• KIPS Transactions on Computer and Communication Systems
• /
• v.2 no.2
• /
• pp.83-92
• /
• 2013

RSA-CRT is a widely used algorithm that provides high performance implementation of the RSA-signature algorithm. Many previous studies on each operation step have been published to verify the physical leakages of RSA-CRT when used in smart devices. This paper proposes SAED (subtraction algorithm analysis on equidistant data), which extracts sensitive information using the event information of the subtraction operation in a reduction algorithm. SAED is an attack method that uses algorithm-dependent power signal changes. An adversary can extract a key using differential power analysis (DPA) of the subtraction operation. This paper indicates the theoretical rationality of SAED, and shows that its results are better than those of other methods. According to our experiments, only 256 power traces are sufficient to acquire one block of data. We verify that this method is more efficient than those proposed in previously published studies.

• The KIPS Transactions:PartD
• /
• v.11D no.1
• /
• pp.105-114
• /
• 2004

In this paper, we propose a collaboration method of diverse agents each others in multi-agent model and describe a node migration algorithm of Mobile-Agent (MA) using by the metadata of Naming-Agent (NA). Collaboration work of multi-agent assures stability of agent system and provides reliability of information retrieval on the distributed environment. NA, an important part of multi-agent, identifies each agents and series the unique name of each agents, and each agent references the specified object using by its name. Also, NA integrates and manages naming service by agents classification such as Client-Push-Agent (CPA), Server-Push-Agent (SPA), and System-Monitoring-Agent (SMA) based on its characteristic. And, NA provides the location list of mobile nodes to specified MA. Therefore, when MA does move through the nodes, it is needed to improve the efficiency of node migration by specified priority according to hit_count, hit_ratio, node processing and network traffic time. Therefore, in this paper, for the integrated naming service, we design Naming Agent and show the structure of metadata which constructed with fields such as hit_count, hit_ratio, total_count of documents, and so on. And, this paper presents the flow of creation and updating of metadata and the method of node migration with hit_count through the collaboration of multi-agent.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.3
• /
• pp.621-635
• /
• 2012

Although most proposed security schemes have scrutinized their own security models for protecting different types of threats and attacks, this naturally causes a problem as follows-- if a security analysis tool would fit a certain scheme, it may not be proper to other schemes. In order to address this problem, this paper analyzes how security requirements of each paper could be different by comparing with two schemes: Agrawal et al.'s scheme OPES (Order Preserving Encryption Scheme) and Zdonik et al.'s FCE (Fast Comparison Encryption). Zdonik et al. have formally disproved the security of Agrawal et al.'s scheme OPES. Thereafter, some scholars have wondered whether the OPES can guarantee its applicability in a real world for its insecurity or not. However, the analysis by Zdonik et al. does not have valid objectivity because they used the security model INFO-CPA-DB for their scheme FCE to analyze Agrawal et al.'s scheme OPES, in spite of the differences between two schemes. In order to analyze any scheme correctly and apply it to a real world properly, the analysis tool should be comprehensively standardized. We re-analyze Zdonik et al.'s analysis for OPES and then propose general formalizations of security and privacy for all of the encrypted retrieval systems. Finally, we recommend the minimum level of security requirements under our formal definitions. Additional considerations should be also supplemented in accordance with the conditions of each system.

• Journal of the Institute of Electronics Engineers of Korea CI
• /
• v.48 no.2
• /
• pp.117-126
• /
• 2011

RSA-CRT algorithm is widely used to improve the performance of RSA algorithm. However, it is also vulnerable to side channel attacks like as general RSA. One of the power attacks on RSA-CRT, proposed by Boer et al., is a power analysis which utilizes reduction steps of RSA-CRT algorithm with equidistant chosen messages, called as ECMPA(Equidistant Chosen Messages Power Analysis) or MRED(Modular Reduction on Equidistant Data) analysis. This method is to find reduction output value r=xmodp which has the same equidistant patterns as equidistant messages. One can easily compute secret prime p from exposure of r. However, the result of analysis from a reduction step in [5] is remarkably different in our experiment from what Boer expected in [5]. Especially, we found that there are Ghost key patterns depending on the selection of attack bits and selected reduction algorithms. Thus, in this paper we propose several Ghost key patterns unknown to us until now, then we suggest enhanced and detailed analyzing methods.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.35 no.9B
• /
• pp.1330-1341
• /
• 2010

Power analysis (PA) is known as a powerful physical attack method in the field of information security. This method uses the statistical characteristics of leaked power consumption signals measured from security devices to reveal the secret keys. However, when measuring a leakage power signal, it may be easily distorted by the noise due to its low magnitude values, and thus the PA attack shows different performances depending on the noise level of the measured signal. To overcome this vulnerability of the PA attack, we propose a noise-reduction method based on wavelet de-noising. Experimental results show that the proposed de-noising method improves the attack efficiency in terms of the number of signals required for the successful attack as well as the reliability on the guessing key.

• Korean Journal of Clinical Laboratory Science
• /
• v.50 no.4
• /
• pp.470-476
• /
• 2018

Facial motor evoked potential (FMEP) by multi-pulse transcranial electrical stimulation (mpTES) can complement free-running electromyography (EMG) and direct facial nerve stimulation to predict the functional integrity of the facial nerve during cerebello-pontine angle (CPA) tumor surgery. The purpose of this paper is to examine the standardized test methods and the usefulness of FMEP as a predictor of facial nerve function and to minimize the incidence of facial paralysis as an aftereffect of surgery. TES was delivered through electrode Mz (cathode) - M3/M4 (anode), and extracranially direct distal facial muscle excitation was excluded by the absence of single pulse response (SPR) and by longer onset latency (more than 10 ms). FMEP from the orbicularis oris (o.oris) and the mentalis muscle simultaneously can improve the accuracy and success rate compared with FMEP from the o.oris alone. Using the methods described, we can effectively predict facial nerve outcomes immediately after surgery with a reduction of more than 50% of FMEP amplitude as a warning criterion. In conclusion, along with free-running EMG and direct facial nerve stimulation, FMEP is a useful method to reduce the incidence of facial paralysis as a sequela during CPA tumor surgery.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.4
• /
• pp.733-744
• /
• 2012

Dynamic threshold public-key encryption provides dynamic setting of the group of all users, receivers and the threshold value. Over recent years, there are many studies on the construction of scheme, called ID-based dynamic threshold encryption, which combines the ID-based encryption with dynamic threshold encryption. In this paper, we analyze the ID-based dynamic threshold encryption proposed by Xing and Xu in 2011, and show that their scheme has a structural problem. We propose a conversion method from ID-based encryption which uses the bilinear map to ID-based dynamic threshold encryption. Additionally, we prove this converted scheme has CPA security under the full model.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.18 no.2
• /
• pp.39-47
• /
• 2008

Among previous Side Channel Analysis (SCA) methods, Differential Power Analysis (DPA) based on the statistical characteristics of collected signals has been known as an efficient attack for uncovering secret key of cryptosystems. However, the attack performance of this method is affected very much by the temporal misalignment and noise of collected side channel signals. In this paper, we propose a new method to surmount the noise problem in DPA. The performance of the proposed method is then evaluated while analyzing the power consumption signals of Micro-controller chips during a DES operation. Its performance is then compared to that of the original DPA in the time and frequency domains. When we compare the experimental results with respect to the needed number of traces to uncover the secret key, our proposed method shows the performance enhancement 33% in the time domain and 50% in the frequency domain.

• Journal of the Korean Institute of Navigation
• /
• v.24 no.1
• /
• pp.13-22
• /
• 2000

The collisions at sea among marine casualties are not reduced as the tonnage and speed of ship's increase as well as the traffic quantity increase at sea, in spite of the improvement of nautical equipment, enforcement of crew's education and training as well as improvement of quality standard according to the implementation of ISM code. The measures to prevent the collisions at sea are simple, and are composed of six stage.: The first stage is that the officer on duty detect the target from his eye or radar information. The second stage is determining the type and kind of target-ship. The third stage is target tracking; calculation of target speed, course, CPA and TCPA from radar information or visual check. The fourth stage is determination of vessel in danger after calculation of third stage. The fifth stage is the judgement of situation if own ship is stand-on or give way vessel according to the 1972 COLREG. The last stage is to carry out proper action according to 1972 COLREG, under the circumstances. But by the case, the situations are so different under the different external conditions; for example, natural/navigational conditions, crew's human factors, ship's particular, rule or regulation, management system on board, the condition of watch keeping. Therefore the reasons and casualties are so complicated. This study aims to investigate the collision casualty at sea which needs to clarity all these causal factors of afore-mentioned, and to analyze the causes of problems so as to utilize them to establish the measures of preventing marine accidents. This study, described the concepts of causal factors into three groups; environmental factor, and company/on board management system and navigator's act. Also described how to investigate and analyzes the casual factors. Even though it was described in this paper how to detect the causal factors and reasons of collisions, and how to analyze the inter-relation of each causal factors, it is necessary to do further study how to analyze between the liability of concerned parties and the casual factors involved.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.5
• /
• pp.993-1000
• /
• 2017

When the availability of embedded device is considered, combined countermeasure such as first-order masking and hiding countermeasures is quite attractive because the security and efficiency can be provided at the same time. Especially, combined countermeasure can be applied to the confusion and diffusion layers of the first and last rounds in order to provide the efficiency. Also, the middle rounds only employs first-order masking countermeasure or no countermeasure. In this paper, we suggest a novel side channel analysis with low complexity in the output of diffusion layer. In general, the attack target cannot be set to the output of diffusion layer owing to the high complexity. When the diffusion layer of block cipher is composed of AND operations, we show that the attack complexity can be reduced. Here, we consider that the main algorithm is SEED. Then, the attack complexity with $2^{32}$ can be reduced by $2^{16}$ according to the fact that the correlation between the combination of S-box outputs and that of the outputs of diffusion layer. Moreover, compared to the fact that the main target is the output of S-box in general, we demonstrate that the required number of traces can be reduced by 43~98% in terms of simulated traces. Additionally, we show that only 8,000 traces are enough to retrieve the correct key by suggested scheme, although it fails to reveal the correct key when performing the general approach on 100,000 traces in realistic device.