• Journal of Information Processing Systems
• /
• v.20 no.1
• /
• pp.116-130
• /
• 2024

In the Internet-of-Things (IoT) or blockchain-based network systems, secure keys may be stored in individual devices; thus, individual devices should protect data by performing secure operations on the data transmitted and received over networks. Typically, secure functions, such as a physical unclonable function (PUF) and fully homomorphic encryption (FHE), are useful for generating safe keys and distributing data in a network. However, to provide these functions in embedded devices for IoT or blockchain systems, proper inspection is required for designing and implementing embedded system-on-chip (SoC) modules through overhead and performance analysis. In this paper, a virtual platform (SoC VP) was developed that includes a secure key generation module with a PUF and FHE. The SoC VP platform was implemented using SystemC, which enables the execution and verification of various aspects of the secure key generation module at the electronic system level and analyzes the system-level execution time, memory footprint, and performance, such as randomness and uniqueness. We experimentally verified the secure key generation module, and estimated the execution of the PUF key and FHE encryption based on the unit time of each module.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.5
• /
• pp.949-960
• /
• 2019

Due to miniaturization of electronic devices and development of IoT(Internet of Things), embedded system have been used in various field. Meanwhile, there is a potential vulnerability by the insufficient of system's security. In this paper, we implement secure boot using TPM to protect the integrity of embedded system environment. The Suggestion considers the required availability in the embedded system and detects the system's tampering at secure boot process via TPM. In addition, we have reinforced the confidentiality through AES encryption of the kernel at secure boot.

• IEMEK Journal of Embedded Systems and Applications
• /
• v.10 no.4
• /
• pp.199-206
• /
• 2015

In this paper, we present the implementation of a secure OTP(One Time Password) generator for IoT(Internet of Things) devices. Basically, MTM(Mobile Trusted Module) is used and expanded considering secure IoT services. We combine the MTM architecture with a new hardware-based OTP generation engine. The new architecture is more secure, offering not only the security of devices but also that of the OTP service. We have implemented and verified the MTM-based OTP generator on a real mobile platform embedded with the MTM chip. The proposed method can be used as a solution for enhancing security of IoT devices and services.

• Journal of KIISE:Computer Systems and Theory
• /
• v.32 no.10
• /
• pp.512-519
• /
• 2005

E-BLP security model considers the reliability of the processes that are real subjects in systems. This paper deals with the implementation of the E-BLP model for secure embedded systems. Implemented EBSM(E-BLP Based Security Module) consists of three components: identification and authentication, access control and BRC(Dynamic Reliability Check) that checks the process behavior dynamically. Access Control of EBSM ensures unreliable processes not to access the sensitive objects and the DRC detects the buffer overflow attack by normal user. Besides, the performance overhead of the embedded system applying the EBSM is introduced.

• The KIPS Transactions:PartC
• /
• v.16C no.3
• /
• pp.335-346
• /
• 2009

Mobile environments are evolving the main communication environment as a develops of communication technology. In mobile environments, sensitive information can be compromised on-line, so demand for security has increased. Also, mobile devices that provide various services are in danger from malware and illegal devices, phishing and sniffing etc, and the privacy. Therefore, MTM(Mobile Trusted Module) is developed and promoted by TCG(Trusted Computing Group), which is an industry standard body to enhance the security level in the mobile computing environment. MTM protects user privacy and platform integrity, because it is embedded in the platform, and it is physically secure. However, a security approach is required when secret data is migrated elsewhere, because MTM provides strong security functions. In this paper, we analyze the TCG standard and migration method for cryptographic key, then we propose a secure migration scheme for cryptographic key using key Backup/Recovery method.

• The KIPS Transactions:PartC
• /
• v.19C no.1
• /
• pp.39-46
• /
• 2012

In this paper, we propose a key distribution scheme for flexible chipset pairing conditional access system. Chipset pairing conditional access system is the implementation of CA (Conditional Access) module by using both embedded secure chip in a Set-Top Box(STB) and smartcard, and the secure chip embedded in a STB forms a secure channel between the smartcard and the STB. In short, it is the system that a smartcard outputs encrypted CW (Control Word) to the STB, and the STB decrypts an encrypted CW by using the embedded secure chip. The drawback of this chipset pairing conditional access system is that one smartcard is able to be used for only one specified STB since it is the system using the STB bound to a smartcard. However, the key distribution scheme proposed in this paper overcomes a drawback of current chipset pairing conditional access system by using Chinese Remainder Theorem(CRT). To be specific, with this scheme, one smartcard can be used for multiple, not single, STBs, and applied to current chipset pairing without great changes.

• Journal of Institute of Control, Robotics and Systems
• /
• v.14 no.6
• /
• pp.523-529
• /
• 2008

In this paper, we proposed mobile LCD module test device on embedded based, when operating the existing LCD, divide flicker clearly in full frame, and configuration so as to support between other CPU interface, MDDI, SPI, 24Bit RGB interface, etc. that is based on a high-speed CPU. In addition, when demand to test about each pixel of LCD, it is possible to change IP design of H/W, FPGA, but proposed system is application possible without other design changing. Proposed system is made smaller and equipped with battery, so secure with mobility for effective test the LCD/OLED module and it is able to test the pattern by the client program, for example exiting picture, mpeg, simple pattern test and test per pixel, scale, rotation, Odd/Even pixel per video, etc. From now on, if integrating with independent test system and it is configured that is able to mutual communication and test, it is expected to reduce consumption of human resources and improve productivity for LCD module test.

• ETRI Journal
• /
• v.43 no.6
• /
• pp.1113-1129
• /
• 2021

Lightweight ciphers are increasingly employed in cryptography because of the high demand for secure data transmission in wireless sensor network, embedded devices, and Internet of Things. The PRESENT algorithm as an ultralightweight block cipher provides better solution for secure hardware cryptography with low power consumption and minimum resource. This study generates the key using key rotation and substitution method, which contains key rotation, key switching, and binary-coded decimal-based key generation used in image encryption. The key rotation and substitution-based PRESENT architecture is proposed to increase security level for data stream and randomness in cipher through providing high resistance to attacks. Lookup table is used to design the key scheduling module, thus reducing the area of architecture. Field-programmable gate array (FPGA) performances are evaluated for the proposed and conventional methods. In Virtex 6 device, the proposed key rotation and substitution PRESENT architecture occupied 72 lookup tables, 65 flip flops, and 35 slices which are comparably less to the existing architecture.

• Journal of Nuclear Fuel Cycle and Waste Technology(JNFCWT)
• /
• v.6 no.3
• /
• pp.205-215
• /
• 2008

SITES(Site Information and Total Environmental Data Management System) has been developed for the purpose of systematically managing site characteristics and environmental data produced during the pre-operational, operational, and post-closure phases of a radioactive waste disposal facility. SITES is an integration system, which consists of 4 modules, to be available for maintenance of site characteristics data, for safety assessment, and for site/environment monitoring; site environmental data management module(SECURE), integrated safety assessment module(SAINT), site/environment monitoring module(SUDAL) and geological information module for geological data management(SITES-GIS). Each module has its database with the functions of browsing, storing, and reporting data and information. Data from SECURE and SUDAL are interconnected to be utilized as inputs to SAINT. SAINT has the functions that multi-user can access simultaneously via client-server system, and the safety assessment results can be managed with its embedded Quality Assurance feature. Comparison between assessment results and environmental monitoring data can be made and visualized in SUDAL and SITES-GIS. Also, SUDAL is designed that the periodic monitoring data and information could be opened to the public via internet homepage. SITES has applied to the Wolsong low- and intermediate-level radioactive waste disposal center in Korea, and is expected to enhance the function of site/environment monitoring in other nuclear-related facilities and also in industrial facilities handling hazardous materials.

• The Journal of the Korea Contents Association
• /
• v.17 no.4
• /
• pp.307-319
• /
• 2017

SELinux is known as a secure operating system that is easily accessible to users due to the popularization of Linux, and is applied to various security operating system references deployed on systems such as embedded systems and servers. However, if SELinux is applied without considering the performance overhead of activating the SELinux kernel module, the performance of the entire system may be degraded. In this paper, we describe the factors directly affecting the performance inside the SELinux kernel and show that it is possible to improve performance by simply reorganizing the policy without changing the SELinux kernel. This can be used as a reference when security administrators or developers apply SELinux.