• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.13 no.1
• /
• pp.47-57
• /
• 2003

In this paper, we firstly evaluate the resistance of the reduced 5-round version of the block cipher CIKS-1 against linear cryptanalysis(LC) and show that we can attack full-round CIKS-1 with \ulcorner56-bit key through the canonical extension of our attack. A feature of the CIKS-1 is the use of both Data-Dependent permutations(DDP) and internal key scheduling which consist in data dependent transformation of the round subkeys. Taking into accout the structure of CIKS-1 we investigate linear approximation. That is, we consider 16 linear approximations with p=3/4 for 16 parallel modulo $2^2$ additions to construct one-round linear approximation and derive one-round linear approximation with the probability P=1/2+$2^{-17}$ by Piling-up lemma. Then we present 3-round linear approximation with 1/2+$2^{-17}$ using this one-round approximation and attack the reduced 5-round CIKS-1 with 64-bit block by LC. In conclusion we present that our attack requires $2^{38}$chosen plaintexts with a probability of success of 99.9% and about $2^{67-7}$encryption times to recover the last round key.(But, for the full-round CIKS-1, our attack requires about $2^{166}$encryption times)

• Smart Media Journal
• /
• v.12 no.9
• /
• pp.9-18
• /
• 2023

Black box cryptography is a cryptographic scheme based on a hardware encryption device, operating under the assumption that the device and the user can be trusted. However, with the increasing use of cryptographic algorithms on unreliable open platforms, the threats to black box cryptography systems have become even more significant. As a consequence, white box cryptography have been proposed to securely operate cryptographic algorithms on open platforms by hiding encryption keys during the encryption process, making it difficult for attackers to extract the keys. However, unlike traditional cryptography, white box-based encryption lacks established specifications, making challenging verify its structural security. To promote the safer utilization of white box cryptography, CHES organizes The WhibOx Contest periodically, which conducts safety analyses of various white box cryptographic techniques. Among these, the Differential Computation Analysis (DCA) attack proposed by Bos in 2016 is widely utilized in safety analyses and represents a powerful attack technique against robust white box block ciphers. Therefore, this paper analyzes the research trends in white box block ciphers and provides a summary of DCA attacks and relevant countermeasures. adhering to the format of a research paper.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.4 no.3
• /
• pp.217-223
• /
• 2009

Recently, the development of the various network method can generate serious social problems. So, it is highly required to control security of network. These problems related security will be developed and keep up to confront with anti-security field such as hacking, cracking. The way to preserve security from hacker or cracker without developing new cryptographic algorithm is keeping the state of anti-cryptanalysis in a prescribed time by means of extending key-length. In this paper, the proposed montgomery multiplication structured unit array method in carry generated part and variable length multiplication for eliminating bottle neck effect with the RSA cryptosystem. Therefore, this proposed montgomery multiplier enforce the real time processing and prevent outer cracking.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.15 no.4
• /
• pp.43-53
• /
• 2015

Password-based authentication schemes for server-client system are convenient to use, but vulnerable to dictionary attack or brute-force attack. To solve this vulnerability, Cryptographic secret key is used for security, but difficult to memorize. So, for the first time, Das proposed a biometric-based authentication scheme to solve various problems but it has various vulnerabilities. Afterwards, Jiping et al. improved Das's scheme, but some vulnerabilities remain. In this paper, we analyze the cryptanalysis of Jiping et al.'s authentication scheme and then propose improved biometric based user authentication scheme to resolve the analyzed problem. Moreover, we conduct a security analysis for the proposed scheme and make a comparison between the proposed scheme and other biometric based user authentications.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.7 no.5
• /
• pp.967-979
• /
• 2013

Now a day, Wireless Sensor Networks (WSNs) are being widely used in different areas one of which is healthcare services. A wireless medical sensor network senses patient's vital physiological signs through medical sensor-nodes deployed on patient's body area; and transmits these signals to devices of registered medical professionals. These sensor-nodes have low computational power and limited storage capacity. Moreover, the wireless nature of technology attracts malicious minds. Thus, proper user authentication is a prime concern before granting access to patient's sensitive and private data. Recently, P. Kumar et al. claimed to propose a strong authentication protocol for healthcare using Wireless Medical Sensor Networks (WMSN). However, we find that P. Kumar et al.'s scheme is flawed with a number of security pitfalls. Information stored inside smart card, if extracted, is enough to deceive a valid user. Adversary can not only access patient's physiological data on behalf of a valid user without knowing actual password, can also send fake/irrelevant information about patient by playing role of medical sensor-node. Besides, adversary can guess a user's password and is able to compute the session key shared between user and medical sensor-nodes. Thus, the scheme looses message confidentiality. Additionally, the scheme fails to resist insider attack and lacks user anonymity.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.9 no.2
• /
• pp.793-810
• /
• 2015

The TWINE is a new Generalized Feistel Structure (GFS) lightweight cryptosystem in the Internet of Things. It has 36 rounds and the key lengths support 80 bits and 128 bits, which are flexible to provide security for the RFID, smart cards and other highly-constrained devices. Due to the strong attacking ability, fast speed, simple implementation and other characteristics, the differential fault analysis has become an important method to evaluate the security of lightweight cryptosystems. On the basis of the 4-bit fault model and the differential analysis, we propose an effective differential fault attack on the TWINE cryptosystem. Mathematical analysis and simulating experiments show that the attack could recover its 80-bit and 128-bit secret keys by introducing 8 faulty ciphertexts and 18 faulty ciphertexts on average, respectively. The result in this study describes that the TWINE is vulnerable to differential fault analysis. It will be beneficial to the analysis of the same type of other iterated lightweight cryptosystems in the Internet of Things.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.6 no.8
• /
• pp.1946-1963
• /
• 2012

Hummingbird is a lightweight encryption and message authentication primitive published in RISC'09 and WLC'10. In FSE'11, Markku-Juhani O.Saarinen presented a differential divide-and-conquer method which has complexity upper bounded by $2^{64}$ operations and requires processing of few megabytes of chosen messages under two related nonces (IVs). The improved version, Hummingbird-2, was presented in RFIDSec 2011. Based on the idea of differential collision, this paper discovers some weaknesses of the round function WD16. Combining with the simple key loading algorithm, a related-key chosen-IV attack which can recover the full secret key is proposed. Under 15 pairs of related keys, the 128 bit initial key can be recovered, requiring $2^{27}$ chosen IV and the computational complexity is $O(2^{27})$. In average, the attack needs several minutes to recover the full 128-bit secret key on a PC. The experimental result corroborates our attack. The result shows that the Hummingbird-2 cipher can't resist related key attack.

• The KIPS Transactions:PartC
• /
• v.15C no.5
• /
• pp.359-366
• /
• 2008

As the use of Internet and information communication technology is being generalized, the SSL protocol is essential in Internet because the important data should be transferred securely. While the SSL protocol is designed to defend from active attack such as message forgery and message alteration, the cipher suite setting can be easily modified. If the attacker draw on a malfunction of the client system and modify the cipher suite setting to the symmetric key algorithm which has short key length, he should eavesdrop and cryptanalysis the encrypt data. In this paper, we examine the domestic web site whether they generate the security session through the symmetric key algorithm which has short key length and propose the solution of the cipher suite setting problem.

• Bulletin of the Korean Mathematical Society
• /
• v.53 no.4
• /
• pp.1051-1069
• /
• 2016

Combining the concept of self-certified public key and message recovery, Li-Zhang-Zhu (LZZ) gives the proxy signature scheme with message recovery using self-certified public key. The security of the proposed scheme is based on the discrete logarithm problem (DLP) and one-way hash function (OWHF). Their scheme accomplishes the tasks of public key verification, proxy signature verification, and message recovery in a logically single step. In addition, their scheme satisfies all properties of strong proxy signature and does not use secure channel in the communication between the original signer and the proxy signer. In this paper, it is shown that in their signature scheme a malicious signer can cheat the system authority (SA), by obtaining a proxy signature key without the permission of the original signer. At the same time malicious original signer can also cheat the SA, he can also obtain a proxy signature key without the permission of the proxy signer. An improved signature scheme is being proposed, which involves the remedial measures to get rid of security flaws of the LZZ et al.'s. The security and performance analysis shows that the proposed signature scheme is maintaining higher level of security, with little bit of computational complexity.

• Journal of Korea Society of Industrial Information Systems
• /
• v.17 no.3
• /
• pp.9-17
• /
• 2012

In this paper, we propose a SPN 256 bit block cipher so called XSB(eXtended SPN Block cipher) which has a symmetric structure in encryption and decryption. The proposed XSB is composed of the even numbers of N rounds where the first half of them, 1 to N/2-1 round, applies a pre-function and the last half of them, N/2+1 to N round, employs a post-function. Each round consists of a round key addition layer, a substiution layer, a byte exchange layer and a diffusion layer. And a symmetry layer is located in between the pre-function layer and the post-function layer. The symmetric layer is composed with a multiple simple bit slice involution S-Boxes. The bit slice involution S-Box symmetric layer increases difficult to attack cipher by Square attack, Boomerang attack, Impossible differentials cryptanalysis etc.