to approximate the gradient of existing decision-based attack technique[14]. Experiments show that our method can reduce the perturbation size of adversarial examples by about 2.4 compared to existing attack technique[14] and increase the attack success rate by 14% compared to existing attack technique[14]. Experimental results demonstrate that the adversarial example generation method proposed in this paper has superior attack performance.

• Journal of Convergence for Information Technology
• /
• v.9 no.9
• /
• pp.52-57
• /
• 2019

DNS stands for 'Domain Name System' and uses IP addresses to identify devices connected to the network on the network. IP is a protocol that registers and manages aliases such as IPs because it is difficult for general users to remember. In recent years, the abuse of such DNS is increasing abroad, and behind the scenes, called 'DNS pionage,' are developing and evolving new rules and malware. DNSpionage attack is abusing DNS system such as Increasing hacking success rate, leading to fake sites, changing or forged data. As a result it is increasing the damage cases. As the global DNS system is expanding to the extent that it is out of control. Therefore, in this research, the countermeasures of DNSpionage attack is proposed to contribute to build a secure and efficient DNS system.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.6
• /
• pp.1255-1261
• /
• 2020

Cache side-channel attack is a class of attacks to retrieve sensitive information from a system by exploiting shared cache resources in CPUs. As the attacks are delivered to wide range of environments from mobile systems to cloud systems recently, many detection strategies have been proposed. Since the conventional cache side-channel attacks are likely to incur tremendous number of cache events, most of the previous detection mechanisms were designed to carefully monitor mostly cache events. However, recently proposed attacks tend to incur less cache events during the attack. PRIME+ABORT attack, for example, leverages the Intel TSX instead of accessing cache to measure access time. Because of the characteristic, attack detection mechanisms based on cache events may hardly detect the attack. In this paper, we conduct an in-depth analysis of the PRIME+ABORT attack to identify the other useful hardware events for detection rather than cache events. Based on our finding, we present a novel mechanism called PRIME+ABORT Detector to detect the PRIME+ABORT attack and demonstrate that the detection mechanism can achieve 99.5% success rates with 0.3% performance overhead.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.1
• /
• pp.89-98
• /
• 2022

As deep learning technology was applied to various fields, research on adversarial attack techniques, a security problem of deep learning models, was actively studied. adversarial attacks have been mainly studied in the field of images. Recently, they have even developed a complete decision-based attack technique that can attack with just the classification results of the model. However, in the case of the audio field, research is relatively slow. In this paper, we applied several decision-based attack techniques to the audio field and improved state-of-the-art attack techniques. State-of-the-art decision-attack techniques have the disadvantage of requiring many queries for gradient approximation. In this paper, we improve query efficiency by proposing a method of reducing the vector search space required for gradient approximation. Experimental results showed that the attack success rate was increased by 50%, and the difference between original audio and adversarial examples was reduced by 75%, proving that our method could generate adversarial examples with smaller noise.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.11 no.2
• /
• pp.59-65
• /
• 2001

3GPP proposed a variant CBC-MAC based on the block cipher KASUMI to provide the data integrity over a radio access link. We have studied deeply the Knudsen and Mitchell\`s attack. In this paper we proposed a definite performing algorithm of the Knudsen and Mitchell\`s alack and compute the success probability and complexity of that algorithm. Moreover We also analyze a security of 3GPP-MAC comparing with the original CBC-MAC.

• Journal of Korea Society of Industrial Information Systems
• /
• v.17 no.3
• /
• pp.19-26
• /
• 2012

To resist the relay attacks in RFID system, it is commonly used RFID distance bounding protocols using the round trip time measurement for 1 bit challenge and response between a reader and a tag. If the success probability of relay attacks for the 1 bit challenge and response can be reduced in these protocols, it is possible to make an efficient distance bounding protocol. In this paper, we propose an efficient RFID distance bounding protocol based on 2 bit challenge and response which is modified the RFID distance bounding protocol proposed by Hancke and Khun based on 1 bit challenge and response. The success probability of relay attack for the proposed protocol is (7/16)n for the n times of challenge and response, which is much lower than (3/4)n given by Hancke and Khun's protocol.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.2
• /
• pp.303-311
• /
• 2015

DNS amplification is a new type of DDoS Attack and nowadays the attack occurs frequently. The previous studies showed the several detection ways such as the traffic analysis based on DNS queries and packet size. However, those methods have some limitations such as the uncertainty of packet size which depends on IP address type and vulnerabilities against distributed amplification attack. Therefore, we proposed a novel traffic analyzing algorithm using Success Rate and implemented the query analyzing system.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.20 no.6
• /
• pp.59-65
• /
• 2010

Since an attacker can occur an error in cryptographic device during encryption process and extract secret key, the fault injection attack has become a serious threat in chip security. In this paper, we show that an attacker can retrieve the 128-bits secret key using fault injection attack on the for statement of final round key addition in AES implementation. To verify possibility of our proposal, we implement the AES system on ATmega128 microcontroller and try to inject a fault using laser beam. As a result, we can extract 128-bits secret key through just one success of fault injection.

• Journal of Ocean Engineering and Technology
• /
• v.37 no.3
• /
• pp.81-88
• /
• 2023

Maneuverability is a crucial factor for the safety and success of submarine missions. This paper introduces a mathematical model that considers the large drift and angle of attack motions of submarines. Various computational fluid dynamics (CFD) simulations were performed to adapt Karasuno's fishery vessel maneuvering mathematical model to submarines. The study also presents the procedure for obtaining the physics-based hydrodynamic coefficients proposed by Karasuno through CFD calculations. Based on these coefficients, the reconstructed forces and moments were compared with those obtained from CFD and to the hydrodynamic derivatives expressed by a Taylor expansion. The study also discusses the mathematical maneuvering model that accounts for the large drift angles and angles of attack of submarines. The comparison results showed that the proposed maneuvering mathematical model based on modified Karasno's model could cover a large range of motions, including horizontal motion and vertical motions. In particular, the results show that the physics-based mathematical maneuvering model can represent the forces and moments acting on the submarine hull during large drift and angle of attack motions. The proposed mathematical model based on the Karasuno model could obtain more accurate results than the Taylor third-order approximation-based mathematical model in estimating the hydrodynamic forces acting on submarines during large drift and angle of attack motions.