New Hardware Architecture for Multiplication over <i>GF</i> (2^<i>m</i>) and Comparisons with Normal and Polynomial Basis Multipliers for Elliptic Curve Cryptography

KWON, Soonhak,KWON, Taekyoung,PARK, Young-Ho The Institute of Electronics, Information and Comm 2008 IEICE transactions on fundamentals of electronics, Vol.91 No.1

<P>We propose a new linear array for multiplication in <I>GF</I> (2<SUP><I>m</I></SUP>) which outperforms most of the existing linear multipliers in terms of the area and time complexity. Moreover we will give a very detailed comparison of our array with other existing architectures for the five binary fields <I>GF</I> (2<SUP><I>m</I></SUP>), <I>m</I>=163,233,283,409,571, recommended by NIST for elliptic curve cryptography.</P>

Secure and Efficient Broadcast Authentication in Wireless Sensor Networks

Taekyoung Kwon,Jin Hong IEEE 2010 IEEE Transactions on Computers Vol.59 No.8

<P>Authenticated broadcast, enabling a base station to send commands and requests to low-powered sensor nodes in an authentic manner, is one of the core challenges for securing wireless sensor networks. μTESLA and its multilevel variants based on delayed exposure of one-way chains are well known valuable broadcast authentication schemes, but concerns still remain for their practical application. To use these schemes on resource-limited sensor nodes, a 64-bit key chain is desirable for efficiency, but care must be taken. We will first show, by both theoretical analysis and rigorous experiments on real sensor nodes, that if μTESLA is implemented in a raw form with 64-bit key chains, some of the future keys can be discovered through time-memory-data-tradeoff techniques. We will then present an extendable broadcast authentication scheme called X-TESLA, as a new member of the TESLA family, to remedy the fact that previous schemes do not consider problems arising from sleep modes, network failures, idle sessions, as well as the time-memory-data tradeoff risk, and to reduce their high cost of countering DoS attacks. In X-TESLA, two levels of chains that have distinct intervals and cross-authenticate each other are used. This allows the short key chains to continue indefinitely and makes new interesting strategies and management methods possible, significantly reducing unnecessary computation and buffer occupation, and leads to efficient solutions to the raised problems.</P>

Drag-and-type: a new method for typing with virtual keyboards on small touchscreens

Taekyoung Kwon,Sarang Na,Sang-ho Park IEEE 2014 IEEE TRANSACTIONS ON CONSUMER ELECTRONICS - Vol.60 No.1

<P>Small touchscreens are widely used in consumer electronics, such as smartphones and mobile electronic devices. However, typing on the small touchscreen is still worth studying. In fact, smartphone users are experiencing difficulties and also many errors in typing alphanumeric keys with their thumbs because a small virtual keyboard even with the reduced set of touchable keys can only provide tiny size keys to the users. This paper studies a new style of typing method called Drag-and-Type, which leverages the dragging action instead of direct tapping on the touchscreen to ease more accurate typing on the small virtual keyboard. Although the typing speed is controversial, the consumers can choose this method when an accurate typing is more required, for example, for a password entry that is quite more sensitive to erroneous key inputs. In that sense, the proposed method is further explored to the extension called Secure Drag-and-Type for securing the password entry against shoulder-surfing and spyware attacks under the Drag-and- Type paradigm. In the user study, it was found that the proposed method could be used for secure and accurate password entry on the small touchscreen regarding the security-sensitive consumer electronics applications.</P>

Touch pointer: rethink point-and-click for accurate indirect touch interactions on small touchscreens

Taekyoung Kwon,Sarang Na,Sooyeon Shin IEEE 2014 IEEE transactions on consumer electronics Vol.60 No.3

<P>The increasing video resolution of handheld devices such as smartphones makes it harder for users to accurately touch a tiny item on a small touchscreen without conducting pinch-to-zoom and correction actions. To deal with this problem, an offset-free point-and-click mechanism is proposed in this paper. The touch pointer implemented in dual layers allows the user to accurately touch tiny items and perform additional actions such as scrolling, zooming, and copy-and-paste. The user study shows that the touch pointer is accurate and also eminently usable on small touchscreens.</P>

Biometric Authentication for Border Control Applications

Taekyoung Kwon,Hyeonjoon Moon IEEE 2008 IEEE TRANSACTIONS ON KNOWLEDGE AND DATA ENGINEERIN Vol.20 No.8

<P>We propose an authentication methodology that combines multimodal biometrics and cryptographic mechanisms for border control applications. We accommodate faces and fingerprints without a mandatory requirement of (tamper-resistant) smart-card-level devices on e-passports for easier deployment. It is even allowable to imprint (publicly readable) bar codes on the passports. Additionally, we present a solution based on the certification and key management method to control the validity of passports within the current Public-Key Infrastructure (PKI) technology paradigm.</P>

Covert Attentional Shoulder Surfing: Human Adversaries Are More Powerful Than Expected

Taekyoung Kwon,Sooyeon Shin,Sarang Na IEEE 2014 IEEE transactions on systems, man, and cybernetics Vol.44 No.6

<P>When a user interacts with a computing system to enter a secret password, shoulder surfing attacks are of great concern. To cope with this problem, previous methods presumed limited cognitive capabilities of a human adversary as a deterrent, but there was a pitfall with the assumption. In this paper, we show that human adversaries, even without a recording device, can be more effective at eavesdropping than expected, in particular by employing cognitive strategies and by training themselves. Our novel approach called covert attentional shoulder surfing indeed can break the well known PIN entry method previously evaluated to be secure against shoulder surfing. Another contribution in this paper is the formal modeling approach by adapting the predictive human performance modeling tool for security analysis and improvement. We also devise a defense technique in the modeling paradigm to deteriorate severely the perceptual performance of the adversaries while preserving that of the user. To the best of our knowledge, this is the first work to model and defend the new form of attack through human performance modeling. Real attack experiments and user studies are also conducted.</P>

Location-based pairwise key predistribution for wireless sensor networks

Taekyoung Kwon,Jonghyup Lee,Jooseok Song IEEE 2009 IEEE TRANSACTIONS ON WIRELESS COMMUNICATIONS Vol.8 No.11

<P>A practical pairwise key distribution scheme is necessary for wireless sensor networks since sensor nodes are susceptible to physical capture and constrained in their resources. In this paper, we investigate a simple and practical scheme that achieves higher connectivities and perfect resilience with less resources, even in case of deployment errors.</P>

Analysis and Improvement of a PIN-Entry Method Resilient to Shoulder-Surfing and Recording Attacks

Taekyoung Kwon,Jin Hong IEEE 2015 IEEE transactions on information forensics and sec Vol.10 No.2

<P>Devising a user authentication scheme based on personal identification numbers (PINs) that is both secure and practically usable is a challenging problem. The greatest difficulty lies with the susceptibility of the PIN entry process to direct observational attacks, such as human shoulder-surfing and camera-based recording. This paper starts with an examination of a previous attempt at solving the PIN entry problem, which was based on an elegant adaptive black-and-white coloring of the 10-digit keypad in the standard layout. Even though the method required uncomfortably many user inputs, it had the merit of being easy to understand and use. Our analysis that takes both the experimental and theoretical approaches reveals multiple serious shortcomings of the previous method, including round redundancy, unbalanced key presses, highly frequent system errors, and insufficient resilience to recording attacks. The lessons learned through our analysis are then used to improve the black-and-white PIN entry scheme. The new scheme has the remarkable property of resisting camera-based recording attacks over an unlimited number of authentication sessions without leaking any of the PIN digits.</P>

공개키 기반 구조에 기반한 익명게시판 기술 현황

권태경(Taekyoung Kwon),박해룡(Haeryong Park),이철수(Chulsoo Lee) 한국정보보호학회 2004 情報保護學會誌 Vol.14 No.6

인터넷 게시판에서 실명을 사용할 경우 자유로운 토론이 어려우며 사용자 프라이버시를 침해할 우려가 있는 반면, 가명을 사용할 경우 자유로운 토론은 가능하지만 오히려 상호 비방이나 유언비어 등의 부작용이 있을 수 있다. 따라서 기본적으로는 가명을 이용해서 포스팅하도록 허용하지만, 필요한 경우 분산된 여러 개체간의 합의에 의해서 조건부 실명 복원(혹은 다른 말로 조건부 추적)이 가능한 게시판이 구현된다면 매우 유용할 것이다. 그러나 기존 체계에서 가명만을 이용하여 조건부 추적 가능한 익명성을 제공하기란 쉽지 않다. 또한 현존하는 익명성 제공 기법들을 기존의 인증 체계나 인증서 체계에서 수용하기는 매우 어렵다. 본 논문에서는 이와 같이 인터넷 게시판에서 익명성을 제공할 수 있는 기술들을 간략히 살펴보고, 특히 기존의 공개키기반구조, 즉 X.509 인증서 체계를 이용하여 익명게시판을 구현할 수 있는 기술에 대해서 소개하도록 한다.

암호프로토콜 논리성 자동 검증에 관한 연구

권태경(Taekyoung Kwon),양숙현(Sookhyun Yang),김승주(Seungjoo Kim),임선간(Seongan Lim) 한국정보보호학회 2003 정보보호학회논문지 Vol.13 No.1