• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.39C no.11
• /
• pp.994-999
• /
• 2014

Nowadays we use biometrics such as face, fingerprint or palm print for registration and authentication with smart phone. When use camera function of smart phone, normally they overlay a specific image on camera preview as guideline and induce user to take picture uniformly. In this paper, use palm print for authentication factor with smart phone, we propose a new guideline and show the result about user experiment in terms of authentication success ratio.

• The Transactions of The Korean Institute of Electrical Engineers
• /
• v.66 no.12
• /
• pp.1899-1904
• /
• 2017

This paper presents a new one-time password approach generated based on $4{\times}4$ pattern schedule. It demonstrates generation of passkey from initial seed of random codes and mapping out in table pattern schedule which will produce a new form of OTP scheme in protecting information or data. The OTP-2FA has been recognized by many organizations as a landmark to authentication techniques. OTP is the solution to the shortcomings of the traditional user name/password authentication. With the application of OTP, some have benefited already while others have had second thoughts because of some considerations like cryptographic issue. This paper presents a new method of algorithmic approach based on table schedule (grid authentication). The generation of OTP will be based on the random parameters that will be mapped out in rows and columns allowing the user to form the XY values to get the appropriate values. The algorithm will capture the values and extract the predefined characters that produce the OTP codes. This scheme can work in any information verification system to enhance the security, trust and confidence of the user.

• International Journal of Computer Science & Network Security
• /
• v.23 no.12
• /
• pp.81-90
• /
• 2023

Cloud computing is an emerging business model popularized during the last few years by the IT industry. Providing "Everything as a Service" has shifted many organizations to choose cloud-based services. However, some companies still fear shifting their data to the cloud due to issues related to the security and privacy. The paper suggests a novel Trust based Mutual Authentication Mechanism using Secret P-box based Mutual Authentication Mechanism (TbMAM-SPb) on the criticality of information. It uses a particular passcodes from one of the secret P-box to act as challenge to one party. The response is another passcode from other P-box. The mechanism is designed in a way that the response given by a party to a challenge is itself a new challenge for the other party. Access to data is provided after ensuring certain number of correct challenge-responses. The complexity can be dynamically updated on basis of criticality of the information and trust factor between the two parties. The communication is encrypted and time-stamped to avoid interceptions and reuse. Overall, it is good authentication mechanism without the use of expensive devices and participation of a trusted third party.

• Proceedings of the Korean Society of Computer Information Conference
• /
• 2022.07a
• /
• pp.257-258
• /
• 2022

COVID-19 팬데믹으로 인하여, 재택근무와 같은 비대면 업무환경이 확대됨에 따라, 기업에서는 내부 보안을 위한 VPN 구축 및 사용률이 급격하게 증가하였다. 하지만, 기존의 대면 환경과는 다르게, 비대면 업무환경에서는 자신을 식별할 수 있는 수단을 제한적으로 활용하기 때문에, 사용자의 비밀번호가 노출되면, VPN에 접근하기 위한 사용자 인증이 무력화되는 심각한 문제점이 존재하며, 이러한 보안 취약점을 해결하기 위한 기술이 요구되는 실정이다. 따라서 본 논문에서는 기존 VPN 인증 기술에 내재된 보안 취약점을 해결하기 위하여, 사물 환경 인증, HIP 기술, 위치 인증, 상호 인증 기술을 활용한 다중 인증 기반의 제로 트러스트를 제공하는 VPN 인증 기술을 제안한다. 최종적으로는 본 논문에서 제안하는 기술을 통하여, 보다 안전성이 향상된 VPN을 제공할 것으로 사료된다.

• Convergence Security Journal
• /
• v.18 no.5_2
• /
• pp.21-27
• /
• 2018

Most of the Internet users in Korea are issued certificates and use them for various tasks. For this reason, it is recommended that accredited certification authorities and security related companies and use public certificates on USB memory and portable storage devices rather than on the user's desktop. Despite these efforts, the hacking of the certificate has been continuously occurring and the financial damage has been continuing. Also, for security reasons, our military has disabled USB to general military users. Therefore, this study proposes a two-factor method using the unique information of the USB memory and the PC which is owned by the user, and suggests a method of managing the private key file secure to the general user. Furthermore, it will be applied to national defense to contribute to the prevention of important data and prevention of access by unauthorized persons.

• Proceedings of the CALSEC Conference
• /
• 2000.08a
• /
• pp.291-303
• /
• 2000

◈ 개요 ㆍ PC표준 USB포트에 바로 연결하여 사용 ㆍ 열쇠 크기의 휴대용 개인 정보보호 장치 ◈ 휴대용 전자서명기 ㆍ 별도의 리더기가 필요 없음 ㆍ Strong Authentication (Two-Factor 인증)(중략)

• Journal of the Korean Society for Industrial and Applied Mathematics
• /
• v.3 no.1
• /
• pp.17-29
• /
• 1999

The reliable authentication of a communicating party and a network component is an essential factor to achieve the security in a computer network. The Kerberos Authentication Services has been the most successful solution which is widely used today but its requirement for synchronized clocks has been a serious limitation to use it. In this paper we presented an extended Kerberos method which avoids the synchronization requirement for a single-time ticket user. We modified the Kerberos protocol minimally by replacing the synchronization requirement with the challenge-response method.

• Journal of Convergence for Information Technology
• /
• v.7 no.3
• /
• pp.91-96
• /
• 2017

IoT which is an abbreviation of Internet of Things refers to the communication network service among various objects such as people-people, objects-objects interconnection. The characteristic of IoT that enables direct connection among each device makes security to be considered as more emphasized factor. Though a security module such as an authentication protocol for resolving various security problems that may occur in the IoT environment has been developed, some weak points in security are still being revealed. Therefore, this paper proposes a method for including a protocol including gateway authentication procedure and mutual authentication between the devices and gateways. Protocols with additional authentication procedures can appropriately respond to attackers' spoofing attacks. In addition, important information in the message used for authentication process is protected by encryption or hash function so that it can respond to wiretapping attacks.

• Journal of Korea Society of Industrial Information Systems
• /
• v.8 no.1
• /
• pp.43-54
• /
• 2003

E-Commerce, characterized by the exchange of message, occurs between individuals, organizations, or both. A critical promotion factor of e-Commerce is message authentication, the procedure that allows communicating parties to verify the received messages are authentic. It consists of message unforgery, message non-repudiation, message unalteration, and origin authentication. It is possible to perform message authentication by the use of public key encryption. PGP(Pretty Good Privacy) based on X.400 MHS(Message Handling System) and PKC(Public Key Cryptosystem) makes extensive use of message exchange. In this paper we propose, design and implement NMAP(New Message Authentication Protocol), an applied public information based encryption system to solve the message authentication problem inherent in public key encryption such as X.400 protocol and PGP protocol and were to cope with the verification of NMAP using fuzzy integral. This system is expected to be use in the promotion of the e-Commerce and can perform a non-interactive authentication service.

• Journal of KIISE
• /
• v.42 no.9
• /
• pp.1175-1184
• /
• 2015

Recently, there has been an explosive increase in the volume of multimedia data that is available as a result of the development of multimedia technologies. More and more data is becoming available on a variety of web sites, and it has become increasingly cost prohibitive to have a single data server store and process multimedia files locally. Therefore, many service providers have been likely to outsource data to cloud storage to reduce costs. Such behavior raises one serious concern: how can data users be authenticated in a secure and efficient way? The most widely used password-based authentication methods suffer from numerous disadvantages in terms of security. Multi-factor authentication protocols based on a variety of communication channels, such as SMS, biometric, or hardware tokens, may improve security but inevitably reduce usability. To this end, we present a data block-based authentication scheme that is secure and guarantees usability in such a manner where users do nothing more than enter a password. In addition, the proposed scheme can be effectively used to revoke user rights. To the best of our knowledge, our scheme is the first data block-based authentication scheme for outsourced data that is proven to be secure without degradation in usability. An experiment was conducted using the Amazon EC2 cloud service, and the results show that the proposed scheme guarantees a nearly constant time for user authentication.