• The KIPS Transactions:PartC
• /
• v.9C no.4
• /
• pp.573-580
• /
• 2002

Within the security architecture of the 3GPP system there is a standardised integrity algorithm f9. The integrity algorithm f9 computes a MAC to authenticate the data integrity and data origin of signalling data over a radio access link of W-CDMA IMT-2000. f9 is a variant of the standard CBC MAC based on the block cipher KASUMI. In this paper we provide the provable security of f9 We prove that f9 is secure by giving concrete bound on an adversary's inability to forge in terms of her inability to distinguish the underlying block cipher from a pseudorandom permutation.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.3
• /
• pp.471-485
• /
• 2023

Recently, due to the nature of blockchain that guarantees users' anonymity, more and more cases are being exploited for crimes such as illegal transactions. However, cryptocurrency is protected in cryptocurrency wallets, making it difficult to recover criminal funds. Therefore, this study acquires artifacts from the data and memory area of a local PC based on user behavior from four browser extension wallets (Metamask, Binance, Phantom, and Kaikas) to track and retrieve cryptocurrencies used in crime, and analyzes how to use them from a digital forensics perspective. As a result of the analysis, the type of wallet and cryptocurrency used by the suspect was confirmed through the API name obtained from the browser's cache data, and the URL and wallet address used for the remittance transaction were obtained. We also identified Client IDs that could identify devices used in cookie data, and confirmed that mnemonic code could be obtained from memory. Additionally, we propose an algorithm to measure the persistence of obtainable mnemonic code and automate acquisition.

• Journal of KIISE:Computer Systems and Theory
• /
• v.29 no.5
• /
• pp.284-290
• /
• 2002

We propose a new authenticated encryption scheme that does not require any block encryption algorithm. Our scheme is based on the Horster-Michels-Petersen authenticated encryption scheme, and it uses a technique in the Bae~Deng signcryption scheme so that the sender's signature can be verified by an arbitrary third party. Since our scheme does not use any block encryption algorithm, we can reduce the code size in its implementation. The computation and communication costs of the proposed scheme are almost the same as those of the Bao-Deng scheme that uses a block encryption algorithm. Our scheme also satisfies all the security properties such as confidentiality, authenticity and nonrepudiation.

• Journal of Internet Computing and Services
• /
• v.19 no.5
• /
• pp.55-66
• /
• 2018

Since existing server-based authentications use vulnerable password-based authentication, illegal leak of personal data occurs frequently. Since this can cause illegal ID compromise, alternative authentications have been studied. Recently token-based authentications like OAuth 2.0 or JWT have been used in web sites, however, they have a weakness that if a hacker steals JWT token in the middle, they can obtain plain authentication data from the token, So we suggest a new authentication method using the verification token of authentic code to encrypt authentication data with effective time. The verification is to compare an authentication code from decryption of the verification-token with its own code. Its crypto-method is based on do XOR with ECDH session key, which is so fast and efficient without overhead of key agreement. Our method is outstanding in preventing the personal data leakage.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.3
• /
• pp.545-550
• /
• 2018

Ultra-lightweight block cipher CHAM, consisting of simple addition, rotation, and eXclusive-or operations, enables the efficient implementations over both low-end and high-end Internet of Things (IoT) platforms. In particular, the CHAM block cipher targets the enhanced computational performance for the low-end IoT platforms. In this paper, we introduce the efficient implementation techniques to minimize the memory consumption and optimize the execution timing over 8-bit AVR IoT platforms. To achieve the higher performance, we exploit the partly iterated expression and arrange the memory alignment. Furthermore, we exploit the optimal number of register and data update. Finally, we achieve the high RANK parameters including 29.9, 18.0, and 13.4 for CHAM 64/128, 128/128, and 128/256, respectively. These are the best implementation results in existing block ciphers.

• Transactions on Semiconductor Engineering
• /
• v.1 no.1
• /
• pp.1-8
• /
• 2023

This paper presents the design and implementation of Crystals-Kyber, a next-generation postquantum cryptography, as a hardware accelerator on an FPGA using High-Level Synthesis (HLS). We optimized the Crystals-Kyber algorithm using various directives provided by Vitis HLS, configured the AXI interface, and designed a hardware accelerator that can be implemented on an FPGA. Then, we used Vivado tool to design the IP block and implement it on the ZYNQ ZCU106 FPGA. Finally, the video was recorded and H.264 compressed with Python code in the PYNQ framework, and the video encryption and decryption were accelerated using Crystals-Kyber hardware accelerator implemented on the FPGA.

• Review of KIISC
• /
• v.13 no.5
• /
• pp.113-122
• /
• 2003

현대는 인터넷과 컴퓨터 없이는 잠시도 운용될 수 없는 사회이지만 이를 불법적으로 이용한 범죄행위도 점차 증가하고 있다. 이들 컴퓨터 범죄는 익명성에 기반한 대담성을 보이고 있으며, 개인의 사회적 존재로써의 자각에 있어서도 탈개인화됨에 따라 더 많은 우려를 낳고 있다. 이에 따라 일반 컴퓨터 사용자들의 프라이버시 보호를 위한 방법으로 암호화 방법을 점점 더 많이 사용하고 있는데, 이에 비례해 범죄자들의 암호사용도 증가하고 있다. 그렇다면, 범죄자들이 암호를 사용해 자신들의 범죄증거를 숨기고 있는 경우, 이를 수사하기 위해 공권력 및 수사기관은 어떻게 해야 될 것인가\ulcorner 본 논문은 이러한 문제제기를 통해 새로운 환경에 의해 변화된 코드를 활용하는 새로운 법제도를 통한 적극적인 대비방안을 모색해 보고자 한다. KLS와 같은 신기술을 수사기관 및 법집행기관이 신중하게 사용하여 국가의 법 집행력과 프라이버시권이라는 두 가지 근본 가치의 균형을 이룰 수 있는 방안을 고려하여야 할 것이다. PRIVACY와 SECURITY라는 동전의 양면은 현실생활의 법제도를 그대로 옮겨놓는 것만으로는 한계가 있다. 현재 암호와 관련한 보든 논의는 공론화 되지 못하고있다. 좀 더 공개적으로 암호를 사용한 범죄 행위에 대한 현황과 또 이를 대처한 수사기관의 수사 활동에 대해 논의하고, 그 과정에서 어떤 문제점들이 발생되고 있으며, 이들 문제를 해결하기 위해 필요한 조치들이 무엇인지에 대해 논의하고, 해외 각 국은 이 문제를 해결하기 위해 어떠한 노력들을 기울이고 있는지 살펴본후 종합적인 안목으로 시의 적절한 대책을 세우는 시발점이 되었으면 한다.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.23 no.6
• /
• pp.21-26
• /
• 2023

Recently, cryptocurrencies such as Ethereum and Bitcoin, which are called digital assets, Cryptocurrency has completely different characteristics from real assets and must be handled carefully and safely. But The disadvantage of digital assets is that anyone who knows the private key of the wallet can easily steal the digital assets. If the seed card is lost, stolen, or exposed when used, you can use the wallet by recovering the private key using the seed card acquired by someone else. In this paper We aim to safely protect encrypted assets by using QR codes when providing mnemonic words needed to create seed cards.

• Journal of Convergence for Information Technology
• /
• v.9 no.10
• /
• pp.9-15
• /
• 2019

Recently, in the field of next-generation e-commerce and finance, interest in blockchain-based technologies such as Bitcoin and Ethereum is great. Although the security of blockchain technology is known to be secure, hacking incidents / accidents related to cryptocurrencies are being issued. The main causes were vulnerabilities in the external environment, such as taking over login sessions on cryptocurrency wallets, exposing private keys due to malware infection, and using simple passwords. However, private key management recommends general methods such as utilizing a dedicated application or local backup and physical archiving through document printing. In this paper, we propose a white box password-based private key protection scheme. As a result of safety and performance analysis, we strengthened the security against vulnerability of private key exposure and proved the processing efficiency of existing protocol.

• Journal of KIISE:Information Networking
• /
• v.29 no.5
• /
• pp.473-481
• /
• 2002

Decryption of encrypted malicious scripts is essential in order to analyze the scripts and to determine whether they are malicious. An effective decryption technique is one that is designed to consider the characteristics of the script languages rather than the specific encryption patterns. However, currently X-raying and emulation are not the proper techniques for the script because they were designed to decrypt binary malicious codes. In addition to that, heuristic techniques are unable to decrypt unknown script codes that use unknown encryption techniques. In this paper, we propose a new technique that will be able to decrypt malicious scripts based on analytical approach. we describe its implementation.