• Title/Summary/Keyword: Security of IoT

Search Result 927, Processing Time 0.032 seconds

Proposal and Analysis of Primality and Safe Primality test using Sieve of Euler (오일러체를 적용한 소수와 안전소수의 생성법 제안과 분석)

  • Jo, Hosung;Lee, Jiho;Park, Heejin
    • Journal of IKEEE
    • /
    • v.23 no.2
    • /
    • pp.438-447
    • /
    • 2019
  • As the IoT-based hyper-connected society grows, public-key cryptosystem such as RSA is frequently used for encryption, authentication, and digital signature. Public-key cryptosystem use very large (safe) prime numbers to ensure security against malicious attacks. Even though the performance of the device has greatly improved, the generation of a large (safe)prime is time-consuming or memory-intensive. In this paper, we propose ET-MR and ET-MR-MR using Euler sieve so it runs faster while using less memory. We present a running time prediction model by probabilistic analysis and compare time and memory of our method with conventional methods. Experimental results show that the difference between the expected running time and the measured running time is less than 4%. In addition, the fastest running time of ET-MR is 36% faster than that of TD-MR, 8.5% faster than that of DT-MR and the fastest running time of ET-MR-MR is 65.3% faster than that of TD-MR-MR and similar to that of DT-MR-MR. When k=12,381, the memory usage of ET-MR is 2.7 times more than that of DT-MR but 98.5% less than that of TD-MR and when k=65,536, the memory usage of ET-MR-MR is 98.48% less than that of TD-MR-MR and 92.8% less than that of DT-MR-MR.

A Design of PRESENT Crypto-Processor Supporting ECB/CBC/OFB/CTR Modes of Operation and Key Lengths of 80/128-bit (ECB/CBC/OFB/CTR 운영모드와 80/128-비트 키 길이를 지원하는 PRESENT 암호 프로세서 설계)

  • Kim, Ki-Bbeum;Cho, Wook-Lae;Shin, Kyung-Wook
    • Journal of the Korea Institute of Information and Communication Engineering
    • /
    • v.20 no.6
    • /
    • pp.1163-1170
    • /
    • 2016
  • A hardware implementation of ultra-lightweight block cipher algorithm PRESENT which was specified as a standard for lightweight cryptography ISO/IEC 29192-2 is described. The PRESENT crypto-processor supports two key lengths of 80 and 128 bits, as well as four modes of operation including ECB, CBC, OFB, and CTR. The PRESENT crypto-processor has on-the-fly key scheduler with master key register, and it can process consecutive blocks of plaintext/ciphertext without reloading master key. In order to achieve a lightweight implementation, the key scheduler was optimized to share circuits for key lengths of 80 bits and 128 bits. The round block was designed with a data-path of 64 bits, so that one round transformation for encryption/decryption is processed in a clock cycle. The PRESENT crypto-processor was verified using Virtex5 FPGA device. The crypto-processor that was synthesized using a $0.18{\mu}m$ CMOS cell library has 8,100 gate equivalents(GE), and the estimated throughput is about 908 Mbps with a maximum operating clock frequency of 454 MHz.

Study on File Recovery Based on Metadata Accoring to Linux Kernel (리눅스 커널에 따른 메타데이터 기반 파일 복원 연구)

  • Shin, Yeonghun;Jo, Woo-yeon;Shon, Taeshik
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.29 no.1
    • /
    • pp.77-91
    • /
    • 2019
  • Recent Linux operating systems having been increasingly used, ranging from automotive consoles, CCTV, IoT devices, and mobile devices to various versions of the kernel. Because these devices can be used as strong evidence in criminal investigations, there is a risk of destroying evidence through file deletion. Ext filesystem forensics has been studied in depth because it can recovery deleted files without depending on the kind of device. However, studies have been carried out without consideration of characteristics of file system which may vary depending on the kernel. This problem can lead to serious situations, such as those that can impair investigative ability and cause doubt of evidence ability, when an actual investigation attempts to analyze a different version of the kernel. Because investigations can be performed on various distribution and kernel versions of Linux file systems at the actual investigation site, analysis of the metadata changes that occur when files are deleted by Linux distribution and kernel versions is required. Therefore, in this paper, we analyze the difference of metadata according to the Linux kernel as a solution to this and recovery deleted file. After that, the investigating agency needs to consider the metadata change caused by the difference of Linux kernel version when performing Ext filesystem forensics.

A Study on u-Care Service for the Health and Safety of the Elderly Living Alone (1인 가구 고령자의 건강과 안전을 위한 u-Care에 관한 연구)

  • Kang, Seungae
    • Convergence Security Journal
    • /
    • v.17 no.3
    • /
    • pp.59-64
    • /
    • 2017
  • Korea is experiencing a rapid increase in the number of elderly living alone accompanying the aging society problem, a nd is making efforts to solve the problem through the policy of 'living alone u-care service'. The purpose of this study is to propose a better u-Care service improvement method by applying new technology to improve the user experience of ucare service for the health and safety of the elderly living alone. First, the improvement of u-Care service for elderly livin g alone by applying IoT technology. It provides remote monitoring service using health information data measured through wearable device, and transmits personal health status to medical institution by using personal device such as smart phone, so that remote medical consultation or telemedicine can be connected in the future. Second, improvement of u-Care service through consideration of emotional stability of elderly living alone as well as simple safety and health care through applica tion of emotional service robot technology.It is expected that it will be able to help independent living of one person's elde rly person in the future by providing caring function service to existing u-care service providing service.

A Study on the Users Intention to Adopt an Intelligent Service: Focusing on the Factors Affecting the Perceived Necessity of Conversational A.I. Service (인공지능 서비스의 사용자 수용 의도에 관한 연구 : 대화형 AI서비스 필요성에 대한 인식에 영향을 주는 요인을 중심으로)

  • Jeon, Sowon;Lee, Jihee;Lee, Jongtae
    • Journal of Korea Technology Innovation Society
    • /
    • v.22 no.2
    • /
    • pp.242-264
    • /
    • 2019
  • This study focuses on considering the factors affecting the user intention to adopt an intelligent service - A.I. speaker services. Currently there can be a considerable difference between the expectation and the realized diffusion of IT-based intelligent services. This study aims to find out this gap based on the idea of diver previous researches including TAM and UTAUT studies and to identify the direct and indirect effects of diverse factors such as security issues, perceived time pressure, service innovativeness, and the experience of these IT-based intelligent services. And this study considers the expected impact of perceived time pressure factor on the user acceptance of A.I. speaker services. In analysis results, not only the traditional factors such as the perceived usefulness and the hedonic/utilitarian motives but also the perceived time pressure, the perceived security issues, and the experience of the services should be considered as meaningful factors to affect the users adopting A.I. speaker services.

Design of Authentication Mechinism for Command Message based on Double Hash Chains (이중 해시체인 기반의 명령어 메시지 인증 메커니즘 설계)

  • Park Wang Seok;Park Chang Seop
    • Convergence Security Journal
    • /
    • v.24 no.1
    • /
    • pp.51-57
    • /
    • 2024
  • Although industrial control systems (ICSs) recently keep evolving with the introduction of Industrial IoT converging information technology (IT) and operational technology (OT), it also leads to a variety of threats and vulnerabilities, which was not experienced in the past ICS with no connection to the external network. Since various control command messages are sent to field devices of the ICS for the purpose of monitoring and controlling the operational processes, it is required to guarantee the message integrity as well as control center authentication. In case of the conventional message integrity codes and signature schemes based on symmetric keys and public keys, respectively, they are not suitable considering the asymmetry between the control center and field devices. Especially, compromised node attacks can be mounted against the symmetric-key-based schemes. In this paper, we propose message authentication scheme based on double hash chains constructed from cryptographic hash function without introducing other primitives, and then propose extension scheme using Merkle tree for multiple uses of the double hash chains. It is shown that the proposed scheme is much more efficient in computational complexity than other conventional schemes.

An Approach to Constructing an Efficient Entropy Source on Multicore Processor (멀티코어 환경에서 효율적인 엔트로피 원의 설계 기법)

  • Kim, SeongGyeom;Lee, SeungJoon;Kang, HyungChul;Hong, Deukjo;Sung, Jaechul;Hong, Seokhie
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.28 no.1
    • /
    • pp.61-71
    • /
    • 2018
  • In the Internet of Things, in which plenty of devices have connection to each other, cryptographically secure Random Number Generators (RNGs) are essential. Particularly, entropy source, which is the only one non-deterministic part in generating random numbers, has to equip with an unpredictable noise source(or more) for the required security strength. This might cause an requirement of additional hardware extracting noise source. Although additional hardware resources has better performance, it is needed to make the best use of existing resources in order to avoid extra costs, such as area, power consumption. In this paper, we suggest an entropy source which uses a multi-threaded program without any additional hardware. As a result, it reduces the difficulty when implementing on lightweight, low-power devices. Additionally, according to NIST's entropy estimation test suite, the suggested entropy source is tested to be secure enough for source of entropy input.

A Study on Malware Identification System Using Static Analysis Based Machine Learning Technique (정적 분석 기반 기계학습 기법을 활용한 악성코드 식별 시스템 연구)

  • Kim, Su-jeong;Ha, Ji-hee;Oh, Soo-hyun;Lee, Tae-jin
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.29 no.4
    • /
    • pp.775-784
    • /
    • 2019
  • Malware infringement attacks are continuously increasing in various environments such as mobile, IOT, windows and mac due to the emergence of new and variant malware, and signature-based countermeasures have limitations in detection of malware. In addition, analytical performance is deteriorating due to obfuscation, packing, and anti-VM technique. In this paper, we propose a system that can detect malware based on machine learning by using similarity hashing-based pattern detection technique and static analysis after file classification according to packing. This enables more efficient detection because it utilizes both pattern-based detection, which is well-known malware detection, and machine learning-based detection technology, which is advantageous for detecting new and variant malware. The results of this study were obtained by detecting accuracy of 95.79% or more for benign sample files and malware sample files provided by the AI-based malware detection track of the Information Security R&D Data Challenge 2018 competition. In the future, it is expected that it will be possible to build a system that improves detection performance by applying a feature vector and a detection method to the characteristics of a packed file.

Token-Based User Dynamic Access Control for Secure Device Commands in Smart Home (스마트 홈에서 안전한 디바이스 제어 명령을 위한 토큰 기반 사용자 동적 접근제어 기법)

  • Hyeseon Yu;Minhye Seo
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.34 no.4
    • /
    • pp.553-568
    • /
    • 2024
  • Due to the rapid development of IoT technology and the increase in home activities after the COVID-19 pandemic, users' demand for smart homes has increased significantly. As the size of the smart home market increases every year and the number of users increases, the importance of personal information protection and various security issues is also growing. It often grants temporary users smart home owner rights and gives them access to the system. However, this can easily allow access to third parties because the authorities granted are not properly managed. In addition, it is necessary to prevent the possibility of secondary damage using personal information collected through smart home devices and sensors. Therefore, in this paper, to prevent indiscriminate access to smart home systems without reducing user convenience, access rights are subdivided and designed according to the functions and types of smart home devices, and a token-based user access control technique using personal devices is proposed.

Access Control Mechanism for Secure CoAP Applications Based on DTLS (DTLS 기반의 안전한 CoAP 응용을 위한 접근제어 메커니즘)

  • Jeong, Yeon-seong;Park, Chang-seop
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.27 no.6
    • /
    • pp.1307-1315
    • /
    • 2017
  • While the PSK mode of the DTLS is the most efficient in terms of the performance, it is not easy to pre-distribute and manage the symmetric key pairs as the number of sensor devices increases. On the other hand, both the RPK and certificate modes offer a convenient key management tool, but they do not guarantee a good computational performance. In this paper, the end-to-end security protocol suitable for the constrained devices is proposed, based on both the ECQV certificate and the PSK mode. Namely, the initial DTLS handshake is performed using the ECQV certificate, and the subsequent DTLS handshakes with the other CoAP servers in the same group are performed using the PSK mode for the purpose of reducing the overall computational load. Furthermore, a fine-grained access control for the CoAP client can be enforced to allow access to the limited number of CoAP servers.