• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.11 no.4
• /
• pp.2276-2291
• /
• 2017

Data protection of removable storage devices is an important issue in information security. Unfortunately, most existing data protection mechanisms are aimed at protecting computer platform which is not suitable for ultra-low-power devices. To protect the flash disk appropriately and efficiently, we propose a trust based USB flash disk, named UTrustDisk. The data protection technologies in UTrustDisk include data authentication protocol, data confidentiality protection and data leakage prevention. Usually, the data integrity protection scheme is the bottleneck in the whole system and we accelerate it by WH universal hash function and speculative caching. The speculative caching will cache the potential hot chunks for reducing the memory bandwidth pollution. We adopt the symmetric encryption algorithm to protect data confidentiality. Before mounting the UTrustDisk, we will run a trusted virtual domain based lightweight virtual machine for preventing information leakage. Besides, we prove formally that UTrustDisk can prevent sensitive data from leaking out. Experimental results show that our scheme's average writing throughput is 44.8% higher than that of NH scheme, and 316% higher than that of SHA-1 scheme. And the success rate of speculative caching mechanism is up to 94.5% since the access pattern is usually sequential.

• The KIPS Transactions:PartC
• /
• v.9C no.3
• /
• pp.313-322
• /
• 2002

In this paper, proposes Kerberos certification mechanism that improve certification service of PKINIT base that announce in IETF CAT Working Ggroup. Did to certificate other realm because search position of outside realm through DNS and apply X.509 directory certification system, acquire public key from DNS server by chain (CertPath) between realms by certification and Key exchange way that provide service between realms applying X.509, DS/BNS of PKINIT base. In order to provide regional services, Certification and key exchange between realms use Kerberos' symmetric method and Session connection used Directory service to connection X.509 is designed using an asymmetric method. Excluded random number ($K_{rand}$) generation and duplex encryption progress to confirm Client. A Design of Kerberos system that have effect and simplification of certification formality that reduce Overload on communication.

• Journal of IKEEE
• /
• v.24 no.2
• /
• pp.468-474
• /
• 2020

This paper describes the hardware implementation of SPECK, a lightweight block cipher algorithm developed for the security of applications with limited resources such as IoT and wireless sensor networks. The block cipher SPECK crypto-core supports 8 block/key sizes, and the internal data-path was designed with 16-bit for small gate counts. The final round key to be used for decryption is pre-generated through the key initialization process and stored with the initial key, enabling the encryption/decryption for consecutive blocks. It was also designed to process round operations and key scheduling independently to increase throughput. The hardware operation of the SPECK crypto-core was validated through FPGA verification, and it was implemented with 1,503 slices on the Virtex-5 FPGA device, and the maximum operating frequency was estimated to be 98 MHz. When it was synthesized with a 180 nm process, the maximum operating frequency was estimated to be 163 MHz, and the estimated throughput was in the range of 154 ~ 238 Mbps depending on the block/key sizes.

• Journal of KIISE:Software and Applications
• /
• v.28 no.11
• /
• pp.864-873
• /
• 2001

In this paper, a new approach to building a registration authority for issuing PKI-based certificates is presented to make the process of identifying an individual more secure and reliable by utilizing human iris recognition technology. The tasks of the proposed system associated with the manipulation of irises except for the general functions of registration authorities can be categorized into three modules, the acquisition of iris images, the registration of iris information, and the verification of users by means of iris patterns. The information among the three modules is safely exchanged through encryption and decryption with a symmetric cryptographic method. As a feature extraction method for a given iris image, a wavelet transform is applied to represent a feature vector with a small dimension of information obtained by subsampling an image corresponding to lower frequency bands successively without loss of information. Through the experiments on human iris recognition technology we proposed and applied to the registration authority, the potential of biometric technology in various applications is confirmed.

• Journal of Internet Computing and Services
• /
• v.20 no.6
• /
• pp.119-127
• /
• 2019

This paper proposes a new authentication model to solve the problem of personal information takeover and personal information theft by service providers using centralized servers for user authentication and management of personal information. The centralization issue is resolved by providing user authentication and information storage space through a decentralize platform, blockchain, and ensuring confidentiality of information through user-specific symmetric key encryption. The proposed model was implemented using the public-blockchain Ethereum and the web-based wallet extension MetaMask, and users access the Ethereum main network through the MetaMask on their browser and store their encrypted personal information in the Smart Contract. In the future, users will provide their personal information to the service provider through their Ethereum Account for the use of the new service, which will provide user authentication and personal information without subscription or a new authentication process. Service providers can reduce the costs of storing personal information and separate authentication methods, and prevent problems caused by personal information leakage.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.35 no.3B
• /
• pp.462-473
• /
• 2010

The RFID system has the security problem of location tracking and user privacy. In order to solve this problem, the cryptographic access method using hash function is difficult to in real applications. Because there is a limit of computing and storage capacity of Tag, but the safety is proved. The lightweight authentication methods like HB and LMAP guarantee the high efficiency, but the safety is not enough to use. In this paper, we use the AES for RFID Authentication, and solve the problem of using fixed key with key change step by step. The symmetric keys of the tag and server are changed by the random number generated by tag, reader and server successively. This could prevent the key exposure. As a result, the output of the tag and reader always changes. These key changes could make it possible to prevent eavesdropping, replay attack, location tracking and spoofing.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.4
• /
• pp.593-605
• /
• 2014

In this paper, we propose the efficient HW/SW co-design method of light-weight cryptography such as HIGHT, PRESENT and PRINTcipher using GEZEL. At first the symmetric cryptographic algorithms were designed using the GEZEL language which is efficiently used for HW/SW co-design. And for the improvement of performance the HW optimization theory such as unfolding, retiming and so forth were adapted to the cryptographic HW module conducted by FSMD. Also, the operation modes of those algorithms were implemented using C language in 8051 microprocessor, it can be compatible to various platforms. For providing reliable communication between HW/SW and preventing the time delay the improved handshake protocol was chosen for enhancing the performance of the connection between HW/SW. The improved protocol can process the communication-core and cryptography-core on the HW in parallel so that the messages can be transmitted to SW after HW operation and received from SW during encryption operation.

• Convergence Security Journal
• /
• v.18 no.4
• /
• pp.27-33
• /
• 2018

Stream cipher is an one-time-pad type encryption algorithm that encrypt plaintext using simple operation such as XOR with random stream of bits (or characters) as symmetric key and its security depends on the randomness of used stream. Therefore we can design more secure stream cipher algorithm by using mathematical analysis of the stream such as period, linear complexity, non-linearity, correlation-immunity, etc. The key stream in stream cipher is generated in linear feedback shift register(LFSR) having characteristic polynomial. The primitive polynomial is the characteristic polynomial which has the best security property. It is used widely not only in stream cipher but also in SEED, a block cipher using 8-degree primitive polynomial, and in Chor-Rivest(CR) cipher, a public-key cryptosystem using 24-degree primitive polynomial. In this paper we present the concept and various properties of primitive polynomials in Galois field and prove the theorem finding the number of irreducible polynomials and primitive polynomials over $F_p$ when p is larger than 2. This kind of research can be the foundation of finding primitive polynomials of higher security and developing new cipher algorithms using them.

• KIPS Transactions on Computer and Communication Systems
• /
• v.9 no.12
• /
• pp.307-314
• /
• 2020

The video surveillance service is being widely deployed around our lives and the service stores sensitive data such as video streams in the cloud over the Internet or the centralized data store in an on-premise environment. The main concerning of these services is that the user should trust the service provider how secure the video or data is stored and handled without any concrete evidence. In this paper, we proposed the approach to protecting video by PKI (public key infrastructure) with a blockchain network. The video is encrypted by a symmetric key, then the key is shared through a blockchain network with taking advantage of the PKI mechanism. Therefore, the user can ensure the sensitive data is always kept secure and traceable in its lifecycle.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.16 no.3
• /
• pp.29-38
• /
• 2006

Recent advances in wireless communication technology promotes many researches related to sensor network and brings several proposals to fit into various types of sensor network communication. The research direction for sensor network is divided into the method to maximize an energy efficiency and security researches that has not been remarkable so far. To maximize an energy efficiency, the methods to support data aggregation and cluster-head selection algorithm are proposed. To strengthen the security, the methods to support encryption techniques and manage a secret key that is applicable to sensor network are proposed, In. However, the combined method to satisfy both energy efficiency and security is in the shell. This paper is devoted to design the protocol that combines an efficient clustering protocol with key management algorithm that is fit into various types of sensor network communication. This protocol may be applied to sensor network systems that deal with sensitive data.