• The Journal of the Korea Contents Association
• /
• v.8 no.6
• /
• pp.66-73
• /
• 2008

The concept of u-Vehicle is a technological model that people try to build the ubiquitous world in the car which moves, by using the RFID technology as well as the telematics service based on the location. RFID is weak on the point of information security because RFID has possibility for being abused such as chasing, counterfeiting, and invading personal privacy. RFID's tags use a weak cryptographic algorithm. This paper presents the vulnerabilities of information security under u-Vehicle environments. To solve that, we propose a mechanism enhancing RFID tag's security but with low cost by reducing the number of mutual authentication stages and using the hash function.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.13 no.11
• /
• pp.2479-2487
• /
• 2009

Earlier researches on Sensor Networks preferred symmetric key-based authentication schemes in consideration of limitations in network resources. However, recent advancements in cryptographic algorithms and sensor-node manufacturing techniques have opened suggestion to public key-based solutions such as Merkle tree-based schemes. This paper proposes a new concept of public key-based authentication using Polynomial Secret Sharing that can be effectively applied to sensor networks and a detection of malicious node using the hash function. This scheme is based on exponential distributed data concept, a derivative from Shamir's (t,n) threshold scheme, in which the authentication of neighbouring nodes are done simultaneously while minimising resources of sensor nodes and providing network scalability.

• ETRI Journal
• /
• v.29 no.6
• /
• pp.755-768
• /
• 2007

A very promising application of active RFID systems is the electronic seal, an electronic device to guarantee the authenticity and integrity of freight containers. To provide freight containers with a high level of tamper resistance, the security of electronic seals must be ensured. In this paper, we present the design and implementation of an electronic seal protection system. First, we propose the eSeal Protection Protocol (ePP). Next, we implement and evaluate various cryptographic primitives as building blocks for our protocol. Our experimental results show that AES-CBC-MAC achieves the best performance among various schemes for message authentication and session key derivation. Finally, we implement a new electronic seal system equipped with ePP, and evaluate its performance using a real-world platform. Our evaluation shows that ePP guarantees a sufficient performance over an ARM9-based interrogator.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.11 no.4
• /
• pp.2292-2309
• /
• 2017

Ciphertext policy attribute-based encryption (CP-ABE) is a useful cryptographic technology for guaranteeing data confidentiality but also fine-grained access control. Typically, CP-ABE can be divided into two classes: small universe with polynomial attribute space and large universe with unbounded attribute space. Since the learning with errors over rings (R-LWE) assumption has characteristics of simple algebraic structure and simple calculations, based on R-LWE, we propose a small universe CP-ABE scheme to improve the efficiency of the scheme proposed by Zhang et al. (AsiaCCS 2012). On this basis, to achieve unbounded attribute space and improve the expression of attribute, we propose a large universe CP-ABE scheme with the help of a full-rank differences function. In this scheme, all polynomials in the R-LWE can be used as values of an attribute, and these values do not need to be enumerated at the setup phase. Different trapdoors are used to generate secret keys in the key generation and the security proof. Both proposed schemes are selectively secure in the standard model under R-LWE. Comparison with other schemes demonstrates that our schemes are simpler and more efficient. R-LWE can obtain greater efficiency, and unbounded attribute space means more flexibility, so our research is suitable in practices.

• Journal of Sensor Science and Technology
• /
• v.27 no.1
• /
• pp.59-63
• /
• 2018

Among Internet of things (IoT) applications, the most demanding requirements for the widespread realization of many IoT visions are security and low power. In terms of security, IoT applications include tasks that are rarely addressed before such as secure computation, trusted sensing, and communication, privacy, and so on. These tasks ask for new and better techniques for the protection of data, software, and hardware. An integral part of hardware cryptographic primitives are secret keys and unique IDs. Physical Unclonable Functions(PUF) are a unique class of circuits that leverage the inherent variations in manufacturing process to create unique, unclonable IDs and secret keys. In this paper, we propose a low power Arbiter PUF circuit with low error rate and high reliability compared with conventional arbiter PUFs. The proposed PUF utilizes a power gating structure to save the power consumption in sleep mode, and uses a razor flip-flop to increase reliability. PUF has been designed and implemented using a FPGA and a ASIC chip (a 0.35 um technology). Experimental results show that our proposed PUF solves the metastability problem and reduce the power consumption of PUF compared to the conventional Arbiter PUF. It is expected that the proposed PUF can be used in systems required low power consumption and high reliability such as low power encryption processors and low power biomedical systems.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.8 no.11
• /
• pp.4028-4049
• /
• 2014

Attribute-based encryption (ABE) is a promising cryptographic primitive for implementing fine-grained data sharing in cloud computing. However, before ABE can be widely deployed in practical cloud storage systems, a challenging issue with regard to attributes and user revocation has to be addressed. To our knowledge, most of the existing ABE schemes fail to support flexible and direct revocation owing to the burdensome update of attribute secret keys and all the ciphertexts. Aiming at tackling the challenge above, we formalize the notion of ciphertext-policy ABE supporting flexible and direct revocation (FDR-CP-ABE), and present a concrete construction. The proposed scheme supports direct attribute and user revocation. To achieve this goal, we introduce an auxiliary function to determine the ciphertexts involved in revocation events, and then only update these involved ciphertexts by adopting the technique of broadcast encryption. Furthermore, our construction is proven secure in the standard model. Theoretical analysis and experimental results indicate that FDR-CP-ABE outperforms the previous revocation-related methods.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2016.05a
• /
• pp.654-656
• /
• 2016

MACsec is a cryptographic function that operates on Layer 2. As industries such as IoT(Internet of Things) devices are receiving attention recently are connected to the network and Internet traffic is increasing rapidly. Because of today, Becoming the increase in traffic and complex situations to protect the overall traffic, not just certain parts. The MACsec technology has received attention. In this paper, Layer 2 security technology to MACsec. Design the technology MACsec adapter that can easily and readily added to existing Layer 2 network.

• Nuclear Engineering and Technology
• /
• v.50 no.5
• /
• pp.780-787
• /
• 2018

This article presents a security module based on a field programmable gate array (FPGA) to mitigate man-in-the-middle cyber attacks. Nowadays, the FPGA is considered to be the state of the art in nuclear power plants I&C systems due to its flexibility, reconfigurability, and maintainability of the FPGA technology; it also provides acceptable solutions for embedded computing applications that require cybersecurity. The proposed FPGA-based security module is developed to mitigate information-gathering attacks, which can be made by gaining physical access to the network, e.g., a man-in-the-middle attack, using a cryptographic process to ensure data confidentiality and integrity and prevent injecting malware or malicious data into the critical digital assets of a nuclear power plant data communication system. A model-based system engineering approach is applied. System requirements analysis and enhanced function flow block diagrams are created and simulated using CORE9 to compare the performance of the current and developed systems. Hardware description language code for encryption and serial communication is developed using Vivado Design Suite 2017.2 as a programming tool to run the system synthesis and implementation for performance simulation and design verification. Simple windows are developed using Java for physical testing and communication between a personal computer and the FPGA.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.7 no.3
• /
• pp.11-22
• /
• 1997

The number of output sequence was proposed as a characteristic of binary sequence generators for cryptographic application, but in general most of binary sequence generators have single number of output sequence. In this paper, we propose two types of binary sequence generators with a large number of output sequences. The first one is a Switched-Tap LFSR (STLFSR) and it applies to the generalized nonlinear function and the Geffe's generator as example. The other is a generalized memory sequence generator(GMEM-BSG) which is an improved version of the Golic's memory sequence generator (MEM-BSG) with a large number of output sequences, and its period, linear complexity, and the number of output sequence are derived.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.14 no.5
• /
• pp.141-151
• /
• 2004

According to the improvemnent of electronic commerce, the requirements of security devices are becoming increasingly pervasive. The security API must design easily and securely to support a compatibility feature between security devices. It is chosen the PKCS #11 interface by RSA Labs that shows the compatibility and extensibility standards of many application product and implementation, and supported KCDSA mechanism which is a korean digital signature standard. And the PKCS #11 security API defines new key management function which provides more secure key management ability. We suggest the object attributes and templates of KCDSA private and public key object, generate and verify digital signature using KCDSA mechanism. The PKCS #11 supporting KCDSA mechanism is designed, implemented using C-Language, tested a performance, and analyzed the security and compatibiltiy feature.