• The Journal of Society for e-Business Studies
• /
• v.22 no.2
• /
• pp.169-185
• /
• 2017

Juliano Rizzo and Thai Duong, the authors of the BEAST attack [11, 12] on SSL, have proposed a new attack named CRIME [13] which is Compression Ratio Info-leak Made Easy. The CRIME exploits how data compression and encryption interact to discover secret information about the underlying encrypted data. Repeating this method allows an attacker to eventually decrypt the data and recover HTTP session cookies. This security weakness targets in SPDY and SSL/TLS compression. The attack becomes effective because the attacker is enable to choose different input data and observe the length of the encrypted data that comes out. Since Transport Layer Security (TLS) ensures integrity of data transmitted between two parties (server and client) and provides strong authentication for both parties, in the last few years, it has a wide range of attacks on SSL/TLS which have exploited various features in the TLS mechanism. In this paper, we will discuss about the CRIME and other versions of SSL/TLS attacks along with countermeasures, implementations. We also present direction for SSL/TLS attacks resistance in practice.

• KIPS Transactions on Computer and Communication Systems
• /
• v.10 no.9
• /
• pp.243-250
• /
• 2021

Recently, with the development of cloud computing, interest in database outsourcing is increasing. However, when the database is outsourced, there is a problem in that the information of the data owner is exposed to internal and external attackers. Therefore, in this paper, we propose a parallel range query processing algorithm that supports privacy protection. The proposed algorithm uses the Paillier encryption system to support data protection, query protection, and access pattern protection. To reduce the operation cost of a checking protocol (SRO) for overlapping regions in the existing algorithm, the efficiency of the SRO protocol is improved through a garbled circuit. The proposed parallel range query processing algorithm is largely composed of two steps. It consists of a parallel kd-tree search step that searches the kd-tree in parallel and safely extracts the data of the leaf node including the query, and a parallel data search step through multiple threads for retrieving the data included in the query area. On the other hand, the proposed algorithm provides high query processing performance through parallelization of secure protocols and index search. We show that the performance of the proposed parallel range query processing algorithm increases in proportion to the number of threads and the proposed algorithm shows performance improvement by about 5 times compared with the existing algorithm.

• Journal of KIISE:Computer Systems and Theory
• /
• v.37 no.4
• /
• pp.226-238
• /
• 2010

OpenSSL is an open-source library implementing SSL that is a secure communication protocol. However, the library has a severe vulnerability that its security information can be easily exposed to malicious software when the library is used in a form of shared library on Linux and UNIX operating systems. We propose a scheme to attack the vulnerability of the OpenSSL library. The scheme injects codes into a running client program to execute the following attacks on the vulnerability in a SSL handshake. First, when a client sends a server a list of cryptographic algorithms that the client is willing to support, our scheme replaces all algorithms in the list with a specific algorithm. Such a replacement causes the server to select the specific algorithm. Second, the scheme steals a key for data encryption and decryption when the key is generated. Then the key is sent to an outside attacker. After that, the outside attacker decrypts encrypted data that has been transmitted between the client and the server, using the specified algorithm and the key. To show that our scheme is realizable, we perform an experiment of collecting encrypted login data that an ftp client using the OpenSSL shared library sends its server and then decrypting the login data.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.12 no.2
• /
• pp.21-34
• /
• 2002

In this paper we propos a new hardware architecture of modular exponentiation using a division chain method which has been proposed in (2). Modular exponentiation using the division chain is performed by receding an exponent E as a mixed form of multiplication and addition with divisors d=2 or $d=2^I +1$ and respective remainders r. This calculates the modular exponentiation in about $1.4log_2$E multiplications on average which is much less iterations than $2log_2$E of conventional Binary Method. We designed a linear systolic array multiplier with pipelining and used a horizontal projection on its data dependence graph. So, for k-bit key, two k-bit data frames can be inputted simultaneously and two modular multipliers, each consisting of k/2+3 PE(Processing Element)s, can operate in parallel to accomplish 100% throughput. We propose a new encoding scheme to represent divisors and remainders of the division chain to keep regularity of the data path. When it is synthesized to ASIC using Samsung 0.5 um CMOS standard cell library, the critical path delay is 4.24ns, and resulting performance is estimated to be abort 140 Kbps for a 1024-bit data frame at 200Mhz clock In decryption process, the speed can be enhanced to 560kbps by using CRT(Chinese Remainder Theorem). Futhermore, to satisfy real time requirements we can choose small public exponent E, such as 3,17 or $2^{16} +1$, in encryption and verification process. in which case the performance can reach 7.3Mbps.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.28 no.11A
• /
• pp.936-944
• /
• 2003

In this paper, we propose an AND/XOR-based technology mapping method for field programmable gate arrays (FPGAs). Due to the fixed size of the programmable blocks in an FPGA, decomposing a circuit into sub-circuits with appropriate number of inputs can achieve excellent implementation efficiency. Specifically, the proposed technology mapping method is based on Davio expansion theorem to decompose a given Boolean circuit. The AND/XOR nature of the proposed method allows it to operate on XOR intensive circuits, such as error detecting/correcting, data encryption/decryption, and arithmetic circuits, efficiently. We conduct experiments using MCNC benchmark circuits. When using the proposed approach, the number of CLBs (configurable logic blocks) is reduced by 67.6% (compared to speed-optimized results) and 57.7% (compared to area-optimized results), total equivalent gate counts are reduced by 65.5 %, maximum combinational path delay is reduced by 56.7 %, and maximum net delay is reduced by 80.5 % compared to conventional methods.

• Journal of the Institute of Electronics Engineers of Korea TC
• /
• v.43 no.11 s.353
• /
• pp.54-67
• /
• 2006

Low Rate WPAN (Wireless Personal Area Network) designed for low power and low cost wireless communication is an important technology to realize ubiquitous environment. IEEE 802.15.4 and ZigBee Alliance recommend the SKKE (Symmetric-Key Key Establishment) protocol for key establishment and management. The SKKE algorithm has security weakness such as the absence of authentication process or electric signature in key generation and exchange when devices join the role of coordinators. In this paper, we propose new key establishment and security algorithm based on public key encryption to solve low rate WPAN security problems. Also, to improve PLC AMR system's weaknesses in communication reliability and security, we propose a new AMR system model based on IEEE 802.15.4 and we apply our security algorithm to AMR profile for security enhancement.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.40 no.11
• /
• pp.2160-2168
• /
• 2015

The SSL/TLS, one of the most popular encryption protocol, was developed as a solution of various network security problem while the network traffic has become complex and diverse. But the SSL/TLS traffic has been identified as its protocol name, not its used services, which is required for the effective network traffic management. This paper proposes a new method to generate service signatures automatically from SSL/TLS payload data and to classify network traffic in accordance with their application services. We utilize the certificate publication information field in the certificate exchanging record of SSL/TLS traffic for the service signatures, which occurs when SSL/TLS performs Handshaking before encrypt transmission. We proved the performance and feasibility of the proposed method by experimental result that classify about 95% SSL/TLS traffic with 95% accuracy for every SSL/TLS services.

• Journal of Korea Game Society
• /
• v.18 no.2
• /
• pp.27-36
• /
• 2018

In this paper, we propose a win-win network operating platform for mobile games. The characteristics of the service structure suggested is to form a marketing network that can influence the mobile game market by linking with the mobile game industry, and the excellent game content of the game developer in the industrial complex may not disappear. We also would like to propose a network operating platform that would help it enter the market area steadily. The proposed platform technology is used to distribute rapidly through a win-win network between game companies and publishers. When new games are commercialized, they can support continuous target marketing through various data indicators and analytics by the developed platform. In particular, G-Cross marketing strategy is considered to be a low-cost, high-efficiency marketing method in that it can provide users with information about new games by utilizing the given game infrastructure and utilize the user group possessed by each game company.

• The KIPS Transactions:PartC
• /
• v.8C no.1
• /
• pp.75-87
• /
• 2001

The Conditional Access System is the complete system for ensuring that broadcasting services are only accessible to those who are entitled to receive them. Four major parts to this system are scrambling, descrambling, authentication and encryption. For the proper operation, which means hard-to- break and uninterrupted service, secure key management and efficient delivery mechanism are very important design factors to this system. Performance analysis is another important factor to this system that is used in massive subscriber environment. In this thesis, one of the secure and efficient key management mechanisms is proposed. For the secrecy of this mechanism, hierarchical stacking of keys and key generation matrix are proposed. For the proof of efficient delivery of those keys, simulation results and performance analysis. which is based on queuing analysis, are presented. Lastly, optimal key generation and delivery period, maximal and minimal key deliver time, and communication capacity for data collection are presented for various subscriber volume.

• Journal of KIISE:Computer Systems and Theory
• /
• v.30 no.3_4
• /
• pp.149-159
• /
• 2003

The need for information security increases interests on cipher algorithms recently. Especially, a large volume of data transmission over high-band communication network requires faster encryption and decryption techniques for real-time processing. It would be a good solution for this problem that we implement the cipher algorithm in forms of hardware circuits. Though some previous researches use this approach, they focus only on repeatedly executing the core part of the algorithm to minimize the hardware chip size, while most cipher algorithms are inherently parallel. In this paper, we propose a new design for the SEED block cipher algorithm developed by KISA (Korea Information Security Agency) in 1998 as Korean standard cipher algorithm. It exploits the parallelism of the algorithm basically and implements it in a pipelined fashion. We described the design in VHDL program and performed functional simulations on the program, and then found that it worked correctly. In addition, we synthesized it and verified that it could be implemented in a single FPGA chip, implying that the new design can be Practically used for the actual hardware implementation of a high-speed and high-performance cipher system.