• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.42 no.3
• /
• pp.595-603
• /
• 2017

We propose a scheme to reduce the time for the SSL/TLS handshake by embedding it into the TCP 3-way handshake. The scheme can be selectively applied on the standard TCP for making the SSL/TCP handshake happen within the TCP handshake, rather than performing the TCP handshake and SSL/TLS handshake in sequence. We implemented a prototype of the scheme and did some experiments on its performance. Experimental results showed that, compared to the sequential handshakes of the TCP and the SSL/TLS, the time reduction achieved by the scheme varied in the range of 3.2% and 14%(when the elapsed time by the ping program from the client to the server was 11.6ms). The longer the time measured by the ping program, which would grow as the propagation and queuing delays do, the larger the reduction rate. It accords with the supposition that the reduced time due to the scheme will increase in proportion to the amount of the elapsed time measured by the ping program.

• The KIPS Transactions:PartC
• /
• v.15C no.2
• /
• pp.133-140
• /
• 2008

In this paper, we propose a high performance elliptic curve cryptographic processor over $GF(2^{163})$. The proposed architecture is based on a modified Lopez-Dahab elliptic curve point multiplication algorithm and uses Gaussian normal basis for $GF(2^{163})$ field arithmetic. To achieve a high throughput rates, we design two new word-level arithmetic units over $GF(2^{163})$ and derive a parallelized elliptic curve point doubling and point addition algorithm with uniform addressing based on the Lopez-Dahab method. We implement our design using Xilinx XC4VLX80 FPGA device which uses 24,263 slices and has a maximum frequency of 143MHz. Our design is roughly 4.8 times faster with 2 times increased hardware complexity compared with the previous hardware implementation proposed by Shu. et. al. Therefore, the proposed elliptic curve cryptographic processor is well suited to elliptic curve cryptosystems requiring high throughput rates such as network processors and web servers.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.5
• /
• pp.1089-1097
• /
• 2016

It is well-known that, if additional information other than a plaintext-ciphertext pair is available, breaking the RSA cryptosystem may be much easier than factorizing the RSA modulus. For example, Coppersmith showed that, given the 1/2 fraction of the least or most significant bits of one of two RSA primes, the RSA modulus can be factorized in a polynomial time. More recently, Henecka et. al showed that the RSA private key of the form (p, q, d, $d_p$, $d_q$) can efficiently be recovered whenever the bits of the private key are erroneous with error rate less than 23.7%. It is notable that their algorithm is based on counting the matching bits between the candidate key bit string and the given decayed RSA private key bit string. And, extending the algorithm, this paper proposes a new RSA private key recovery algorithm using a generalized probabilistic measure for measuring the consistency between the candidate key bits and the given decayed RSA private key bits.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.1
• /
• pp.73-83
• /
• 2018

There has been increasing interest from NIST and other companies in studying post-quantum cryptography in order to resist against quantum computers. Multivariate polynomial based, code based, lattice based, hash based digital signature, and isogeny based cryptosystems are one of the main categories in post quantum cryptography. Among these categories, isogeny based cryptosystem is known to have shortest key length. In this paper, we implemented Supersingular Isogeny Diffie-Hellman (SIDH) protocol efficiently on low-end mobile device. Considering the device's specification, we select supersingular curve on 523 bit prime field, and generate efficient isogeny computation tree. Our implementation of SIDH module is targeted for 32bit environment.

• Journal of KIISE:Information Networking
• /
• v.30 no.3
• /
• pp.371-376
• /
• 2003

As Mobile Internet gets more popular, the switchover of E-Commerce to M-Commerce gets faster and many service providers offer diverse M-Commerce service by using mobile technology. Also, as M-Commerce makes rapid progress, the security protocol gets more widely recognized for its significance. In particular, WAKE(Wireless Authentication and Key Establishment) protocol carried out wirelessly is of great importance, since the user and service provider must get through to carry out the M-Commerce. Key recovery method is a part of the key management in order to provide an emergency recovery of key whenever necessary, like when the user lost the key or the cryptosystem was illegally used. The ASPeCT project first tried to support the key recovery function in WAKE Protocol Since then, a variety of WAKE Key Recovery protocols have been proposed. In this thesis, problems of WAKE Key Recovery protocols proposed so far are analyzed and new WAKE Key Recovery protocol is suggested to solve those problems.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.8 no.9
• /
• pp.3231-3249
• /
• 2014

Deniable encryption, introduced in 1997 by Canetti, Dwork, Naor, and Ostrovsky, guarantees that the sender or the receiver of a secret message is able to "fake" the message encrypted in a specific ciphertext in the presence of a coercing adversary, without the adversary detecting that he was not given the real message. Sender - side deniable encryption scheme is considered to be one of the classification of deniable encryption technique which defined as resilient against coercing the sender. M. H. Ibrahim presented a sender - side deniable encryption scheme which based on public key and uncertainty of Jacobi Symbol [6]. This scheme has several problems; (1) it can't be able to derive the fake message $M_f$ that belongs to a valid message set, (2) it is not secure against Quadratic Residue Problem (QRP), and (3) the decryption process is very slow because it is based dramatically on square root computation until reach the message as a Quadratic Non Residue (QNR). The first problem is solved by J. Howlader and S. Basu's scheme [7]; they presented a sender side encryption scheme that allows the sender to present a fake message $M_f$ from a valid message set, but it still suffers from the last two mentioned problems. In this paper we present a new sender-side deniable public-key encryption scheme with fast decryption by which the sender is able to lie about the encrypted message to a coercer and hence escape coercion. While the receiver is able to decrypt for the true message, the sender has the ability to open a fake message of his choice to the coercer which, when verified, gives the same ciphertext as the true message. Compared with both Ibrahim's scheme and J. Howlader and S. Basu's scheme, our scheme enjoys nice two features which solved the mentioned problems: (1) It is semantically secure against Quadratic Residue Problem; (2) It is as fast, in the decryption process, as other schemes. Finally, applying the proposed deniable encryption, we originally give a coercion resistant internet voting model without physical assumptions.

• KIPS Transactions on Computer and Communication Systems
• /
• v.2 no.12
• /
• pp.517-524
• /
• 2013

Although password-based authentication as known as knowledge-based authentication was commonly used but intrinsic problems such as dictionary attack remain unsolved. For that the study on possession-based authentication was required. User remote authentication using smartcard is proceeding actively since Lee et al. proposed user remote authentication using knowledge-based information(password) and possession-base information(smartcard) in 2002. in 2009, Xu et al. proposed a new protocol preserving user anonymity and Shin et al. proposed enhanced scheme with analysis of its vulnerabilities on user anonymity and masquerading attack in 2012. In this paper, we analyze Shin et al. scheme on forward secrecy and insider attack and present novel user authentication based on elliptic curve cryptosystem which is secure against forward secrecy, insider attack, user anonymity and masquerading attack.

• Journal of the Korea Society of Computer and Information
• /
• v.25 no.6
• /
• pp.65-72
• /
• 2020

Today, the Internet of Things is used in many places, including homes, industrial sites, and hospitals, to give us convenience. Many services generate new value through real-time data collection, storage and analysis as devices are connected to the network. Many of these fields are creating services and applications that utilize sensors and communication functions within IoT devices. However, since everything can be hacked, it causes a huge privacy threat to users who provide data. For example, a variety of sensitive information, such as personal information, lifestyle patters and the existence of diseases, will be leaked if data generated by smarwatches are abused. Development of IoT must be accompanied by the development of security. Recently, Differential Privacy(DP) was adopted to privacy-preserving data processing. So we propose the method that can aggregate health data safely on smartwatch platform, based on DP.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.6
• /
• pp.1329-1342
• /
• 2018

Recent advances in quantum computer development have raised the issue of the security of RSA and elliptic curve cryptography, which are widely used. In response, the National Institute of Standards and Technology(NIST) is working on the standardization of public key cryptosystem which is secure in the quantum computing environment. Lattice-based cryptography is a typical post-quantum cryptography(PQC), and various lattice-based cryptographic schemes have been proposed for NIST's PQC standardization contest. Among them, EMBLEM proposed a new multi-bit encryption method which is more intuitive and efficient for encryption and decryption phases than the existing LWE-based encryption schemes. In this paper, we propose a multi-bit encryption scheme with improved efficiency using LWR assumption. In addition, we prove the security of our schemes and analyze the efficiency by comparing with EMBLEM and R.EMBLEM.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.13 no.5
• /
• pp.2698-2717
• /
• 2019

This paper proposes a multi-stage encryption technique to enhance the level of secrecy of image to facilitate its secured transmission through the public network. A great number of researches have been done on image secrecy. The existing image encryption techniques like visual cryptography (VC), steganography, watermarking etc. while are applied individually, usually they cannot provide unbreakable secrecy. In this paper, through combining several separate techniques, a hybrid multi-stage encryption technique is proposed which provides nearly unbreakable image secrecy, while the encryption/decryption time remains almost the same of the exiting techniques. The technique consecutively exploits VC, steganography and one time pad (OTP). At first it encrypts the input image using VC, i.e., splits the pixels of the input image into multiple shares to make it unpredictable. Then after the pixel to binary conversion within each share, the exploitation of steganography detects the least significant bits (LSBs) from each chunk within each share. At last, OTP encryption technique is applied on LSBs along with randomly generated OTP secret key to generate the ultimate cipher image. Besides, prior to sending the OTP key to the receiver, first it is converted from binary to integer and then an asymmetric cryptosystem is applied to encrypt it and thereby the key is delivered securely. Finally, the outcome, the time requirement of encryption and decryption, the security and statistical analyses of the proposed technique are evaluated and compared with existing techniques.