Yongjin Yeom - Academia.edu (original) (raw)
Papers by Yongjin Yeom
2017 15th Annual Conference on Privacy, Security and Trust (PST), 2017
Recently, NIST has published the second draft of SP 800-90B used for entropy estimations of rando... more Recently, NIST has published the second draft of SP 800-90B used for entropy estimations of random number generators. It is conducted within the framework of a cryptographic module validation program (CMVP) for the entropy source. The official evaluation criteria such as CMVP should be supported by rigorous and theoretical foundations so as to achieve the credibility and reliability of the evaluation process. For the theoretical background of the entropy estimation, it is assumed in SP 800-90B that the distribution of the entropy source is unknown since we cannot obtain an appropriate hypothesis about the distribution of the noise source which is a component of the entropy source. In this case, the nonparametric statistical method is commonly used. The test suite of SP 800-90B is divided into two major steps. The first step is to determine the track, IID(independent and identically distributed) or Non-IID, and the second step is to estimate the entropy of the given source. The permutation tests and additional chi-square tests are used to test IID assumption for entropy source in the first step, and when all tests in the first step are passed, the given source is determined as IID. Depending on whether the given data is determined as IID or Non-IID, the entropy estimation is conducted using different estimators in the second step. In this paper, we concentrate on the additional chi-square tests and analyze them from the view point of the nonparametric statistical method. We find out several defects of the degrees of freedom in the tests of independence for binary and non-binary data. We correct the degrees of freedom based on our analysis, and it solidifies the theoretical basis of SP 800- 90B. Furthermore, we provide some experimental results with the corrected degrees of freedom which show that the corrected tests are more effective.
Advances in Computer Science and Ubiquitous Computing, 2016
Recently NIST has published the second draft document of recommendation for the entropy sources u... more Recently NIST has published the second draft document of recommendation for the entropy sources used for random bit generation. In this document NIST has provided a practical and detailed description about the fact that the min-entropy is closely related to the optimum guessing attack cost. However the argument lacks the mathematical rigour. In this paper we provide an elaborate probabilistic analysis for the relationship between the min-entropy and cost of optimum guessing attack. Moreover we also provide some simulation results in order to investigate the practicality of optimum guessing attack.
The National Institute of Standards and Technology (NIST)is preparing for a new document on recom... more The National Institute of Standards and Technology (NIST)is preparing for a new document on recommendation for the entropy sources used in cryptographic modules. In December 2012, at the random bit generation workshop hosted by NIST, Hagerty and Draper (3) introduced the mathematical background on the methods of estimating min-entropy for entropy sources. We give an elaborate mathematical analysis which was overlooked in (3) particularly on the upper bound for the collision statistic. We also perform an extended simulation results to investigate practical usefulness of the entropy bounds.
The Journal of Korean Institute of Communications and Information Sciences, 2021
The Journal of Korean Institute of Communications and Information Sciences, 2020
Science China Information Sciences, 2020
2017 IEEE Conference on Application, Information and Network Security (AINS), 2017
Ransomware has become a very significant cyber threat. The basic idea of ransomware was presented... more Ransomware has become a very significant cyber threat. The basic idea of ransomware was presented in the form of a cryptovirus in 1995. However, it was considered as merely a conceptual topic since then for over a decade. In 2017, ransomware has become a reality, with several famous cases of ransomware having compromised important computer systems worldwide. For example, the damage caused by CryptoLocker and WannaCry is huge, as well as global. They encrypt victims' files and require user's payment to decrypt them. Because they utilize public key cryptography, the key for recovery cannot be found in the footprint of the ransomware on the victim's system. Therefore, once infected, the system cannot be recovered without paying for restoration. Various methods to deal this threat have been developed by antivirus researchers and experts in network security. However, it is believed that cryptographic defense is infeasible because recovering a victim's files is computationally as difficult as breaking a public key cryptosystem. Quite recently, various approaches to protect the crypto-API of an OS from malicious codes have been proposed. Most ransomware generate encryption keys using the random number generation service provided by the victim's OS. Thus, if a user can control all random numbers generated by the system, then he/she can recover the random numbers used by the ransomware for the encryption key. In this paper, we propose a dynamic ransomware protection method that replaces the random number generator of the OS with a user-defined generator. As the proposed method causes the virus program to generate keys based on the output from the user-defined generator, it is possible to recover an infected file system by reproducing the keys the attacker used to perform the encryption.
Journal of the Korea Institute of Information Security and Cryptology, 2016
The Journal of Korean Institute of Communications and Information Sciences, 2016
The computing power of graphics processing units(GPU) has already surpassed that of CPU and the g... more The computing power of graphics processing units(GPU) has already surpassed that of CPU and the gap between their powers is getting wider. Thus, research on GPGPU which applies GPU to general purpose becomes popular and shows great success especially in the field of parallel data processing. Since the implementation of cryptographic algorithm using GPU was started by Cook et at. in 2005, improved results using graphic libraries such as OpenGL and DirectX have been published. In this paper, we present skills and results of implementing block ciphers using CUDA library announced by NVIDIA in 2007. Also, we discuss a general method converting source codes of block ciphers on CPU to those on GPU. On NVIDIA 8800GTX GPU, the resulting speeds of block cipher AES, ARIA, and DES are 4.5Gbps, 7.0Gbps, and 2.8Gbps, respectively which are faster than the those on CPU.
Integral cryptanalysis and higher order differential attack are chosen(or known) plaintext attack... more Integral cryptanalysis and higher order differential attack are chosen(or known) plaintext attacks on block ciphers. These attacks have been developed independently and become widely used as strong tools to analyze the security of block ciphers. In this paper, basic idea of these attacks including brief historical comments is described. We give some recent applications of integral cryptanalysis on block ciphers such as Camellia and Safer++. Also, we show that integral cryptanalysis can be interpreted as a special case of higher order differential attack.
Advanced Science and Technology Letters, 2014
SAT solver is an algorithm for finding the solution of a given problem by using CNF (Conjunctive ... more SAT solver is an algorithm for finding the solution of a given problem by using CNF (Conjunctive Normal Form). Recently SAT solver studies have focused on the aspect of cryptography. The purpose of this paper is to construct the framework of a parallel SAT solver that can be applied to cryptanalysis. First, we transform an algebraic equation of the reduced AES(Advanced Encryption Standard) into CNF and then, analyze its properties and design a parallel SAT solver for cryptanalysis. Second, we implement a hybrid SAT solver that combines a complete SAT solver and an incomplete SAT solver. minisat-2.2.0 is used by the complete SAT solver and greedy SAT, by the incomplete SAT solver. Finally, we parallelize the hybrid SAT solver using NVIDIA’s CUDA to analyze the CNF of the reduced AES. In conclusion, we have constructed a framework that can develop various SAT solver applied parallelization strategies by using CUDA in the hybrid SAT solver. We will apply to this method for CNFs of small-scale AESs.
Journal of the Korea Institute of Information Security and Cryptology, 2015
Communications in Computer and Information Science, 2012
In modern cryptography, random numbers are widely used for generating encryption keys and establi... more In modern cryptography, random numbers are widely used for generating encryption keys and establishing secure channels. Cryptographic modules generate pseudo random numbers using the initial value called ‘seed’. Accordingly, the security of random numbers depends highly upon that of seed. Usually, seeds are obtained from physical or logical noises generated by mouse, keyboard, and thermal noise. In this paper, it will be shown that random numbers can be generated on GPUs. In fact, race conditions caused by simutaneous memory accesses enable GPUs to generate Gaussian noises which can be used as entropy sources for random number generator in cryptographic modules. After distillation processes, cryptographic random numbers can be extracted.
2008 International Conference on Multimedia and Ubiquitous Engineering (mue 2008), 2008
... (PC-A) (PC-B) CPU Pentium 4 (2.8GHz) Core 2 Duo 6600 Graphic Intel NVIDIA Card 82915G/GV/910G... more ... (PC-A) (PC-B) CPU Pentium 4 (2.8GHz) Core 2 Duo 6600 Graphic Intel NVIDIA Card 82915G/GV/910GL GeForce 8600GTS Type On board Graphic PCIe(×16) Card We select (PC-A) as a minimal model which can run OpenGL barely. ...
Lecture Notes in Computer Science, 2002
2017 15th Annual Conference on Privacy, Security and Trust (PST), 2017
Recently, NIST has published the second draft of SP 800-90B used for entropy estimations of rando... more Recently, NIST has published the second draft of SP 800-90B used for entropy estimations of random number generators. It is conducted within the framework of a cryptographic module validation program (CMVP) for the entropy source. The official evaluation criteria such as CMVP should be supported by rigorous and theoretical foundations so as to achieve the credibility and reliability of the evaluation process. For the theoretical background of the entropy estimation, it is assumed in SP 800-90B that the distribution of the entropy source is unknown since we cannot obtain an appropriate hypothesis about the distribution of the noise source which is a component of the entropy source. In this case, the nonparametric statistical method is commonly used. The test suite of SP 800-90B is divided into two major steps. The first step is to determine the track, IID(independent and identically distributed) or Non-IID, and the second step is to estimate the entropy of the given source. The permutation tests and additional chi-square tests are used to test IID assumption for entropy source in the first step, and when all tests in the first step are passed, the given source is determined as IID. Depending on whether the given data is determined as IID or Non-IID, the entropy estimation is conducted using different estimators in the second step. In this paper, we concentrate on the additional chi-square tests and analyze them from the view point of the nonparametric statistical method. We find out several defects of the degrees of freedom in the tests of independence for binary and non-binary data. We correct the degrees of freedom based on our analysis, and it solidifies the theoretical basis of SP 800- 90B. Furthermore, we provide some experimental results with the corrected degrees of freedom which show that the corrected tests are more effective.
Advances in Computer Science and Ubiquitous Computing, 2016
Recently NIST has published the second draft document of recommendation for the entropy sources u... more Recently NIST has published the second draft document of recommendation for the entropy sources used for random bit generation. In this document NIST has provided a practical and detailed description about the fact that the min-entropy is closely related to the optimum guessing attack cost. However the argument lacks the mathematical rigour. In this paper we provide an elaborate probabilistic analysis for the relationship between the min-entropy and cost of optimum guessing attack. Moreover we also provide some simulation results in order to investigate the practicality of optimum guessing attack.
The National Institute of Standards and Technology (NIST)is preparing for a new document on recom... more The National Institute of Standards and Technology (NIST)is preparing for a new document on recommendation for the entropy sources used in cryptographic modules. In December 2012, at the random bit generation workshop hosted by NIST, Hagerty and Draper (3) introduced the mathematical background on the methods of estimating min-entropy for entropy sources. We give an elaborate mathematical analysis which was overlooked in (3) particularly on the upper bound for the collision statistic. We also perform an extended simulation results to investigate practical usefulness of the entropy bounds.
The Journal of Korean Institute of Communications and Information Sciences, 2021
The Journal of Korean Institute of Communications and Information Sciences, 2020
Science China Information Sciences, 2020
2017 IEEE Conference on Application, Information and Network Security (AINS), 2017
Ransomware has become a very significant cyber threat. The basic idea of ransomware was presented... more Ransomware has become a very significant cyber threat. The basic idea of ransomware was presented in the form of a cryptovirus in 1995. However, it was considered as merely a conceptual topic since then for over a decade. In 2017, ransomware has become a reality, with several famous cases of ransomware having compromised important computer systems worldwide. For example, the damage caused by CryptoLocker and WannaCry is huge, as well as global. They encrypt victims' files and require user's payment to decrypt them. Because they utilize public key cryptography, the key for recovery cannot be found in the footprint of the ransomware on the victim's system. Therefore, once infected, the system cannot be recovered without paying for restoration. Various methods to deal this threat have been developed by antivirus researchers and experts in network security. However, it is believed that cryptographic defense is infeasible because recovering a victim's files is computationally as difficult as breaking a public key cryptosystem. Quite recently, various approaches to protect the crypto-API of an OS from malicious codes have been proposed. Most ransomware generate encryption keys using the random number generation service provided by the victim's OS. Thus, if a user can control all random numbers generated by the system, then he/she can recover the random numbers used by the ransomware for the encryption key. In this paper, we propose a dynamic ransomware protection method that replaces the random number generator of the OS with a user-defined generator. As the proposed method causes the virus program to generate keys based on the output from the user-defined generator, it is possible to recover an infected file system by reproducing the keys the attacker used to perform the encryption.
Journal of the Korea Institute of Information Security and Cryptology, 2016
The Journal of Korean Institute of Communications and Information Sciences, 2016
The computing power of graphics processing units(GPU) has already surpassed that of CPU and the g... more The computing power of graphics processing units(GPU) has already surpassed that of CPU and the gap between their powers is getting wider. Thus, research on GPGPU which applies GPU to general purpose becomes popular and shows great success especially in the field of parallel data processing. Since the implementation of cryptographic algorithm using GPU was started by Cook et at. in 2005, improved results using graphic libraries such as OpenGL and DirectX have been published. In this paper, we present skills and results of implementing block ciphers using CUDA library announced by NVIDIA in 2007. Also, we discuss a general method converting source codes of block ciphers on CPU to those on GPU. On NVIDIA 8800GTX GPU, the resulting speeds of block cipher AES, ARIA, and DES are 4.5Gbps, 7.0Gbps, and 2.8Gbps, respectively which are faster than the those on CPU.
Integral cryptanalysis and higher order differential attack are chosen(or known) plaintext attack... more Integral cryptanalysis and higher order differential attack are chosen(or known) plaintext attacks on block ciphers. These attacks have been developed independently and become widely used as strong tools to analyze the security of block ciphers. In this paper, basic idea of these attacks including brief historical comments is described. We give some recent applications of integral cryptanalysis on block ciphers such as Camellia and Safer++. Also, we show that integral cryptanalysis can be interpreted as a special case of higher order differential attack.
Advanced Science and Technology Letters, 2014
SAT solver is an algorithm for finding the solution of a given problem by using CNF (Conjunctive ... more SAT solver is an algorithm for finding the solution of a given problem by using CNF (Conjunctive Normal Form). Recently SAT solver studies have focused on the aspect of cryptography. The purpose of this paper is to construct the framework of a parallel SAT solver that can be applied to cryptanalysis. First, we transform an algebraic equation of the reduced AES(Advanced Encryption Standard) into CNF and then, analyze its properties and design a parallel SAT solver for cryptanalysis. Second, we implement a hybrid SAT solver that combines a complete SAT solver and an incomplete SAT solver. minisat-2.2.0 is used by the complete SAT solver and greedy SAT, by the incomplete SAT solver. Finally, we parallelize the hybrid SAT solver using NVIDIA’s CUDA to analyze the CNF of the reduced AES. In conclusion, we have constructed a framework that can develop various SAT solver applied parallelization strategies by using CUDA in the hybrid SAT solver. We will apply to this method for CNFs of small-scale AESs.
Journal of the Korea Institute of Information Security and Cryptology, 2015
Communications in Computer and Information Science, 2012
In modern cryptography, random numbers are widely used for generating encryption keys and establi... more In modern cryptography, random numbers are widely used for generating encryption keys and establishing secure channels. Cryptographic modules generate pseudo random numbers using the initial value called ‘seed’. Accordingly, the security of random numbers depends highly upon that of seed. Usually, seeds are obtained from physical or logical noises generated by mouse, keyboard, and thermal noise. In this paper, it will be shown that random numbers can be generated on GPUs. In fact, race conditions caused by simutaneous memory accesses enable GPUs to generate Gaussian noises which can be used as entropy sources for random number generator in cryptographic modules. After distillation processes, cryptographic random numbers can be extracted.
2008 International Conference on Multimedia and Ubiquitous Engineering (mue 2008), 2008
... (PC-A) (PC-B) CPU Pentium 4 (2.8GHz) Core 2 Duo 6600 Graphic Intel NVIDIA Card 82915G/GV/910G... more ... (PC-A) (PC-B) CPU Pentium 4 (2.8GHz) Core 2 Duo 6600 Graphic Intel NVIDIA Card 82915G/GV/910GL GeForce 8600GTS Type On board Graphic PCIe(×16) Card We select (PC-A) as a minimal model which can run OpenGL barely. ...
Lecture Notes in Computer Science, 2002