• Proceedings of the Korean Information Science Society Conference
• /
• 2005.07a
• /
• pp.550-552
• /
• 2005

국내에는 많은 수의 네트워크 망 제공 업체로부터 고속 네트워크가 제공되고 있다. 이러한 네트워크 망에서 또한 많은 침입 탐지 시스템을 필요로 하고 있고 또한 많은 새로운 웜 바이러스의 출현에 따른 연구도 필요로 하고 있다. 그러나 현재 실정에 맞는 네트워크 데이터 셋이 구성되어 있지 않고 이러한 문제점으로 하여 정확한 침입 탐지 혹은 웜 바이러스의 효과적인 탐지와 차단에서 어려움이 있다. 이러한 문제를 해결하기 위해 본 논문에서는 실제 환경과 흡사한 데이터 셋 구성을 위한 방안에 대해서 제안 한다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.17 no.6
• /
• pp.3-10
• /
• 2007

In this paper we present related-key differential attacks on the block-wise stream cipher TWOPRIME. We construct various related-key differentials of TWOPRIME and use them to show that recovering related keys of TWOPRIME can be performed with a data complexity of $2^{14}$ known plaintext blocks and a time complexity of $2^{38}$ 8-bit table lookups.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.13 no.1
• /
• pp.39-46
• /
• 2003

We propose a quantum signature scheme with message recovery implemented by a symmetrical quantum key cryptosystem and Creenberger-Horne-Zeilinger(CHZ) triplet states. The suggested scheme relies on the availability of an arbitrator and can be divided into two schemes . one is using a public board and the other is not. The two schemes give us the confidentiality of a message and the higher efficiency in transmission. We propose a quantum signature scheme with message recovery using Greenberger-Home-Zeilinger(GHZ) triplet states.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.4
• /
• pp.655-666
• /
• 2013

As the capacity of storage devices becomes larger, most users divide them into several logical partitions for convenience of storing and controlling data. Therefore, recovering partitions stably which are artificially hidden or damaged is the most important issue in the perspective of digital forensic. This research suggests partition recovery algorithm that makes stable and effective analysis using characteristics of each file system. This algorithm is available when partition is not distinguishable due to concealment of partition or damage in partition area.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.3
• /
• pp.491-500
• /
• 2013

With the advent of big data and increased costs of SSD(HDD), domestic and foreign Internet cafes and organizations have adopted NDS(No Disk System) solution recently. NDS is a storage virtualization solution based on a kind of cloud computing. It manages Operating System and applications in the central server, which were originally managed by individual computers. This research will illustrate the way to analyze user's behaviors under NDS circumstance.

• Proceedings of the Korean Society of Broadcast Engineers Conference
• /
• 2008.02a
• /
• pp.155-158
• /
• 2008

기술이 발전함에 따라 컴퓨터 범죄는 점차 증가하고 있으며, 용의자는 사건의 증거가 될 수 있는 파일들에 대해 패스워드 기능을 제공하는 응용프로그램을 활용하여 증거물에 대해 의도적인 접근을 막고 있다. 이로 인해 수사관은 암호화된 파일들에 대해 접근이 매우 어려운 상황이며, 해결 방안으로써 패스워드 복구 프로그램이 대안이 될 수 있다. 하지만 대다수의 패스워드 복구 프로그램들은 단순한 전수조사 공격 방식을 지원하거나 국가별 특징을 고려하지 않은 영문용 사전파일을 적용하여 복구하고 있기 때문에, 국내수사 환경에서 패스워드 검색에 한계가 따르고 있다. 따라서 수사관이 암호화된 파일에 대해 효율적으로 검색할 수 있는 방안이 필요하며, 이를 통해 빠른 시간 내에 증거물을 복구할 수 있는 방안이 강구되어야 한다. 본 논문에서는 최근 국내외 사전구축 사례 및 동향을 조사함으로써 효율적인 패스워드 사전 파일을 구축할 수 있는 방안을 제시하며, 이와 함께 용의자의 개인적인 정보를 이용하여 최적화된 사전파일을 생성할 수 있는 방안에 대해 설명한다.

• Journal of Broadcast Engineering
• /
• v.13 no.1
• /
• pp.92-98
• /
• 2008

Network data modeling is a essential research for the evaluation for intrusion detection systems performance, network modeling and methods for analyzing network data. In network data modeling, real data from the network must be analyzed and the modeled data must be efficiently composed to reflect a sufficient amount of the original data. In this parer the useful elements of real network data were quantified from packets captured from a huge network. Futhermore, a statistical analysis method was used to find the most effective element for efficiently classifying the modeled data.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.11 no.5
• /
• pp.85-96
• /
• 2001

This paper describes saturation attacks on reduced-round versions of SKIPJACK. To begin with, we will show how to construct a 16-round distinguisher which distinguishes 16 rounds of SKIPJACK from a random permutation. The distinguisher is used to attack on 18(5~22) and 23(5~27) rounds of SKIPJACK. We can also construct a 20-around distinguisher based on the 16-round distinguisher. This distinguisher is used to attack on 22(1~22) and 27(1~27) rounds of SKIPJACK. The 80-bit user key of 27 rounds of SKIPJACK can be recovered with $2^{50}$ chosen plaintexts and 3\cdot 2^{75}$ encryption times.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.12 no.6
• /
• pp.93-112
• /
• 2002

Since the multicast group which is composed of various members is dynamic, members of the group frequently join or leave. So, for a new session, group keys are efficiently updated and distributed. In this paper, we describe very simple and new efficient logical key hierarchy(ELKH) protocol which is based on an one-way function. In the previous schemes, when the group controller distributes new created keys or updated keys to the members the information is usally encryted and then transmited over a multicast channel. But ELKH secretes the multicast message by using the one-way function and XOR operator instead of encrypting it. Hence our main construction improves the computational efficiency required from the group controller and group memebers while doesn't increase size of re-keying message when compared to $EHBT^{[12]}$. Assuming the security of an underlying one-way function, we prove that our scheme satisfies forward secrecy and backward secrecy.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.12 no.6
• /
• pp.125-135
• /
• 2002

The electronic payment system based on blind signature is susceptible to the blackmailing attack as opposed to keep the lifestyle of users private. In this paper. we suggest an efficient electronic cash system using a blind XTR-DSA scheme, which improves the method of defeating blackmailing in online electronic cash systems of ［6,9］. In case of blackmailing, to issue the marked coins we use the blind XTR-DSA scheme at withdrawal. In ［6,9］, to cheat the blackmailer who takes the marked coins the decryption key of a user had to be transferred to the Bank. But in our proposed method the delivery of the decryption key is not required. Also, in the most serious attack of blackmailing. kidnapping, we can defeat blackmailing with a relatively high probability of 13/18 compared with 1/2 in ［9］ and 2/3 in ［6］. If an optimal extension field of XTR suggested in ［7］ is used, then we can implement our system more efficiently.