• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.15 no.10
• /
• pp.3771-3792
• /
• 2021

With the rapid development of science and technology, several high-performance networks have emerged with various new applications. Consequently, financially or socially motivated attacks on specific networks have also steadily become more complicated and sophisticated. To reduce the damage caused by such attacks, administration of network traffic flow in real-time and precise analysis of past attack traffic have become imperative. Although various traffic analysis methods have been studied recently, they continue to suffer from performance limitations and are generally too complicated to apply in existing systems. To address this problem, we propose a method to calculate the correlation between the malicious and normal flows and classify attack traffics based on the corresponding correlation values. In order to evaluate the performance of the proposed method, we conducted several experiments using examples of real malicious traffic and normal traffic. The evaluation was performed with respect to three metrics: recall, precision, and f-measure. The experimental results verified high performance of the proposed method with respect to first two metrics.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.7 no.2
• /
• pp.93-106
• /
• 1997

Summation generator is a real adder generator with maximum period, near maximum linear complexity and maximum order of correlation immunity. But this generator has been analyzed by a correlation attack(a kind of known-plaintext attack), which confers carry bits from output sequences of consecutive 0's or 1's. As methods of immunizing carry-output correlation, an immunized summation generator which exclusively-ORed summation generator output with output of a stage of LFSR was proposed. But the immunized generator reuses the output of LFSR by k-bit later and does not garantees maximum period in special case. In this paper we proposed an improved summation generator with 2-bit memory and analyzed it.

• Bulletin of the Korean Chemical Society
• /
• v.32 no.10
• /
• pp.3743-3747
• /
• 2011

Kinetic studies on the reactions of Y-S-aryl phenyl phosphonochloridothioates with X-pyridines have been carried out in MeCN at $55.0^{\circ}C$. The Hammett and Bronsted plots for substituent X variations in the nucleophiles are biphasic concave upwards with a break point at X = H. The Hammett plots for substituent Y variations in the substrates are biphasic concave upwards with a break point at Y = H, and the sign of ${\rho}_Y$ is changed from unusual negative (${\rho}_Y$ < 0) with the weaker electrophiles to positive (${\rho}_Y$ > 0) with the stronger electrophiles. The stepwise mechanism is proposed on the basis of the ${\rho}_X$, ${\beta}_X$, and ${\rho}_{XY}$ values as follows: a ratelimiting leaving group departure from the intermediate involving a frontside attack and product-like TS for the stronger nucleophiles and weaker electrophiles; a rate-limiting leaving group departure from the intermediate involving a backside attack and product-like TS for the weaker nucleophiles and electrophiles; a rate-limiting bond formation involving a frontside attack for the stronger nucleophiles and electrophiles; a rate-limiting bond formation involving a backside attack for the weaker nucleophiles and stronger electrophiles. The substituent effects of X and Y on the pyridinolysis mechanisms of $R_1R_2P$(=S)Cl-type substrates are discussed.

• Journal of the Korea Society for Simulation
• /
• v.11 no.2
• /
• pp.1-16
• /
• 2002

The need for network security is being increasing due to the development of information communication and internet technology. In this paper, firewall models, operating system models and other network component models are constructed. Each model is defined by basic or compound model, referencing DEVS formalism. These models and the simulation environment are implemented with MODSIM III, a general purpose, modular, block-structured high-level programming language which provides direct support for object-oriented programming and discrete-event simulation. In this simulation environment with representative attacks, the following three attacks are generated, SYN flooding and Smurf attack as an attack type of denial of service, Mail bomb attack as an attack type of e-mail. The simulation is performed with the models that exploited various security policies against these attacks. The results of this study show that the modeling method of packet filtering system, proxy system, unix and windows NT operating system. In addition, the results of the simulation show that the analysis of security performance according to various security policies, and the analysis of correlation between availability and confidentiality according to security empowerment.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.5
• /
• pp.1013-1022
• /
• 2014

Correlation Power Analysis (CPA) is a type of Side-Channel Analysis (SCA) that extracts the secret key using the correlation coefficient both side-channel information leakage by cryptography device and intermediate value of algorithms. Attack performance of the CPA is affected by noise and temporal synchronization of power consumption leaked. In the recent years, various researches about the signal processing have been presented to improve the performance of power analysis. Among these signal processing techniques, compression techniques of the signal based on Principal Component Analysis (PCA) has been presented. Selection of the principal components is an important issue in signal compression based on PCA. Because selection of the principal component will affect the performance of the analysis. In this paper, we present a method of selecting the principal component by using the correlation of the principal components and the power consumption is high and a CPA technique based on the principal component that utilizes the feature that the principal component has different. Also, we prove the performance of our method by carrying out the experiment.

• Journal of the Institute of Electronics Engineers of Korea CI
• /
• v.49 no.3
• /
• pp.74-80
• /
• 2012

Recently at SCIS2011, Nakatsu et. al. proposed multi-round Correlation Power Analysis(CPA) on Hardware Advanced Encryption Standard(AES) to improve the performance of CPA with limited number of traces. In this paper, we propose, Multi-Round CPA to retrieve master key using CPA of 1round and 2round on Hardware DES. From the simulation result for the proposed attack method, we could extract 56-bit master key using the 300 power traces of Hardware DES in DPA contes. And it was proved that we can search more master key using multi-round CPA than using single round CPA in limited environments.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.5 no.10
• /
• pp.1783-1798
• /
• 2011

Recently, a cryptographic construct, called fuzzy vault, has been proposed for crypto-biometric systems, and some implementations for fingerprint have been reported to protect the stored fingerprint template by hiding the fingerprint features. In this paper, we implement the fuzzy fingerprint vault, combining fingerprint verification and fuzzy vault scheme to protect fingerprint templates. To implement the fuzzy fingerprint vault as a complete system, we have to consider several practical issues such as automatic fingerprint alignment, verification accuracy, execution time, error correcting code, etc. In addition, to protect the fuzzy fingerprint vault from the correlation attack, we propose an approach to insert chaffs in a structured way such that distinguishing the fingerprint minutiae and the chaff points obtained from two applications is computationally hard. Based on the experimental results, we confirm that the proposed approach provides higher security than inserting chaffs randomly without a significant degradation of the verification accuracy, and our implementation can be used for real applications.

• ETRI Journal
• /
• v.32 no.1
• /
• pp.102-111
• /
• 2010

Recently power attacks on RSA cryptosystems have been widely investigated, and various countermeasures have been proposed. One of the most efficient and secure countermeasures is the message blinding method, which includes the RSA derivative of the binary-with-random-initial-point algorithm on elliptical curve cryptosystems. It is known to be secure against first-order differential power analysis (DPA); however, it is susceptible to second-order DPA. Although second-order DPA gives some solutions for defeating message blinding methods, this kind of attack still has the practical difficulty of how to find the points of interest, that is, the exact moments when intermediate values are being manipulated. In this paper, we propose a practical second-order correlation power analysis (SOCPA). Our attack can easily find points of interest in a power trace and find the private key with a small number of power traces. We also propose an efficient countermeasure which is secure against the proposed SOCPA as well as existing power attacks.

• KIPS Transactions on Computer and Communication Systems
• /
• v.8 no.9
• /
• pp.225-230
• /
• 2019

Recently, with the development of Internet technology, various encryption algorithms have been adopted to protect the sensing data measured by hardware devices. The Advanced Encryption Standard (AES), the most widely used encryption algorithm in the world, is also used in many devices with strong security. However, it has been found that the AES algorithm is vulnerable to side channel analysis attacks such as Differential Power Analysis (DPA) and Correlation Power Analysis (CPA). In this paper, we present a software optimization implementation technique of the AES algorithm applying the most widely known masking technique among side channel analysis attack methods.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2009.11a
• /
• pp.645-646
• /
• 2009

지문 템플릿(Fingerprint Template)을 보호하기 위해 암호학적 기법인 퍼지볼트(Fuzzy Vault)가 적용되었다. 퍼지볼트 기법은 지문으로 부터 추출되는 특징점을 은닉하기 위하여 지문 템플릿에 다수의 거짓 특징점을 "임의"로 삽입하는 방법이다. 그러나 최근 이러한 지문 퍼지볼트를 효과적으로 크래킹 할 수 있는 상관공격(Correlation Attack)에 관한 연구가 발표되었는데, 이것은 동일한 지문으로 부터 생성되는 두 개의 지문 템플릿을 획득함으로써 진짜와 거짓 특징점을 쉽게 구별하는 방법이다. 본 논문에서는 상관공격에 강인도록 지문 퍼지볼트를 생성하는 방법을 제안한다. 제안한 방법은 특징점의 각도 정보를 이용하여 거짓선분(Chaff Line)을 생성한 후 "규칙적"으로 거짓특징점을 삽입함으로써, 두 개 지문 템플릿을 획득하더라도 동일한 지문에 대해 삽입된 거짓 특징점의 위치와 각도가 유사하기 때문에 진짜와 거짓 특징점을 구별하기 어려워 상관공격을 피할 수 있다. 실험을 통하여 거짓 특징점을 규칙적으로 저장하는 방법을 적용함으로써 기존 방법의 인식 성능을 유지하면서, 상관 공격에 강인함을 확인하였다.