• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.15 no.3
• /
• pp.115-126
• /
• 2005

SHACAL-2 is a 256-bit block cipher with up to 512 bits of key length based on the hash function SHA-2. It was submitted to the the NESSIE project and was recommended as one of the NESSIE selections. In this paper, we present two types of related-key attacks called the related-key differential-(non)linear and the related-key rectangle attacks, and we discuss the security of SHACAL-2 against these two types of attacks. Using the related-key differential-nonlinear attack, we can break SHACAL-2 with 512-bit keys up to 35 out of its 64 rounds, and using the related-key rectangle attack, we can break SHACAL-2 with 512-bit keys up to 37 rounds.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.17 no.4
• /
• pp.21-35
• /
• 2007

In ad hoc networks, position-based routing schemes, that use geographical positions of nodes, have been proposed to efficiently route messages. In these routing schemes, the location service is one of the key elements that determines and effects security and efficiency of the protocol. In this paper, we define security threats of location service and propose a new quorum based location service protocol. In our proposed protocol, nodes register their public keys in other nodes during the initialization phase and these registered keys are used to verify locations of other nodes and the messages exchanged. In this paper, we prove that our protocol is robust against traditional attacks and new attacks that may occur due to the use of position-based routing. We also analyze the efficiency of our protocol using various simulations.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.16 no.2
• /
• pp.33-43
• /
• 2006

In order to provide the efficient personalized services, the organizations and the companies collect and manage the personal information. However, there have been increasing privacy concerns since the personal information might be misused and spread over in public by the database administrators or the information users. Even in the systems in which organizations or companies control access to personal information according to their access policy in order to protect personal information, it is not easy to fully reflect the information subjects' intention on the access control to their own Personal information. This paper proposes a policy-based access control mechanism for the personal information which prevents unauthorized information users from illegally accessing the personal information and enables the information subjects to control access over their own information. In the proposed mechanism, the individuals' personal information which is encrypted with different keys is stored into the directory repository. For the access control, information subjects set up their own access control policy for their personal information and the policies are used to provide legal information users with the access keys.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.16 no.6
• /
• pp.15-24
• /
• 2006

Recently, the importance of the area efficient implementation of cryptographic algorithm for the portable device is increasing. Previous ARIA(Academy, Research Institute, Agency) implementation styles that usually concentrate upon speed, we not suitable for mobile devices in area and power aspects. Thus in this paper, we present an area efficient AR processor which use 32-bit architecture. Using new implementation technique of diffusion layer, the proposed processor has 11301 gates chip area. For 128-bit master key, the ARIA processor needs 87 clock cycles to generate initial round keys, n8 clock cycles to encrypt, and 256 clock cycles to decrypt a 128-bit block of data. Also the processor supports 192-bit and 256-bit master keys. These performances are 7% in area and 13% in speed improved results from previous cases.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.1
• /
• pp.33-41
• /
• 2012

A differential fault analysis(DFA) is one of the most important side channel attacks on block ciphers. Most block ciphers, such as DES, AES, ARIA, SEED and so on., have been analysed by this attack. PRESENT is a 64-bit block cipher with 80/128-bit secret keys and has a 31-round SP-network. So far, several DFAs on PRESENT have been proposed. These attacks recovered 80, 128-bit secret keys of PRESENT with 8~64 fault injections. respectively. In this paper, we propose an improved DFA on PRESENT-80/128. Our attack can reduce the complexity of exhaustive search of PRESENT-80(resp. 128) to on average 1.7(resp. $2^{22.3}$) with 2(resp. 3) fault injections, From these results, our attack results are superior to known DFAs on PRESENT.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.4
• /
• pp.709-717
• /
• 2012

The round reduction on block cipher is a fault injection attack in which an attacker inserts temporary errors in cryptographic devices and extracts a secret key by reducing the number of operational round. In this paper, we proposed an improved round reduction method to retrieve master keys by injecting a fault during operation of loop statement in the Triple DES. Using laser fault injection experiment, we also verified that the proposed attack could be applied to a pure microprocessor ATmega 128 chip in which the Triple DES algorithm was implemented. Compared with previous attack method which is required 9 faulty-correct cipher text pairs and some exhaustive searches, the proposed one could extract three 56-bit secret keys with just 5 faulty cipher texts.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.6
• /
• pp.1253-1263
• /
• 2012

As a result of the increased popularity of group oriented applications, the design of an efficient authenticated group key agreement protocol has received a lot of attention. Lee et al. proposed a tree-based group key agreement protocol, which applies a ternary key tree structure and pairing-based cryptography to the key agreement of Dynamic Peer Group. In their protocol, only the group sponsor knows all member's session random keys computes all blinded keys. In addition, when the group sponsor leaves a group, all nodes of the tree should be changed. In this paper, we present the modified protocol that has several sponsors. Since a secret value for each member isn't given to the group sponsor, the key renewing of our protocol is more secure and efficient than that of Lee et al.'s protocol in the previous case. Therefore, our protocol is suitable to Dynamic Peer Groups.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.16 no.1
• /
• pp.266-286
• /
• 2022

Public key encryption with keyword search (PEKS) allows a user to make search on ciphertexts without disclosing the information of encrypted messages and keywords. In practice, cryptographic operations often occur on insecure devices or mobile devices. But, these devices face the risk of being lost or stolen. Therefore, the secret keys stored on these devices are likely to be exposed. To handle the key exposure problem in PEKS, the notion of key-updatable PEKS (KU-PEKS) was proposed recently. In KU-PEKS, the users' keys can be updated as the system runs. Nevertheless, the existing KU-PEKS framework has some weaknesses. Firstly, it can't update the keyword ciphertexts on the storage server without leaking keyword information. Secondly, it needs to send the search tokens to the storage server by secure channels. Thirdly, it does not consider the search token security. In this work, a new PEKS framework named key-updatable and ciphertext-sharable PEKS (KU-CS-PEKS) is devised. This novel framework effectively overcomes the weaknesses in KU-PEKS and has the ciphertext sharing function which is not supported by KU-PEKS. The security notions for KU-CS-PEKS are formally defined and then a concrete KU-CS-PEKS scheme is proposed. The security proofs demonstrate that the KU-CS-PEKS scheme guarantees both the keyword ciphertext privacy and the search token privacy. The experimental results and comparisons bear out that the proposed scheme is practicable.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.16 no.9
• /
• pp.3068-3086
• /
• 2022

Digital Forensics is gaining popularity in adjudication of criminal cases as use of electronic gadgets in committing crime has risen. Traditional approach to collecting digital evidence falls short when the disk is encrypted. Encryption keys are often stored in RAM when computer is running. An approach to acquire forensic data from RAM when the computer is shut down is proposed. The approach requires that the investigator immediately cools the RAM and transplant it into a host computer provisioned with a tool developed based on cold boot concept to acquire the RAM image. Observation of data obtained from the acquired image compared to the data loaded into memory shows the RAM chips exhibit some level of remanence which allows their content to persist after shutdown which is contrary to accepted knowledge that RAM loses its content immediately there is power cut. Results from experimental setups conducted with three different RAM chips labeled System A, B and C showed at a reduced temperature of -25C, the content suffered decay of 2.125% in 240 seconds, 0.975% in 120 seconds and 1.225% in 300 seconds respectively. Whereas at operating temperature of 25℃, there was decay of 82.33% in 60 seconds, 80.31% in 60 seconds and 95.27% in 120 seconds respectively. The content of RAM suffered significant decay within two minutes without power supply at operating temperature while at a reduced temperature less than 5% decay was observed. The findings show data can be recovered for forensic evidence even if the culprit shuts down the computer.

• The Korea Journal of Herbology
• /
• v.32 no.2
• /
• pp.33-40
• /
• 2017

Objectives : This study is aimed at establishing the discriminative criteria for Adenophorae Radix (AT; Sasam), Codonopsis Lanceolatae Radix (CL; Yangyu) and Adenophorae Remotiflori Radix (AR; Jeni). Because of confusable publications and the similitude of herb shape, CL and AR have been used as AT in the markets. Methods : We firstly discriminated and confirmed AT, CL and AR through observing the external morphology of original plants. Then, external-internal morphological features of the medicinal herbs were studied. A stereoscope was used to determine macroscopic features of dried herbal medicines and a microscope was conducted to examine internal features with the samples, which were embedded in paraffin and stained. Results : 1. The original plant of CL was discriminated with the stem shape in comparison with others. AT and AR were classified by the leaf position of original plant. 2. In the macroscopic morphological study of medicinal herbs, CL had lumps, which seem like a wart. Also, AT and AR were different in the density of cross section. 3. In the microscopic morphological study of the medicinal herbs, the phloem, fissures and the arrangement of xylem were selected as discriminative criteria for 3 kinds of herbs. With these contents, we suggested the identification keys, including further details. Conclusions : These results, especially identification keys, will be helpful to distinguish 3 kinds of herbs, referred to as a 'Sasam'. Moreover, macroscopic and microscopic methods used in this article would be applicable tools for the discrimination of other herbs.