• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.18 no.4
• /
• pp.27-35
• /
• 2008

In this paper we show that the full-round SCO-1[12] is vulnerable to the related-key differential attack. The attack on the full-round SCO-1 requires $2^{61}$ related-key chosen ciphertexts and $2^{120.59}$ full-round SCO-1 decryptions. This work is the first known attack on SCO-1.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.16 no.3
• /
• pp.1047-1062
• /
• 2022

Differential power analysis (DPA) is disturbed by ghost peaks. There is a phenomenon that the mean absolute difference (MAD) value of the wrong key is higher than the correct key. We propose a compressed key guessing space (CKGS) scheme to solve this problem and analyze the AES algorithm. The DPA based on this scheme is named CKGS-DPA. Unlike traditional DPA, the CKGS-DPA uses two power leakage points for a combined attack. The first power leakage point is used to determine the key candidate interval, and the second is used for the final attack. First, we study the law of MAD values distribution when the attack point is AddRoundKey and explain why this point is not suitable for DPA. According to this law, we modify the selection function to change the distribution of MAD values. Then a key-related value screening algorithm is proposed to obtain key information. Finally, we construct two key candidate intervals of size 16 and reduce the key guessing space of the SubBytes attack from 256 to 32. Simulation experimental results show that CKGS-DPA reduces the power traces demand by 25% compared with DPA. Experiments performed on the ASCAD dataset show that CKGS-DPA reduces the power traces demand by at least 41% compared with DPA.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.15 no.10
• /
• pp.3815-3833
• /
• 2021

MILP-based automatic search is the most common method in analyzing the security of cryptographic algorithms. However, this method brings many issues such as low efficiency due to the large size of the model, and the difficulty in finding the contradiction of the impossible differential distinguisher. To analyze the security of ESF algorithm, this paper introduces a simplified MILP-based search model of the differential distinguisher by reducing constrains of XOR and S-box operations, and variables by combining cyclic shift with its adjacent operations. Also, a new method to find contradictions of the impossible differential distinguisher is proposed by introducing temporary variables, which can avoid wrong and miss selection of contradictions. Based on a 9-round impossible differential distinguisher, 15-round attack of ESF can be achieved by extending forward and backward 3-round in single-key setting. Compared with existing results, the exact lower bound of differential active S-boxes in single-key setting for 10-round ESF are improved. Also, 2108 9-round impossible differential distinguishers in single-key setting and 14 12-round impossible differential distinguishers in related-key setting are obtained. Especially, the round of the discovered impossible differential distinguisher in related-key setting is the highest, and compared with the previous results, this attack achieves the highest round number in single-key setting.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.14 no.1
• /
• pp.344-365
• /
• 2020

Providing security has been always on priority in all areas of computing and communication, and for the systems that are low on computing power, implementing appropriate and efficient security mechanism has been a continuous challenge for the researchers. Radio Frequency Identification (RFID) system is such an environment, which requires the design and implementation of efficient security mechanism. Earlier, the security protocols for RFID based on hash functions and symmetric key cryptography have been proposed. But, due to high strength and requirement of less key size in elliptic curve cryptography, the focus of researchers has been on designing efficient security protocol for RFID based on elliptic curves. In this paper, an efficient elliptic curve signcryption based security protocol for RFID has been proposed, which provides mutual authentication, confidentiality, non-repudiation, integrity, availability, forward security, anonymity, and scalability. Moreover, the proposed protocol successfully provides resistance from replay attack, impersonation attack, location tracking attack, de-synchronization attack, denial of service attack, man-in-the-middle attack, cloning attack, and key-compromise attack. Results have revealed that the proposed protocol is efficient than the other related protocols as it takes less computational time and storage cost, especially for the tag, making it ideal to be used for RFID systems.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.11 no.12
• /
• pp.6188-6204
• /
• 2017

Over the years, more password-based authentication key agreement schemes using chaotic maps were susceptible to attack by off-line password guess attack. This work approaches this problem by a new method--new theorem of chaotic maps: $T_{a+b}(X)+T_{a-b}(X)=2T_a(X)T_b(X)$,(a>b). In fact, this method can be used to design two-party, three-party, even in N-party intelligently. For the sake of brevity and readability, only a two-party instance: a novel Two-party Password-Authenticated Key Agreement Protocol is proposed for resisting password guess attack in this work. Compared with the related literatures recently, our proposed scheme can be not only own high efficiency and unique functionality, but is also robust to various attacks and achieves perfect forward secrecy. For capturing improved ratio of security and efficiency intuitively, the paper firstly proposes a new parameter called security/efficiency ratio(S/E Ratio). The higher the value of the S/E Ratio, the better it is. Finally, we give the security proof and the efficiency analysis of our proposed scheme.

• Convergence Security Journal
• /
• v.21 no.1
• /
• pp.55-62
• /
• 2021

Recently, the use of sensor devices is gradually increasing. As various sensor device emerge and the related technologies advance, there has been a dramatic increase in the interest in heterogeneous wireless sensor networks (WSNs). While sensor device provide us many valuable benefits, automatically and remotely supported services offered and accessed remotely through WSNs also exposes us to many different types of security threats. Most security threats were just related to information leakage and the loss of authentication among the involved parties: users, sensors and gateways. An user authentication protocol for wireless sensor networks is designed to restrict access to the sensor data only to user. In 2019, Chen et al. proposed an efficient user authentication protocol. However, Ryu et al. show that it's scheme still unstable and inefficient. It cannot resist offline password guessing attack and session key attack. In this paper, we propose an improved protocol to overcome these security weaknesses by storing secret data in device. In addition, security properties like session-key security, perfect forward secrecy, known-key security and resistance against offline password attacks are implied by our protocol.

• Journal of Advanced Navigation Technology
• /
• v.15 no.1
• /
• pp.69-75
• /
• 2011

In this paper, we analyze the key schedule of the block cipher SEED-192. According to the result of this paper, there exist weak keys in 16 out of 20 rounds of SEED-192 against the related-key rectangle/boomerang attack. This is the first cryptanalytic result for the key schedule of SEED-192.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.4
• /
• pp.803-807
• /
• 2018

The Fantomas and the Robin are the block ciphers included in the LS-designs, the family of block ciphers. They are designed to efficiently apply the masking technique, which is a side-channel analysis countermeasure technique, using L-boxes and S-boxes capable of bit slice implementation. In this paper, we show that the key recovery attacks of Fantomas and Robin through the related-key differential analysis are possible with $2^{56}$ and $2^{72}$ time complexity, $2^{56}$ and $2^{69}$ chosen plaintext respectively.

• Journal of Korea Multimedia Society
• /
• v.12 no.5
• /
• pp.644-652
• /
• 2009

New communication environments such as USN, WiBro and RFID have been realized nowadays. Thus, in order to ensure security and privacy protection, various light-weight block ciphers, e.g., mCrypton, HIGHT, SEA and PRESENT, have been proposed. The block cipher mCrypton, which is a light-weight version of Crypton, is a 64-bit block cipher with three key size options (64 bits, 96 bits, 128 bits). In this paper we show that 8-round mCrypton with 128-bit key is vulnerable to related-key rectangle attack. It is the first known cryptanalytic result on mCrypton. We first describe how to construct two related-key truncated differentials on which 7-round related-key rectangle distinguisher is based and then exploit it to attack 8-round mCrypton. This attack requires $2^{45.5}$dada and $2^{45.5}$time complexities which is faster than exhaustive key search.

• Journal of the Korea Society of Computer and Information
• /
• v.29 no.6
• /
• pp.53-60
• /
• 2024

In this paper, we analyze the authentication scheme of Hwang et al. proposed in 2023 and propose a new authentication scheme that improves its problems. Hwang et al. claimed that their authentication scheme was practical and secure, but as a result of analysis in this paper, it is possible to attack the password/ID guessing attack and session key disclosure attack due to insider attack and stolen smart card attack. In addition, Hwang et al.'s authentication scheme, which provides user anonymity, does not provide user untraceability due to its unstable design. The proposed authentication scheme, which improves these problems, not only provides user untraceability, but also is secure for stolen smart card attack, insider attack, session key disclosure attack, and replay attack. In addition, except for one fuzzy extraction operation, it shows the same complexity or very similar one as related authentication schemes. Therefore, the proposed authentication scheme can be said to be an authentication scheme with safety and practicality.