• Journal of information and communication convergence engineering
• /
• v.1 no.1
• /
• pp.48-52
• /
• 2003

A cost efficient IPSec Accelerator board utilizing a crypto chip and an entry-level Linux PC for the high performance VPN is presented in this paper. The IPIP (IP-over-IP tunneling) processing, encryption & decryption processing, HASH processing, and the integrity test functions of IPSec are processed in the IPSec Accelerator board. The proposed IPSec Accelerator has demonstrated successful execution of the required functions of the IPSec packet processing and verified its performance by processing the IPSec packets at the rate of over 1 Gbps.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.10 no.4
• /
• pp.81-93
• /
• 2000

In a methodological approach to improve the processing performance of modulo exponentiation which is the primary arithmetic in RSA crypto algorithm, we present a new RSA hardware architecture based on high-radix modulo multiplication and CRT(Chinese Remainder Theorem). By implementing the modulo multiplier using radix-16 arithmetic, we reduced the number of PE(Processing Element)s by quarter comparing to the binary arithmetic scheme. This leads to having the number of clock cycles and the delay of pipelining flip-flops be reduced by quarter respectively. Because the receiver knows p and q, factors of N, it is possible to apply the CRT to the decryption process. To use CRT, we made two s/2-bit multipliers operating in parallel at decryption, which accomplished 4 times faster performance than when not using the CRT. In encryption phase, the two s/2-bit multipliers can be connected to make a s-bit linear multiplier for the s-bit arithmetic operation. We limited the encryption exponent size up to 17-bit to maintain high speed, We implemented a linear array modulo multiplier by projecting horizontally the DG of Montgomery algorithm. The H/W proposed here performs encryption with 15Mbps bit-rate and decryption with 1.22Mbps, when estimated with reference to Samsung 0.5um CMOS Standard Cell Library, which is the fastest among the publications at present.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.19 no.3
• /
• pp.529-536
• /
• 2015

As personal information protection act was recently enforced, a mechanism which saves encrypted personal information has been used to Information Security systems. To use the mechanism, a millions of personal information which are already saved on the system first have to be encrypted. At the moment, it may cause a resource scarcity on server, and also take a lot of time. Thus, this paper suggests a way to encrypt millions of personal information by using multi-server with low specifications and measures its performance on test environment. And, I was compared with the performance of high- specification server. As a compared result, the mechanism with three devices by parallel and distributed processing improved its performance by 128%, and the mechanism with five devices by the same processing improved its performance by 158%.

• Journal of Information Processing Systems
• /
• v.8 no.1
• /
• pp.159-174
• /
• 2012

This paper presents a study on a high-performance design for a block cipher algorithm implemented on modern many-core graphics processing units (GPUs). The recent emergence of VLSI technology makes it feasible to fabricate multiple processing cores on a single chip and enables general-purpose computation on a GPU (GPGPU). The GPU strategy offers significant performance improvements for all-purpose computation and can be used to support a broad variety of applications, including cryptography. We have proposed an efficient implementation of the encryption/decryption operations of a block cipher algorithm, SEED, on off-the-shelf NVIDIA many-core graphics processors. In a thorough experiment, we achieved high performance that is capable of supporting a high network speed of up to 9.5 Gbps on an NVIDIA GTX285 system (which has 240 processing cores). Our implementation provides up to 4.75 times higher performance in terms of encoding and decoding throughput as compared to the Intel 8-core system.

• International Journal of Computer Science & Network Security
• /
• v.23 no.5
• /
• pp.179-192
• /
• 2023

The widespread use of Cloud Computing, Internet of Things (IoT), and social media in the Information Communication Technology (ICT) field has resulted in continuous and unavoidable cyber-attacks on users and critical infrastructures worldwide. Traditional security measures such as firewalls and encryption systems are not effective in countering these sophisticated cyber-attacks. Therefore, Intrusion Detection and Prevention Systems (IDPS) are necessary to reduce the risk to an absolute minimum. Although IDPSs can detect various types of cyber-attacks with high accuracy, their performance is limited by a high false alarm rate. This study proposes a new technique called Fuzzy Logic - Objective Risk Analysis (FLORA) that can significantly reduce false positive alarm rates and maintain a high level of security against serious cyber-attacks. The FLORA model has a high fuzzy accuracy rate of 90.11% and can predict vulnerabilities with a high level of certainty. It also has a mechanism for monitoring and recording digital forensic evidence which can be used in legal prosecution proceedings in different jurisdictions.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.23 no.7
• /
• pp.875-880
• /
• 2019

A RC4 stream cipher is widely used for security applications such as IEEE 802.11 WEP, IEEE 802.11i TKIP and so on, because it can be simply implemented to dedicated circuits and achieve a high-speed encryption. RC4 is also used for systems with limited resources like IoT, but there are performance limitations. RC4 consists of two stages, KSA and PRGA. KSA performs initialization and randomization of S-box and K-box and PRGA produces cipher texts using the randomized S-box. In this paper, we initialize the S-box and K-box in the randomization of the KSA stage to reduce the initialization delay. In the randomization, we use clusters to process swap operation between elements of S-box in parallel and can generate two cipher texts per clock. The proposed RC4 cipher hardware can initialize S-box and K-box without any delay and achieves about 2 times to 6 times improvement in KSA randomization and key stream generation.

• The KIPS Transactions:PartA
• /
• v.11A no.2
• /
• pp.175-180
• /
• 2004

Generally, as for the multimedia high quality contents, an illegality facsimile is possible without a damage of a quality. Also a distribution of contents duplicated illegality in an Internet is giving a great economic loss to digital contents provider. Therefore, a study for security and efficient distribution of digital contents is required. The most important issues in a design of digital contents distribution system are a user convenience, an execution speed and a security. In this study, we designed digital contents distribution system that used a web caching technology and an encryption/decryption technique on hierarchical structure. The proposed system was the digital contents distribution system that improved a security and execution speed, a convenience of a user. Also it verified performance superiority of a proposed system by an examination.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.12 no.5
• /
• pp.15-25
• /
• 2002

In this paper a design of high performance cryptographic processor which implements AES Rijndael algorithm is described. To eliminate performance degradation due to round-key computation delay of conventional processor, the on-the-fly precomputation of round key based on modified round structure is adopted. And on-the-fly round key generator which supports 128, 192, and 256-bit key has modular structure. The designed processor has iterative structure which uses 1 clock cycle per round and supports three operation modes, such as ECB, CBC, and CTR mode which is a candidate for new AES modes of operation. The cryptographic processor designed in Verilog-HDL and synthesized using 0.251$\mu\textrm{m}$ CMOS cell library consists of about 51,000 gates. Simulation results show that the critical path delay is about 7.5ns and it can operate up to 125Mhz clock frequency at 2.5V supply. Its peak performance is about 1.45Gbps encryption or decryption rate under 128-bit key ECB mode.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.6
• /
• pp.1157-1169
• /
• 2021

The disaster recovery refers to policies and procedures to ensure continuity of services and minimize loss of resources and finances in case of emergency situations such as natural disasters. In particular, the disaster recovery method by the cloud service provider has advantages such as management flexibility, high availability, and cost effectiveness. However, this method has a dependency on a service provider and has a structural limitation in which a user cannot be involved in personal data. In this paper, we propose a protocol using proxy re-encryption for data confidentiality by removing dependency on service providers by backing up user data using blockchain and distributed storage. The proposed method is implemented in Ethereum and IPFS environments, and presents the performance and cost required for backup and recovery operations.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.11 no.1
• /
• pp.13-23
• /
• 2001

This paper implemented into hardware SEED which is the KOREA standard 128-bit block cipher. First, at the respect of hardware implementation, we compared and analyzed SEED with AES finalist algorithms - MARS, RC6, RIJNDAEL, SERPENT, TWOFISH, which are secret key block encryption algorithms. The encryption of SEED is faster than MARS, RC6, TWOFISH, but is as five times slow as RIJNDAEL which is the fastest. We propose a SEED hardware architecture which improves the encryption speed. We divided one round into three parts, J1 function block, J2 function block J3 function block including key mixing block, because SEED repeatedly executes the same operation 16 times, then we pipelined one round into three parts, J1 function block, J2 function block, J3 function block including key mixing block, because SEED repeatedly executes the same operation 16 times, then we pipelined it to make it more faster. G-function is implemented more easily by xoring four extended 4 byte SS-boxes. We tested it using ALTERA FPGA with Verilog HDL. If the design is synthesized with 0.5 um Samsung standard cell library, encryption of ECB and decryption of ECB, CBC, CFB, which can be pipelined would take 50 clock cycles to encrypt 384-bit plaintext, and hence we have 745.6 Mbps assuming 97.1 MHz clock frequency. Encryption of CBC, OFB, CFB and decryption of OFB, which cannot be pipelined have 258.9 Mbps under same condition.