• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.5
• /
• pp.765-777
• /
• 2022

The SABER algorithm, a PKE/KEM algorithm presented in NIST PQC Standardization Round 3, is an algorithm based on the Module-LWR problem among lattice-based problems and has a Meta-PKE structure. At this time, the secret information used in the encryption process is called a ephemeral key, and in this paper, the ephemeral key reuse attack using the Meta-PKE structure is described. For each parameter satisfying the security strengths required by NIST, we present a detailed analysis of the previous studies attacked using 4, 6, and 6 queries, and improve them, using only 3, 4, and 4 queries. In addition, we introduce how to reduce the computational complexity of recovering ephemeral keys with a single query from the brute-force complexity on the n-dimension lattice, 2^7.91×n, 2^10.51×n, 2^12.22×n to 2^4.91×n, 2^6.5×n, 2^6.22×n, for each parameter, and present the results and limitations.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.12 no.3
• /
• pp.1356-1366
• /
• 2011

The TPM(Trusted Platform Module) is a hardware chip to support a trusted computing environment. A rightful user needs a command authorization process in order to use principal TPM commands. To get command authorization from TPM chip, the user should perform the OIAP(Object-Independent Authorization Protocol) or OSAP(Object-Specific Authorization Protocol). Recently, Chen and Ryan alerted the vulnerability of insider attack on TPM command authorization protocol in multi-user environment and presented a countermeasure protocol SKAP(Session Key Authorization Protocol). In this paper, we simulated the possibility of insider attack on OSAP authorization protocol in real PC environment adopted a TPM chip. Furthermore, we proposed a novel countermeasure to defeat this insider attack and improve SKAP's disadvantages such as change of command suructures and need of symmetric key encryption algorithm. Our proposed protocol can prevent from insider attack by modifying of only OSAP command structure and adding of RSA encryption on user and decryption on TPM.

• Journal of IKEEE
• /
• v.25 no.1
• /
• pp.88-94
• /
• 2021

Public-key cryptographic algorithms such as RSA and ECC, which are currently in use, have used mathematical problems that would take a long time to calculate with current computers for encryption. But those algorithms can be easily broken by the Shor algorithm using the quantum computer. Lattice-based cryptography is proposed as new public-key encryption for the post-quantum era. This cryptographic algorithm is performed in the Polynomial Ring, and polynomial multiplication requires the most processing time. Therefore, a hardware model module is needed to calculate polynomial multiplication faster. Number Theoretic Transform, which called NTT, is the FFT performed in the finite field. The logic verification was performed using HDL, and the proposed design at the transistor level using Hspice was compared and analyzed to see how much improvement in delay time and power consumption was achieved. In the proposed design, the average delay was improved by 30% and the power consumption was reduced by more than 8%.

• Journal of Industrial Convergence
• /
• v.20 no.10
• /
• pp.17-24
• /
• 2022

Lora, a non-band network technology of the long-distance wireless standard LPWAN standard, uses ABP and OTTA methods and AES-128-based encryption algorithm (shared key) for internal terminal authentication and integrity verification. Lora's recent firmware tampering vulnerability and shared-key encryption algorithm structure make it difficult to defend against MITM attacks. In this study, the consensus algorithm(PBFT) is applied to the Lora network to enhance safety. It performs authentication and PBFT block chain creation by searching for node groups using the GPS module. As a result of the performance analysis, we established a new Lora trust network and proved that the latency of the consensus algorithm was improved. This study is a 4th industry convergence study and is intended to help improve the security technology of Lora devices in the future.

• Journal of Internet Computing and Services
• /
• v.21 no.3
• /
• pp.11-19
• /
• 2020

In this paper, a merged TEA block cipher processor which unifies Tiny Encryption Algorithm(TEA), extended Tiny Encryption Algorithm(XTEA) and corrected block TEA(XXTEA) is designed. After TEA cipher algorithm was first designed, XTEA and XXTEA cipher algorithms were designed to correct security weakness. Three types of cipher algorithm uses a 128-bit master key. The designed cipher processor can encrypt or decrypt 64-bit message block for TEA/XTEA and variable-length message blocks up to 256-bit for XXTEA. The maximum throughput for 64-bit message blocks is 137Mbps and that of 256-bit message blocks is 369Mbps. The merged TEA block cipher designed in this paper has a 16% gain on the area side compared to a lightweight LEA cipher. The cryptographic IP of this paper is applicable in security module of the mobile areas such as smart card, internet banking, and e-commerce.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.16 no.4
• /
• pp.778-784
• /
• 2012

A symmetric block cryptosystem uses an identical cryptographic key at encryption and decryption processes. HIGHT cipher algorithm is 64-bit block cryptographic technology for mobile device that was authorized as international standard by ISO/IEC on 2010. In this paper, block cipher HIGHT algorithm is designed using Verilog-HDL. Four modes of operation for block cipher such as ECB, CBC, OFB and CTR are supported. When continuous message blocks of fixed size are encrypted or decrypted, the desigend HIGHT core can process a 64-bit message block in every 34-clock cycle. The cryptographic processor designed in this paper operates at 144MHz on vertex chip of Xilinx, Inc. and the maximum throughput is 271Mbps. The designed cryptographic processor is applicable to security module of the areas such as PDA, smart card, internet banking and satellite broadcasting.

• The KIPS Transactions:PartC
• /
• v.13C no.1 s.104
• /
• pp.83-94
• /
• 2006

This paper describes ATM cell encipherment method using Rijndael Algorithm adopted as an AES(Advanced Encryption Standard) by NIST in 2001. ISO 9160 describes the requirement of physical layer data processing in encryption/decryption. For the description of ATM cell encipherment method, we implemented ATM data encipherment equipment which satisfies the requirements of ISO 9160, and verified the encipherment/decipherment processing at ATM STM-1 rate(155.52Mbps). The DES algorithm can process data in the block size of 64 bits and its key length is 64 bits, but the Rijndael algorithm can process data in the block size of 128 bits and the key length of 128, 192, or 256 bits selectively. So it is more flexible in high bit rate data processing and stronger in encription strength than DES. For tile real time encryption of high bit rate data stream. Rijndael algorithm was implemented in FPGA in this experiment. The boundary of serial UNI cell was detected by the CRC method, and in the case of user data cell the payload of 48 octets (384 bits) is converted in parallel and transferred to 3 Rijndael encipherment module in the block size of 128 bits individually. After completion of encryption, the header stored in buffer is attached to the enciphered payload and retransmitted in the format of cell. At the receiving end, the boundary of ceil is detected by the CRC method and the payload type is decided. n the payload type is the user data cell, the payload of the cell is transferred to the 3-Rijndael decryption module in the block sire of 128 bits for decryption of data. And in the case of maintenance cell, the payload is extracted without decryption processing.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.14 no.2
• /
• pp.724-737
• /
• 2020

Corrected Block TEA(or XXTEA) is a block cipher designed to correct security weakness in the original block TEA in 1998. In this paper, XXTEA cipher hardware which can encrypt or decrypt between 64-bit and 256-bit messages using 128-bit master key is implemented. Minimum message block size is 64-bit wide and maximal message block size is 256-bit wide. The designed XXTEA can encrypt and decrypt variable-length message blocks which are some arbitrary multiple of 32 bits in message block sizes. XXTEA core of this paper is described using Verilog-HDL and downloaded on Vertex4. The operation frequency is 177MHz. The maximum throughput for 64-bit message blocks is 174Mbps and that of 256-bit message blocks is 467Mbps. The cryptographic IP of this paper is applicable as security module of the mobile areas such as smart card, internet banking, e-commerce and IoT.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.5
• /
• pp.1009-1017
• /
• 2012

The fault injection attack has been developed to extract the secret key which is embedded in a crypto module by injecting errors during the encryption process. Especially, an attacker can find master key of AES using injection of just one byte. In this paper, we proposed a countermeasure resistant to the these fault attacks by checking the differences between input and output. Using computer simulation, we also verified that the proposed AES implementation resistant to fault attack shows better fault detection ratio than previous other methods and has small computational overheads.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.10 no.9
• /
• pp.1573-1581
• /
• 2006

To utilize actively the agent which is one of the elements of revitalization of Agro-Foods Mobile I-commerce, an essential prerequisite is agent security. IF using partial PKI(Public Key Infrastructure)-based confirmation mechanism providing security for the agent, the size of agent is becoming larger, the result of the transmission speed is slow, and the confirmation speed is tardy as well because of performing calculation of public keys such as RSA and needing linkage with the CA for the valid examination of certificates. This paper suggests a mechanism that can cross certification and data encryption of each host in the side of improving the problems of key distribution on agent by shaping key chain relationship. This mechanism can guarantee the problem of ky distribution by using agent cipher key(ACK) module and generating random number to fit mobile surroundings and to keep the secret of the agent. Suggested mechanism is a thing that takes into consideration security and efficiency to secure agent for the revitalization of M-Commerce, and is a code skill to make the agent solid and is a safe mechanism minimizing the problems of memory overflow.