• Title/Summary/Keyword: Cryptographic protocol

Search Result 178, Processing Time 0.028 seconds

A Study On Performance Evaluation of Cryptographic Module and Security Functional Requirements of Secure UAV (보안 UAV를 위한 암호모듈의 성능평가와 보안성 평가 방법에 대한 연구)

  • Kim, Yongdae;Kim, Deokjin;Yi, Eunkyoung;Lee, Sangwook
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.32 no.5
    • /
    • pp.737-750
    • /
    • 2022
  • The demands of Unmanned Aerial Vehicles (UAVs) are growing very rapidly with the era of the 4th industrial revolution. As the technology of the UAV improved with the development of artificial intelligence and semiconductor technology, it began to be used in various civilian fields such as hobbies, bridge inspections, etc from being used for special purposes such as military use. MAVLink (Macro Air Vehicle Link), which started as an open source project, is the most widely used communication protocol between UAV and ground control station. However, MAVLink does not include any security features such as encryption/decryption mechanism, so it is vulnerable to various security threats. Therefore, in this study, the block cipher is implemented in UAV to ensure confidentiality, and the results of the encryption and decryption performance evaluation in the UAV according to various implementation methods are analyzed. In addition, we proposed the security requirements in accordance with Common Criteria, which is an international recognized ISO standard.

Entity Authentication Scheme for Secure WEB of Things Applications (안전한 WEB of Things 응용을 위한 개체 인증 기술)

  • Park, Jiye;Kang, Namhi
    • The Journal of Korean Institute of Communications and Information Sciences
    • /
    • v.38B no.5
    • /
    • pp.394-400
    • /
    • 2013
  • WoT (Web of Things) was proposed to realize intelligent thing to thing communications using WEB standard technology. It is difficult to adapt security protocols suited for existing Internet communications into WoT directly because WoT includes LLN(Low-power, Lossy Network) and resource constrained sensor devices. Recently, IETF standard group propose to use DTLS protocol for supporting security services in WoT environments. However, DTLS protocol is not an efficient solution for supporting end to end security in WoT since it introduces complex handshaking procedures and high communication overheads. We, therefore, divide WoT environment into two areas- one is DTLS enabled area and the other is an area using lightweight security scheme in order to improve them. Then we propose a mutual authentication scheme and a session key distribution scheme for the second area. The proposed system utilizes a smart device as a mobile gateway and WoT proxy. In the proposed authentication scheme, we modify the ISO 9798 standard to reduce both communication overhead and computing time of cryptographic primitives. In addition, our scheme is able to defend against replay attacks, spoofing attacks, select plaintext/ciphertext attacks, and DoS attacks, etc.

Attacking OpenSSL Shared Library Using Code Injection (코드 주입을 통한 OpenSSL 공유 라이브러리의 보안 취약점 공격)

  • Ahn, Woo-Hyun;Kim, Hyung-Su
    • Journal of KIISE:Computer Systems and Theory
    • /
    • v.37 no.4
    • /
    • pp.226-238
    • /
    • 2010
  • OpenSSL is an open-source library implementing SSL that is a secure communication protocol. However, the library has a severe vulnerability that its security information can be easily exposed to malicious software when the library is used in a form of shared library on Linux and UNIX operating systems. We propose a scheme to attack the vulnerability of the OpenSSL library. The scheme injects codes into a running client program to execute the following attacks on the vulnerability in a SSL handshake. First, when a client sends a server a list of cryptographic algorithms that the client is willing to support, our scheme replaces all algorithms in the list with a specific algorithm. Such a replacement causes the server to select the specific algorithm. Second, the scheme steals a key for data encryption and decryption when the key is generated. Then the key is sent to an outside attacker. After that, the outside attacker decrypts encrypted data that has been transmitted between the client and the server, using the specified algorithm and the key. To show that our scheme is realizable, we perform an experiment of collecting encrypted login data that an ftp client using the OpenSSL shared library sends its server and then decrypting the login data.

Design of RFID Authentication Protocol Using 2D Tent-map (2차원 Tent-map을 이용한 RFID 인증 프로토콜 설계)

  • Yim, Geo-su
    • The Journal of Korea Institute of Information, Electronics, and Communication Technology
    • /
    • v.13 no.5
    • /
    • pp.425-431
    • /
    • 2020
  • Recent advancements in industries and technologies have resulted in an increase in the volume of transportation, management, and distribution of logistics. Radio-frequency identification (RFID) technologies have been developed to efficiently manage such a large amount of logistics information. The use of RFID for management is being applied not only to the logistics industry, but also to the power transmission and energy management field. However, due to the limitation of program development capacity, the RFID device is limited in development, and this limitation is vulnerable to security because the existing strong encryption method cannot be used. For this reason, we designed a chaotic system for security with simple operations that are easy to apply to such a restricted environment of RFID. The designed system is a two-dimensional tent map chaotic system. In order to solve the problem of a biased distribution of signals according to the parameters of the chaotic dynamical system, the system has a cryptographic parameter(𝜇1), a distribution parameter(𝜇2), and a parameter(𝜃), which is the constant point, ID value, that can be used as a key value. The designed RFID authentication system is similar to random numbers, and it has the characteristics of chaotic signals that can be reproduced with initial values. It can also solve the problem of a biased distribution of parameters, so it is deemed to be more effective than the existing encryption method using the chaotic system.

Method of Detecting and Isolating an Attacker Node that Falsified AODV Routing Information in Ad-hoc Sensor Network (애드혹 센서 네트워크에서 AODV 라우팅 정보변조 공격노드 탐지 및 추출기법)

  • Lee, Jae-Hyun;Kim, Jin-Hee;Kwon, Kyung-Hee
    • Journal of the Korea Institute of Information and Communication Engineering
    • /
    • v.12 no.12
    • /
    • pp.2293-2300
    • /
    • 2008
  • In ad-hoc sensor network, AODV routing information is disclosed to other nodes because AODV protocol doesn't have any security mechanisms. The problem of AODV is that an attacker can falsify the routing information in RREQ packet. If an attacker broadcasts the falsified packet, other nodes will update routing table based on the falsified one so that the path passing through the attacker itself can be considered as a shortest path. In this paper, we design the routing-information-spoofing attack such as falsifying source sequence number and hop count fields in RREQ packet. And we suggest an efficient scheme for detecting the attackers and isolating those nodes from the network without extra security modules. The proposed scheme doesn't employ cryptographic algorithm and authentication to reduce network overhead. We used NS-2 simulation to evaluate the network performance. And we analyzed the simulation results on three cases such as an existing normal AODV, AODV under the attack and proposed AODV. Simulation results using NS2 show that the AODV using proposed scheme can protect the routing-information-spoofing attack and the total n umber of received packets for destination node is almost same as the existing norm at AODV.

Efficient Self-Healing Key Distribution Scheme (효율적인 Self-Healing키 분배 기법)

  • 홍도원;강주성;신상욱
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.13 no.6
    • /
    • pp.141-148
    • /
    • 2003
  • The self-healing key distribution scheme with revocation capability proposed by Staddon et al. enables a dynamic group of users to establish a group key over an unreliable network, and has the ability to revoke users from and add users to the group while being resistant to collusion attacks. In such a protocol, if some packet gets lost, users ale still capable of recovering the group key using the received packets without requesting additional transmission from the group manager. In this scheme, the storage overhead at each group member is O($m^2$1og p) and the broadcast message size of a group manager is O( ((m$t^2$+mt)log p), where m is the number of sessions, t is the maximum number of colluding group members, and p is a prime number that is large enough to accommodate a cryptographic key. In this paper we describe the more efficient self-healing key distribution scheme with revocation capability, which achieves the same goal with O(mlog p) storage overhead and O(($t^2$+mt)log p) communication overhead. We can reduce storage overhead at each group member and the broadcast message size of the group manager without adding additional computations at user's end and group manager's end.

Verifiable Could-Based Personal Health Record with Recovery Functionality Using Zero-Knowledge Proof (영지식 증명을 활용한 복원 기능을 가진 검증 가능한 클라우드 기반의 개인 건강기록)

  • Kim, Hunki;Kim, Jonghyun;Lee, Dong Hoon
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.30 no.6
    • /
    • pp.999-1012
    • /
    • 2020
  • As the utilize of personal health records increases in recent years, research on cryptographic protocol for protecting personal information of personal health records has been actively conducted. Currently, personal health records are commonly encrypted and outsourced to the cloud. However, this method is limited in verifying the integrity of personal health records, and there is a problem with poor data availability because it is essential to use it in decryption. To solve this problem, this paper proposes a verifiable cloud-based personal health record management scheme using Redactable signature scheme and zero-knowledge proof. Verifiable cloud-based personal health record management scheme can be used to verify the integrity of the original document while preserving privacy by deleting sensitive information by using Redactable signature scheme, and to verify that the redacted document has not been deleted or modified except for the deleted part of the original document by using the zero-knowledge proof. In addition, it is designed to increase the availability of data than the existing management schemes by designing to recover deleted parts only when necessary through the Redact Recovery Authority. And we propose a verifiable cloud-based personal health record management model using the proposed scheme, and analysed its efficiency by implementing the proposed scheme.

Efficient Privacy-Preserving Duplicate Elimination in Edge Computing Environment Based on Trusted Execution Environment (신뢰실행환경기반 엣지컴퓨팅 환경에서의 암호문에 대한 효율적 프라이버시 보존 데이터 중복제거)

  • Koo, Dongyoung
    • KIPS Transactions on Computer and Communication Systems
    • /
    • v.11 no.9
    • /
    • pp.305-316
    • /
    • 2022
  • With the flood of digital data owing to the Internet of Things and big data, cloud service providers that process and store vast amount of data from multiple users can apply duplicate data elimination technique for efficient data management. The user experience can be improved as the notion of edge computing paradigm is introduced as an extension of the cloud computing to improve problems such as network congestion to a central cloud server and reduced computational efficiency. However, the addition of a new edge device that is not entirely reliable in the edge computing may cause increase in the computational complexity for additional cryptographic operations to preserve data privacy in duplicate identification and elimination process. In this paper, we propose an efficiency-improved duplicate data elimination protocol while preserving data privacy with an optimized user-edge-cloud communication framework by utilizing a trusted execution environment. Direct sharing of secret information between the user and the central cloud server can minimize the computational complexity in edge devices and enables the use of efficient encryption algorithms at the side of cloud service providers. Users also improve the user experience by offloading data to edge devices, enabling duplicate elimination and independent activity. Through experiments, efficiency of the proposed scheme has been analyzed such as up to 78x improvements in computation during data outsourcing process compared to the previous study which does not exploit trusted execution environment in edge computing architecture.