• Journal of KIISE:Information Networking
• /
• v.29 no.2
• /
• pp.156-164
• /
• 2002

IPSec is a protocol which provides data encryption, message authentication and data integrity on public and open network transmission. In IPSec, ESP protocol is used when it needs to provide data encryption, authentication and Integrity In real transmission packets. ESP protocol uses DES-CBC encryption mode when sender encrypts packets and receiver decrypts data through this mode IV is used at that time. This value has many tasks of attack during transmission by attacker because it is transferred clean and opened. If IV value is modified, then decryption of ESP data is impossible and higher level information is changed. In this paper we propose a new algorithm that it encrypts IV values using DES-ECB mode for preventing IV attack and checks integrity of whole ESP data using message authentication function. Therefore, we will protect attacks of IV and data, and guarantee core safe transmission on the public network.

• Journal of Positioning, Navigation, and Timing
• /
• v.13 no.1
• /
• pp.53-61
• /
• 2024

Global Navigation Satellite Systems are expected to meet system-defined integrity requirements when users utilize the system for safety critical applications. While the guaranteed integrity performance of GPS and Galileo is publicly available, their integrity assurance procedure and related methodology have not been released to the public in an official document format. This paper summarizes the integrity assurance procedures of Global Positioning System (GPS) and Galileo, which were utilized during their system development, through a literature survey of their integrity assurance methodology. GPS Block II assures system integrity using the following methods: continuous performance monitoring and maintenance on Space Segment (SS) and Control Segment (CS), through a cause and effect analysis of anomalies and a failure analysis. In GPS Block III, to achieve more stringent integrity performance, safety requirements are integrated into the system design and development from its starting phase to the final phase. Galileo's integrity performance is provided in the Integrity Support Message (ISM) format, as Galileo utilizes a Dual Frequency Multi Constellation (DFMC) Satellite Based Augmentation System (SBAS) and Advanced Receiver Autonomous Integrity Monitoring (ARAIM) to serve safety critical applications. The integrity performance of Galileo is ensured by using a methodology similar to GPS Block II (i.e. continuous performance monitoring and maintenance on the system). The integrity assurance procedures reviewed in this paper can be utilized for a new satellite navigation system that will be developed in the near future.

• Journal of IKEEE
• /
• v.19 no.3
• /
• pp.349-356
• /
• 2015

Air Defense Command Control and Alert(ADC2A) system is a system that ensures simultaneity and integrity of air defense operations by combining sensors, weapons and Command and Control(C2) systems over a tactical network to protect forces, facilities and strategic points from enemy's air attack. Improving message processing speed is a very important factor for ADC2A, because it uses high frequency bit-processing of the Army standard KVMF message to communicate with internal and external systems. In this paper we proposed improved method of KVMF message processing for ADC2A system.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.11 no.5
• /
• pp.73-79
• /
• 2011

With increasing use of smartphone, users require a new message service to prevent security attack and provide integrated messages. Since smartphone uses data services such as 3G cell network and WiFi, it can provide reliable message transfer through various security policies. In addition, it can transfer various data collected using built-in camera and GPS. This paper proposes a smart message service platform which can provide security services such as authentication, confidentiality and integrity as well as transfer the integrated message including location, picture and text. To verity the functionality of the platform, this paper implements an iPhone app and message transfer server, and then shows the implementation results.

• Convergence Security Journal
• /
• v.24 no.1
• /
• pp.51-57
• /
• 2024

Although industrial control systems (ICSs) recently keep evolving with the introduction of Industrial IoT converging information technology (IT) and operational technology (OT), it also leads to a variety of threats and vulnerabilities, which was not experienced in the past ICS with no connection to the external network. Since various control command messages are sent to field devices of the ICS for the purpose of monitoring and controlling the operational processes, it is required to guarantee the message integrity as well as control center authentication. In case of the conventional message integrity codes and signature schemes based on symmetric keys and public keys, respectively, they are not suitable considering the asymmetry between the control center and field devices. Especially, compromised node attacks can be mounted against the symmetric-key-based schemes. In this paper, we propose message authentication scheme based on double hash chains constructed from cryptographic hash function without introducing other primitives, and then propose extension scheme using Merkle tree for multiple uses of the double hash chains. It is shown that the proposed scheme is much more efficient in computational complexity than other conventional schemes.

• Journal of KIISE
• /
• v.43 no.11
• /
• pp.1245-1258
• /
• 2016

Cryptographic technologies providing confidentiality and integrity such as encryption algorithms and message authentication codes (MACs) are necessary for preventing security threats in the Internet of Things (IoT) where various kinds of devices are interconnected. As a number of encryption schemes that have passed security verification are not necessarily suitable for low-power and low-performance IoT devices, various lightweight cryptographic schemes have been proposed. However, a study of lightweight MACs is not sufficient in comparison to that of lightweight block ciphers. Therefore, in this paper, we reviewed various kinds of MACs for their classification and analysis and then, we presented a new way for future MAC development. We also implemented major MAC algorithms and performed experiments to investigate their performance degradation on low-end micro-controllers.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.16 no.5
• /
• pp.1015-1022
• /
• 2012

This paper deals with hardware design which unifies MD5 and HAS-160 hash algorithms. Two algorithms get a message with arbitrary length and process message blocks divided into 512 bits each time and output a hash code with a fixed length. MD5 ouputs a hash code of 128 bits and HAS-160 a hash code of 160 bits. The unified hash core designed has 32% of slices overhead compared to HAS-160 core. However, there is only a fixed message buffer space used. The unified hash core which run a step in one clock cycle operates at 92MHz and has performance which digests a message in the speed of 724Mbps at MD5 and 581Mbps at HAS-160 hash mode. The unified hash core which is designed can be applicable to the areas such as E-commerce, data integrity and digital signature.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.9 no.12
• /
• pp.5189-5208
• /
• 2015

To address the contradiction between data aggregation and data security in wireless sensor networks, a Recoverable Privacy-preserving Integrity-assured Data Aggregation (RPIDA) scheme is proposed based on privacy homomorphism and aggregate message authentication code. The proposed scheme provides both end-to-end privacy and data integrity for data aggregation in WSNs. In our scheme, the base station can recover each sensing data collected by all sensors even if these data have been aggregated by aggregators, thus can verify the integrity of all sensing data. Besides, with these individual sensing data, base station is able to perform any further operations on them, which means RPIDA is not limited in types of aggregation functions. The security analysis indicates that our proposal is resilient against typical security attacks; besides, it can detect and locate the malicious nodes in a certain range. The performance analysis shows that the proposed scheme has remarkable advantage over other asymmetric schemes in terms of computation and communication overhead. In order to evaluate the performance and the feasibility of our proposal, the prototype implementation is presented based on the TinyOS platform. The experiment results demonstrate that RPIDA is feasible and efficient for resource-constrained sensor nodes.

• Journal of Information Processing Systems
• /
• v.19 no.3
• /
• pp.334-346
• /
• 2023

An electronic document based on PDF has been widely used in customer communication between an enterprise and a customer to deliver personalized content. However, electronic documents based on PDF in the form of paper layouts are not suitable for mobile environments because of low readability and lack of interactive interaction. Even though HTML is an essential language in a mobile environment, electronic document based on PDF is still used as it has a content integrity verification feature with a digital signature. It means that a user is sacrificing user experience in a mobile environment for content integrity and using paper-layout electronic documents. In this research, we design the Document HTML specification by setting the Document HTML conformance, adding the extended meta tags, and signing the message digest with a digital signature based on public key infrastructure (PKI). Furthermore, we implemented the Document HTML system, which has REST API services to generate and verify the Document HTML, and did experimental verification of the theory. As a result, we have confirmed that the Document HTML has both content integrity and user experience on mobile. Furthermore, the Document HTML is expected to be an alternative document format to deliver personalized content from an enterprise to a customer in a mobile environment instead of the paper layout electronic document such as PDF.

• ETRI Journal
• /
• v.38 no.4
• /
• pp.724-734
• /
• 2016

To achieve confidentiality, integrity, authentication, and non-repudiation simultaneously, the concept of signcryption was introduced by combining encryption and a signature in a single scheme. Certificate-based encryption schemes are designed to resolve the key escrow problem of identity-based encryption, as well as to simplify the certificate management problem in traditional public key cryptosystems. In this paper, we propose a new certificate-based signcryption scheme that has been proved to be secure against adaptive chosen ciphertext attacks and existentially unforgeable against chosen-message attacks in the random oracle model. Our scheme is not based on pairing and thus is efficient and practical. Furthermore, it allows a signcrypted message to be immediately verified by the public key of the sender. This means that verification and decryption of the signcrypted message are decoupled. To the best of our knowledge, this is the first signcryption scheme without pairing to have this feature.