• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.19 no.1
• /
• pp.53-62
• /
• 2009

H. Gilbert et al. proposed a collision attack on 7-round reduced Rijndael[5]. Applying this attack, we propose collision attacks on 8-round reduced Crypton, 8-round reduced mCrypton in this paper. Attacks on Crypton requires $2^{161.6}$ time complexity with $2^{96}$ chosen plaintexts, respectively. The attack on mCrypton requires $2^{81.6}$ time complexity with $2^{48}$ chosen plaintexts. These results are the best attacks on Crypton and mCrypton in published literatures.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.12 no.4
• /
• pp.77-85
• /
• 2002

We present the impossible differential cryptanalysis of the block cipher XTEA[7] and TEA[6]. The core of the design principle of these block ciphers is an easy implementation and a simplicity. But this simplicity dose not offer a large diffusion property. Our impossible differential cryptanalysis of reduced-round versions of XTEA and TEA is based on this fact. We will show how to construct a 12-round impossible characteristic of XTEA. We can then derive 128-bit user key of the 14-round XTEA with $2^{62.5}$ chosen plaintexts and $2^{85}$ encryption times using the 12-round impossible characteristic. In addition, we will show how to construct a 10-round impossible characteristic or TEA. Then we can derive 128-bit user key or the 11-round TEA with $2^{52.5}$ chosen plaintexts and $2^{84}$ encryption times using the 10-round impossible characteristic.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.16 no.4
• /
• pp.3-12
• /
• 2006

RFID (Radio Frequency Identification) system is expected to play a critical role providing widespread services in the ubiquitous period. However, widespread use of RFID tags may create new threats to the privacy of individuals such as information leakage and traceability. It is difficult to solve the privacy problems because a tag has the limited computing power that is not the adequate resource to support the general encryption. Although the scheme of [2] protects the consumer privacy using an external agent, a tag should compute exponential operation needed high cost. We propose Self Re-Encryption Protocol (SREP) which provides song privacy without assisting of any external agent. Our SREP is well suitable to low-cost RFID system since it only needs multiplication and exclusive-or operation.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.20 no.4
• /
• pp.470-478
• /
• 2019

As the growth of the domestic defense industry is remarkable regarding technology level and export size, technology protection is necessary. Particularly, there is a need to apply anti-tamper measures to prevent critical technologies from illegally being taken out of weapon systems. However, there is no security protection strategy and system built yet in ROK. Precedent studies discussed the trend analysis and technical research for specific protective techniques, and the application of anti-tamper using limited procedures was provided. Recently, methods of how to select the technology for protection were studied based on risk management. Nonetheless, these studies cannot be associated with the acquisition process for the whole life-cycle, having difficulty with actual development and evaluation of the weapon systems. The objective of our study is to derive the system requirements of the weapon system for which anti-tamper measures have been determined to apply. Specifically, requirements items suitable for the development of anti-tamper weapon systems were derived based on ISO/IEC 19790, the CMVP standard for the development and verification of cryptographic modules. Also, its utilization in technical reviews and test & evaluations was presented. The usefulness of the research results was confirmed through inductive inference and comparative evaluation. The result can be expected to play a role in initiating extensive activities needed for technology protection of the weapon systems.

• The Journal of the Convergence on Culture Technology
• /
• v.8 no.6
• /
• pp.675-683
• /
• 2022

Blockchain, which is the basis of virtual assets such as cryptocurrency, is receiving great attention as one of the cornerstone technologies of the 4th industrial revolution. Blockchain is a technology that can fundamentally change our lives not only in finance, but also in politics, logistics, and culture. However, it shows lower-than-expected usability because it is complicated to learn and is continuously being developed. In this study, we tried to investigate whether the Technology Acceptance Model(TAM) of virtual assets can be changed through education on the underlying technology, blockchain. A video-based online experiment was conducted with a total of 103 participants and examined how the type of training(positive, negative) and measurement timing(before, after) affect perceived usefulness, perceived ease of use, acceptance, which are TAM variables, and trust and security, which are related to blockchain characteristics. As a result of the experiment, interactions were found in all dependent variables according to the type of education and measurement timing. Specifically, groups that received negative education had no difference in all variables before and after, but it was found that groups that received positive education showed an increase afterwards. Through this, it can be seen that the effect of education based on the anchoring effect is also shown in the intention to use virtual assets using block chain technology, suggesting that the intention to use blockchain related technology can be increased through positive education.

• The Journal of Korea Institute of Information, Electronics, and Communication Technology
• /
• v.10 no.1
• /
• pp.46-56
• /
• 2017

Recently, the spread of IoT technology has been spreading, and it has been applied to all industrial fields such as home / home appliance / medical care. Due to the low specification, low power consumption characteristic and communication data characteristic of IoT, implementation of existing algorithm is difficult thing. From this reason, we have proposed for the first time that encryption and decryption can be proceeded by introducing a kind of variable length bit XOR operation method which changes a variable the bit length value by using carry up and carry down method. We confirmed the practicality of encrypting short message data frequently processed by IoT device / QR code / RFID / NFC without changing the size of data before and after encryption.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.6
• /
• pp.1549-1560
• /
• 2015

For the past few years, personal information breach incidents, great and small, occurred constantly. Accordingly, the Personal Information Protection related Ordinances are enacted and amended persistently, and the information security products also keep advancing and developing in the same way. There are the certification systems such as Common Criteria Evaluation and Validation(CC) and Korea Cryptographic Module Validation Program(KCMVP) for the information security products. These are also strictly carried out. This paper analyzes and categorizes the 5 Personal Information Protection related Ordinances in the aspects of technical protection measures by using key words. Here are the 5 related ordinances; 'the Personal Information Protection Act', 'the Act on Promotion of Information and Communications Network Utilization and Information Protection, etc', 'the Act on the Protection, Use, Etc, of Location Information', 'the Use and Protection of Credit Information Act', and 'the Electronic Financial Transactions Act.' Moreover, this study analyzes the association between the technical protection measures in the 5 relevant laws and the information security products that are obtaining the CC Evaluation & Validation(CC) and the products that are now produced at KISIA's member companies.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.4
• /
• pp.781-792
• /
• 2015

This paper proposes a virtual and invisible private disk (VIPDISK) technology equipped with the secure storage devices. As a software based security technology, it can create hidden partitions on any data storage device which can not be identified by the windows OS, so the program running on it, does not have any evidence of the existence of the hidden storage space. Under inactive state, it maintains an unexposed secure partition which can only be activated with a matching combination of a unique digital key and a user password to open the decryption tool. In addition, VIPDISK can store data to secure storage device with real-time encryption, it is worry-free even in the case of lost or theft. Simulation results show that VIPDISK provides a much higher level of security compared to other existing schemes.

• The Journal of Korea Institute of Information, Electronics, and Communication Technology
• /
• v.12 no.6
• /
• pp.561-566
• /
• 2019

In the Internet space, integrity and security must be maintained for secure and confidential communication, which ensures reliability between sender and receiver. Cryptography is an important factor in maintaining robustness against external attacks. For this purpose, encryption and steganography methods are used. Steganography is a method of hiding confidential information without making statistically significant changes to digital media. I propose a method of transforming the Hangul-Jamo consisting of choseong, jungseong and jongseong, and inserting them into RGB pixel values of the cover image. In order to improve security, a new blending method was used to hide the altered information in the lowest region. In this case, a mixture of LSB and LDR techniques was applied. PSNR was calculated for image quality. The PSNR of the proposed method is 43.225dB, which satisfies the lowest level.

• Journal of Convergence for Information Technology
• /
• v.11 no.11
• /
• pp.66-74
• /
• 2021

With the development of the Internet, user authentication technology that proves me online is improving. Existing ID methods pose a threat of personal information leakage if the service provider manages personal information and security is weak, and the information subject is to the service provider. In this study, as online identification technology develops, we propose a DID-based self-authentication model to prevent the threat of leakage of personal information from a centralized format and strengthen sovereignty. The proposed model allows users to directly manage personal information and strengthen their sovereignty over information topics through VC issued by the issuing agency. As a research method, a self-authentication model that guarantees security and integrity is presented using a decentralized identifier method based on distributed ledger technology, and the security of the attack method is analyzed. Because it authenticates through DID Auth using public key encryption algorithms, it is safe from sniffing, man in the middle attack, and the proposed model can replace real identity card.