Security Evaluation Criteria for Firewalls in Kirea

Lee, Cheol-Won,Hong, Ki-Yoong,Kim, Hak-Beom,Oh, Kyeong-Hee,Kwon, Hyun-Jo,Sim, Joo-Geol Korea Institute of Information Security and Crypto 1998 정보보호학회논문지 Vol.8 No.3

Recently, to use the evaluated firewall is recognized as a solution to achieve the security and reliability for government and organizarions in Korea. Results of firewall evaluation using ITSEC(Information Technology Security Evaluation Criteria) and CCPP(Common Criteria Protection Peofile)have been announced. Because there are problems to apply ITSECor CCPP for the firewall evaluation in korea environment, korea government and korea Information security Agency (KISA) decided to develop our own security dvaluation critrtia fir firewalls.As a result of the efforts, Korea firewall security evaluation criteria has been published on Feb. 1998. In this paper, we introduce Korea security evaluation criteria for firewalls. The ceiteria consists of functional and assurance requirements that are compatible with CC Evaluation Assurance Levels(EALs)

Memorablity and Security of Different Passphrase Generation Methods

우 사이먼,Woo, Simon S.,Mirkovic, Jelena Korea Institute of Information Security and Crypto 2018 情報保護學會誌 Vol.28 No.1

Passphrases are considered to be more secure than passwords since they are longer than passwords. However, users choose predictable word patterns and common phrases to make passphrases memorable, which in turn significantly lowers security. While random passphrases appear to be stronger, surprisingly they are neither strong nor memorable. In this paper, we present the latest passphrase research, and introduce a new way to create a passphrase using mnemonics. Passphrase generation using mnemonics shows promising results in improving both strength and memorability.

Security Analysis of Cryptographic Protocols Based on Trusted Freshness

Chen, Kefei,Dong, Ling,Lai, Xuejia Korea Institute of Information Security and Crypto 2008 정보보호학회논문지 Vol.18 No.b6

A novel idea of protocol security analysis is presented based on trusted freshness. The idea has been implemented not only by hand but also by a belief muitisets formalism for automation. The key of the security analysis based on trusted freshness is a freshness principle: for each participant of a cryptographic protocol, the security of the protocol depends only on the sent or received one-way transformation of a message, which includes a trusted freshness. The manual security analysis method and the belief multisets formalism are all established on the basis of the freshness principle. Security analysis based on trusted freshness can efficiently distinguish whether a message is fresh or not, and the analysis results suggest the correctness of a protocol convincingly or the way to construct attacks intuitively from the absence of security properties. Furthermore, the security analysis based on trusted freshness is independent of the idealization of a protocol, the concrete formalization of attackers' possible behaviors, and the formalization of concurrent runs of protocols.

Survey on Security in Wireless Sensor

Li, Zhijun,Gong, Guang Korea Institute of Information Security and Crypto 2008 정보보호학회논문지 Vol.18 No.b6

Advances in electronics and wireless communication technologies have enabled the development of large-scale wireless sensor networks (WSNs). There are numerous applications for wireless sensor networks, and security is vital for many of them. However, WSNs suffer from many constraints, including low computation capability, small memory, limited energy resources, susceptibility to physical capture, and the lack of infrastructure, all of which impose unique security challenges and make innovative approaches desirable. In this paper, we present a survey on security issues in wireless sensor networks. We address several network models for security protocols in WSNs, and explore the state of the art in research on the key distribution and management schemes, typical attacks and corresponding countermeasures, entity and message authentication protocols, security data aggregation, and privacy. In addition, we discuss some directions of future work.

Improving Varying-Pseudonym-Based RFID Authentication Protocols to Resist Denial-of-Service Attacks

Chien, Hung-Yu,Wu, Tzong-Chen Korea Institute of Information Security and Crypto 2008 정보보호학회논문지 Vol.18 No.b6

Applying Varying Pseudonym (VP) to design of Radio Frequency Identification (RFID) authentication protocol outperforms the other existing approaches in several respects. However, this approach is prone to the well-known denial-ofservice (DOS) attack. In this paper, we examine the de-synchronization problems of VP-based RFID authentication protocols, and propose effective solutions to eliminate such weaknesses. We shall show that the proposed solutions indeed improve the security for these protocols, and moreover, these solutions require 0(1) computational cost for identitying a tag and 0(1) key space on the tag. These excellent performances make them very attractive to many RFID applications.

Introduction to Leakage-Resilient Authenticated Key Exchange Protocols and Their Applications

Imai, Hideki,Shin, Seong-Han,Kobara, Kazukuni Korea Institute of Information Security and Crypto 2008 정보보호학회논문지 Vol.18 No.b6

Secure channels, indispensable to many applications, can be established by using an authenticated key exchange (AKE) protocol where the involving parties authenticate one another and then share authenticated session keys over insecure networks. In this paper, we introduce a new type of AKE protocols that are especially designed to minimize the damages caused by leakages of stored secrets. Such protocols are called Leakage-Resilient AKE (LR-AKE) protocols, whose motivation, design principles, several constructions, security analysis and applications are explained in detail.

Cyber Security Approaches for Industrial Control Networks

Dillabaugh, Craig,Nandy, Biswajit,Seddigh, Nabil,Wong, Kevin,Lee, Byoung-Joon (BJ) Korea Institute of Information Security and Crypto 2016 情報保護學會誌 Vol.26 No.6

Critical infrastructure (CI) such as the electrical grid, transportation systems and water resource systems are controlled by Industrial Control and SCADA (Supervisory Control and Data Acquisition) networks. During the last few years, cyber attackers have increasingly targeted such CI systems. This is of great concern because successful attacks have wide ranging impact and can cause widespread destruction and loss of life. As a result, there is a critical requirement to develop enhanced algorithms and tools to detect cyber threats for SCADA networks. Such tools have key differences with the tools utilized to detect cyber threats in regular IT networks. This paper discusses key factors which differentiate network security for SCADA networks versus regular IT networks. The paper also presents various approaches used for SCADA security and some of the advancements in the area.

Public key broadcast encryption scheme using new converting method

Jho, Nam-Su,Yoo, Eun-Sun,Rhee, Man-Young Korea Institute of Information Security and Crypto 2008 정보보호학회논문지 Vol.18 No.b6

Broadcast encryption is a cryptographical primitive which is designed for a content provider to distribute contents to only privileged qualifying users through an insecure channel. Anyone who knows public keys can distribute contents by means of public key broadcast encryption whose technique can also be applicable to many other applications. In order to design public key broadcast encryption scheme, it should devise some methods that convert a broadcast encryption scheme based on symmetric key cryptosystem to a public key broadcast encryption. Up to this point, broadcast encryption scheme on trial for converting from symmetric key setting to asymmetric public key setting has been attempted by employing the Hierarchical Identity Based Encryption (HIBE) technique. However, this converting method is not optimal because some of the properties of HIBE are not quite fitting for public key broadcast schemes. In this paper, we proposed new converting method and an efficient public key broadcast encryption scheme Pub-PI which is obtained by adapting the new converting method to the PI scheme [10]. The transmission overhead of the Pub-PI is approximately 3r, where r is the number of revoked users. The storage size of Pub-PI is O($c^2$), where c is a system parameter of PI and the computation cost is 2 pairing computations.

An Improved One Round Authenticated Group Key Agreement

김호희,김순자,Kim, Ho-Hee,Kim, Soon-Ja Korea Institute of Information Security and Crypto 2013 정보보호학회논문지 Vol.23 No.1

많은 인증 키 합의 프로토콜이 제안되어 왔다. 여전히 안전한 인증키 합의 프로토콜을 설계하는 것이 이슈화되고 있다. 이 논문에서는, 전형적인 ID 기반의 암호화 시스템의 공개키와 개인키 뿐 아니라 하나 더 많은 공개키와 개인키를 사용하는 원 라운드 인증 그룹키 합의 프로토콜을 제안한다. 제안된 프로토콜은 Shi et al. 프로토콜과 He et al. 프로토콜을 수정 보완하였다. 제안된 프로토콜의 공개키 개인키와 서명 과정은 그들의 프로토콜보다 단순하다. 제안한 프로토콜은 안전하며, 통신과 계산 비용 면에서 그들의 프로토콜보다 더 효율적이다. Several identity-based and authenticated key agreement protocols have been proposed. It remains at issue to design secure identity based and authenticated key agreement protocols. In this paper, we propose a one round authenticated group key agreement protocol which uses one more key pair as well as the public key and private key of typical IBE(Identity-Based Encryption) system. The proposed protocol modified Shi et al.'s protocol and He et al.'s protocol. The public and private keys and the signature process of our protocol are simpler than them of their protocols. Our protocol is secure and more efficient than their protocols in communication and computation costs.

Invited Speech at ICSS 2007 Generation of Session, Authentication, and Encryption Keys for CDMA2000 1x EV-DO Air Interface Standard

이만영,Rhee, Man-Young Korea Institute of Information Security and Crypto 2007 情報保護學會誌 Vol.17 No.2

The air interface supports a security layer which provides the key exchange protocol, authentication protocol, and encryption protocol. The authentication is performed on the encryption protocol packet. The authentication protocol header or trailer may contain the digital signature that is used to authenticate a portion of the authentication protocol packet that is authenticated. The encryption protocol may add a trailer to hide the actual length of the plaintext of padding to be used by the encryption algorithm. The encryption protocol header may contain variables such as the initialization vector (IV) to be used by the encryption protocol. It is our aim to firstly compute the session key created from the D H key exchange algorithm, and thereof the authenticating key and the encryption key being generated from the session key.