• Title/Summary/Keyword: Authentication Vulnerabilities

Search Result 170, Processing Time 0.028 seconds

A Study on the Correlation between Atypical Form Factor-based Smartphones and Display-dependent Authentication Methods (비정형 폼 팩터 기반 스마트폰과 디스플레이 의존형 사용자 인증기법의 상관관계 연구)

  • Choi, Dongmin
    • Journal of Korea Multimedia Society
    • /
    • v.24 no.8
    • /
    • pp.1076-1089
    • /
    • 2021
  • Among the currently used knowledge-based authentication methods for smartphones, text and graphic-based authentication methods, such as PIN and pattern methods, use a display unit and a touch function of the display unit for input/output of secret information. Recently released smartphone form factors are trying to transform into various forms, away from the conventional bar and slate types because of the material change of the display unit used in the existing smartphone and the increased flexibility of the display unit. However, as mentioned in the study of D. Choi [1], the structural change of the display unit may directly or indirectly affect the authentication method using the display unit as the main input/output device for confidential information, resulting in unexpected security vulnerabilities. In this paper, we analyze the security vulnerabilities of the current mobile user authentication methods that is applied atypical form factor. According to the analysis results, it seems that the existing display-dependent mobile user authentication methods do not consider emerging security threats at all. Furthermore, it is easily affected by changes in the form factor of smartphones. Finally, we propose countermeasures for security vulnerabilities expected when applying conventional authentication methods to atypical form factor-based smartphones.

Vulnerability Assessment on the Secured USB Keyboard (보안 USB 키보드의 데이터 탈취 가능성 진단)

  • Lee, Kyung-Roul;Yim, Kang-Bin
    • Journal of Internet Computing and Services
    • /
    • v.12 no.5
    • /
    • pp.39-46
    • /
    • 2011
  • The user authentication on the security applications is one of the most important process. Because character based password is commonly used for user authentication, it is most important to protect the keyboard. Due to the reason, several software solutions for keyboard security have been applied to critical sites. This paper introduces vulnerabilities to the commonly used USB keyboard, implements a sample code using the vulnerabilities and evaluates the possibility for the keyboard data to be stolen in the guarded environment. Through the comparison of the result, a countermeasure to the vulnerabilities is proposed.

A Security Assessment on the Designated PC service

  • Lee, Kyungroul;Yim, Kangbin
    • Journal of the Korea Society of Computer and Information
    • /
    • v.20 no.12
    • /
    • pp.61-66
    • /
    • 2015
  • In this paper, we draw a security assessment by analyzing possible vulnerabilities of the designated PC service which is supposed for strengthening security of current online identification methods that provide various areas such as the online banking and a game and so on. There is a difference between the designated PC service and online identification methods. Online identification methods authenticate an user by the user's private information or the user's knowledge-based information, though the designated PC service authenticates a hardware-based unique information of the user's PC. For this reason, high task significance services employ with online identification methods and the designated PC service for improving security multiply. Nevertheless, the security assessment of the designated PC service has been absent and possible vulnerabilities of the designated PC service are counterfeiter and falsification when the hardware-based unique-information is extracted on the user's PC and sent an authentication server. Therefore, in this paper, we analyze possible vulnerabilities of the designated PC service and draw the security assessment.

Disconnection of Wireless LAN Attack and Countermeasure (무선 LAN 연결 해제 공격과 보안)

  • Hong, Sunghyuck
    • Journal of Digital Convergence
    • /
    • v.11 no.12
    • /
    • pp.453-458
    • /
    • 2013
  • In a wireless LAN environment, security is the most important. Security of 802.11 standard has many vulnerabilities of the network attack. IEEE has created mechanisms to security for this vulnerability. But the vulnerabilities is characteristic of broadcast in the air in wireless LAN, it is more disclosure then other network environments. In a wireless LAN environment, it can be accessed to the wireless LAN after authentication. Authentication process is one of most important because of the first security step. However, in the authentication process is not mentioned in the method of reducing the disclosure maximum fundamental. Therefore, in this research, the vulnerability of 802.11 are presented and how to do de-authentication in 802.11.

User Authentication Scheme based on Security-enhanced Biometric Information for C/S System (C/S 시스템에 적합한 보안성이 강화된 생체정보 기반의 사용자 인증 스킴)

  • Yang, Hyung-Kyu
    • The Journal of the Institute of Internet, Broadcasting and Communication
    • /
    • v.15 no.4
    • /
    • pp.43-53
    • /
    • 2015
  • Password-based authentication schemes for server-client system are convenient to use, but vulnerable to dictionary attack or brute-force attack. To solve this vulnerability, Cryptographic secret key is used for security, but difficult to memorize. So, for the first time, Das proposed a biometric-based authentication scheme to solve various problems but it has various vulnerabilities. Afterwards, Jiping et al. improved Das's scheme, but some vulnerabilities remain. In this paper, we analyze the cryptanalysis of Jiping et al.'s authentication scheme and then propose improved biometric based user authentication scheme to resolve the analyzed problem. Moreover, we conduct a security analysis for the proposed scheme and make a comparison between the proposed scheme and other biometric based user authentications.

Design and Implement of Authentication System for Secure User Management for Secure on Medical ICT Convergence Environment (의료 ICT융합 환경에서 안전한 사용자 관리를 위한 인증시스템 설계 및 구현: 중소형 의료기관을 중심으로)

  • Kim, Yanghoon;Choi, Yean Jung
    • Convergence Security Journal
    • /
    • v.19 no.3
    • /
    • pp.29-36
    • /
    • 2019
  • The convergence of traditional industry and ICT is a combination of security threats and vulnerabilities in ICT and specific industry-specific problems of existing industries, and new security threats and vulnerabilities are emerging. In particular, in the medical ICT convergence industry, various problems regarding user authentication are derived from the medical information system, which is being used for abuse and security weaknesses. According, this study designed and implemented a user authentication system for secure user management in medical ICT convergence environment. Specifically, we design and implement measures to solve the abuse and security weaknesses of ID sharing and to solve the inconvenience of individual ID / PW authentication by performing user authentication using personalized devices based on medical information systems.

LockPickFuzzer: Exploring Vulnerabilities in Android Lock Screen Mechanisms through ADB-Based Fuzzing (LockPickFuzzer: ADB 기반 퍼징 기법을 활용한 안드로이드 잠금 화면 메커니즘의 취약점 탐색)

  • Daehoon Ko;Hyoungshick Kim
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.34 no.4
    • /
    • pp.651-666
    • /
    • 2024
  • Android devices employ lock screens with various authentication methods to protect user data. However, even with the lock screen active, the device can be accessed via the Android Debug Bridge(ADB), a powerful development tool that controls devices connected through USB. In this paper, we explore methods to bypass the lock screen security mechanism by leveraging the characteristics of ADB. To achieve this, we analyze ADB commands to categorize those that can severely impact the Android system and propose LockPickFuzzer, a fuzzing test tool that automatically explores ways to combine these commands to disable lock screen security. To demonstrate LockPickFuzzer's ability to detect security vulnerabilities using ADB, we conducted experiments on the Galaxy S23 and Pixel 8, both running Android 14. The results revealed two ADB command combinations that could either steal authentication information or bypass the lock screen. We submitted a report on these discovered vulnerabilities to the Samsung security team and received official acknowledgment (SVE-2023-1344) from Samsung Electronics for one ADB command combination that can be reproduced on user devices. LockPickFuzzer is a practical tool that operates automatically without user intervention and is expected to contribute to the effective detection of security vulnerabilities caused by ADB command combinations on Android devices.

Smart Phone and Vehicle Authentication Scheme with M2M Device (M2M 기기에서 스마트폰 및 차량 인증 기법)

  • Yeo, Seong-Gwon;Lee, Keun-Ho
    • Journal of the Korea Convergence Society
    • /
    • v.2 no.4
    • /
    • pp.1-7
    • /
    • 2011
  • As the developing of the information technology, M2M market that is using communication between devices is growing rapidly and many companies are involved in M2M business. In this paper, the concept of telematics and vulnerabilities of vehicle network security are discussed. The convergence of vehicle and information technology, the development of mobile communication technology have improved quality of service that provided to user but as a result security threats has diverse. We proposed new business model that be occurred to the participation of mobile carriers in telematics business and we analyzed mobile radio communication network security vulnerabilities. We proposed smart phone and Vehicle authentication scheme with M2M device as a way to solve vulnerabilities.

Enhancement of Password-based Mutual Authentication Protocol against De-synchronization Attacks (비동기 공격에 안전한 패스워드기반 상호 인증 프로토콜)

  • Yuk, Hyeong-Jun;Yim, Kang-Bin
    • Journal of Advanced Navigation Technology
    • /
    • v.17 no.1
    • /
    • pp.24-32
    • /
    • 2013
  • Authentication is one of the necessary elements in the network environment. Many researches have detected security vulnerabilities to the existing authentication mechanisms and suggested secure mutual authentication protocols by resolving these vulnerabilities. The representative ones of them are SPMA(Strong Pass Mutual Authentication) and I-SPMA(Improved Strong Password Mutual Authentication). However, these protocols cause a critical problem when the shared secret information is de-synchronized between the server and the client. This paper proposes a revised protocol to resolve the de-synchronization problem. Based on a security assessment on the proposed protocol, we consider the proposed protocol is safer than the previous ones and possible to effectively make a user authentication system mre secure.

A Study of WiMAX Security threats and Their Solution

  • Woo, Seon-mi;Jeong, Gisung
    • International Journal of Internet, Broadcasting and Communication
    • /
    • v.8 no.2
    • /
    • pp.66-74
    • /
    • 2016
  • In this study, we have discussed and illustrated the security issues of WiMAX technology including vulnerabilities, threats and some security solution. Both physical layer and data link layer have been considered. Jamming is a major threat in physical layer, and in data link layer we study an authentication problem and see the problem of some unencrypted messages leading to lack of confidentiality. Some of these vulnerabilities have been solved in the recent amendment of 802.16 and some still remain. Moreover WiMax is a new technology yet.