SeoulTech UCS Lab 2014-1 st 현대암호학 Ubi-RKE: A Rhythm Key based Encryption Scheme for Ubiquitous Devices 임형진 Email: dlaudwls90@gmail.com
1. Introduce 2. Related Works 2.1 Core Technologies 2.2 Existing Research 2.3 Security Threats and Consideration 3. Proposed Scheme 4. Conclusion 2
Introduce 3
1. Introduce - 무선네트워크의발달로인하여언제어디서나네트워크의사용이가능해짐 - 다양한유비쿼터스디바이스가계속해서생산및연구되고있음 4
1.Introduce 분실, 도난, 변조, 도청과같은다양한보안위협이존재함. 위와같은취약점으로부터데이터를보호하기위해데이터암호화를해야함. 본논문에서는유비쿼터스장치를위한리듬키기반의암호화기법을제안한다. 강력한암호화를제공함과동시에사용자에게더큰편의를줌. 5
Related Work 6
Core Technologies Advanced Encryption Standard(AES Algorithm) 128bit 의평문을암호화하는블록암호화알고리즘 강력한암호화를제공하기위해 AES 암호화를사용함 128, 192, 256 비트로써데이터의중요성에비례해서제공가능 Hash function 주어진암호문을고정길이의난수를생성하는함수 데이터의변조여부를확인하기위해사용함 7
Existing Research Abusukhon et al 랜덤으로키값 (RGB 값 ) 을생성하고이를통해암호화를수행함 Dutta et al 평문을암호화하여연속된음표로표현하는알고리즘을제안함 Kelsey et al 의사난수생성기의취약점에대해논의함 Wobbrock TapSongs 이라불리는바이너리센서를사용하여사용자의리듬을인식하여인증할수있는기술을제안함 Monrose et al 키보드를입력할때의패턴을저장하는알고리즘을제안함 이를이용하여암호화, 인증등으로사용할수있음을제안함 8
Security Threats and Considerations(1/3) Security Threats Security Threat Malware Loss Description Malware can infect ubiquitous devices through e-mails, web sites, and malicious files, etc. Users of infected devices can experience undesired effects, security breaches, and/or damage to the device. Loss of a ubiquitous device is equivalent to loss of all information stored on the device. The ubiquitous device can end up in wrong hands and unauthorized users can access, misuse, and disclose the contents stored on the device. 9
Security Threats and Considerations(2/3) Security Threats Security Threat Sniffing Unauthorized Information Access Description Ubiquitous devices use a wireless communication method such as 3G, 4G, Bluetooth, Wi-Fi etc. Users can connect to public area wireless networks and private wireless networks to communicate between devices and networks. This means that users have a potential risk of information leakage from an attacker seeking to access the data. Users install many applications on ubiquitous devices. We cannot check every piece of data inside and outside a network for every application. Recovery of leaked data is difficult, even if the leak is through the network. 10
Security Threats and Considerations(3/3) Security Consideration Security Consideration Data Confidentiality Data Integrity Device Availability Description Ubiquitous devices use wireless communication to access network services. Attackers attempt data sniffing and data modification at that time. A security technique is required to protect the device from sniffing and modification and ensure data confidentiality. The receiver of a data communication must verify whether the received message has been modified since it was sent. Data integrity has been protected if the received message is pure. Therefore, technologies such as hash functions are required to ensure the data integrity of received messages. Most portable devices use a battery for power. The user cannot perform any task on the device if the battery is exhausted. Therefore, minimizing battery drain is an important function on these devices. We should consider mobile device-optimized methods to ensure availability. 11
Proposed Scheme 12
Key Generation(1/2) 13
Key Generation(2/2) 14
Encryption and Decryption(1/2) Plain Text Encryption 15
Encryption and Decryption(2/2) Cipher Text Decryption 16
Analysis(1/3) The Set of values usable as key m 은체크사이클의시간을의미한다 ( 단위 :ms) n 은화면분할개수를의미한다. t 는시간의흐름을의미한다. 17
Analysis(2/3) Key Memorability 리듬은행동지식기반이므로상대적으로키의기억용이성이크다. Cipher Strength 암호강도는암호화알고리즘을알고있는암호공격자가키혹은평문을알아내고자했을때의노력의정도를의미함 검증된암호화알고리즘을사용함으로써암호강도가강하다 File Independence 암호화복호화과정에서파일의필요유무를나타내는성질 제안하는스킴은파일에대해독립적인성질을갖고있다. 18
Analysis(3/3) Ubiquitous Device Availability 이는유비쿼터스디바이스의특징을활용하여암호화를수행할수있는성질을의미함 유비쿼터스디바이스의스크린만을이용하여암복호화키를생성할수있다. 19
Comparison Analysis Classification The set of values usable as a key Abusukhon et al. [6]. Dutta et al. [7]. Proposed Scheme O O O Key Memorability X X O Cipher Strength O File Independence X X O Ubiquitous Device Availability O 20
Conclusion 제안하는스킴은키의기억용이성과강한암호화를제공하는리듬키기반의암호화스킴이다. 사용자가나타낼수있는리듬은아주큰집합을갖고있으므로이를활용할수있는새로운어플리케이션에대한연구가지속적으로이루어져야할것이다. 유비쿼터스의배터리를고려하여더욱가벼운암호화스킴에대한연구또한지속적으로필요하다. 21
Reference SINGH, Simar Preet; MAINI, Raman. Comparison of data encryption algorithms.international Journal of Computer Science and Communication, 2011, 2.1: pp125-127. Chang, Ting-Yi, Yu-Ju Yang, and Chun-Cheng Peng. "A personalized rhythm click-based authentication system." Information Management & Computer Security 18.2 (2010): pp72-85. Mohammed Abutaha, Mousa Farajallah, Radwan Tahboub & Mohammad Odeh. Survey Paper: Cryptography Is The Science Of Information Security International Journal of Computer Science and Security (IJCSS), Volume (5) : Issue (3) : 2011 pp298-308 Abusukhon, Ahmad, Mohamad Talib, and Issa Ottoum. "Secure Network Communication Based on Text-to-Image Encryption." International Journal of Cyber-Security and Digital Forensics (IJCSDF) 1.4 (2012): PP263-271. Dutta, Sandip, Chandan Kumar, and Soubhik Chakraborty. "A Symmetric Key Algorithm for Cryptography using Music." International Journal of Engineering & Technology (0975-4024) vol5.no3 (2013)pp3109-3115. Kumar, M. Kiran, S. Mukthyar Azam, and Shaik Rasool. "Efficient digital encryption algorithm based on matrix scrambling technique." (2010).pp30-41 Wobbrock, Jacob Otto. "TapSongs: tapping rhythm-based passwords on a single binary sensor." Proceedings of the 22nd annual ACM symposium on User interface software and technology. ACM, 2009 pp93-96 Monrose, Fabian, Michael K. Reiter, and Susanne Wetzel. "Password hardening based on keystroke dynamics." International Journal of Information Security 1.2 (2002): pp69-83. CHANG, Ting-Yi; YANG, Yu-Ju; PENG, Chun-Cheng. A personalized rhythm click-based authentication system. Information Management & Computer Security, 2010, 18.2: pp72-85. 22
Q & A 23
Thank You! 24