• The Journal of the Korea institute of electronic communication sciences
• /
• v.18 no.1
• /
• pp.157-164
• /
• 2023

In modern society, smart home has become a part of people's daily life. But traditional smart home systems often have problems such as security, data centralization and easy tampering, so a blockchain is an emerging technology that solves the problems. This paper proposes a blockchain-based smart home system which consists in a home and a blockchain network part. The blockchain network with 8 nodes is implemented by HyperLeger Fabric platform on Docker. ECC(Elliptic Curve Cryptography) technology is used for data transmission security and RBAC(role-based access control) manages the certificates of network members. Raft consensus algorithm maintains data consistency across all nodes in a distributed system and reduces block generation time. The query and data submission are controlled by the smart contract which allows nodes to safely and efficiently access smart home data. The experimental results show that the proposed system maintains a stable average query and submit time of 84.5 [ms] and 93.67 [ms] under high concurrent accesses, respectively and the transmission data is secured through simulated packet capture attacks.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.6
• /
• pp.869-879
• /
• 2023

Sparkle is one of the finalists in the Lightweight Cryptography Standardization Process conducted by NIST. It is a nonlinear permutation and serves as a core component for the authenticated encryption algorithm Schwaemm and the hash function Esch. In this paper, we provide specific forms of input and output differences for 6 rounds of Sparkle384 and 7 rounds of Sparkle512, and make formulas for the complexity of finding input pairs that satisfy these differentials. Due to the significantly lower complexity compared to similar tasks for random permutations with the same input and output sizes, they can be valid distinguishing attacks. The numbers(6 and 7) of attacked rounds are very close to the minimum numbers(7 and 8) of really used rounds.

• Convergence Security Journal
• /
• v.23 no.5
• /
• pp.29-34
• /
• 2023

KMS (Knowledge Management System) is used by various organizations to share information. This KMS includes important information as well as basic information used by each organization. To protect infortant information stored in KMS, many KMS use user identification and authentication features. In such a KMS security environment, if the account information of a user who can access the KMS is leaked, a malicious attacker using the account information can access the KMS and access all authorized important information. In this study, we propose KMS with user access control function that can protect important information even if user account information is leaked. The KMS with the user access control function proposed in this study protects the stored files in the KMS by applying an encryption algorithm. Users can access important documents by using tokens after logging in. A malicious attacker without a Token cannot access important files. As a result of checking the unit function for the target user access control function for effectiveness verification, it was confirmed that the access control function to be provided by KMS is normally provided.

• Journal of Internet Computing and Services
• /
• v.13 no.2
• /
• pp.59-71
• /
• 2012

PKI-based public key scheme is outstanding in terms of authenticity and privacy. Nevertheless its application brings big burden due to the certificate/key management. It is difficult to apply it to limited computing devices in WSN because of its high encryption complexity. The Bilinear Pairing emerged from the original IBE to eliminate the certificate, is a future significant cryptosystem as based on the DDH(Decisional DH) algorithm which is significant in terms of computation and secure enough for authentication, as well as secure and faster. The practical EC Weil Pairing presents that its encryption algorithm is simple and it satisfies IND/NM security constraints against CCA. The Random Oracle Model based IBE PKG is appropriate to the structure of our target system with one secret file server in the operational perspective. Our work proposes modification of the Weil Pairing as proper to the closed network for secret file distribution[2]. First we proposed the improved one computing both encryption and message/user authentication as fast as O(DES) level, in which our scheme satisfies privacy, authenticity and integrity. Secondly as using the public key ID as effective as PKI, our improved IBE variant reduces the key exposure risk.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.20 no.6
• /
• pp.1163-1170
• /
• 2016

A hardware implementation of ultra-lightweight block cipher algorithm PRESENT which was specified as a standard for lightweight cryptography ISO/IEC 29192-2 is described. The PRESENT crypto-processor supports two key lengths of 80 and 128 bits, as well as four modes of operation including ECB, CBC, OFB, and CTR. The PRESENT crypto-processor has on-the-fly key scheduler with master key register, and it can process consecutive blocks of plaintext/ciphertext without reloading master key. In order to achieve a lightweight implementation, the key scheduler was optimized to share circuits for key lengths of 80 bits and 128 bits. The round block was designed with a data-path of 64 bits, so that one round transformation for encryption/decryption is processed in a clock cycle. The PRESENT crypto-processor was verified using Virtex5 FPGA device. The crypto-processor that was synthesized using a $0.18{\mu}m$ CMOS cell library has 8,100 gate equivalents(GE), and the estimated throughput is about 908 Mbps with a maximum operating clock frequency of 454 MHz.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.20 no.7
• /
• pp.1296-1302
• /
• 2016

A hardware implementation of ultra-lightweight block cipher algorithm PRESENT that was specified as a block cipher standard for lightweight cryptography ISO/IEC 29192-2 is described in this paper. Two types of crypto-core that support master key size of 80-bit are designed, one is for encryption-only function, and the other is for encryption and decryption functions. The designed PR80 crypto-cores implement the basic cipher mode of operation ECB (electronic code book), and it can process consecutive blocks of plaintext/ciphertext without reloading master key. The PR80 crypto-cores were designed in soft IP with Verilog HDL, and they were verified using Virtex5 FPGA device. The synthesis results using $0.18{\mu}m$ CMOS cell library show that the encryption-only core has 2,990 GE and the encryption/decryption core has 3,687 GE, so they are very suitable for IoT security applications requiring small gate count. The estimated maximum clock frequency is 500 MHz for the encryption-only core and 444 MHz for the encryption/decryption core.

• Journal of the Institute of Electronics Engineers of Korea SD
• /
• v.47 no.4
• /
• pp.41-49
• /
• 2010

This paper proposes a new high speed SHA-1 architecture using multiple unfolding and pre-computation techniques. We unfolds iterative hash operations to 2 continuos hash stage and reschedules computation timing. Then, the part of critical path is computed at the previous hash operation round and the rest is performed in the present round. These techniques reduce 3 additions to 2 additions on the critical path. It makes the maximum clock frequency of 118 MHz which provides throughput rate of 5.9 Gbps. The proposed architecture shows 26% higher throughput with a 32% smaller hardware size compared to other counterparts. This paper also introduces a analytical model of multiple SHA-1 architecture at the system level that maps a large input data on SHA-1 block in parallel. The model gives us the required number of SHA-1 blocks for a large multimedia data processing that it helps to make decision hardware configuration. The hs fospeed SHA-1 is useful to generate a condensed message and may strengthen the security of mobile communication and internet service.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.27 no.10C
• /
• pp.1015-1026
• /
• 2002

As per increasing research interest in the field of collaborative computing in recent year, the importance of security issues on that area is also incrementally growing. Generally, the persistency of collaborative system is facilitated with conventional authentication and cryptography schemes. It is however, hard to meet the access control requirements of distributed collaborative computing environments by means of merely apply the existing access control mechanisms. The distributed collaborative system must consider the network openness, and various type of subjects and objects while, the existing access control schemes consider only some of the access control elements such as identity, rule, and role. However, this may cause the state of security level alteration phenomenon. In order to handle proper access control in collaborative system, various types of access control elements such as identity, role, group, degree of security, degree of integrity, and permission should be taken into account. Futhermore, if we simply define all the necessary access control elements to implement access control algorithm, then collaborative system consequently should consider too many available objects which in consequence, may lead drastic degradation of system performance. In order to improve the state problems, we propose a novel access control framework that is suitable for the distributed collaborative computing environments. The proposed scheme defines several different types of object elements for the accessed objects and subjects, and use them to implement access control which allows us to guarantee more solid access control. Futhermore, the objects are distinguished by three categories based on the characteristics of the object elements, and the proposed algorithm is implemented by the classified objects which lead to improve the systems' performance. Also, the proposed method can support scalability compared to the conventional one. Our simulation study shows that the performance results are almost similar to the two cases; one for the collaborative system has the proposed access control scheme, and the other for it has not.

• The KIPS Transactions:PartC
• /
• v.16C no.2
• /
• pp.151-164
• /
• 2009

The importance of sensor networks as a base of ubiquitous computing realization is being highlighted, and espicially the security is recognized as an important research isuue, because of their characteristics.Several efforts are underway to provide security services in sensor networks, but most of them are preventive approaches based on cryptography. However, sensor nodes are extremely vulnerable to capture or key compromise. To ensure the security of the network, it is critical to develop security Intrusion Detection System (IDS) that can survive malicious attacks from "insiders" who have access to keying materials or the full control of some nodes, taking their charateristics into consideration. In this perper, we design a distributed and adaptive IDS architecture on sensor networks, respecting both of energy efficiency and IDS efficiency. Utilizing a modified HEED algorithm, a clustering algorithm, distributed IDS nodes (dIDS) are selected according to node's residual energy and degree. Then the monitoring results of dIDSswith detection codes are transferred to dIDSs in next round, in order to perform consecutive and integrated IDS process and urgent report are sent through high priority messages. With the simulation we show that the superiorities of our architecture in the the efficiency, overhead, and detection capability view, in comparison with a recent existent research, adaptive IDS.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.3
• /
• pp.363-374
• /
• 2023

A white-box environment refers to a situation where the internal information of an algorithm is disclosed. The AES white-box encryption was first announced in 2002, and in 2016, a side-channel analysis for white-box encryption called Differential Computation Analysis (DCA) was proposed. DCA analysis is a powerful side-channel attack technique that uses the memory information of white-box encryption as side-channel information to find the key. Although various countermeasure studies against DCA have been published domestically and internationally, there were no evaluated or analyzed results from experiments applying the hiding technique using dummy operations to DCA analysis. Therefore, in this paper, we insert LU T-shaped dummy operations into the WBC-AES algorithm proposed by S. Chow in 2002 and quantitatively evaluate the degree of change in DCA analysis response depending on the size of the dummy. Compared to the DCA analysis proposed in 2016, which recovers a total of 16 bytes of the key, the countermeasure proposed in this paper was unable to recover up to 11 bytes of the key as the size of the dummy decreased, resulting in a maximum decrease in attack performance of about 68.8%, which is about 31.2% lower than the existing attack performance. The countermeasure proposed in this paper confirms that the attack performance significantly decreases as smaller dummy sizes are inserted and can be applied in various fields.