• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.20 no.6
• /
• pp.59-65
• /
• 2010

Since an attacker can occur an error in cryptographic device during encryption process and extract secret key, the fault injection attack has become a serious threat in chip security. In this paper, we show that an attacker can retrieve the 128-bits secret key using fault injection attack on the for statement of final round key addition in AES implementation. To verify possibility of our proposal, we implement the AES system on ATmega128 microcontroller and try to inject a fault using laser beam. As a result, we can extract 128-bits secret key through just one success of fault injection.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.17 no.4
• /
• pp.35-41
• /
• 2017

This paper introduces a new method for storing a private key. This method can be achieved by dividing the private key into "n" pieces by a (k, n) secret sharing method, and then storing each piece into photo files utilizing a steganography method. In this way, a user can restore a private key as long as he can remember the locations of "k" photos among the entire photo files. Attackers, meanwhile, will find it extremely difficult to extract the private key if a user has hidden the pieces of the private key into numerous photo files stored in the system. It also provides a high degree of user convenience, as the user can restore the private key from his memory of k positions among n photo files. Coupled with this, a certain level of security can be guaranteed because the attacker cannot restore a private key, even if he knows k-1 photo file locations.

• The KIPS Transactions:PartC
• /
• v.8C no.2
• /
• pp.122-127
• /
• 2001

1998년 A. Young등은 공개키 기반구조(PKI)를 이용한 키 복구 시스템인 ARC를 제안하였다. 그리고 1999년 P.Paillier 등은 ARC를 개선하여 사용자의 증명서 저장공간이 필요 없는 SE-PKI 키 복구 시스템을 제안하였다. 또한 2001년 유희종 등은 Paillier가 제안한 SE-PKI 키 복구 시스템에 비밀분산 개념을 추가하여 다수의 키 위탁 기관이 참여하는 키 복구 시스템을 제안했다. 본 논문에서는 새로운 scheme을 추가하여 사용자의 비밀키를 사용자만이 인증기관의 도움을 받아 키 위탁 기관으로부터 온 라인 상에서 안전하게 복구할 수 있는 키 복구 시스템을 제안한다. 이 키 복구 시스템에서는 사용자가 비밀키를 자주 변경하는 경우 이전 암호문을 복호화하기 위해 필요한 비밀키 관리가 용이하다.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.5 no.4
• /
• pp.139-150
• /
• 2009

Authentication and key exchange are fundamental for establishing secure communication channels over public insecure networks. Password-based protocols for authenticated key exchange are designed to work even when user authentication is done via the use of passwords drawn from a small known set of values. There have been many protocols proposed over the years for password authenticated key exchange in the three-party scenario, in which two clients attempt to establish a secret key interacting with one same authentication server. However, little has been done for password authenticated key exchange in the more general and realistic four-party setting, where two clients trying to establish a secret key are registered with different authentication servers. In fact, the recent protocol by Yeh and Sun seems to be the only password authenticated key exchange protocol in the four-party setting. But, the Yeh-Sun protocol adopts the so called "hybrid model", in which each client needs not only to remember a password shared with the server but also to store and manage the server's public key. In some sense, this hybrid approach obviates the reason for considering password authenticated protocols in the first place; it is difficult for humans to securely manage long cryptographic keys. In this work, we introduce a key agreement protocol and a key distribution protocol, respectively, that requires each client only to remember a password shared with its authentication server.

• The KIPS Transactions:PartC
• /
• v.10C no.6
• /
• pp.763-768
• /
• 2003

In this paper, we propose a S/KEY based authentication protocol using smart cards to address the vulnerebilities of both the S/KEY authentication protocol and the secure one-time password protpcol which YEH, SHEN and HWANG proposed [1]. Because out protpcel is based on public key, it can authenticate the server and distribute a session key without any pre-shared secret. Also, it can prevent off-line dictionary attacks by using the randomly generated user is stored in the users smart card. More importantly, it can truly achieve the strength of the S/KEY scheme that no secret information need be stored on the server.

• Journal of Korea Society of Industrial Information Systems
• /
• v.19 no.1
• /
• pp.69-75
• /
• 2014

Audio seganography is the art and science of writing hidden messages that evolves as a new secret communication method. And audio steganography is similar to the process of modifying the Least Significant Bit of image files 8th LSB layer embedding has been done for desired binary messages. The effective of steganographic tools is to obtain imperceptible and robust way to conceal high rate of secret data. The objective of this paper is to propose a method for hiding the secret messages in safer manner from external attacks by modified LSB technique and encryption rearrangement key.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.21 no.5
• /
• pp.14-21
• /
• 2020

In order to provide confidential services between two communicating parties, block data encryption using a symmetric secret key is applied. A power analysis attack on a cryptosystem is a side channel-analysis method that can extract a secret key by measuring the power consumption traces of the crypto device. In this paper, we propose an attack model that can recover the secret key using a power analysis attack based on a deep learning convolutional neural network (CNN) algorithm. Considering that the CNN algorithm is suitable for image analysis, we particularly adopt the recurrence plot (RP) signal processing method, which transforms the one-dimensional power trace into two-dimensional data. As a result of executing the proposed CNN attack model on an XMEGA128 experimental board that implemented the AES-128 encryption algorithm, we recovered the secret key with 22.23% accuracy using raw power consumption traces, and obtained 97.93% accuracy using power traces on which we applied the RP processing method.

• Journal of Convergence for Information Technology
• /
• v.10 no.11
• /
• pp.23-29
• /
• 2020

As IoT devices increase exponentially, minimizing MIMO interference and increasing transmission capacity for sending and receiving IoT information through multiple antennas remain the biggest issues. In this paper, secret key-level distribution mechanism using deep learning is proposed to minimize MIMO-based IoT communication noise. The proposed mechanism minimizes resource loss during transmission and reception process by dispersing IoT information sent and received through multiple antennas in batches using deep learning. In addition, the proposed mechanism applied a multidimensional key distribution processing process to maximize capacity through multiple antenna multiple stream transmission at base stations without direct interference between the APs. In addition, the proposed mechanism synchronizes IoT information by deep learning the frequency of use of secret keys according to the number of IoT information by applying the method of distributing secret keys in dimension according to the number of frequency channels of IoT information in order to make the most of the multiple antenna technology.

• ETRI Journal
• /
• v.35 no.1
• /
• pp.173-176
• /
• 2013

Existing symmetric cryptography-based solutions against pollution attacks for network coding systems suffer various drawbacks, such as highly complicated key distribution and vulnerable security against collusion. This letter presents a novel homomorphic subspace message authentication code (MAC) scheme that can thwart pollution attacks in an efficient way. The basic idea is to exploit the combination of the symmetric cryptography and linear subspace properties of network coding. The proposed scheme can tolerate the compromise of up to r-1 intermediate nodes when r source keys are used. Compared to previous MAC solutions, less secret keys are needed for the source and only one secret key is distributed to each intermediate node.

• The Journal of the Korea Contents Association
• /
• v.4 no.3
• /
• pp.53-60
• /
• 2004

In this paper we present user authentication and key distribution using threshold PKC(Public Key Cryptosystem), which is secure against the dictionary attack. The n servers hold a t-out-of-n sharing of the dealer's secret key. When the server authenticate a user, at least f of them cooperate they can reconstruct password verifier.