• Title/Summary/Keyword: 원격 사용자 인증

Search Result 171, Processing Time 0.024 seconds

Secure Based Remote User Authentication From Off-line Password Guessing Attack (오프라인 패스워드 추측 공격으로부터 안전한 원격 사용자 인증 기법)

  • Go, Sung-Jong;Lee, Im-Yeong
    • Proceedings of the Korea Information Processing Society Conference
    • /
    • 2013.11a
    • /
    • pp.691-694
    • /
    • 2013
  • 최근 네트워크 기술의 급속한 발전과 함께 사람들은 인터넷을 통해 다양한 서비스를 이용할 수 있다. 이러한 인터넷 환경에서 이용되는 기존 패스워드 기반의 사용자 인증은 패스워드 테이블은 요구하게 되고 패스워드 테이블 노출로 발생할 수 있는 위협들이 존재한다. 원격 사용자 인증 방식은 원격 사용자 인증 방식은 사용자의 패스워드 테이블은 요구하지 않는 인증 방식으로 스마트카드를 이용한 원격 사용자 인증에 대한 다양한 연구들이 진행되었다. 하지만, 스마트카드를 이용한 원격 사용자 인증은 통신상의 위협뿐만이 아니라 스마트카드에 저장된 정보를 통해 패스워드 추측의 위협이 발생할 수 있다. 본 연구는 해시 기반의 검증 값을 이용하여 오프라인 상에서 스마트카드에 대한 패스워드 추측 공격으로부터 안전한 방식을 제안하였다.

Design of User Authentication Protocol for Home Network based on Remote Authentication Server (원격인증서버 기반의 홈네트워크 사용자 인증 프로토콜 설계)

  • Choi, Hoon-Il;Jang, Young-Gun
    • Proceedings of the Korea Information Processing Society Conference
    • /
    • 2007.05a
    • /
    • pp.1113-1116
    • /
    • 2007
  • 홈네트워크의 사용자 인증은 사용자가 홈네트워크 서비스를 이용할 때 안전한 홈네트워크 서비스를 제공하기 위해 필요한 과정이다. 사용자를 인증하기 위한 수단은 크게 ID/PW 기반, 인증서 기반, 생체인식 기반으로 분류할 수 있다. 본 논문에서는 다양한 인증 수단을 수용할 수 있도록 EAP와 TLS 프로토콜을 기반으로 원격인증서버를 이용한 홈네트워크 사용자 인증 프로토콜을 설계하였다.

A Robust and Secure Remote User Authentication Scheme Preserving User Anonymity (사용자 익명성을 보장하는 안전하고 개선된 원격 사용자 인증스킴)

  • Shin, Kwang-Cheul
    • The Journal of Society for e-Business Studies
    • /
    • v.18 no.2
    • /
    • pp.81-93
    • /
    • 2013
  • Remote user authentication is a method, in which remote server verifies the legitimacy of a user over an common communication channel. Currently, smart card based remote user authentication schemes have been widely adopted due to their low computational cost and convenient portability for the mutual authentication. 2009 years, Wang et al.'s proposed a dynamic ID-based remote user authentication schemes using smart cards. They presented that their scheme preserves anonymity of user, has the feature of storing password chosen by the server, and protected from several attacks. However, in this paper, I point out that Wang et al.'s scheme has practical vulnerability. I found that their scheme does not provide anonymity of a user during authentication. In addition, the user does not have the right to choose a password. And his scheme is vulnerable to limited replay attacks. In particular, the parameter y to be delivered to the user is ambiguous. To overcome these security faults, I propose an enhanced authentication scheme, which covers all the identified weakness of Wang et al.'s scheme and an efficient user authentication scheme that preserve perfect anonymity to both the outsider and remote server.

Cryptanalysis of Secure Remote User Authentication Scheme using Smart Card (스마트카드를 이용한 안전한 원격 사용자 인증기법에 대한 취약점 분석)

  • Mun, Jongho;Yu, Jiseon;Won, Dongho
    • Proceedings of the Korea Information Processing Society Conference
    • /
    • 2015.10a
    • /
    • pp.689-692
    • /
    • 2015
  • 네트워크 기술과 연산 능력을 가진 IC 칩 등의 발전으로 다양한 방식의 원격 사용자 인증 기법이 제안되었다. 기존의 패스워드 기반의 인증 방식은 서버가 사용자를 인증하기 위한 패스워드 테이블을 저장하고 있어야 되는 단점과 해당 테이블이 노출되었을 때 발생할 수 있는 보안 위협 문제점으로 인해 최근에는 스마트카드를 활용하는 인증 방식으로 대체되고 있다. 2013년에 Go와 Lee는 스마트카드를 활용하는 기존 인증 기법들의 취약점들을 분석하고 위장 공격과 패스워드 추측 공격에 대해 안전한 새로운 원격 사용자 인증 방식을 제안하였다. 본 논문에서는 Go와 Lee가 제안한 사용자 인증 기법을 살펴보고 해당 기법이 가진 취약점을 보인다.

A Remote Authentication Protocol Using Smartcard to Guarantee User Anonymity (사용자 익명성을 제공하는 스마트카드 기반 원격 인증 프로토콜)

  • Baek, Yi-Roo;Gil, Kwang-Eun;Ha, Jae-Cheol
    • Journal of Internet Computing and Services
    • /
    • v.10 no.6
    • /
    • pp.229-239
    • /
    • 2009
  • To solve user authentication problem, many remote user authentication schemes using password and smart card at the same time have been proposed. Due to the increasing of interest in personal privacy, there were some recent researches to provide user anonymity. In 2004, Das et al. firstly proposed an authentication scheme that guarantees user anonymity using a dynamic ID. In 2005, Chien et al. pointed out that Das et al.'s scheme has a vulnerability for guaranteing user anonymity and proposed an improved scheme. However their authentication scheme was found some weaknesses about insider attack, DoS attack, and restricted replay attack. In this paper, we propose an enhanced scheme which can remove vulnerabilities of Chien et al.'s scheme. The proposed authentication protocol prevented insider attack by using user's Nonce value and removed the restricted replay attack by replacing time stamp with random number. Furthermore, we improved computational efficiency by eliminating the exponentiation operation.

  • PDF

A Study on Secure Remote User Authentication Scheme using Smart Card (스마트카드를 이용한 안전한 원격 사용자 인증기법에 관한 연구)

  • Go, Sung Jong;Lee, Im Yeong
    • KIPS Transactions on Computer and Communication Systems
    • /
    • v.2 no.11
    • /
    • pp.503-510
    • /
    • 2013
  • Recently, the rapid development of network technology has enabled people to use various services on the internet. However, the existing password-based user authentication system used in the internet environment requires a password table, which is a potential security threat as it could be leaked by an insider. To solve this issue, remote user authentication methods that do not require a user password table have been proposed. Regarding remote user authentication using a smart card in particular, various methods have been suggested to reduce expenses and to improve stability and efficiency, but the possibility of impersonation attacks and password-guessing attacks using information saved in a user's smart card still exist. Therefore, this study proposes a remote user authentication method that can safeguard against impersonation attacks and password guessing attacks, by analyzing weak points of conventional methods and creating a smart card's ID and password that are based on the user's ID and password.

Vulnerability Analysis of Remote Multi-Server User Authentication System Based on Smart Card and Dynamic ID (스마트 카드 및 동적 ID 기반 멀티서버 원격 사용자 인증 프로토콜의 취약점 분석)

  • Kwon Soon Hyung;Byeon Hae won;Choi Youn Sung
    • Convergence Security Journal
    • /
    • v.23 no.4
    • /
    • pp.43-52
    • /
    • 2023
  • Many businesses and organizations use smartcard-based user authentication for remote access. In the meantime, through various studies, dynamic ID-based remote user authentication protocols for distributed multi-server environments have been proposed to protect the connection between users and servers. Among them, Qiu et al. proposed an efficient smart card-based remote user authentication system that provides mutual authentication and key agreement, user anonymity, and resistance to various types of attacks. Later, Andola et al. found various vulnerabilities in the authentication scheme proposed by Qiu et al., and overcame the flaws in their authentication scheme, and whenever the user wants to log in to the server, the user ID is dynamically changed before logging in. An improved authentication protocol is proposed. In this paper, by analyzing the operation process and vulnerabilities of the protocol proposed by Andola et al., it was revealed that the protocol proposed by Andola et al. was vulnerable to offline smart card attack, dos attack, lack of perfect forward secrecy, and session key attack.

Improved Dynamic ID-based Remote User Authentication Scheme Using Smartcards (스마트카드를 이용한 향상된 동적 ID기반 원격 사용자 인증 기술)

  • Shim, Hee-Won;Park, Joonn-Hyung;Noh, Bong-Nam
    • Journal of Internet Computing and Services
    • /
    • v.10 no.4
    • /
    • pp.223-230
    • /
    • 2009
  • Among the remote user authentication schemes, password-based authentication methods are the most widely used. In 2004, Das et al. proposed a "Dynamic ID Based Remote User Authentication Scheme" that is the password based scheme with smart-cards, and is the light-weight technique using only one-way hash algorithm and XOR calculation. This scheme adopts a dynamic ID that protects against ID-theft attack, and can resist replay attack with timestamp features. Later, many flaws of this scheme were founded that it allows any passwords to be authenticated, and can be vulnerable to impersonation attack, and guessing attack. By this reason many modifications were announced. These scheme including all modifications are similarly maintained security against replay the authentication message attack by the timestamp. But, if advisory can replay the login immediately, this attempt can be succeeded. In this paper, we analyze the security vulnerabilities of Das scheme, and propose improved scheme which can resist on real-time replay attack using the counter of authentication. Besides our scheme still secure against impersonation attack, guessing attack, and also provides mutual authentication feature.

  • PDF

An Efficient Smartcard Authentication Protocol (효율적인 스마트카드 사용자 인증 프로토콜)

  • Yong, Seung-Lim;Cho, Tae-Nam
    • Proceedings of the Korean Society of Computer Information Conference
    • /
    • 2010.07a
    • /
    • pp.269-272
    • /
    • 2010
  • 개인 프라이버시 보호에 대한 관심이 증가하면서 원격 시스템에서 사용자 익명성을 제공하는 스마트카드 기반 인증 프로토콜에 대한 연구가 활발하게 진행되고 있다. 최근의 인증 프로토콜은 사용자 익명성을 제공하는 기법과 더불어 악의적인 사용자를 추적할 수 있는 연구로 발전되고 있다. Kim은 사용자의 익명성을 보장하면서 악의적인 사용자를 감지하여 추적 가능한 인증 프로토콜을 제안하였고 Choi는 Kim의 논문의 익명성 문제를 제기하고 이를 개선한 새로운 프로토콜을 제안하였다. 본 논문에서는 Choi 프로토콜의 계산 오류와 이력 추적 가능 문제점을 제기하고, 이러한 문제점을 해결하는 새로운 프로토콜을 제안하고, 안전성과 효율성을 분석한다.

  • PDF

A Remote User Authentication Scheme Preserving Anonymity and Traceability with Non-Tamper Resistant Smart Cards (정보추출 가능한 스마트카드 환경에서 익명성과 추적성을 제공하는 원격 사용자 인증 기법)

  • Kwon, Hyuck-Jin;Ryu, Eun-Kyung;Lee, Sung-Woon
    • Journal of the Institute of Electronics and Information Engineers
    • /
    • v.50 no.6
    • /
    • pp.159-166
    • /
    • 2013
  • Recently, because the interest and needs in privacy protection are growing, smartcard-based remote user authentication schemes have been actively studied to provide the user anonymity. In 2008, Kim et al. first proposed an authentication scheme in order to ensure the user anonymity against both external attackers and the remote server and track malicious users with the help of a trusted trace sever. However, in 2010, Lee et al. showed that Kim et al.'s scheme cannot provide the user anonymity against remote server, which is because the server can trace users without any help of the trace server, and then proposed a improved scheme. On the other hand, in 2010, Horng et al. proposed an authentication scheme with non-tamper resistant smart cards, in which the non-tamper resistant smart card means that an attacker may find out secret information stored in the smart card through special data analysis techniques such as monitoring power consumption, to be secure against a variety of attacks and to provide the user anonymity against external attackers. In this paper, we will propose a remote user authentication scheme with non-tamper resistant smart cards not only to ensure the user anonymity against both external attackers and the remote server but also to track malicious users with only the help of a trusted trace sever.