Journal of KIISE (정보과학회 논문지)

Korean Institute of Information Scientists and Engineers (한국정보과학회)
권호 표지
DOI QR코드

DOI QR Code

The Analysis of Cipher Padding Problem for Message Recovery Security Function of Honey Encryption

허니암호의 메시지 복구보안 기능을 위한 암호패딩 문제점 분석

  • 지창환 (고려대학교 정보보호학과) ;
  • 윤지원 (고려대학교 정보보호학과)
  • Received : 2017.01.20
  • Accepted : 2017.03.29
  • Published : 2017.06.15
⟨ Previous Next ⟩

Abstract

Honey Encryption (HE) is a technique to overcome the weakness of a brute-force attack of the existing password-based encryption (PBE). By outputting a plausible plaintext even if the wrong key is entered, it provides message recovery security which an attacker can tolerate even if the attacker tries a brute-force attack against a small entropy secret key. However, application of a cipher that requires encryption padding to the HE present a bigger problem than the conventional PBE method. In this paper, we apply a typical block cipher (AES-128) and a stream cipher (A5 / 1) to verify the problem of padding through the analysis of the sentence frequency and we propose a safe operation method of the HE.

허니암호(HE:Honey Encryption)는 기존의 패스워드 기반 암호(PBE:Password Based Encryption)의 무차별 대입 공격(Brute Force Attack)에 대한 취약점을 극복하기 위한 기술이다. 잘못된 키를 입력해도 그럴듯한 평문을 출력함으로써 공격자가 엔트로피가 작은 비밀키를 대상으로 무차별 대입공격을 시도하더라도 충분히 견딜 수 있는 메시지 복구 보안성을 제공한다. 하지만 HE에 암호화 패딩(Padding)이 필요한 암호(Cipher)를 적용하면 기존의 PBE방식보다 큰 문제점이 나타나게 된다. 본 논문에서는 대표적인 블록암호(AES-128) 및 스트림암호(A5/1)를 적용하여 복호문 빈도분석 실험을 통해 패딩의 문제점을 확인하고, HE의 안전한 운용 방안을 제시하였다.

Keywords

References

  1. B. Kaliski. PKCS #5: Password-Based Cryptography Specication Version 2.0, 2000.
  2. E. Barker, A. Roginsky, "Transitions: recommendation for transitioning the use of cryptographic algorithms and key lengths," NIST Special Publication 800:131A, 2011.
  3. I. Goldberg, D. Wagner, "Randomness and the Netscape browser," Dr. Dobb's Journal, Vol. 21, No. 1, pp. 66-71, 1996.
  4. A. Juels, T. Ristenpart. Honey encryption: Security beyond the brute-force bound, Advances in Cryptology - EUROCRYPT, pp. 293-310, 2014.
  5. J. W. Yoon, H. S. Kim, H. J. Jo, H. L. Lee, K. S. Lee, "Visual honey encryption: Application to steganography," Proc. of the 3rd ACM Workshop on Information Hiding and Multimedia Security, New York, NY, USA, IH&MMSec pp. 65-74, ACM.
  6. H. J. Jo, J. W. Yoon, "A new countermeasure against brute-force attacks that use high performance computers for big data analysis," International Journal of Distributed Sensor Networks, 2015.
  7. H.-J. Jo, J. W. Yoon, "Poster: statistical coding scheme for the protection of cryptographic systems against brute-force attack," Proc. of the 35th IEEE Symposium on Security and Privacy, San Jose, Calif, USA, May 2014.
  8. W. B. Cavnar, J. M. Trenkle, "N-gram statistics for natural language understanding and text processing," IEEE Trans. on Pattern Analysis and Machine Intelligence, Vol. 2, pp. 164-172, 1979.
  9. J.-I. Kim, J. W. Yoon, "Honey chatting: A novel instant messaging system robust to eavesdropping over communication