• Electronics and Telecommunications Trends
• /
• v.33 no.6
• /
• pp.94-106
• /
• 2018

A quantum key distribution (QKD) provides in principle an unconditional secure communication unlike the standard public key cryptography depending on the computational complexity. In particular, free-space QKD can give a secure solution even without a fiber-based infrastructure. In this paper, we investigate an overview of recent research trends in the free-space QKD system, including satellite and handheld moving platforms. In addition, we show the key components for a free-space QKD system such as the integrated components, single photon detectors, and quantum random number generator. We discuss the technical challenges and progress toward a future free- space QKD system and components.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2003.05a
• /
• pp.469-472
• /
• 2003

The computational cost of encryption is a barrier to wider application of a variety of data security protocols. Virtually all research on Elliptic Curve Cryptography(ECC) provides evidence to suggest that ECC can provide a family of encryption algorithms that implementation than do current widely used methods. This efficiency is obtained since ECC allows much shorter key lengths for equivalent levels of security. This paper suggests how improvements in execution of ECC algorithms can be obtained by changing the representation of the elements of the finite field of the ECC algorithm. Specifically, this research compares the time complexity of ECC computation eve. a variety of finite fields with elements expressed in the polynomial basis(PB) and normal basis(NB).

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.10 no.3
• /
• pp.1229-1248
• /
• 2016

With the feature of convenience and low cost, remote healthcare monitoring (RHM) has been extensively used in modern disease management to improve the quality of life. Due to the privacy of health data, it is of great importance to implement RHM based on a secure and dependable network. However, the network connectivity of existing RHM systems is unreliable in disaster area because of the unforeseeable damage to the communication infrastructure. To design a secure RHM system in disaster area, this paper presents a Secure VANET-Assisted Remote Healthcare Monitoring System (SVC) by utilizing the unique "store-carry-forward" transmission mode of vehicular ad hoc network (VANET). To improve the network performance, the VANET in SVC is designed to be a two-level network consisting of two kinds of vehicles. Specially, an innovative two-level key management model by mixing certificate-based cryptography and ID-based cryptography is customized to manage the trust of vehicles. In addition, the strong privacy of the health information including context privacy is taken into account in our scheme by combining searchable public-key encryption and broadcast techniques. Finally, comprehensive security and performance analysis demonstrate the scheme is secure and efficient.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.12 no.9
• /
• pp.4576-4598
• /
• 2018

In big data age, flexible and affordable cloud storage service greatly enhances productivity for enterprises and individuals, but spontaneously has their outsourced data susceptible to integrity breaches. Provable Data Possession (PDP) as a critical technology, could enable data owners to efficiently verify cloud data integrity, without downloading entire copy. To address challenging integrity problem on multiple clouds for multiple owners, an identity-based batch PDP scheme was presented in ProvSec 2016, which attempted to eliminate public key certificate management issue and reduce computation overheads in a secure and batch method. In this paper, we firstly demonstrate this scheme is insecure so that any clouds who have outsourced data deleted or modified, could efficiently pass integrity verification, simply by utilizing two arbitrary block-tag pairs of one data owner. Specifically, malicious clouds are able to fabricate integrity proofs by 1) universally forging valid tags and 2) recovering data owners' private keys. Secondly, to enhance the security, we propose an improved scheme to withstand these attacks, and prove its security with CDH assumption under random oracle model. Finally, based on simulations and overheads analysis, our batch scheme demonstrates better efficiency compared to an identity based multi-cloud PDP with single owner effort.

• The Transactions of The Korean Institute of Electrical Engineers
• /
• v.57 no.4
• /
• pp.706-714
• /
• 2008

In this paper, we suggest a practical and flexible system architecture for JTAG(Joint Test Action Group) protection of application processors. From the view point of security, the debugging function through JTAG port can be abused by malicious users, so the internal structures and important information of application processors, and the sensitive information of devices connected to an application processor can be leak. This paper suggests a system architecture that disables computing power of computers used to attack processors to reveal important information. For this, a user authentication method is used to improve security strength by checking the integrity of boot code that is stored at boot memory, on booting time. Moreover for user authorization, we share hard wired secret key cryptography modules designed for functional operation instead of hardwired public key cryptography modules designed for only JTAG protection; this methodology allows developers to design application processors in a cost and power effective way. Our experiment shows that the security strength can be improved up to $2^{160}{\times}0.6$second when using 160-bit secure hash algorithm.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2011.04a
• /
• pp.844-847
• /
• 2011

Wireless mesh network (WMN) is a type of mobile ad-hoc network consists of wireless router, mobile clients and gateway which connects the network with the Internet. To provide security in the network it is required to encrypt the message sent among the communicating nodes in such way so that only legitimate user can retrieve the original data. Several security mechanisms have been proposed so far to enhance the security of WMN. However, there still exists a need for a comprehensive mechanism to prevent attacks in data communication. Considering the characteristic of mesh network, in this paper we proposed a public key cryptography based security architecture to establish a secure key agreement among communicating nodes in mesh network. The proposed security architecture consists of two major sections: client data protection and network data protection. Client data protection deals with the mutual authentication between the client and the access router and provide client to access router encryption for data confidentiality using standard IEEE 802.11i protocol. On the other hand, network data protection ensures encrypted routing and data transfer in the multi hop backbone network. For the network data protection, we used the pre-distributed public key to form a secure backbone infrastructure.

• Proceedings of the Korea Multimedia Society Conference
• /
• 2000.04a
• /
• pp.103-106
• /
• 2000

본 논문에서는 키 교환 단계없이 비대칭키 암호 알고리즘을 사용하여 대량의 메시지를 암호화하여 전송하는 기법을 제안한다. 제안된 기법은 전체 메시지를 스크램블링한 후 스크램블링된 메시지의 일부분만을 공개키 암호 알고리즘을 사용하여 암호화하여 전송한다. 스크램블링 함수로 신상욱[3] 등에 의해 제안된 해쉬함수를 사용한 all-or-nothing 변환을 이용한다. 그리고 제안된 기법에 약간의 추가적인 오버헤드를 부가하여 디지털 서명까지 제공하는 기법을 제안한다.

• Proceedings of the Korea Society for Industrial Systems Conference
• /
• 2007.02a
• /
• pp.26-31
• /
• 2007

An ad hoc network is a collection of mobile nodes without any Infrastructure. However, ad hoc networks are vulnerable to attacks such as routing disruption and resource consumption; thus, routing protocol security is needed This paper proposes a secure and efficient routing protocol for mobile ad hoc networks, where only one-way hash function are used to authenticate nodes in the ROUTE REQUEST, while additional public-key cryptography is used to guard against active attackers disguising a node in the ROUTE REPLY.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.1
• /
• pp.75-86
• /
• 2023

Public key cryptography algorithm such as RSA and ECC, which are commonly used in current financial transaction services, can no longer guarantee security when quantum computers are realized. Therefore it is necessary to convert existing legacy algorithms to Post-Quantum Cryptography, but it is expected that will take a considerable amount of time to replace them. Hence, it is necessary to study a hybrid method combining the two algorithms in order to prepare the forthcoming transition period. In this paper we propose a hybrid session key exchange protocol that generates a session key by combining the legacy algorithm ECDH and the Post-Quantum Cryptographic algorithm NTRU. We tried the methods that proposed by the IETF for TLS 1.3 based hybrid key exchange, and as a result, it is expected that the security can be enhanced by applying the protocol proposed in this paper to the existing financial transaction session protection solution.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.26 no.7
• /
• pp.1071-1077
• /
• 2022

A security SoC that can be used to implement elliptic curve cryptography (ECC) based public-key infrastructures was designed. The security SoC has an architecture in which a hardware accelerator for the elliptic curve digital signature algorithm (ECDSA) is interfaced with the Cortex-A53 CPU using the AXI4-Lite bus. The ECDSA hardware accelerator, which consists of a high-performance ECC processor, a SHA3 hash core, a true random number generator (TRNG), a modular multiplier, BRAM, and control FSM, was designed to perform the high-performance computation of ECDSA signature generation and signature verification with minimal CPU control. The security SoC was implemented in the Zynq UltraScale+ MPSoC device to perform hardware-software co-verification, and it was evaluated that the ECDSA signature generation or signature verification can be achieved about 1,000 times per second at a clock frequency of 150 MHz. The ECDSA hardware accelerator was implemented using hardware resources of 74,630 LUTs, 23,356 flip-flops, 32kb BRAM, and 36 DSP blocks.