• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.14 no.6
• /
• pp.125-134
• /
• 2004

When cryptosystem designers implement devices that computing power or memory is limited such as smart cards, PDAs and so on, not only he/she has to be careful side channel attacks(SCA) but also the cryptographic algorithms within the device has to be efficient using small memory. For this purpose, countermeasures such as Moiler's method, Okeya-Takagi's one and overlapping window method, based on window method to prevent SCA were proposed. However, Moiler's method and Okeya-Talngi's one require additional cost to prevent other SCA such as DPA, Second-Order DPA, Address-DPA, and so on since they are immune to only SPA. Also, overlapping window method has a drawback that requires big memory. In this paper, we analyze existing countermeasures and propose an efficient and secure countermeasure that is immune to all existing SCA using advantages of each countermeasure. Moreover, the proposed countermeasure can enhance the efficiency using mixed coordinate systems.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.18 no.6A
• /
• pp.39-49
• /
• 2008

AEA and ARIA are next generation standard block cipher of US and Korea, respectively, and these algorithms are used in various fields including smart cards, electronic passport, and etc. This paper addresses the first efficient unified hardware architecture of AES and ARIA, and shows the implementation results with 0.25um CMOS library. We designed shared S-boxes based on composite filed arithmetic for both algorithms, and also extracted common terms of the permutation matrices of both algorithms. With the $0.25-{\mu}m$ CMOS technology, our processor occupies 19,056 gate counts which is 32% decreased size from discrete implementations, and it uses 11 clock cycles and 16 cycles for AES and ARIA encryption, which shows 720 and 1,047 Mbps, respectively.

• Fashion & Textile Research Journal
• /
• v.24 no.3
• /
• pp.333-345
• /
• 2022

This study developed and evaluated the motion control of 3D printed fingers applied to smart gloves. Four motions were programmed by assembling the module using the Arduino program: cylindrical grasping, spherical grasping, tip-to-tip pinch gripping, and three-jaw pinch gripping. Cap and re-entrant (RE) strip types were designed to model the finger. Two types of modeling were printed using filaments of thermoplastic elastomer (TPE) and thermoplastic polyurethane (TPU). The prepared samples were evaluated using three types of pens for cylidrical grasping, three types of balls for spherical grasping, and two types of cards for tip-to-tip pinch gripping and three-jaw pinch gripping. The motion control of fingers was connected using five servo motors to the number of each control board. Cylindrical and spherical grasping were moved by controlling the fingers at 180° and 150°, respectively. Pinch gripping was controlled using a tip-to-tip pinch motion controlled by the thumb at 30° and index-middle at 0° besides a three-jaw pinch motion controlled by the thumb-index finger-middle at 30°, 0°, and 0°, respectively. As a result of the functional evaluation, the TPE of 3D-printed fingers was more flexible than those of TPU. RE strip type of 3D-printed fingers was more suitable for the motion control of fingers than the 3D-printed finger.

• Journal of the Korea Society of Computer and Information
• /
• v.26 no.9
• /
• pp.89-96
• /
• 2021

In this paper, we analyzed that the user authentication scheme for TMIS(Telecare Medicine Information System) proposed by Al-Saggaf et al. In 2019, Al-Saggaf et al. proposed authentication scheme using biometric information, Al-Saggaf et al. claimed that their authentication scheme provides high security against various attacks along with very low computational cost. However in this paper after analyzing Al-Saggaf et al's authentication scheme, the Al-Saggaf et al's one are missing random number s from the DB to calculate the identity of the user from the server, and there is a design error in the authentication scheme due to the lack of delivery method. Al-Saggaf et al also claimed that their authentication scheme were safe against a variety of attacks, but were vulnerable to password guessing attack using login request messages and smart cards, session key exposure and insider attack. An attacker could also use a password to decrypt the stored user's biometric information by encrypting the DB with a password. Exposure of biometric information is a very serious breach of the user's privacy, which could allow an attacker to succeed in the user impersonation. Furthermore, Al-Saggaf et al's authentication schemes are vulnerable to identity guessing attack, which, unlike what they claimed, do not provide significant user anonymity in TMIS.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.17 no.4
• /
• pp.115-129
• /
• 2007

The ubiquitous and autonomic computing environments is open and dynamic providing the universal wireless access through seamless integration of software and system architectures. The ubiquitous computing have to offer the user-centric pervasive services according to the wireless access. Therefore the roaming services with the predefined security associations among all of the mobile devices in various networks is especially complex and difficult. Furthermore, there has been little study of security coordination for realistic autonomic system capable of authenticating users with different kinds of user interfaces, efficient context modeling with user profiles on Smart Cards, and providing pervasive access service by setting roaming agreements with a variety of wireless network operators. This paper proposes a Roaming Coordinator-based security management framework that supports the capability of interoperator roaming with the pervasive security services among the push service based network domains. Compared to traditional mobile systems in which a Universal Subscriber Identity Module(USIM) is dedicated to one service domain only, our proposed system with Roaming Coordinator is more open, secure, and easy to update for security services throughout the different network domains such as public wireless local area networks(PWLANs), 3G cellular networks and wireless metropolitan area networks(WMANs).

• The Journal of The Korea Institute of Intelligent Transport Systems
• /
• v.3 no.1 s.4
• /
• pp.1-12
• /
• 2004

Recently, the Korea Highway Company is replacing their prepaid plastic cards with a smart card, called $Hipass^{PLUS}$ Card. In order to use $Hipass^{PLUS}$Card in the prepaid payment system, LSAM, which is to store the value into $Hipass^{PLUS}$ Card is needed. LSAM is also responsible to store or retrieve the value from PPSAM. For the safety of Korea Highway electronic payment system, the functionality and security of LSAM should be faultless. This paper developed a test module including the test method, the test checklist, and the test procedure. The test module examines the functionality and security of loading the value from PPSAM to LSAM, retrieving the value from LSAM to PPSAM, and loading the value from LSAM to $Hipass^{PLUS}$ Card. The test module contains the method and the procedure to test the standard items by the test checklists. The test items and test checklists of LSAM was selected under the provision of the specification of Korea Highway Company and ISO standard. The test module evaluates the functionality, the security and the compatibility of LSAM. After the evaluation test of LSAM using the test module, LSAM satisfied the characteristics of the functionality, security, and compatibility.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.2
• /
• pp.261-270
• /
• 2015

In information security devices, such as Smart Cards, vulnerabilities of the RSA algorithm which is used to protect the data were found in the Side Channel Analysis. The RSA is especially vulnerable to Power Analysis which uses power consumption when the algorithm is working. Typically Power Analysis is divided into SPA(Simple Power Analysis) and DPA(Differential Power Analysis). On top of this, there is a CA(Collision Analysis) which is a very powerful attack. CA makes it possible to attack using a single waveform, even if the algorithm is designed to secure against SPA and DPA. So Message blinding, which applies the window method, was considered as a countermeasure. But, this method does not provide sufficient safety when the window size is small. Therefore, in this paper, we propose a new countermeasure that provides higher safety against CA. Our countermeasure is a combination of message and exponent blinding which is applied to the window method. In addition, through experiments, we have shown that our countermeasure provides approximately 124% higher attack complexity when the window size is small. Thus it can provide higher safety against CA.

• The Journal of The Korea Institute of Intelligent Transport Systems
• /
• v.2 no.2 s.3
• /
• pp.31-42
• /
• 2003

Prepaid plastic card issued by Korea Highway Company had a lot of problems in end-user usage and management. HipassPLUS Card, which is a smart card used for a prepaid electronic payment, overcomes the problems of Prepaid Plastic card. HipassPLUS Card is also designed be compatible to other cards such as public transportation card. Thus, for the safety of using the card in such environment, the functionality and the security of HipassPLUS card should be faultless. This paper developed a test module including the test method, the test checklist, and the test procedure to examine the functionality and security of the payment mechanism of HipassPLUS card. The test module contains the method and the procedure to test the standard items according to the test checklist of HipassPLUS card. The test items and the test checklist of HirassPLUS card was selected under the provision of the specification of Korea Highway Company and ISO standard. The results of evaluation on HipassPLUS card using the proposed test module indicates that 4he HipassPLUS card satisfied the criteria under the characteristics of the functionality, security, and compatibility.

• Journal of KIISE:Databases
• /
• v.34 no.2
• /
• pp.109-118
• /
• 2007

Recently, flash memory is used to store data in mobile computing devices such as PDAs, SmartCards, mobile phones and MP3 players. These devices need index structures like the B-tree to efficiently support some operations like insertion, deletion and search. The BFTL(B-tree Flash Translation Layer) technique was first introduced which is for implementing the B-tree on flash memory. Flash memory has characteristics that a write operation is more costly than a read operation and an overwrite operation is impossible. Therefore, the BFTL method focuses on minimizing the number of write operations resulting from building the B-tree. However, we indicate in this paper that there are many rooms of improving the performance of the I/O cost in building the B-tree using this method and it is not practical since it increases highly the usage of the SRAM memory storage. In this paper, we propose a BOF(the B-tree On Flash memory) approach for implementing the B-tree on flash memory efficiently. The core of this approach is to store index units belonging to the same B-tree node to the same sector on flash memory in case of the replacement of the buffer used to build the B-tree. In this paper, we show that our BOF technique outperforms the BFTL or other techniques.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.20 no.5
• /
• pp.23-36
• /
• 2010

Signcryption is a cryptographic primitive which offers authentication and confidentiality simultaneously with a cost lower than signing and encrypting the message independently. We propose a new cryptographic notion called Identity-based online/offline signcryption. The notion of online/offline scheme can be divided into two phases, the first phase is performed offline prior to the arrival of a message to be signed or encrypted and the second phase is performed online phase after knowing the message and the public key of recipient. The Online phase does not require any heavy computations such as pairings or exponents. It is particularly suitable for power-constrained devices such as smart cards. In this paper, we propose ID-based signcryption scheme and ID-based online/offline signcryption scheme where the confidentiality and authenticity are simultaneously required to enable a secure and trustable communication environment. To our best knowledge, this is the first ID-based online/offline signcryption scheme that can be proven secure in the standard model.