• Title/Summary/Keyword: Authentication

Search Result 3,869, Processing Time 0.134 seconds

AKA-PLA: Enhanced AKA Based on Physical Layer Authentication

  • Yang, Jing;Ji, Xinsheng;Huang, Kaizhi;Yi, Ming;Chen, Yajun
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.11 no.7
    • /
    • pp.3747-3765
    • /
    • 2017
  • Existing authentication mechanisms in cellular mobile communication networks are realized in the upper layer by employing cryptographic techniques. Authentication data are broadcasted over the air in plaintext, enabling attackers to completely eavesdrop on the authentication and get some information about the shared secret key between legitimate nodes. Therefore, reusing the same secret key to authenticate several times results in the secret key's information leakage and high attacking rate. In this paper, we consider the most representative authentication mechanism, Authentication and Key Agreement (AKA), in cellular communication networks and propose an enhanced AKA scheme based on Physical Layer Authentication (AKA-PLA). Authentication responses generated by AKA are no longer transmitted in plaintext but masked by wireless channel characteristics, which are not available to adversaries, to generate physical layer authentication responses by a fault-tolerant hash method. The authenticator sets the threshold according to the authentication requirement and channel condition, further verifies the identity of the requester based on the matching result of the physical layer authentication responses. The performance analyses show that the proposed scheme can achieve lower false alarm rate and missing rate, which are a pair of contradictions, than traditional AKA. Besides, it is well compatible with AKA.

The Analysis of the TETRA Authentication Protocol (TETRA 인증 프로토콜 분석)

  • Park Yong-Seok;Ahn Jae-Hwan;Jung Chang-Ho;Ahn Joung-Chul
    • Journal of the Korea Institute of Information and Communication Engineering
    • /
    • v.10 no.6
    • /
    • pp.1070-1075
    • /
    • 2006
  • TETRA system provides the radio authentication service which permits only authorized radio to access network. Radio authentication is the process which checks the sameness of authentication-key(K) shared between radio and authentication center by challenge-response protocol. TETRA standard authentication protocol can prevent the clone radio to copy ISSI from accessing network, but can't prevent the clone radio to copy ISSI & authentication-key. This paper analyzes authentication-key generation/delivery/infection model in TETRA authentication system and analyzes the threat of clone radio caused by authentication-key exposure. Finally we propose the new authentication protocol which prevent the clone radio to copy ISSI & authentication-key from accessing network.

The Framework for Cost Reduction of User Authentication Using Implicit Risk Model (내재적 리스크 감지 모델을 사용한 사용자 인증 편의성 향상 프레임워크)

  • Kim, Pyung;Seo, Kyongjin;Cho, Jin-Man;Kim, Soo-Hyung;Lee, Younho
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.27 no.5
    • /
    • pp.1033-1047
    • /
    • 2017
  • Traditional explicit authentication, which requires awareness of the user's authentication process, is a burden on the user, which is one of main reasons why users tend not to employ authentication. In this paper, we try to reduce such cost by employing implicit authentication methods, such as biometrics and location based authentication methods. We define the 4-level security assurance model, where each level is mapped to an explicit authentication method. We implement our model as an Android application, where the implicit authentication methods are touch-stroke dynamics-based, face recognition based, and the location based authentication. From user experiment, we could show that the authentication cost is reduced by 14.9% compared to password authentication-only case and by 21.7% compared to the case where 6-digit PIN authentication is solely used.

POSCAL : A Protocol of Service Access Control by Authentication Level (인증 수준에 의한 서비스 접근제어 프로토콜)

  • Yoo, SeongMin;Choi, SeokJin;Park, JunHoo;Ryou, Jae-Cheol
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.28 no.6
    • /
    • pp.1509-1522
    • /
    • 2018
  • The purpose of this study is to support flexible authentication functions in various services using various types of user information. Rather than requiring the same level of authentication for all services, the goal is to identify the level of authentication at the time of user authentication and to increase convenience and efficiency by dynamically granting authority. In this paper, we propose POSCAL (Protocol of Service Control by Authentication Level) protocol which can control service access based on various local authentication information. To verify the function of the authentication framework, we developed the electronic wallet service based on the POSCAL authentication framework and evaluated the implementation function based on the use case scenario. The proposed protocol satisfies user and message authentication, confidentiality of authentication information, integrity of authentication history, non - repudiation of authorization, and access control by service according to security level.

A Comparative Analysis of PKI Authentication and FIDO Authentication (PKI 인증과 FIDO 인증에 대한 비교 분석)

  • Park, Seungchul
    • Journal of the Korea Institute of Information and Communication Engineering
    • /
    • v.21 no.7
    • /
    • pp.1411-1419
    • /
    • 2017
  • The two factor authentication capability, private key possession and key protection password knowledge, and the strong public key cryptography protocol of PKI authentication have largely contributed to the rapid construction of Internet transaction trusted infrastructure. The reusability of a certificate-based identity for every PKI site was another contribution factor of the spread of PKI authentication. Nevertheless, the PKI authentication has been criticised mainly for the cost of PKI construction, inconvenience of individual certificate management, and difficulties of password management. Recently FIDO authentication has received high attention as an alternative of the PKI authentication. The FIDO authentication is also based on the public key cryptography which provides strong authentication services, but it does not require individual certificate issuance and provides user-friendly and secure authentication services by integrating biometric technologies. The purpose of this paper is to concretely compare the PKI-authentication and FIDO-authentication and, based on the analysis result, to propose their corresponding applications.

A Study about weight grant of Authentication level in USN environment

  • Choi, Bae-Young;Ahn, Byung-Ryul;Chung, Tai-Myoung
    • Proceedings of the Korea Society of Information Technology Applications Conference
    • /
    • /
    • pp.165-168
    • /
    • 2005
  • The objects, which can be personal digital assistants, electronic rings, doors or even clothes, offer embedded chips with computation facilities and are generally called artifacts. I later realized that this was not so the real problem is actually authentication. Recent results indicate scalability problems for flat ad hoc networks. Sensor network achieves function that handle surrounding information perception through sensor and sensed information to network that is consisted of sensor nodes of large number. Research about new access control techniques and height administration techniques need authentication information persons' certification assurance level classification in sensor network environment which become necessary different view base with authentication information at node for application of AAA technology in USN environment that must do authentication process using information that is collected from various sensor mountings. So, get base authentication information in sensor type and present weight grant model by security strength about authentication information through information who draw. In this paper collected information of sensor nodes model who give weight drawing security reinforcement as authentication information by purpose present be going to. and Must be able to can grasp special quality of each sensor appliances in various side and use this and decide authentication assurance level for value estimation as authentication information elements. Therefore, do to define item that can evaluate Authentication information elements thus and give simple authentication assurance level value accordingly because applying weight. Present model who give authentication assurance level value and weight for quotation according to security strength.

  • PDF

User Authentication Mechanism using Smartphone (스마트폰을 이용한 사용자 인증 메커니즘)

  • Jeong, Pil-seong;Cho, Yang-hyun
    • Journal of the Korea Institute of Information and Communication Engineering
    • /
    • v.21 no.2
    • /
    • pp.301-308
    • /
    • 2017
  • With the popularization of smart phones and the development of the Internet, many people use smart phones to conduct identity verification procedures. smart phones are easier and faster to authenticate than personal desktop computers. However, as Internet hacking technology and malicious code distribution technology rapidly evolve and attack types become more diverse, authentication methods suitable for mobile environment are required. As authentication methods, there are methods such as possessive-based authentication, knowledge-based authentication, biometric-based authentication, pattern-based authentication, and multi-element authentication. In this paper, we propose a user authentication mechanism that uses collected information as authentication factor using smart phone. Using the proposed authentication mechanism, it is possible to use the smart phone information and environment information of the user as a hidden authentication factor, so that the authentication process can be performed without being exposed to others. We implemented the user authentication system using the proposed authentication mechanism and evaluated the effectiveness based on applicability, convenience, and security.

ECbA(Elliptic Curve based Authentication) System on the wireless network environment (무선 네트워크 환경에서의 ECbA(Elliptic Curve based Authentication)시스템 설계)

  • Jeong, Eun-Hee;Yang, Seung-Hae;Kim, Hak-Chun;Lee, Byung-Kwan
    • The Journal of Korea Institute of Information, Electronics, and Communication Technology
    • /
    • v.1 no.1
    • /
    • pp.67-74
    • /
    • 2008
  • As wireless network market is increasing rapidly, the biggest issue is to transfer safe data and to authenticate users. This paper proposes ECbA(Elliptic Curve based Authentication) which consists of the mutual authentication mechanism that users can ascertain the identity of an authentication server and the user authentication mechanism that an authentication server can make sure users' identity, by using Elliptic Curve algorithms. The proposed ECbA system diminishes the message quantity and the execution time by using the small elliptic curve algorithm with the small key length in authentication. In addition, as this paper reduces the authentication steps of existing EAP_TLS into 6 authentication steps, the communication cost and mutual authentication time can be saved. As this paper distributes new keys, whenever authenticating users by using key exchange mechanism, it provides safe encryption communication and prevents DoS attack by controlling the users authentication request by authentication server.

  • PDF

A Method of Risk Assessment for Multi-Factor Authentication

  • Kim, Jae-Jung;Hong, Seng-Phil
    • Journal of Information Processing Systems
    • /
    • v.7 no.1
    • /
    • pp.187-198
    • /
    • 2011
  • User authentication refers to user identification based on something a user knows, something a user has, something a user is or something the user does; it can also take place based on a combination of two or more of such factors. With the increasingly diverse risks in online environments, user authentication methods are also becoming more diversified. This research analyzes user authentication methods being used in various online environments, such as web portals, electronic transactions, financial services and e-government, to identify the characteristics and issues of such authentication methods in order to present a user authentication level system model suitable for different online services. The results of our method are confirmed through a risk assessment and we verify its safety using the testing method presented in OWASP and NIST SP800-63.

Analysis of Authentication Systems for Future Internet Service Environments (미래 인터넷 서비스 환경을 위한 인증 시스템 분석)

  • Park, Seung-Chul
    • Journal of Information Technology Services
    • /
    • v.10 no.2
    • /
    • pp.163-176
    • /
    • 2011
  • In the current Internet environment, there may exist a number of independently-operating authentication systems even within a single organization, according to the service types and service providing entities. Current silo-style isolated authentication system model has revealed critical problems in the aspects of usability, cost-effectiveness, extensibility and flexibility, and privacy protection. Recently, several next generation authentication systems have been actively developed by leading industrial and standardization institutions. This paper firstly analyzes the problems of current Internet authentication system environments. And then, the underlying idea, operating procedures, and pros and cons of the newly developed next generation authentication systems are analyzed so as to provide the selection guidelines for the new authentication systems and drive further development directions for future Internet authentication systems.