• ETRI Journal
• /
• v.41 no.6
• /
• pp.863-872
• /
• 2019

Elliptic curve cryptography is a relatively lightweight public-key cryptography method for key generation and digital signature verification. Some lightweight curves (eg, Curve25519 and Curve Ed448) have been adopted by upcoming Transport Layer Security 1.3 (TLS 1.3) to replace the standardized NIST curves. However, the efficient implementation of Curve Ed448 on Internet of Things (IoT) devices remains underexplored. This study is focused on the optimization of the Curve Ed448 implementation on low-end IoT processors (ie, 8-bit AVR and 16-bit MSP processors). In particular, the three-level and two-level subtractive Karatsuba algorithms are adopted for multi-precision multiplication on AVR and MSP processors, respectively, and two-level Karatsuba routines are employed for multi-precision squaring. For modular reduction and finite field inversion, fast reduction and Fermat-based inversion operations are used to mitigate side-channel vulnerabilities. The scalar multiplication operation using the Montgomery ladder algorithm requires only 103 and 73 M clock cycles on AVR and MSP processors.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2002.11b
• /
• pp.1615-1618
• /
• 2002

본 논문에서는 공중 무선랜에서 AP의 중복 설치로 인해 과열 투자와 주파수 간섭 현상의 문제를 해결하기 위해 무선랜 사업자간(WISP, Wireless Internet Service Provider)의 로밍을 제공한 수 있는 메커니즘을 제안한다. 제안하는 메커니즘은 무선랜 사용자가 자신의 WISP가 아닌 다른 WISP의 AP에서 인터넷에 접속하려 학 때 EAP-TLS(Extended Authentication Protocol - Transport Layer Security)를 인증방법으로 사용하는 것을 전제한다. EAP-TLS를 사용하여 상호 인증과 키 분배를 할 때 필요되는 인증서를 방문한 WISP에게 임시 사용자 인증서를 발급받는 방법으로 로밍을 수행한다.

• Proceedings of the Korea Contents Association Conference
• /
• 2005.05a
• /
• pp.107-111
• /
• 2005

As Internet grows rapidly and next electronic commerce applications increase, the security is getting more important. Information security to provide secure and reliable information transfer is based on cryptography technique. The proposed ISEED(Improved SEED) algorithm based on block cryptography algorithm which belongs to secret-key algorithm. In terms of efficiency, the round key generation algorithm has been proposed to reduces the time required in encryption and decryption. The algorithm has been implemented as follow. 128-bit key is divided into two 64-bit group to rotate each of them 8-bit on the left side and right side, and then basic arithmetic operation and G function have been applied to 4-word outputs. In the process of converting encryption key which is required in decryption and encryption of key generation algorithm into sub key type, the conversion algorithm is analyzed. As a result, the time consumed to encryption and decryption is reduced by minimizing the number of plain text required differential analysis.

• The KIPS Transactions:PartD
• /
• v.11D no.2
• /
• pp.485-494
• /
• 2004

Recently, the wireless internet terminals like mobile phones or PDAs prevail in the management of customers. With such terminals, businessmen can get business data and information of customers in real time, in connection with mobile group wares. By the wireless terminals, customers can conveniently get information of goods, search purchase sites, and give orders and do settlement. This paper aims to present the safe data integrity modules of the wireless internet terminal, for service providing correct real-time promotion information, by using users' disposition, situation, Purchase information. This study aims to suggest an implementation methodology of security module for data integrity of mobile internet terminal. This is based on the WTLS of WAP Protocol. This security module is expected to achieve central role in conversion of wireless internet environment and emphasis of encryption technology and safe and calculable wireless communication environment construction

• The Journal of Society for e-Business Studies
• /
• v.22 no.2
• /
• pp.169-185
• /
• 2017

Juliano Rizzo and Thai Duong, the authors of the BEAST attack [11, 12] on SSL, have proposed a new attack named CRIME [13] which is Compression Ratio Info-leak Made Easy. The CRIME exploits how data compression and encryption interact to discover secret information about the underlying encrypted data. Repeating this method allows an attacker to eventually decrypt the data and recover HTTP session cookies. This security weakness targets in SPDY and SSL/TLS compression. The attack becomes effective because the attacker is enable to choose different input data and observe the length of the encrypted data that comes out. Since Transport Layer Security (TLS) ensures integrity of data transmitted between two parties (server and client) and provides strong authentication for both parties, in the last few years, it has a wide range of attacks on SSL/TLS which have exploited various features in the TLS mechanism. In this paper, we will discuss about the CRIME and other versions of SSL/TLS attacks along with countermeasures, implementations. We also present direction for SSL/TLS attacks resistance in practice.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2000.10a
• /
• pp.141-144
• /
• 2000

XML은 단순함과 융통성이라는 특징을 가지고 있기 때문에 Internet B2B(Business to Business) 메세지 송수신을 용이하게 한다. Internet B2B에서 메세지 송수신을 하는 데 있어서 보안이 점차 중요하게 대두되고 있다. 인터넷은 공용 네트워크이므로 도청과 위조와 같은 공격에 어떠한 보호장치도 있지 않기 때문에 메시지가 송수신되는 동안 자신의 중요한 정보가 다른곳으로 유출되거나 손실될 경우 B2B 메시지 송수신에 있어서 크나큰 손실을 가져올 수 있다. SSL(Secure Socket Layer)은 transport-level 보안 프로토콜이 제공하는 인증, 무결성, 기밀성을 제공하고 있다. 하지만 부인방지를 제공하고 있지 못하고 있는 실정이다. 하지만 XML-Signature를 이용하면 이러한 문제점을 해결할 수 있고 프로토콜 차원이 아닌 어플리케이션 차원에서 보안 시스템을 설계하므로 B2B 간 메시지 송수신하는데 있어서 서버와 클라이언트에 각각 XML-Signature 사용하여 안전하게 통신 할 수 있도록 해주는 보안모들 설계를 소개한다.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.15 no.1
• /
• pp.53-59
• /
• 2019

As the number of harmful sites increases, many social problems are occurring. Therefore, in order to solve this problem, the government is carrying out activities to block access to web sites to harmful sites based on the law. However, due to the change from HTTP to HTTPS protocol, it has become difficult to block the harmful sites in the existing method. In the existing HTTP protocol, a method of blocking the site corresponding to the harmful site domain list by utilizing the DNS information was used. However, due to the generalization of HTTPS, it is difficult to block the harmful sites in the existing method. Therefore, the ISP uses the method of blocking the website using the SNI field in the TLS (Transport Layer Security) Handshake protocol used for HTTPS. However, since the method using SNI field raises the concern of monitoring Internet users or exposing information about connected sites, in this paper, we proposed method which can support anonymity to Internet users while blocking harmful sites. The suggested method also can support integrity and source authentication to the transmitted data.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.37 no.5B
• /
• pp.385-394
• /
• 2012

The tactical mobile communication network, which comprises a part of the next-generation Tactical Information and Communication Network (TICN), provides means of communication and control for Tactical Multi-Functional Terminals (TMFT) belonging to a Mobile Subscriber Access Point (MSAP). The next-generation of MSAP is capable of constructing a backbone network via LCTR and HCTR directional antennas. At the same time, WMN modules are used to create and manage a wireless mesh backbone. When directional antennas are used in mobile environments, seamless services cannot be efficiently supported as the movement of the node prevents the angle of the antenna to constantly match. Therefore, data communication through the wireless mesh networks is required to provide direct communication between mobile MSAPs. Accordingly, mutual authentication and data encryption mechanisms are required to provide reliable data transmission in this environment. To provide efficient mutual authentication between MSAP devices, the process of verifying a certificate of the other MSAP device through its own authentication server is required. This paper proposes mutual authentication mechanisms where the MSAP requiring authentication and the MSAP that permits it initiates low-cost and efficient authentication in a distributed way. More specifically, we propose a method of applying EAP-ELS (Extensible Authentication Protocol-Transport Layer Security) in the next-generation TICN.

• Journal of Intelligence and Information Systems
• /
• v.26 no.2
• /
• pp.131-145
• /
• 2020

In line with the trend of industrial innovation, IoT technology utilized in a variety of fields is emerging as a key element in creation of new business models and the provision of user-friendly services through the combination of big data. The accumulated data from devices with the Internet-of-Things (IoT) is being used in many ways to build a convenience-based smart system as it can provide customized intelligent systems through user environment and pattern analysis. Recently, it has been applied to innovation in the public domain and has been using it for smart city and smart transportation, such as solving traffic and crime problems using CCTV. In particular, it is necessary to comprehensively consider the easiness of securing real-time service data and the stability of security when planning underground services or establishing movement amount control information system to enhance citizens' or commuters' convenience in circumstances with the congestion of public transportation such as subways, urban railways, etc. However, previous studies that utilize image data have limitations in reducing the performance of object detection under private issue and abnormal conditions. The IoT device-based sensor data used in this study is free from private issue because it does not require identification for individuals, and can be effectively utilized to build intelligent public services for unspecified people. Especially, sensor data stored by the IoT device need not be identified to an individual, and can be effectively utilized for constructing intelligent public services for many and unspecified people as data free form private issue. We utilize the IoT-based infrared sensor devices for an intelligent pedestrian tracking system in metro service which many people use on a daily basis and temperature data measured by sensors are therein transmitted in real time. The experimental environment for collecting data detected in real time from sensors was established for the equally-spaced midpoints of 4×4 upper parts in the ceiling of subway entrances where the actual movement amount of passengers is high, and it measured the temperature change for objects entering and leaving the detection spots. The measured data have gone through a preprocessing in which the reference values for 16 different areas are set and the difference values between the temperatures in 16 distinct areas and their reference values per unit of time are calculated. This corresponds to the methodology that maximizes movement within the detection area. In addition, the size of the data was increased by 10 times in order to more sensitively reflect the difference in temperature by area. For example, if the temperature data collected from the sensor at a given time were 28.5℃, the data analysis was conducted by changing the value to 285. As above, the data collected from sensors have the characteristics of time series data and image data with 4×4 resolution. Reflecting the characteristics of the measured, preprocessed data, we finally propose a hybrid algorithm that combines CNN in superior performance for image classification and LSTM, especially suitable for analyzing time series data, as referred to CNN-LSTM (Convolutional Neural Network-Long Short Term Memory). In the study, the CNN-LSTM algorithm is used to predict the number of passing persons in one of 4×4 detection areas. We verified the validation of the proposed model by taking performance comparison with other artificial intelligence algorithms such as Multi-Layer Perceptron (MLP), Long Short Term Memory (LSTM) and RNN-LSTM (Recurrent Neural Network-Long Short Term Memory). As a result of the experiment, proposed CNN-LSTM hybrid model compared to MLP, LSTM and RNN-LSTM has the best predictive performance. By utilizing the proposed devices and models, it is expected various metro services will be provided with no illegal issue about the personal information such as real-time monitoring of public transport facilities and emergency situation response services on the basis of congestion. However, the data have been collected by selecting one side of the entrances as the subject of analysis, and the data collected for a short period of time have been applied to the prediction. There exists the limitation that the verification of application in other environments needs to be carried out. In the future, it is expected that more reliability will be provided for the proposed model if experimental data is sufficiently collected in various environments or if learning data is further configured by measuring data in other sensors.