• The KIPS Transactions:PartC
• /
• v.16C no.4
• /
• pp.449-460
• /
• 2009

The signature hashing algorithm[9] provides the fast pattern matching speed for network IPS(Intrusion Prevention System) using the hash table. It selects 2 bytes from all signature rules and links to the hash table by the hash value. It has an advantage of performance improvement because it reduces the number of inspecting rules in the pattern matching. However it has a disadvantage of performance drop if the number of rules with the same hash value increases when the number of rules are large and the corelation among rules is strong. In this paper, we propose a method to make all rules distributed evenly to the hash table independent of the number of rules and corelation among rules for overcoming the disadvantage of the signature hashing algorithm. In the proposed method, it checks whether or not there is an already assigned rule linked to the same hash value before a new rule is linked to a hash value in the hash table. If there is no assigned rule, the new rule is linked to the hash value. Otherwise, the proposed method recalculate a hash value to put it in other position. We implemented the proposed method in a PC with a Linux module and performed experiments using Iperf as a network performance measurement tool. The signature hashing method shows performance drop if the number of rules with the same hash value increases when the number of rules are large and the corelation among rules is strong, but the proposed method shows no performance drop independent of the number of rules and corelation among rules.

• Proceedings of the Korean Information Science Society Conference
• /
• 2003.10a
• /
• pp.895-897
• /
• 2003

본 논문에서는 기존의 네트워크 기반의 침입탐지 시스템에 존재하는 취약성을 해결하기 위한 방법을 제안한다. 현재 대부분의 룰 기반의 침입탐지 시스템에서는 룰 자체를 보호하기 위한 방법을 제공하지 못한다. 이러한 문제를 해결하기 위해서 본 논문에서는 해쉬함수를 이용하여 룰 자체에 대한 보호를 제공할 수 있는 기법을 Snort를 기반으로 제안한다.

• Proceedings of the Korean Information Science Society Conference
• /
• 2003.10a
• /
• pp.898-900
• /
• 2003

본 논문에서는 기존의 네트워크 기반의 침입탐지 시스템에 존재하는 취약성을 해결하기 위한 방법을 제안한다. 현재 대부분의 룰 기반의 침입탐지 시스템에서는 룰 자체를 보호하기 위한 방법을 제공하지 못한다. 이러한 문제를 해결하기 위해서 본 논문에서는 해쉬함수를 이용하여 룰 자체에 대한 보호를 제공할 수 있는 기법을 Snort를 기반으로 제안한다.

• Review of KIISC
• /
• v.5 no.3
• /
• pp.15-37
• /
• 1995

본 고에서는 CDMA 이동 통신망에 적용 가능한 인증 시스템을 제시한다. 이를 위하여 먼저 IS-95에 표준화된 인증과 관련된 파라메타와 인증 절차를 분석하고, 인증 시스템에 응용될 수 있는 해쉬 함수의 개념과 원리를 제시하며, 이를 바탕으로 이동 통신에 적용 가능한 해쉬 함수에 바탕을 둔 인증 시스템을 제시하고, 제시된 인증시스템을 시뮬레이션 한다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.14 no.6
• /
• pp.111-123
• /
• 2004

A hash function is a function that takes bit strings of arbitrary length to bit string of fixed length. A cellular automata is a finite state machine and has the property of generating pseudorandom numbers efficiently by combinational logics of neighbour cells. In [1] and [7], hash functions based on cellular automata which can be implemented efficiently in hardware were proposed. In this paper, we show that we can find collisions of these hash functions with probability 0.46875 and 0.5 respectively.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.11 no.6
• /
• pp.127-134
• /
• 2001

At PKC\`98, SangUk Shin et al. proposed a new hash function based on advantages of SHA-1, RIPEMD-160, and HAVAL. They claimed that the Boolean functions of the hash function have good properties including the SAC(Strict Avalanche Criterion). In this paper, we first show that some of Boolean functions which are used in Shin\`s hash function does not satisfy the SAC, and then argue that satisfying the SAC may not be a good property of Boolean functions, when it is used for constructing compress functions of a hash function.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.14 no.3
• /
• pp.715-722
• /
• 2010

This paper describes a hardware design of hash function processor which implements Korean Hash Algorithm Standard HAS-160. The HAS-160 processor compresses a message with arbitrary lengths into a hash code with a fixed length of 160-bit. To achieve high-speed operation with small-area, arithmetic operation for step-operation is implemented by using a hybrid structure of 5:3 and 3:2 carry-save adders and carry-select adder. It computes a 160-bit hash code from a message block of 512 bits in 82 clock cycles, and has 312 Mbps throughput at 50 MHz@3.3-V clock frequency. The designed HAS-160 processor is verified by FPGA implementation, and it has 17,600 gates on a layout area of about $1\;mm^2$ using a 0.35-${\mu}m$ CMOS cell library.

• Journal of Korea Multimedia Society
• /
• v.9 no.11
• /
• pp.1381-1394
• /
• 2006

Generation methods of data cube have been studied for many years in data warehouse which supports decision making using stored data. There are two previous studies, one is multi-way array algorithm and the other is H-cubing algorithm which is based on the hyper-tree. The multi-way array algorithm stores all aggregation data in arrays, so if the base data is increased, the size of memory is also grow. The H-cubing algorithm which is based on the hyper-tree stores all tuples in one tree so the construction cost is increased. In this paper, we present an efficient data cube generation method based on hash table using weight mapping table and record hash table. Because the proposed method uses a hash table, the generation cost of data cube is decreased and the memory usage is also decreased. In the performance study, we shows that the proposed method provides faster search operation time and make data cube generation operate more efficiently.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.27 no.1C
• /
• pp.112-121
• /
• 2002

In this paper, we present a design of a hash processor for data security systems. Two standard hash algorithms, Sha-1(American) and HAS-1600(Korean), are implemented on a single hash engine to support real time processing of the algorithms. The hash processor can also be used as a PRNG(Pseudo-random number generator) by utilizing SHA-1 hash iterations, which is being used in the Intel software library. Because both SHA-1 and HAS-160 have the same step operation, we could reduce hardware complexity by sharing the computation unit. Due to precomputation of message variables and two-stage pipelined structure, the critical path of the processor was shortened and overall performance was increased. We estimate performance of the hash processor about 624 Mbps for SHA-1 and HAS-160, and 195 Mbps for pseudo-random number generation, both at 100 MHz clock, based on Samsung 0.5um CMOS standard cell library. To our knowledge, this gives the best performance for processing the hash algorithms.

• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 2002.11a
• /
• pp.473-476
• /
• 2002

본 논문에서는 ad-hoc wireless network에서 상호간의 사전지식 없이 상대편을 authenticate하는 프로토콜을 제시한다. 기존에 Dirk Balfanz et al에 의해 제시된 변형된interactive Guy Fawkes protocol은 해쉬함수의, 전달하고자 하는 메시지와 그 authenticator의 해쉬값을 보내고, 다음 단계에서 그 원본을 밝히는 원리를 이용한 것으로, PKI 없이 해쉬함수 만으로 상호인증과 메시지의 무결성을 보장함으로써 전반적인 ID 체계와 public key encryption, decryption 연산에 대한 부담을 덜었다. 하지만, 이것은 여전히 eavesdropping같은 passive attack에 노출되어 있다[1]. 본 논문에서는 zero-knowledge 기반의 프로토콜을 이용하여 상호 정보를 교환할 수 없는 환경에서도 안전하게 상호 authentication을 가능하게 하는 방법을 제시한다.