• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.13 no.5
• /
• pp.2313-2318
• /
• 2012

With the widely applications of tactical radio networks, end-to-end secure speech communication in the heterogeneous network has become a very significant security issue. High-grade end-to-end speech security can be achieved using encryption algorithms at user ends. However, the use of encryption techniques results in a problem that encrypted speech data cannot be directly transmitted over heterogeneous tactical networks. That is, the decryption and re-encryption process must be fulfilled at the gateway between two different networks. In this paper, in order to solve this problem and to achieve optimal end-to-end speech security for heterogeneous tactical environments, we propose a novel mechanism for end-to-end secure speech transmission over ultra high frequency (UHF) and public switched telephone network (PSTN) and evaluate against the performance of conventional mechanism. Our proposed mechanism has advantages of no decryption and re-encryption at the gateway, no processing delay at the gateway, and good inter-operability over UHF and PSTN.

• KIPS Transactions on Software and Data Engineering
• /
• v.2 no.11
• /
• pp.747-756
• /
• 2013

It is important to reduce unnecessary overhead in sensor network using battery. In addition encryption is important because of necessity of security. Since unavoidable overhead occurs in case of encryption, security and overhead are in trade-off condition. In this paper, we use a concept called trust to reduce the encryption overhead. We reduce overhead by controlling encryption key sizes while maintaining the security level where high and low trust nodes are mixed. We simulated and compared normal encryption and trust value based encryption. As a result, the latter has lower execution time and overhead. If we define a standard of trust levels considering purpose and circumstances of real network, we can use constrained resources efficiently in sensor network.

• The Journal of Society for e-Business Studies
• /
• v.16 no.4
• /
• pp.1-16
• /
• 2011

A digital certificate mandated by the Electronic Signature Act has become familiar in our daily lives as 95% of the economically active population hold certificates. Due to upgrades to 256 bit level security that have become effective recently, the security and reliability of digital certificates are expected to increase. Digital certificates based on Public Key Infrastructure (PKI) have been known as "no big problem," but the possibility of password exposure in cases of leaked digital certificates still exists. To minimize this vulnerability, various existing studies have introduced alternative password methods, expansion of certificate storage media, and multiple certification methods. These methods perform enhanced functions but also have limitations including the fact that the secureness of passwords is not guaranteed. This study suggests an alternative method for enhancing the level of password secureness as a way to improve password security. This new method improves security management and enhances the convenience of using digital technologies. The results may be used for developing digital certificate related security technologies and research in the future.

• Journal of KIISE:Computer Systems and Theory
• /
• v.37 no.6
• /
• pp.348-353
• /
• 2010

A threshold decryption scheme is a multi-party public key cryptosystem that allows any sufficiently large subset of participants to decrypt a ciphertext, but disallows the decryption otherwise. When performing a threshold decryption, a third party is often involved to guarantee fairness among the participants. To maintain the security of the protocol as high as possible, it is desirable to lower the level of trust and the amount of information given to the third party. In this paper, we present a threshold decryption scheme which allows the anonymity of the participants as well as the fairness by employing a semi-trusted third party (STTP) which follows the protocol properly with the exception that it keeps a record of all its intermediate computations. Our solution preserves the security and fairness of the previous scheme and reveals no information about the identities of the participants and the plaintext even though an attacker is allowed to access the storage of the STTP.

• Proceedings of the KAIS Fall Conference
• /
• 2002.11a
• /
• pp.216-219
• /
• 2002

최근 인터넷 환경의 보급에 힘입어 멀티미디어 자료들의 비중이 점점 늘어나고 있다. 그 중에서 가장 범용적으로 사용되고 있는 멀티미디어 자료 표현 방법 중의 하나인 JPEG 파일의 경우에는 암호화나 특정 사용자에 대한 접근권한 등에 특별한 대안이 없는 것이 사실이다. 이에 본 논문에서는 JPEG 파일에 대하여 자료의 보안과 허가된 사용자만이 접근이 가능하게 하기 위한 방법으로 암호화를 지원하며, 암호화 알고리즘은 간단한 비트교환부터 DES 등의 다양한 암호방법론이 적용 가능한 방법을 제시하였다. 데이터 암호화는 JPEG 에서 복원을 할 때 가장 중요하게 사용되는 영역인 허프만 테이블과 비교를 위하여 이미지영역까지 확대하여 암호화를 수행하였다. 또한 이들 각각의 방법론들에 대한 비교분석을 통하여 임의의 환경 하에서의 가장 적합한 암호화 방법론의 선택기준을 살펴보았다.

• Proceedings of the Korean Information Science Society Conference
• /
• 2005.07a
• /
• pp.247-249
• /
• 2005

신원(ID) 기반 암호시스템은 인증서 관리의 복잡함이 없는 좋은 장점이 있는 반면, KGC(Key Generator Center)가 사용자의 비일 키를 발행해 주기 때문에 안전하게 개인키를 사용자에게 전송해야 하는 문제와 KGC가 모든 사용자의 비밀 키 값을 얻을 수 있는 키 복구(key escrow) 문제가 나타난다. 이 성질을 제한하기 위해 제안된 여러 기법 중 가장 널리 사용되는 것으로는 다수의 KGC들이 threshold 기법을 이용하여 사용자의 개인키를 발행해 주는 방법이 있으나, 이것은 모든 KGC들이 개인의 신원을 각각 확인해야되는 비효율성이 있다. AISW`04에서 Lee등은, 하나의 KGC에서 요청자의 신원을 확인하며 다른 신뢰기관들은 개인키 보안을 협조해 주는 방식으로 개인키를 발행하고 발행한 개인키는 은닉방법에 의해 안전하게 전송할 수 있는 장정을 가진 키 발급 기법을 제안하였다. 그러나 그들의 방법은 키 복구 권한 제한 부분이 취약하여 또한 서비스 거부 공격에 안전하지 못한 단점을 갖고 있는데 본 논문에서는 이러한 취약성을 분석하며 이를 보완하여 키 복구 권한을 제한하면서 동시에 서비스 거부 공격에도 안전한 개선된 키 발행 기법을 제안한다.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2008.05a
• /
• pp.1057-1060
• /
• 2008

생체 암호 시스템에서 키로 사용하는 인간의 생체 특징은 외부 환경이나 인간적 요소를 포함하고 있기 때문에 항상 같은 개수, 같은 값의 데이터를 얻을 수 없는 불확실성을 가지고 있다. 퍼지볼트 체계 (Fuzzy vault scheme) [1]는 이러한 불확실성을 가지고 있는 데이터의 특성을 효과적으로 반영 할 뿐만 아니라, 등록된 생체 데이터의 보안을 보장해 주는 알고리즘으로서 얼굴, 지문이나 홍채와 같은 단일 생체 특징으로의 적용 방법이 소개되어 왔다 [2,4,5]. 본 논문에서는 퍼지볼트 시스템의 인식 성능을 높이기 위해 이러한 단일 생체 데이터의 불확실성을 보완할 수 있는 다중 생체 특징 (얼굴과 지문) 데이터를 퍼지볼트 체계에 적용하는 방법을 제안하고 실효성을 검증한다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.2
• /
• pp.201-211
• /
• 2012

This paper addresses a Full Disk Encryption hardware processor for SATA HDD in a single FPGA design, and shows its experimental result using an FPGA board. The proposed processor mainly consists of two blocks: the first block processes XTS-AES block cipher which is the IEEE P1619 standard of storage media encryption and the second block executes the interface between SATA Host (PC) and Device (HDD). To minimize the performance degradation, we designed the XTS-AES block with the 4-stage pipelined structure which can process a 128-bit block per 4 clock cycles and has 4.8Gbps (max) performance. Also, we implemented the proposed design with Xilinx ML507 FPGA board and our experiment showed 140MB/sec read/write speed in Windows XP 32-bit and a SATA II HDD. This performance is almost equivalent with the speed of the direct SATA connection without FDE devices, hence our proposed processor is very suitable for SATA HDD Full Disk Encryption environments.

• Journal of the Korea Convergence Society
• /
• v.11 no.3
• /
• pp.45-52
• /
• 2020

In this study, we propose a new Relative position pattern unlocking solution based on blind interaction, which is a new unlocking method, and compared it with existing unlocking methods to verify usability and security improvement. And verified the practical value of the proposed new unlocking solution. The relative position pattern unlock method is easily remembered than the numeric code method and is worth practical enough to show a degree of learning ease similar to the drawing pattern method. The new method is safer to steal than other two methods. It can be manufactured at a low cost and can also be used by special users such as blind people. Therefore, the practical value is relatively high.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.6
• /
• pp.1251-1259
• /
• 2017

One-time password has been proposed for the purpose of addressing the security problems of the simple password system: fixed passwords and pre-shared passwords. Since it employs the consecutive hash values after a root hash value is registered at the server, the security weakness of the fixed passwords has been addressed. However, it has a shortcoming of re-registering a new root hash value when the previous hash chain's hash values are exhausted. Even though several one-time password systems not requiring re-registration have been proposed, they all have several problems in terms of constraint conditions and efficiency. In this paper, we propose the one - time password scheme based on a hash chain that generates one - time passwords using only two cryptographic hash functions at each authentication and satisfies the existing constraints without re-registration, Security requirements and efficiency.