• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.3
• /
• pp.413-426
• /
• 2017

In this paper, we propose an adder that can be applied to data encrypted with a fully homomorphic encryption scheme and an addition method with improved performance that can be applied when adding multiple data. The proposed arithmetic adder is based on the Kogge-Stone Adder method with the optimal circuit level among the existing hardware-based arithmetic adders and suitable to apply the cryptographic SIMD (Single Instruction for Multiple Data) function on encrypted data. The proposed multiple addition method does not add a large number of data by repeatedly using Kogge-Stone Adder which guarantees perfect addition result. Instead, when three or more numbers are to be added, three numbers are added to C (Carry-out) and S (Sum) using the full-adder circuit implementation. Adding with Kogge-Stone Adder is only when two numbers are finally left to be added. The performance of the proposed method improves dramatically as the number of data increases.

• Journal of Internet Computing and Services
• /
• v.7 no.3
• /
• pp.93-105
• /
• 2006

The instant messenger is not only a wonderful tool for individuals. It is also a great tool which provides real-time dialogue and file transfers for individuals via the Internet and improves an enterprise productivity. However, it has many security risks that may have significant impact in corprate environments. This paper provides an overview of the security risks of the instant messenger with a risk analysis method and the controls that can be used to make it secure. It's hard to eliminate the instant messenger from enterprise environments because of its benefits. If we cannot avoid using it, we must make it secure and reap the full benefits of it.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.12 no.3
• /
• pp.1315-1329
• /
• 2018

Ciphertext-policy attribute-based encryption (CP-ABE) associates ciphertext with access policies. Only when the user's attributes satisfy the ciphertext's policy, they can be capable to decrypt the ciphertext. Expressivity and security are the two directions for the research of CP-ABE. Most of the existing schemes only consider monotonic access structures are selectively secure, resulting in lower expressivity and lower security. Therefore, fully secure CP-ABE schemes with non-monotonic access structure are desired. In the existing fully secure non-monotonic access structure CP-ABE schemes, the attributes that are set is bounded and a one-use constraint is required by these projects on attributes, and efficiency will be lost. In this paper, to overcome the flaw referred to above, we propose a new fully secure non-monotonic access structure CP-ABE. Our proposition enforces no constraints on the scale of the attributes that are set and permits attributes' unrestricted utilization. Furthermore, the scheme's public parameters are composed of a constant number of group elements. We further compare the performance of our scheme with former non-monotonic access structure ABE schemes. It is shown that our scheme has relatively lower computation cost and stronger security.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.15 no.3
• /
• pp.1691-1699
• /
• 2014

IEEE developing WAVE specifications are able to support V2V and V2I wireless communications, and these functionalities can be used to enhance vehicle operational safety. To overcome any security weaknesses that are inherent in wireless communications, WAVE specification should support message encryption and authentication functions. In this study, we have implemented WAVE security algorithms in IEEE P1609.2 with openssl library and C language. We have verified the normal operation of implemented software, using the test vectors of related specifications, and measured their performance. Our software is platform independent, and can be used for the full implementation of WAVE specification.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.6
• /
• pp.1117-1127
• /
• 2014

Differential Fault Analysis(DFA) is widely known for one of the most powerful method for analyzing block cipher. it is applicable to block cipher such as DES, AES, ARIA, SEED, and lightweight block cipher such as PRESENT, HIGHT. In this paper, we introduce a differential fault analysis on the lightweight block cipher LEA for the first time. we use 300 chosen fault injection ciphertexts to recover 128-bit master key. As a result of our attack, we found a full master key within an average of 40 minutes on a standard PC environment.

• International Journal of Computer Science & Network Security
• /
• v.21 no.6
• /
• pp.89-100
• /
• 2021

Smart Grid Network (SGN) is a next generation electrical power network which digitizes the power distribution grid and achieves smart, efficient, safe and secure operations of the electricity. The backbone of the SGN is information communication technology that enables the SGN to get full control of network station monitoring and analysis. In any network where communication is involved security is essential. It has been observed from several recent incidents that an adversary causes an interruption to the operation of the networks which lead to the electricity theft. In order to reduce the number of electricity theft cases, companies need to develop preventive and protective methods to minimize the losses from this issue. In this paper, we have introduced a machine learning based SVM method that detects malicious nodes in a smart grid network. The algorithm collects data (electricity consumption/electric bill) from the nodes and compares it with previously obtained data. Support Vector Machine (SVM) classifies nodes into Normal or malicious nodes giving the statues of 1 for normal nodes and status of -1 for malicious -abnormal-nodes. Once the malicious nodes have been detected, we have done a trust evaluation based on the nodes history and recorded data. In the simulation, we have observed that our detection rate is almost 98% where the false alarm rate is only 2%. Moreover, a Trust value of 50 was achieved. As a future work, countermeasures based on the trust value will be developed to solve the problem remotely.

• Journal of Internet Computing and Services
• /
• v.21 no.1
• /
• pp.179-190
• /
• 2020

In the Unix-like system environment, the GOT overwrite attack is one of the traditional control flow hijacking techniques for exploiting software privileges. Several techniques have been proposed to defend against the GOT overwrite attack, and among them, the Full Relro(Relocation Read only) technique, which blocks GOT overwrites at runtime by arranging the GOT section as read-only in the program startup, has been known as the most effective defense technique. However, it entails loading delay, which limits its application to a program sensitive to startup performance, and it is not currently applied to the library due to problems including a chain loading delay problem caused by nested library dependency. Also, many compilers, including LLVM, do not apply the Full Relro technique by default, so runtime programs are still vulnerable to GOT attacks. In this paper, we propose a GOT protection scheme using the Control Flow Integrity(CFI) technique, which is currently recognized as the most suitable technique for defense against code reuse attacks. We implemented this scheme based on LLVM and applied it to the binutils-gdb program group to evaluate security, performance and compatibility. The GOT protection scheme with CFI is difficult to bypass, fast, and compatible with existing library programs.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.5
• /
• pp.1077-1084
• /
• 2015

Security issues such as an illegal acquisition of personal information and identity theft happen due to using game bots in online games. Game bots collect items and money unfairly, so in-game contents are rapidly depleted, and honest users feel deprived. It causes a downturn in the game market. In this paper, we defined the growth types by analyzing the growth processes of users with actual game data. We proposed the framework that classify hard-core users and game bots in the growth patterns. We applied the framework in the actual data. As a result, we classified five growth types and detected game bots from hard-core users with 93% precision. Earlier studies show that hard-core users are also detected as a bot. We clearly separated game bots and hard-core users before full growth.

• The KIPS Transactions:PartC
• /
• v.17C no.3
• /
• pp.223-232
• /
• 2010

Due to the advance of Internet, offline services are expanded into online services and a financial transaction company provides online services using internet baning systems. However, security problems of the internet banking systems are caused by a lack of security for developing the internet banking systems. Although the financial transaction company has applied existing internal and external standards, ISO 20022, ISO/IEC 27001, ISO/IEC 9789, ISO/IEC 9796, Common Criteria, etc., there are still vulnerabilities. Because the standards lack in a consideration of security requirements of the internet banking system. This paper is intended to explain existing standards and discusses a reason that the standards have not full assurance of security when the internet baning system is applied by single standard. Moreover we make an analysis of a security functions for the internet baning systems and then selects the security requirements. In this paper, we suggest a new protection profile of the internet baning systems using Common Criteria V.3.1 from the analysis mentioned above.

• Journal of Korea Multimedia Society
• /
• v.15 no.11
• /
• pp.1349-1357
• /
• 2012

In recent years, security accidents which are becoming the socially hot issue not only cause financial damages but also raise outflow of private information. Most of the accidents have been immediately caused by the software weakness. Moreover, it is difficult for software today to assure reliability because they exchange data across the internet. In order to solve the software weakness, developing the secure software is the most effective way than to strengthen the security system for external environments. Therefore, suggests that the coding guide has emerged as a major security issue to eliminate vulnerabilities in the coding stage for the prevention of security accidents. Developers or administrators effectively in order to use secure coding coding secure full set of security weaknesses organized structurally and must be managed. And the constant need to update new information, but the existing Secure Coding and Security weakness is organized structurally do not. In this paper, we will define and introduce the structured weakness for mobile applications by the surveys of existing secure coding and coding rules for code analysis tools in Java.