• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.5
• /
• pp.985-991
• /
• 2015

The user's secret key can be retrieved by various side channel leakage informations occurred during the execution of cryptographic RSA exponentiation algorithm which is embedded on a security device. The collision-based power analysis attack known as a serious side channel threat can be accomplished by finding some collision pairs on a RSA power consumption trace. Recently, an RSA exponentiation algorithm was proposed as a countermeasure which is based on the window method adopted combination of message blinding and exponent splitting. In this paper, we show that this countermeasure provides approximately $2^{53}$ attack complexity, much lower than $2^{98}$ insisted in the original article, when the window size is two.

• Proceedings of the KSR Conference
• /
• 2008.06a
• /
• pp.535-544
• /
• 2008

Unlike MS(Magnetic Stripe), SMART CARD is equipped with COS(Chip Operating System) consisting of the Microprocessor and Memory where information can be stored and processed, and there are two types of cards according to the contact mode; the contact type that passes through a gold plated area and the contactless one that goes through the radio-frequency using an antenna embedded in the plastic card. the contactless IC card used for the transportation card was first introduced into local area buses in Seoul, and expanded throughout the country so that it has removed the inconvenience such as possession of cash, fare payment and collection. Focusing on the Seoul metropolitan area in 2004, prepaid and pay later cards were adopted and have been used interchangeably between a bus and subway. The card terminal compatible between a bus and subway is Proximity Integrated Circuit Card(PICC) as international standards(1443 Type A,B), communicates in the 13.56MHz dynamic frequency modulation-demodulation system, and adopts the Multi Secure Application Module(SAM). In the second half of 2009, the system avaliable nationwide will be built when the payment SAM standard is implemented.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.5
• /
• pp.1009-1017
• /
• 2012

The fault injection attack has been developed to extract the secret key which is embedded in a crypto module by injecting errors during the encryption process. Especially, an attacker can find master key of AES using injection of just one byte. In this paper, we proposed a countermeasure resistant to the these fault attacks by checking the differences between input and output. Using computer simulation, we also verified that the proposed AES implementation resistant to fault attack shows better fault detection ratio than previous other methods and has small computational overheads.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.15 no.1
• /
• pp.99-106
• /
• 2011

The emerging of ubiquitous computing and healthcare technologies provides us a strong platform to build sustainable healthcare applications especially those that require real-time information related to personal healthcare regardless of place. We realize that system stability, reliability and data protection are also important requirements for u-healthcare services. Therefore, in this paper, we designed a u-healthcare system which can be attached to the patient's body to measure vital signals, enhanced with USN secure sensor module. Our proposed u-healthcare system is using wireless sensor modules embedded with NLM-128 algorithm. In addition, PS-LFSR technique is applied to the NLM-128 algorithm to enable faster and more efficient computation. We included some performance statistical results in term of CPU cycles spent on NLM-128 algorithm with and without the PS-LFSR optimization for performance evaluation.

• Journal of the Korea Society of Computer and Information
• /
• v.13 no.5
• /
• pp.195-202
• /
• 2008

In this paper, To improve the effectiveness of security enforcement, the first contribution in this work is that we present a clustered heterogeneous WSN(Wareless Sensor Network) architecture, composed of not only resource constrained sensor nodes, but also a number of more powerful high-end devices acting as cluster heads. Compared to sensor nodes, a high-end cluster head has higher computation capability, larger storage, longer power supply, and longer radio transmission range, and it thus does not suffer from the resource scarceness problem as much as a sensor node does. A distinct feature of our heterogeneous architecture is that cluster heads are equipped with TC(trusted computing) technology, and in particular a TCG(Trusted Computing Group) compliant TPM (Trusted Platform Module) is embedded into each cluster head. According the TCG specifications, TPM is a tamper-resistant, self-contained secure coprocessor, capable of performing cryptographic functions. A TPM attached to a host establishes a trusted computing platform that provides sealed storage, and measures and reports the integrity state of the platform.

• Journal of Intelligence and Information Systems
• /
• v.24 no.3
• /
• pp.177-198
• /
• 2018

Recently, as economic property it has become necessary to acquire and utilize the framework for water resource measurement and performance management as the property of water resources changes to hold "public property". To date, the evaluation of water technology has been carried out by feasibility study analysis or technology assessment based on net present value (NPV) or benefit-to-cost (B/C) effect, however it is not yet systemized in terms of valuation models to objectively assess an economic value of technology-based business to receive diffusion and feedback of research outcomes. Therefore, K-water (known as a government-supported public company in Korea) company feels the necessity to establish a technology valuation framework suitable for technical characteristics of water resources fields in charge and verify an exemplified case applied to the technology. The K-water evaluation technology applied to this study, as a public interest goods, can be used as a tool to measure the value and achievement contributed to society and to manage them. Therefore, by calculating the value in which the subject technology contributed to the entire society as a public resource, we make use of it as a basis information for the advertising medium of performance on the influence effect of the benefits or the necessity of cost input, and then secure the legitimacy for large-scale R&D cost input in terms of the characteristics of public technology. Hence, K-water company, one of the public corporation in Korea which deals with public goods of 'water resources', will be able to establish a commercialization strategy for business operation and prepare for a basis for the performance calculation of input R&D cost. In this study, K-water has developed a web-based technology valuation model for public interest type water resources based on the technology evaluation system that is suitable for the characteristics of a technology in water resources fields. In particular, by utilizing the evaluation methodology of the Institute of Advanced Industrial Science and Technology (AIST) in Japan to match the expense items to the expense accounts based on the related benefit items, we proposed the so-called 'K-water's proprietary model' which involves the 'cost-benefit' approach and the FCF (Free Cash Flow), and ultimately led to build a pipeline on the K-water research performance management system and then verify the practical case of a technology related to "desalination". We analyze the embedded design logic and evaluation process of web-based valuation system that reflects characteristics of water resources technology, reference information and database(D/B)-associated logic for each model to calculate public interest-based and profit-based technology values in technology integrated management system. We review the hybrid evaluation module that reflects the quantitative index of the qualitative evaluation indices reflecting the unique characteristics of water resources and the visualized user-interface (UI) of the actual web-based evaluation, which both are appended for calculating the business value based on financial data to the existing web-based technology valuation systems in other fields. K-water's technology valuation model is evaluated by distinguishing between public-interest type and profitable-type water technology. First, evaluation modules in profit-type technology valuation model are designed based on 'profitability of technology'. For example, the technology inventory K-water holds has a number of profit-oriented technologies such as water treatment membranes. On the other hand, the public interest-type technology valuation is designed to evaluate the public-interest oriented technology such as the dam, which reflects the characteristics of public benefits and costs. In order to examine the appropriateness of the cost-benefit based public utility valuation model (i.e. K-water specific technology valuation model) presented in this study, we applied to practical cases from calculation of benefit-to-cost analysis on water resource technology with 20 years of lifetime. In future we will additionally conduct verifying the K-water public utility-based valuation model by each business model which reflects various business environmental characteristics.