Kyo Il Chung

New security problem in RFID systems “tag killing”

Radio frequency identification systems based on low-cost computing devices is the new plaything that every company would like to adopt. The biggest challenge for RFID technology is to provide benefits without threatening the privacy of consumers. Using cryptographic primitives to thwart RFID security problems is an approach which has been explored for several years. In this paper, we introduce a new security problem called as Tag Killing which aims to wipe out the functioning of the system, e.g., denial of service attacks. We analyze several well-known RFID protocols which are considered as good solutions with Tag Killing adversary model and we show that most of them have weaknesses and are vulnerable to it.

SPA countermeasure based on unsigned left-to-right recodings

Vuillaume-Okeya presented unsigned recoding methods for protecting modular exponentiations against side channel attacks, which are suitable for tamper-resistant implementations of RSA or DSA which does not benefit from cheap inversions. This paper describes new recoding methods for producing SPA-resistant unsigned representations which are scanned from left to right (i.e., from the most significant digit to the least significant digit) contrary to the previous ones. Our contributions are as follows; (1) SPAresistant unsigned left-to-right recoding with general width-w, (2) special case when w = 1, i.e., unsigned binary representation using the digit set {1, 2}. These methods reduce the memory required to perform the modular exponentiation gk.

Secure signed radix-r recoding methods for constrained-embedded devices

This paper presents two recoding methods for a radix-r representation of a secret scalar which are resistant to SPA. These recoding methods are left-to-right so they can be interleaved with a left-to-right scalar multiplication, removing the need to store both a scalar and its recoding. Next, we show the ideas of left-to-right recoding for a radix-r representation lead to simplified recoding methods for a binary representation. In general our proposed algorithms asymptotically require additional (w + 1)-digit and w-bit of RAM in the case of width-w radix-r representation and a special case when r = 2, respectively, which is independent from the digit (bit) size n of the scalar and considerably reduces the required space comparing with previous methods which require n-digit (bit) of RAM additional memory to store the recoded scalar. Consequently, thanks to its left-to-right nature, the scalar multiplication based on it is by far more convenient with respect to memory consumption.

Implementation of 10 Giga VPN accelerator board

This paper proposes a VPN accelerator board (VPN-AB), a virtual private network (VPN) protocol designed for trust channel security system (TCSS). The TCSS supports safety communication channel between security nodes in Internet. It furnishes authentication, confidentiality, integrity, and access control to the security node to transmit data packets with IPsec protocol. TCSS consists of Internet key exchange block, and security association block, IPsec engine block. The Internet key exchange block negotiates crypto algorithm and key used in IPsec engine block. Security association blocks setting-up and manages security association information. IPsec engine block treats IPsec packets and consists of networking functions for communication. The IPsec engine block should be embodied by HAV and in-line mode transaction for high speed IPsec processing. Our VPN-AB is implemented with high speed security processor that supports many cryptographic algorithms and in-line mode. We evaluate a small TCSS communication environment, and measure a performance of VPN-AB in the environment. The experiment results show that VPN-AB gets a performance throughput of maximum 15.645 Gbps when we set the IPsec protocol with 3DES-HMAC-MD5 tunnel mode

Collision attack on XTR and a countermeasure with a fixed pattern

Recently, XTR is considered as one of good candidates for more energy efficient cryptosystems. Among the family of XTR algorithms, the Improved XTR Single Exponentiation (XTR-ISE) is the most efficient one suitable for ubiquitous computer. Even though the security of such devices against side channel attacks is very dangerous, there are few works on side channel attacks against XTR-ISE. In this paper we propose a new collision attack on XTR-ISE. The analysis complexity of the proposed one is about 240 where the key size is 160-bit, which is 55% improvement from the previously best known analysis of Page-Stam. We also propose a novel countermeasure using a fixed pattern which is secure against SPA. In the sense of both efficiency and security the proposed countermeasure is the best one among the previous countermeasures- it is about 30% faster.

IPS/UMS/WNGS/MUS 2008 Workshop Message from the Workshop Organizers MUE 2008

It is a great pleasure to welcome you to the 2008 IPS/UMS/WNGS/MUS workshop held in conjunction with the International Conference on Multimedia and Ubiquitous Engineering (MUE2008), Hanwha Resort Haeundae, Busan, Korea. The workshop covers topics on ubiquitous multimedia services and security in ubiquitous multimedia systems. All the submitted papers have undergone rigorous review process by the technical program committee members and external reviewers. We have selected 17 best papers for presentation and publication in the conference proceedings.