• Journal of Korea Multimedia Society
• /
• v.22 no.4
• /
• pp.463-471
• /
• 2019

The growth of mobile technology particularly smartphone applications such as ticketing, access control, and making payments are on the increase. Elliptic Curve Cryptography (ECC)-based systems have also become widely available in the market offering various convenient services by bringing smartphones in proximity to ECC-enabled objects. When a system user attempts to establish a connection, the AIK sends hashes to a server that then verifies the values. ECC can be used with various operating systems in conjunction with other technologies such as biometric verification systems, smart cards, anti-virus programs, and firewalls. The use of Elliptic-curve cryptography ensures efficient verification and signing of security status verification reports which allows the system to take advantage of Trusted Computing Technologies. This paper proposes a device payment method based on ECC and Shuffling based on distributed key exchange. Our study focuses on the secure and efficient implementation of ECC in payment device. This novel approach is well secure against intruders and will prevent the unauthorized extraction of information from communication. It converts plaintext into ASCII value that leads to the point of curve, then after, it performs shuffling to encrypt and decrypt the data to generate secret shared key used by both sender and receiver.

• The Transactions of The Korean Institute of Electrical Engineers
• /
• v.60 no.12
• /
• pp.2380-2385
• /
• 2011

With the advent of ubiquitous healthcare technology to provide a patient with the necessary medical services in anywhere and anytime scheme, the importance of securing safe communication without tampering the medical data by the unauthorized users is getting more emphasized. With this aim, a novel method for constructing encryption keys on the basis of biometrical measurement of electrocardiogram (ECG) is suggested in this study. The experiments on MIT/BIH database show that our proposed method can achieve safe communication by successfully ciphering and deciphering ECG data including premature ventricular contraction arrhythmia signal with compromising its fiducial features as biometric key to transmit the data via the internet network.

• Journal of Korea Multimedia Society
• /
• v.20 no.4
• /
• pp.614-628
• /
• 2017

Recently, Due to the rapid development of the internet and IT technology, users can conveniently use various services provided by the server anytime and anywhere. However, these technologies are exposed to various security threat such as tampering, eavesdropping, and exposing of user's identity and location information. In 2016, Nikooghadam et al. proposed a lightweight authentication and key agreement protocol preserving user anonymity. This paper overcomes the vulnerability of Nikooghadam's authentication protocol proposed recently. This paper suggests an enhanced remote user authentication protocol that protects user's password and provides perfect forward secrecy.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.8 no.6
• /
• pp.2087-2103
• /
• 2014

What is an ideal authentication method for smartphone banking services? And what are the critical elements to be considered when designing it? To provide valuable insight for these questions, this study investigates various authentication requirements to be considered in smartphone banking service with the aspect of security, convenience and cost. By applying Analytic Network Process (ANP), this study first analyzes priorities among the requirements and then draws an ideal authentication method for smartphone banking service. Moreover, a sensitivity analysis has been conducted by varying the relative importance of several requirements. The results from the judgment of 72 experts revealed that, although Korean government has obliged the use of Public Key certificate, OPT and biometric alternatives may prove to be more appropriate for the smartphone banking service. These results will contribute to the provision of more secured and convenient smartphone banking services.

• Proceedings of the IEEK Conference
• /
• 2007.07a
• /
• pp.241-242
• /
• 2007

In this paper, we propose a fuzzy vault system using iris data. The fuzzy vault, proposed by Juels and Sudan, has been used to protect cryptographic key with biometric information. In order to combine the fuzzy vault scheme with iris data, we used iris features extracted by ICA method and clustering technique. From our experimental results, we proved that the propose fuzzy vault system is robust to sensed environmental change.

• IE interfaces
• /
• v.25 no.3
• /
• pp.290-299
• /
• 2012

Keystroke dynamics refers to a way of typing a string of characters. Since one has his/her own typing behavior, one's keystroke dynamics can be used as a distinctive biometric feature for user authentication. In this paper, two authentication algorithms based on keystroke dynamics of long and free texts are proposed. The first is the K-S score, which is based on the Kolmogorov-Smirnov test, and the second is the 'R-A' measure, which combines 'R' and 'A' measures proposed by Gunetti and Picardi (2005). In order to verify the authentication performance of the proposed algorithms, we collected more than 3,000 key latencies from 34 subjects in Korean and 35 subjects in English. Compared with three benchmark algorithms, we found that the K-S score was outstanding when the reference and test key latencies were not sufficient, while the 'R-A' measure was the best when enough reference and test key latencies were provided.

• Convergence Security Journal
• /
• v.20 no.4
• /
• pp.209-215
• /
• 2020

The environment of the Internet provides an efficient communication of the things which are connected. While internet and online service provide us many valuable benefits, online services offered and accessed remotely through internet also exposes us to many different types of security threats. Most security threats were just related to information leakage and the loss of authentication on client-server environment. In 2016, Ahmed et al. proposed an efficient lightweight remote user authentication protocol. However, Kang et al. show that it's scheme still unstable and inefficient. It cannot resist offline identity guessing attack and cannot provide session key confirmation property. Moreover, there is some risk of biometric information's recognition error. In this paper, we propose an improved scheme to overcome these security weaknesses by storing secret data in device. In addition, our proposed scheme should provide not only security, but also efficiency since we only use hash function and XOR operation.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.32 no.11A
• /
• pp.1128-1137
• /
• 2007

Recently, according to being advanced internet, mobile communication technique, Telematics environment which users in vehicle can use internet service in LAN(Local Area Network) via mobile device has being realized. In this paper, we propose the remote user authentication protocol to solve these issues. Additionally, we use biometrics(fingerprint) for our user authentication protocol cause it can provide to avoid critical weakness that can be lost, stolen, or forgotten and to make authentication easily. In our user authentication protocol, to protect the biometric we use session key which is generated from master key distributed in our key distribution protocol. In particular, we propose secure protocol between APs considering weakness of security in mobile environment. Based on implementation of our proposed protocol, we conform that our proposed protocols are secure from various attack methods and provide real-time authentication.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.21 no.7
• /
• pp.1411-1419
• /
• 2017

The two factor authentication capability, private key possession and key protection password knowledge, and the strong public key cryptography protocol of PKI authentication have largely contributed to the rapid construction of Internet transaction trusted infrastructure. The reusability of a certificate-based identity for every PKI site was another contribution factor of the spread of PKI authentication. Nevertheless, the PKI authentication has been criticised mainly for the cost of PKI construction, inconvenience of individual certificate management, and difficulties of password management. Recently FIDO authentication has received high attention as an alternative of the PKI authentication. The FIDO authentication is also based on the public key cryptography which provides strong authentication services, but it does not require individual certificate issuance and provides user-friendly and secure authentication services by integrating biometric technologies. The purpose of this paper is to concretely compare the PKI-authentication and FIDO-authentication and, based on the analysis result, to propose their corresponding applications.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.16 no.9
• /
• pp.6282-6289
• /
• 2015

Today, there is an increasing number of cases in which certificate information is leak, and accordingly, electronic finance frauds are prevailing. As certificate and private key a file-based medium, are easily accessible and duplicated, they are vulnerable to information leaking crimes by cyber-attack using malignant codes such as pharming, phishing and smishing. Therefore, the use of security token and storage toke' has been encouraged as they are much safer medium, but the actual users are only minimal due to the reasons such as the risk of loss, high costs and so on. This thesis, in an effort to solve above-mentioned problems and to complement the shortcomings, proposes a system in which digital signature for Internet banking can be made with a simply bio-authentication process. In conclusion, it was found that the newly proposed system showed a better capability in handling financial transitions in terms of safety and convenience.