• Proceedings of the IEEK Conference
• /
• 2005.11a
• /
• pp.1011-1014
• /
• 2005

In this paper, we propose a method that extracts an invariant biometric key in order to apply this biometric key to the crypto-biometric system. This system is a new authentication architecture which can improve the security of current cryptographic system and solve the problem of stored template protection in conventional biometric system, also. To use biometric information as a cryptographic key in crypto-biometric system, same key should be generated from the same person. However, it is difficult to obtain such an invariant biometric key because biometric data is sensitive to surrounding environments. The proposed method solves this problem by clustering Iris Codes obtained by using independent component analysis (ICA).

• Journal of Information Technology Services
• /
• v.11 no.2
• /
• pp.119-130
• /
• 2012

Nowadays, encryption is core technology widely used in IT industry to protect private information of individuals and important intellectual assets of companies. However, when criminals and terror suspects abuse such technology, national security can be threatened and law enforcement can be disturbed. To prevent such adverse effects of cryptography, some nations have enacted legislations that allow legally obtained encrypted data to be decrypted by certain law enforcement agencies. Hence it is imperative that firms having international presence understand and comply by each nation's regulations on decryption order. This paper explains circumstances under which legislations on decryption order were established, organizes countries with regulations and punishment, explores what global enterprises need to consider in making policies to effectively respond to decryption orders, and suggests that technological methods and managerial guidelines for control of encryption be established.

• Proceedings of the Korea Multimedia Society Conference
• /
• 2003.11b
• /
• pp.707-710
• /
• 2003

인터넷은 전 세계를 연결하는 매체로서, 그 사용자가 매년 폭발적으로 증가하고 있다. 이러한 인터넷 사용자간의 자료 교환 수단으로서 전자우편은 표준이라 말할 수 있을 만큼 많이 사용되고 있다. 일반 편지에서부터 상업광고 목적의 전자우편에 이르기까지 다양한 분야에서 사용되고 있다. 하지만 이러한 전자우편에도 많은 문제가 존재한다. 기존의 전자우편은 간단한 방법으로 내용을 열람하거나 변조할 수 있어 중요한 정보나 사생활 노출의 위험에서 벗어날 수 없다. 이러한 데이터에 대한 보안이 기대에 미치지 못하고 있기 때문에 암호학적으로 강력한 전자우편 시스템의 개발이 시급하다 본 논문에서는 기본적인 정보보호 서비스 외에 기존의 전자우편 시스템에서는 제공되지 않는 배달 증명 및 내용 증명 기능을 제공하고 자바 암호 API를 사용하여 안전한 키 교환이 가능하도록 하였다.

• Proceedings of the Korea Information Assurance Society Conference
• /
• 2004.05a
• /
• pp.59-64
• /
• 2004

In this paper a design and an implementation of a crypto chip which implements SEED and Triple-DES algorithms are described. We designed it by VHDL(VHSIC Hardware Description Language) which is a designed system-description language. To apply the chip to various application, four operating Modes such as ECB, CBC, CFB, and CFB are supported. The chip was designed by the Virtex-E XCV2000E BG560 of Xilinx and we confirmed result of it at the FPGA implementation by functional and timing simulation using the Xilinx Foundation Series 3.li.

• The Journal of Information Systems
• /
• v.11 no.1
• /
• pp.175-198
• /
• 2002

This paper is to develop a security module for electronic approval systems. Electronic documents are created, transmitted and saved in the company's intranet computer network. Transmitting electronic documents, however, brings us a security problem. Communications among various computer systems are exposed to many security threats. Those threats are eavesdropping, repudiation, replay back etc. The main purpose of this paper is to develop a module which provides the security of electronic documents while they are passed from one place to another This paper applies Multi-Level security to the electronic approval system that guarantees security of electronic documents from many threats. Multi-Level security controls the access to the documents by granting security level to subject users and object electronic documents. To prevent possible replay back attacks, this paper also uses one time password to the system. The security module is composed of client program and server one. The module was developed using Microsoft Visual Basic 6.0 and Microsoft SQL Server 7.0. The code uses Richard Bondi's WCCO(Wiley CryptoAPI COM Objects) library functions which enables Visual Basic to access Microsoft CryptoAPI.

• Journal of information and communication convergence engineering
• /
• v.7 no.4
• /
• pp.516-520
• /
• 2009

RSA crypto-processors equipped with more than 1024 bits of key space handle the entire key stream in units of blocks. The RSA processor which will be the target design in this paper defines the length of the basic word as 128 bits, and uses an 256-bits register as the accumulator. For efficient execution of 128-bit multiplication, 32b*32b multiplier was designed and adopted and the results are stored in 8 separate 128-bit registers according to the status flag. In this paper, an efficient method to execute 128-bit MAC (multiplication and accumulation) operation is proposed. The suggested method pre-analyzed the all possible cases so that the MAC unit can remove unnecessary calculations to speed up the execution. The proposed architecture prototype of the MAC unit was automatically synthesized, and successfully operated at 20MHz, which will be the operation frequency in the RSA processor.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.42 no.5
• /
• pp.1027-1037
• /
• 2017

By a spread of utilizing environment of the CNG library, it is required to analyze its vulnerability. For this reason, in this paper, we analyzed SSL communication process in CNG library. This study is expected to draw vulnerabilities and security threats and improve security criteria for various applications to fully take advantage of the CNG library.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.4 no.2
• /
• pp.98-116
• /
• 2010

The field of lightweight cryptography has developed significantly over recent years and many impressive implementation results have been published. However these results are often concerned with a core computation and when it comes to a real implementation there can be significant hidden overheads. In this paper we consider the case of cryptoGPS and we outline a full implementation that has been fabricated in ASIC. Interestingly, the implementation requirements still remain within the typically-cited limits for on-the-tag cryptography.

• Review of KIISC
• /
• v.9 no.4
• /
• pp.81-87
• /
• 1999

Density'(밀도)가 비교적 높은 Chor-Rivest 암호체계는 기존의 LLL과 같은 유형의 공격법이 아니라 비밀키를 일부 찾아내므로 써 공격이 가능하고 '98 Crypto에 처음 발표되 고 '99 Crypto에 그의 공격법과 안전성이 논의된 hidden subset sum problem은 기존의 knapsack 유형의 암호체계와 마찬가지로 밀도가 높을 때 안전하고 밀도가 낮으면 공격이 가능하다 따라서 두 암호체계의 접목을 통하여 안전한 암호체계가 가능한지를 살펴보는 것 도 의미가 있을 것이다, 결론적으로 이야기하면 두암호체계의 접목은 여러 가지 문제점을 포함하고 있기 때문에 어려우리라 생각된다. 제1장에서의 hidden subset sum problem을 살 펴보고 제2장에서는 Chor-Rivest 암호체계를 분석해보고 제 3장에서 Chor-Rivest 암호체계 의 변경 가능한 요소들을 살펴보고 제4장에서 Chor-Rivest 암호체계에 hidden subset sum problem의 활용이 가능한지를 살펴보도록한다. knapsack 유형의 암호체계들중 비교적 최근 까지 안전하다고 하는 암호체계들을 살펴봄으로써 이런 유형들의 개발여부를 생각해 볼수 있는 기회가 되리라 기대된다.

• Proceedings of the Korean Information Science Society Conference
• /
• 2001.04a
• /
• pp.865-867
• /
• 2001

최근 활발하게 이루어지고 있는 정보 보안에 관한 연구 및 개발 중 보안 API는 보안 서비스를 제공하는 인터페이스 규격으로서의 중요성이 증대되고 있다. 그러나 대표적인 기존 보안 구조들인 CryptoKi, CryptoAPI, CSSM API, GSS-API, 및 GCS-API등의 보안 API는 응용개발자와 보안 장비 개발자의 편리성 및 독립성 보장 측면에서 다양한 문제점들을 가지고 있는 실정이다. 따라서 본 논문에서는 인터넷 응용환경에서의 신분위장, 통신내용의 도청 및 변조, 의도적인 업무 방해 등 수 많은 위협 요소들로부터의 정보 보호를 위한 사용자 인증, 데이터 기밀성 및 무결성 서비스를 제공하는 다중구조의 CAPI(Cryptographic Application Programming Interface) 보안 서비스 모듈을 설계한다. 설계된 다중구조 CAPI는 사용자 인증, 접근통제 등 상위 어플리케이션 계층에 보안 시스템 서비스 체계를 적용하여 운용 시스템 환경에 따라서 다양하게 개발 및 적용될 수 있다.