• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.13 no.1
• /
• pp.115-129
• /
• 2003

This paper presents a semi-automated formal verification method based on the famous SVO logic, and discusses its experimental results. We discuss several problems on automating the SVO logic and design its derivative, ASVO logic for automation. Also the proposed method is implemented by the Isabelle/Isar system. As a result, we verified the well-known weakness of the NSSK protocol that is vulnerable to the Denning-Sacco attack, using our Isabelle/ASVO system. Finally, we refined the protocol by following the logical consequence of the ASVO verification.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.14 no.4
• /
• pp.111-121
• /
• 2004

With rapid growth of the Internet, network intrusions have greatly increased and damage of attacks has become more serious. Recently some kinds of Internet attacks cause significant damage to overall network performance. Current Intrusion Detection Systems are not capable of performing the real-time detection on the backbone network In this paper, we propose the broadband network intrusion detection system using the exponential smoothing method. We made an experiment with real backbone traffic data for 8 days. The results show that our proposed system detects big jumps of traffic volume well.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.17 no.3
• /
• pp.81-90
• /
• 2007

In the UMTS (Universal Mobile Telecommunication System), which is one of 3G mobile communication standards, the protocol called UMTS AKA (Authentication and Key Agreement) is used to authenticate mobile stations. However, the UMTS AKA protocol has some weakness, including network bandwidth consumption between a SN (Serving Network) and a HN (Home Network) and SQN (SeQuence Number) synchronization. In this paper, we propose a new improved protocol for UMTS that overcomes UMTS AKA weakness. Our protocol solves the privacy problem caused by IMSI (International Mobile Subscriber Identity)'s disclosure and provides perfect forward secrecy using ECDH (Elliptic Curve Diffie Hellman).

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.18 no.3
• /
• pp.79-88
• /
• 2008

On the internet, the NIDS(Network Intrusion Detection System) has been widely deployed to protect the internal network. The NIDS builds a set of rules with analysis results on illegal packets and filters them using the rules, thus protecting the internal system. The number of rules is ever increasing as the attacks are becoming more widespread and well organized these days. As a result, the performance degradation has been found severe in the rule application fer the NIDS. In this paper, we propose a multiple pattern matching scheme to improve rule application performance. Then we compare our algorithm with Wu-Mantel algorithm which is known to do high performance multi-pattern matching.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.18 no.4
• /
• pp.187-194
• /
• 2008

This paper proposes an effective countermeasure to an intrinsic hardware vulnerability of the keyboard controller that causes sniffing problem on the password authentication system based on the keyboard input string. Through the vulnerability, some possible attacker is able to snoop whole the password string input from the keyboard even when any of the existing keyboard protection software is running. However, it will be impossible for attackers to gather the exact password strings if the proposed policy is applied to the authentication system though they can sniff the keyboard hardware protocol. It is expected that people can use secure Internet commerce after implementing and applying the proposed policy to the real environment.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.11 no.6
• /
• pp.3-14
• /
• 2001

CRLs are the most common way to handle certificate revocation. But, They have several problems. Since the validity period of certificates is long and the number of users it immense, CRLs can grow extremely long. Therefore, a great amount of data needs to be transmitted. Moreover, CRLs cannot provide immediate revocation. In this paper, we propose a new certificate revocation mechanism using mECC and Weil pairing in elliptic curve crypto-system. Our certificate revocation mechanism simplifies the process of certificate revocation and provides the immediate revocation.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.12 no.5
• /
• pp.63-73
• /
• 2002

Recently, intrusions into a computer have been increased rapidly and also various intrusion methods have been developed. As a result. many researches have been performed to detect the activities of intruders effectively In this paper, a new association mining algorithm for anomaly network intrusion detection is proposed. For this purpose, the proposed algorithm is composed of two different phases: intra-packet association and inter-packet association. The performance of the proposed anomaly detection system is evaluated based on several experiment according to various system parameters in order to identify their practical ranges for maximizing its detection rate. As a result, an anomaly can be detected effectively.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.21 no.3
• /
• pp.11-25
• /
• 2011

The Miller algorithm is employed in the typical pairing computation such as Weil, Tate and Ate for implementing ID based cryptosystem. By analyzing the Mrabet's attack that is one of fault attacks against the Miller algorithm, this paper presents au efficient fault attack in Affine coordinate system, it is the most basic coordinates for construction of elliptic curve. The proposed attack is the effective model of a count check fault attack, it is verified to work well by practical fault injection experiments and can omit the probabilistic analysis that is required in the previous counter fault model.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.21 no.6
• /
• pp.161-169
• /
• 2011

Recent intelligent video surveillance system asks for development of more advanced technology for analysis and recognition of video data. Especially, machine learning algorithm such as Support Vector Machine (SVM) is used in order to recognize objects in video. Because SVM training demands massive amount of computation, parallel processing technique is necessary to reduce the execution time effectively. In this paper, we propose a parallel processing method of SVM training with a multi-core processor. The results of parallel SVM on a 4-core processor show that our proposed method can reduce the execution time of the sequential training by a factor of 2.5.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.21 no.2
• /
• pp.71-82
• /
• 2011

Live data in physical memory can be acquired by live forensics but not by harddisk file-system analysis. Therefore, in case of forensic investigation, live forensics is widely used these days. But, existing live forensic methods, that use command line tools in live system, have many weaknesses; for instance, it is not easy to re-analyze and results can be modified by malicious code. For these reasons, in this paper we explain the Windows kernel architecture and how to analyze physical memory dump files to complement weaknesses of traditional live forensics. And then, we design and implement the Physical Memory Dump Explorer, and prove the effectiveness of our tool through test results.