• Journal of the Korea Institute of Information Security & Cryptology
• /
• 제19권1호
• /
• pp.43-51
• /
• 2009

In 1998, Kocher et al. introduced Differential Power Attack on block ciphers. This attack allows to extract secret key used in cryptographic primitives even if these are executed inside tamper-resistant devices such as smart card. At FSE 2003 and 2004, Akkar and Goubin presented several masking methods, randomizing the first few and last few($3{\sim}4$) rounds of the cipher with independent random masks at each round and thereby disabling power attacks on subsequent inner rounds, to protect iterated block ciphers such as DES against Differential Power Attack. Since then, Handschuh and Preneel have shown how to attack Akkar's masking method using Differential Cryptanalysis. This paper presents how to combine Truncated Differential Cryptanalysis and Power Attack to extract the secret key from intermediate unmasked values and shows how much more efficient our attacks are implemented than the Handschuh-Preneel method in term of reducing the number of required plaintexts, even if some errors of Hamming weights occur when they are measured.

• Korean Security Journal
• /
• 제48호
• /
• pp.79-111
• /
• 2016

This study aims at analyzing the global trend of standardization in the field of Industrial Security through ISO/TC 292. It covers broad areas from risk management for industrial property protection and loss prevention through supply chain security, product and document fraud and counterfeiting countermeasures and control and community resilience. It also explores the historical background of the standardization in the security field, how ISO TC 292 came out as a leading group in order to standardize relevant security management systems. TC 292 deals with terminology, general security-related standards and supply chain security management. One of the major findings from this analysis is that security targets and threats are diversified and so organizations like enterprises should have proper flexibility to adapt themselves to new security environment and take appropriate resilience system to cope with the threats and incidents. Also the ISO standardization requires public or private entities to take holistic approaches in security management. Finally, it was found that South Korea has to prepare for this global trend of standardization in this field so that ISO certification market demand and the requirements for transnational trades can be well met.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• 제24권4호
• /
• pp.635-643
• /
• 2014

Most of the web-based services are provided by a web browser. A web browser receives a text-based web page from the server and translates the received data for the user to view. There are a myriad of add-ons to web browsers that extend browser features. The browser's add-ons may access web pages and make changes to the data. This makes web-services via web browsers are vulnerable to security threats. A web browser stores web page data in memory in the DOM structure. One method that prevents modifications to web page data applies hash values to certain parts in the DOM structure. However, a certain characteristic of web-pages renders this method ineffective at times. Specifically, the user-input data is not pre-determined, and the hash value cannot be calculated prior to user input. Thus the modification to the data cannot be prevented. This paper proposes a method that both detects and inhibits any attempt to change to user-input data. The proposed method stores user-input from the keyboard and makes a comparison with the data transmitted from the web browser to detect any anomalies.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• 제39B권4호
• /
• pp.200-206
• /
• 2014

Accountable Internet Protocol (AIP) is one of the future Internet architectures to provide accountability concept by using the self-certifying address that is derived by the public key of the host. In AIP, when a host sends a packet, a domain that is located between the source and the destination hosts discards the packet in order to verify the source IP address. Therefore, performance degradation can occur due to packet discard especially when there is asymmetric route. In this paper, we propose the improved AIP mechanism to verify the source IP address without discarding the packet by including the timestamp, public key value and the signature for protecting from forfeiting the source address. Security safety of the proposed mechanism is evaluated and the proposed mechanism can provide the more robust security as well as reducing the latency due to discarding packets.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• 제9권1호
• /
• pp.102-107
• /
• 2005

With the advancement which development and information communication of the computer is quick about lower with multimedia technical diffusion of network base the necessity the use of the digital image technique which is various regarding the protection of sharp increasing multimedia contents raised its head in the social whole. the copyright protection against a multimedia data hazard the authentication techniques it will be able to confirm the content authentication, ownership authentication, illegal copy of the image which stands is demanded. confronts to the water marking technique of existing and the researches the fact that against a picture is most. In this paper, It does not damage the video data which is a multimedia contents not to be, it inserts copyright information and it protects the right of ownership. It is with a copyright protection which leads the wavelet transform which is a watermark of frequency base from visual system viewpoint in the human being center with it proposes the watermarking technique against a forgery prevention.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• 제29권7C호
• /
• pp.1015-1023
• /
• 2004

In order to protect an exchanged data, it is indispensable to establish a peer-to-peer key between the two communicating nodes. Pre-distributing keys among the nodes is unrealistic in Ad-Hoc network environment because of the dynamic nature of its network topology and the equal authority of its nodes. This paper presents a peer-to-peer key establishment scheme without pre-distributing keys in Ad-Hoc networks. The proposed scheme is based on the Diffie-Hellman key exchange protocol. Main idea is to prevent the falsification of Diffe-Hellman values using some elements of a hash chain. As a result, it is as safe as the underlying hash function against a man-in-the-middle attack. Simulation results have shown that the proposed scheme dramatically reduces the number of messages, and has relatively higher scalability, as compared with the key pre-distribution based scheme.

• The KIPS Transactions:PartC
• /
• 제16C권5호
• /
• pp.575-582
• /
• 2009

With all merits of electronic documents, there exist threats to the security such as illegal outflow, destroying, loss, distortion, etc. The techniques to protect the electronic documents against illegal forgery, alteration, removal are strongly requested. Even though various security technologies have been developed for electronic documents, most of them are emphasized to prevention of forgery or repudiation. This paper presents some problems in cryptography technologies currently used in the existing electronic document systems, and offer efficient methods to adopt cryptography algorithms to improve and secure the electronic document systems. To validate performance of the proposed random rearrangement method comparing with the existing cryptographies, basic elements have been compared, and it has been proved that the proposed method gives better results both in security and efficiency.

• Journal of Convergence Society for SMB
• /
• 제5권3호
• /
• pp.27-31
• /
• 2015

As the number of smartphone users is increasing with the development of mobile devices, the range of monetary transaction from the individual use is increasing. Therefore, hacking methods are diversified and the information forgery of mobile devices has been a current issue. The forgery via apps in mobile devices is a hacking method that creates an app similar to well-known apps to deceive the users. The forgery attack corresponds to the violation of integrity, one of three elements of security. Due to the forgery, the value and credibility of an app decreases with the risk increased. With the forgery in app, private information and data can be stolen and the financial losses can occur. This paper examined the forgery, and suggested a way to detect it, and sought the countermeasure to the forgery.

• Journal of the Institute of Electronics and Information Engineers
• /
• 제50권6호
• /
• pp.167-172
• /
• 2013

In a paper recently published in the International Journal of Parallel, Emergent and Distributed Systems, Biswas et al. proposed a VANET message authentication scheme which uses an identity-based proxy signature mechanism as an underlying primitive. The authors claimed that their scheme supports various security features including the security of proxy-key, the security against message forgery and the security against replay attack, with non-repudiation and resistance to proxy-key compromise. Here, we show how an active attacker, who has no knowledge of an original message sender's private key, can compute the proxy-signature key of the corresponding message sender, meaning that the scheme is completely insecure. We also suggest an enhanced version of the protocol capable of solving such serious security holes.

• Journal of Arbitration Studies
• /
• 제25권1호
• /
• pp.87-105
• /
• 2015

Intellectual property law is slowly fighting to keep pace with the rapid growth of the fashion industry. Copyright and patent law have proven only minimally effective in fashion, even in the US and other top fashion nations, forcing designers and fashion companies to rely on their trademarks to protect their work. Litigating trademark disputes in the fashion industry presents a host of problems as witnessed in a recent Christian Louboutin case, leading the parties to resort to Alternative Dispute Resolution(ADR) and Online Dispute Resolution(ODR). ADR methods, especially arbitration, are increasingly emerging as substitutes to litigation. Using these methods, the fashion industry (CFDA in the US case) should sincerely consider a self-regulating program in which its members, both fashion designers and corporations alike, can resolve disputes in a manner mutually beneficial to all parties in order to preserve the industry's growth, solidarity, and esteem In particular, for the US fashion industry, the ongoing Innovative Design Protection and Privacy Prevention Act(IDPPPA) anti-counterfeit legislation could have caused a chilling effect against innovation. New designers with no name and less resources who could normally flourish producing inspired-by designs may find themselves subject to copyright infringement legislation since the IDPPPA may expand the protection of established designers and brands with more resources. This fear and its implication could be solved by the fashion industry itself since fashion experts know best how to handle these fast-paced issues arising in the field. Therefore, stakeholders in the fashion industry should commit to protecting innovation within fashion on a long-term basis by establishing a panel handling an ADR process. This can mitigate the uncertainty created by the IDPPPA or any other legislation from elsewhere, which could result in a shying away from experimentation with inspired-by designs.