• Current Optics and Photonics
• /
• v.3 no.2
• /
• pp.119-127
• /
• 2019

A new secret-key-sharing cryptosystem using optical phase-shifting digital holography is proposed. The proposed secret-key-sharing algorithm is based on the Diffie-Hellman key-exchange protocol, which is modified to an optical cipher system implemented by a two-step quadrature phase-shifting digital holographic encryption method using orthogonal polarization. Two unknown users' private keys are encrypted by two-step phase-shifting digital holography and are changed into three digital-hologram ciphers, which are stored by computer and are opened to a public communication network for secret-key-sharing. Two-step phase-shifting digital holograms are acquired by applying a phase step of 0 or ${\pi}/2$ in the reference beam's path. The encrypted digital hologram in the optical setup is a Fourier-transform hologram, and is recorded on CCDs with 256 quantized gray-level intensities. The digital hologram shows an analog-type noise-like randomized cipher with a two-dimensional array, which has a stronger security level than conventional electronic cryptography, due to the complexity of optical encryption, and protects against the possibility of a replay attack. Decryption with three encrypted digital holograms generates the same shared secret key for each user. Schematically, the proposed optical configuration has the advantage of producing a kind of double-key encryption, which can enhance security strength compared to the conventional Diffie-Hellman key-exchange protocol. Another advantage of the proposed secret-key-sharing cryptosystem is that it is free to change each user's private key in generating the public keys at any time. The proposed method is very effective cryptography when applied to a secret-key-exchange cryptosystem with high security strength.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.25 no.1
• /
• pp.69-74
• /
• 2021

Internet access is also increasing as online activities increase due to the influence of Corona 19. However, network attacks are also diversifying by malicious users, and DDoS among the attacks are increasing year by year. These attacks are detected by intrusion detection systems and can be prevented at an early stage. Various data sets are used to verify intrusion detection algorithms, but in this paper, CICIDS2017, the latest traffic, is used. DDoS attack traffic was analyzed using the decision tree. In this paper, we analyzed the traffic by using the decision tree. Through the analysis, a decisive feature was found, and the accuracy of the decisive feature was confirmed by proceeding the decision tree to prove the accuracy of detection. And the contents of false positive and false negative traffic were analyzed. As a result, learning the feature and the two features showed that the accuracy was 98% and 99.8% respectively.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.15 no.6
• /
• pp.2148-2167
• /
• 2021

The proliferation of the Internet of Things (IoT) technologies and applications, especially the rapid rise in the use of mobile devices, from individuals to organizations, has led to the fundamental role of secure wireless networks in all aspects of services that presented with many opportunities and challenges. To ensure the CIA (confidentiality, integrity and accessibility) security model of the networks security and high efficiency of performance results in various resource-constrained applications and environments of the IoT platform, DDO-(data-driven operation) based constructions have been introduced as a primitive design that meet the demand of high speed encryption systems. Among of them, the TMN-family ciphers which were proposed by Tuan P.M., Do Thi B., etc., in 2016, are entirely suitable approaches for various communication applications of wireless mobile networks (WMNs) and advanced wireless sensor networks (WSNs) with high flexibility, applicability and mobility shown in two different algorithm selections, TMN64 and TMN128. The two ciphers provide strong security against known cryptanalysis, such as linear attacks and differential attacks. In this study, we demonstrate new probability results on the security of the two TMN construction versions - TMN64 and TMN128, by proposing efficient related-key recovery attacks. The high probability characteristics (DCs) are constructed under the related-key differential properties on a full number of function rounds of TMN64 and TMN128, as 10-rounds and 12-rounds, respectively. Hence, the amplified boomerang attacks can be applied to break these two ciphers with appropriate complexity of data and time consumptions. The work is expected to be extended and improved with the latest BCT technique for better cryptanalytic results in further research.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.13 no.6
• /
• pp.85-96
• /
• 2003

Wireless LAM in itself is vulnerable to eavesdropping and modification attack, and thus, IEEE 802.11i and IEEE 802. 1x/1aa have been defined to secure the wireless channel. These protocols accompanied by RADIUS and EAP-TLS provide users of wireless LAM with integrity and confidentiality services, and also they perform authentication and access control of wireless ports. In this paper, we suggest a method to implement accounting session using authentication session of IEEE 802. 1x and accounting state machine is designed with the accounting session. Also, we propose a key exchange mechanism to establish secure channel between stations and an access point. The mechanism is designed to be inter-operable with IEEE 802. 1aa.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.12 no.3
• /
• pp.103-118
• /
• 2002

To provide the privacy of transmitted message over network the use of cryptographic system is increasing gradually. Because the security and reliability of the cryptographic system is totally rely on the key, the key management is the most important part of the cryptographic system. Although there are a lot of security products providing encryption, the security of the key exchange protocols used in the product are not mostly proved yet. Therefore, we have to study properties and operation of key agreement protocols based on elliptic curve in ANSI X9.63. furthermore, we analyze the security of their protocols under passive and active attacker models and propose the most suitable application field taking the feature of the protocols into account.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.1
• /
• pp.81-91
• /
• 2012

Presently in 2011, there are countless attacking tools oriented to invading security on the internet. And most of the tools are possible to conduct the actual invasion. Also, as the program sources attacking the weaknesses of PS3 were released in 2010 and also various sources for attacking agents and attacking tools such as Stuxnet Source Code were released in 2011, the part for defense has the greatest burden; however, it can be also a chance for the defensive part to suggest and develop methods to defense identical or similar patterned attacking by analyzing attacking sources. As a way to cope with such attacking, this study divides the network areas targeted for attack based on load balancing by the approach gateways and communication lines according to the defensive policies by attacking types and also suggests methods to multiply communication lines. The result of this paper will be provided as practical data to realize defensive policies based on high hardware performances through enhancing the price competitiveness of hardware infrastructure with 2010 as a start.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.19 no.6
• /
• pp.37-47
• /
• 2009

In VANET, each vehicle can obtain traffic information from other vehicles or infrastructure, and they frequently exchange life-critical safety message. Therefore, it is necessary among vehicles to establish a secure channel for keeping the driver's safe and protecting the channel against several attack challenges. TSVC is a representative scheme which needs low communication and computation to be performed. But, there is a delay when verifying the messages because it is designed based on TESLA. Thus, it is not acceptable to use TSVC for sending the time-critical messages. In this paper, we propose a novel message authentication scheme which reduces a delay for the verification of messages. Therefore, the proposed scheme can be suitable to transmitting time-critical messages. Furthermore, the scheme supports to privacy preservation and can robust against DoS attacks.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.22 no.5
• /
• pp.17-22
• /
• 2022

In this paper, we design a lightweight embedded device that can support intelligent edge computing, and show that the device quickly detects an object in an image input from a camera device in real time. The proposed system can be applied to environments without pre-installed infrastructure, such as an intelligent video control system for industrial sites or military areas, or video security systems mounted on autonomous vehicles such as drones. The On-Device AI(Artificial intelligence) technology is increasingly required for the widespread application of intelligent vision recognition systems. Computing offloading from an image data acquisition device to a nearby edge device enables fast service with less network and system resources than AI services performed in the cloud. In addition, it is expected to be safely applied to various industries as it can reduce the attack surface vulnerable to various hacking attacks and minimize the disclosure of sensitive data.

• Journal of Internet Computing and Services
• /
• v.23 no.4
• /
• pp.95-107
• /
• 2022

With the rapid development of Internet of Things sensor devices and big data processing techniques, Internet of Things sensor-based information systems have been applied in various industries. Depending on the industry in which the information systems are applied, the accuracy of the information derived can affect the industry's efficiency and safety. Therefore, security techniques that protect sensing data from security attacks and enable information systems to derive accurate information are essential. In this paper, we examine security threats targeting each processing step of an Internet of Things sensor-based information system and propose security mechanisms for each security threat. Furthermore, we present an Internet of Things sensor-based information system structure that is robust to security attacks by integrating the proposed security mechanisms. In the proposed system, by applying lightweight security techniques such as a lightweight encryption algorithm and obfuscation-based data validation, security can be secured with minimal processing delay even in low-power and low-performance IoT sensor devices. Finally, we demonstrate the feasibility of the proposed system by implementing and performance evaluating each security mechanism.

• Journal of Digital Convergence
• /
• v.19 no.4
• /
• pp.133-139
• /
• 2021

Due to the rapid progress in network technology, many research on content security technologies is also being conducted in the mobile digital content sector. In the meantime, content protection has been immersed in preventing illegal copying, certifying, and issuance/management certificates, but still have many vulnerabilities in managing or authenticating confidential information. This study aims to strengthen confidential information about content based on dual management of content download rights through mobile phone numbers or device numbers. It also protect replay-attack by building a secure mobile DRM system where digital content is safely distributed based on a three-stage user authentication process. In addition, blockchain-based content security enhancements were studied during the primary/secondary process for user authentication for the prevention of piracy and copyright protection. In addition, the client authentication process was further improved through three final stages of authorization in the use of illegal content, considering that legitimate users redistributed their content to third-party.