• The Journal of the Korea institute of electronic communication sciences
• /
• v.15 no.2
• /
• pp.319-326
• /
• 2020

PRNGs(Pseudorandom number generators) are essential for generating encryption keys for to secure online communication. A bitstream generated by the PRNG must be generated at high speed to encrypt the big data effectively in a symmetric key cryptosystem and should ensure the randomness of the level to pass through the several statistical tests. CA(Cellular Automata) based PRNGs are known to be easy to implement in hardware and to have better randomness than LFSR based PRNGs. In this paper, we design PRNGs based on PMLCA(Programable Maximum Length CA) that can generate effective key sequences in symmetric key cryptosystem. The proposed PRNGs generate bit streams through nonlinear control method. First, we design a PRNG based on an (m,n)-cell PMLCA ℙ with a single complement vector that produces linear sequences with the long period and analyze the period and the generating polynomial of ℙ. Next, we design an (m,n)-cell PC-MLCA based PRNG with two complement vectors that have the same period as ℙ and generate nonlinear sequences, and analyze the location of outputting the nonlinear sequence.

• Journal of KIISE:Information Networking
• /
• v.30 no.3
• /
• pp.377-386
• /
• 2003

In this paper, we present an application layer protocol to support secure wireless Internet services, called Application Layer Security(ALS). The drawbacks of the two traditional approaches to secure wireless applications motivated the development of ALS. One is that in the conventional application-specific security protocol such as Secure HyperText Transfer Protocol(S-HTTP), security mechanism is included in the application itself. This gives a disadvantage that the security services are available only to that particular application. The other is that a separate protocol layer is inserted between the application and transport layers, as in the Secure Sockets Layer(SSL)/Transport Layer Security(TLS). In this case, all channel data are encrypted regardless of the specific application's requirements, resulting in much waste of network resources. To overcome these problems, ALS is proposed to be implemented on top of HTTP so that it is independent of the various transport layer protocols, and provides a common security interface with security applications so that it greatly improves the portability of security applications. In addition, since ALS takes advantages of well-known TLS mechanism, it eliminates the danger of malicious attack and provides applications with various security services such as authentication, confidentiality integrity and digital signature, and partial encryption. We conclude this paper with an example of applying ALS to the solution of end-to-end security in a present commercial wireless protocol stack, Wireless Application Protocol.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.14 no.3
• /
• pp.1428-1438
• /
• 2013

Services take place in Internet environment, a formation of the trust relationship between user and service provider for services. Different authentication schemes such as using Certificate of Public Key Infrastructure authentication and using ID/PW for a simple user authentication have been proposed for trust relationship. In addition, in the case of electronic financial transactions, transaction integrity and non-repudiation features are provided. These services are provided in Internet environment, use various measures to ensure service safety. However, it was difficult to prevent attacks using existing security technology because of emergence of MITB attack that manipulate the memory area of the Web browser and social engineering attacks such as phishing/pharming, requires application of new security technologies became. In this paper, we propose a concept of smart secure-pad, and utilize it safely formed a trust relationship between user and service provider, a model has been proposed to ensure safety of data transmission. Proposed model's security evaluation results show security against to MITB attack and phishing/pharming that can't be prevent attack using existing security technology. In addition, service provider can easily apply the model in safe environment can provide Internet service using provided representative services applying the proposed model.

• Korean Journal of Optics and Photonics
• /
• v.19 no.4
• /
• pp.262-269
• /
• 2008

In this paper, we propose an image watermark method using multiple decoding keys. The advantages of this method are that the multiple original images are reconstructed by using multiple decoding keys in the same watermark image, and that the quality of reconstructed images is clearly enhanced based on the idea of Walsh code without any side lobe components in the decoding process. The zero-padded original images, multiplied with random-phase pattern to each other, are Fourier transformed. Encoded images are then obtained by taking the real-valued data from these Fourier transformed images. The embedding images are obtained by the product of independent Walsh codes, and these spreaded phase-encoded images which are multiplied with new random-phase images. Also we obtain the decoding keys by multiplying these random-phase images with the same Walsh code images used in the embedding images. A watermark image is then made from the linear superposition of the weighted embedding images and a cover image, which is multiplied with a new independent Walsh code. The original image is simply reconstructed by the inverse-Fourier transform of the despreaded image of the multiplication between the watermark image and the decoding key. Computer simulations demonstrate the efficiency of the proposed watermark method with multiple decoding keys and a good robustness to the external attacks such as cropping and compression.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.19 no.2
• /
• pp.11-21
• /
• 2009

The NTRU cryptosystem proposed by Hoffstein et al. in 1990s is a public key cryptosystem based on hard lattice problems. NTRU has many advantages compared to other public key cryptosystems such as RSA and elliptic curve cryptosystems. For example, it guarantees high speed encryption and decryption with the same level of security, and there is no known quantum computing algorithm for speeding up attacks against NTRD. In this paper, we analyze the security of NTRU against the simple power analysis (SPA) attack and the statistical power analysis (STPA) attack such as the correlation power analysis (CPA) attack First, we implement NTRU operations using NesC on a Telos mote, and we show how to apply CPA to recover a private key from collected power traces. We also suggest countermeasures against these attacks. In order to prevent SPA, we propose to use a nonzero value to initialize the array which will store the result of a convolution operation. On the other hand, in order to prevent STPA, we propose two techniques to randomize power traces related to the same input. The first one is random ordering of the computation sequences in a convolution operation and the other is data randomization in convolution operation.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.3
• /
• pp.499-510
• /
• 2023

Recently, an intelligent and advanced cyber attack attacks a computer network of a public institution using a file containing malicious code or leaks information, and the damage is increasing. Even in public institutions with various information protection systems, known attacks can be detected, but unknown dynamic and encryption attacks can be detected when existing signature-based or static analysis-based malware and ransomware file detection methods are used. vulnerable to The detection method proposed in this study extracts the detection result data of the system that can detect malicious code and ransomware among the information protection systems actually used by public institutions, derives various attributes by combining them, and uses a machine learning classification algorithm. Results are derived through experiments on how the derived properties are classified and which properties have a significant effect on the classification result and accuracy improvement. In the experimental results of this paper, although it is different for each algorithm when a specific attribute is included or not, the learning with a specific attribute shows an increase in accuracy, and later detects malicious code and ransomware files and abnormal behavior in the information protection system. It is expected that it can be used for property selection when creating algorithms.

• Management & Information Systems Review
• /
• v.39 no.2
• /
• pp.39-60
• /
• 2020

Block chain technology is one of the core elements for realizing the 4^th industrial revolution, and many efforts have been made by government and companies to provide services based on block chain technology. In this study we analyzed the benefits of block chain technology for EVMS and designed EVMS block chain platform with increased data security and work efficiency for project management data, which are important assets in monitoring progress, foreseeing future events, and managing post-completion. We did the case studies on the benefits of block chain technology and then conducted the survey study on security, reliability, and efficiency of block chain technology, targeting 18 block chain experts and project developers. And then, we interviewed EVMS system operator on the compatibility between block chain technology and EVM Systems. The result of the case studies showed that block chain technology can be applied to financial, logistic, medical, and public services to simplify the insurance claim process and to improve reliability by distributing transaction data storage and applying security·encryption features. Also, our research on the characteristics and necessity of block chain technology in EVMS revealed the improvability of security, reliability, and efficiency of management and distribution of EVMS data. Finally, we designed a network model, a block structure, and a consensus algorithm model and combined them to construct a conceptual block chain model for EVM system. This study has the following contribution. First, we reviewed that the block chain technology is suitable for application in the defense sector and proposed a conceptual model. Second, the effect that can be obtained by applying block chain technology to EVMS was derived, and the possibility of improving the existing business process was derived.