• Title/Summary/Keyword: Challenge-Response 방식

Search Result 28, Processing Time 0.02 seconds

Challenge-Response Based Secure RFID Authentication Protocol for Distributed Database Environment (분산 데이터베이스 환경에 적합한 Challenge-Response 기반의 안전한 RFID 인증 프로토콜)

  • Rhee Keun-Woo;Oh Dong-Kyu;Kwak Jin;Oh Soo-Hyun;Kim Seung-Joo;Won Dong-Ho
    • The KIPS Transactions:PartC
    • /
    • v.12C no.3 s.99
    • /
    • pp.309-316
    • /
    • 2005
  • Recently, RFID system is a main technology to realize ubiquitous computing environments, but the feature of the RFID system may bring about various privacy problem. So, many kinds of protocols To resolve this problem are researched. In this paper, we analyse the privacy problem of the previous methods and propose more secure and effective authentication protocol to protect user's privacy. Then we prove that the proposed protocol is secure and effective as we compare the proposed protocol with previous methods. The proposed protocol is based on Challenge-Response using one-way hash function and random number. The proposed protocol is secure against replay attack, spoofing attack and so on. In addition, the proposed protocol is proper for distributed database environment.

Smartphone Ownership and Location Checking Scheme for Fixing the Vulnerabilities of SMS-Based Authentication (SMS 기반 인증의 보안 취약점을 개선한 스마트폰 소유 및 위치 확인 기법)

  • Kwon, Seong-Jae;Park, Jun-Cheol
    • The Journal of Korean Institute of Communications and Information Sciences
    • /
    • v.42 no.2
    • /
    • pp.349-357
    • /
    • 2017
  • Many Web sites adopt SMS(Short Message Service)-based user authentication when a user loses her password or approves an online payment. In SMS-based authentication, the authentication server sends a text in plaintext to a user's phone, and it allows an attacker who eavesdrops or intercepts the text to impersonate a valid user(victim). We propose a challenge-response scheme to prove to the authentication server that a user is in a certain place at the moment with her smartphone beside her. The proposed scheme generates a response using a challenge by the server, user's current location, and a secret on the user's smartphone all together. Consequently, the scheme is much more secure than SMS-based authentication that simply asks a user to send the same text arrived on her phone back to the server. In addition to entering the response, which substitutes the SMS text, the scheme also requests a user to input a passphrase to get the authentication process started. We believe, however, the additional typing should be tolerable to most users considering the enhanced security level of the scheme.

An Effective One-Time Password Algorithm Using Time (시간을 이용한 효율적인 일회용 패스워드 알고리즘)

  • Park, Jung-Gil;Jang, Tae-Ju;Park, Bong-Ju;Ryu, Jae-Cheol
    • The KIPS Transactions:PartC
    • /
    • v.8C no.4
    • /
    • pp.373-378
    • /
    • 2001
  • 사용자 고유번호와 패스워드 기반의 사용자 인증 메커니즘을 수행하는 네트워크 시스템 환경에서는 스니퍼 프로그램 등을 이용하여 불법 도청함으로써 쉽게 사용자 패스워드를 알아낼 수 있다. 이러한 불법적인 도청에 의한 패스워드 노출 문제를 해결하는 방법으로 일회용 패스워드, challenge-response 인증 방식이 유용하게 사용되며, 클라이언트/서버 환경에서는 별도 동기가 필요 없는 시간을 이용한 일회용 패스워드 방식이 특히 유용하게 사용될 수 있다. 그러나 시간을 이용한 일회용 패스워드 방식에서는 시간편차에 의한 인증 실패가 발생할 수 있다. 이 논문에서는 시간편차에 의한 인증이 실패할 가능이 있는 기간을 표시하는 1-비트 정보를 이용하여, 시간편차에 의한 실패가 발생하지 않는 효율적인 일회용 패스워드 알고리즘을 제안한다. 제안된 알고리즘은 기존의 시간을 이용한 일회용 패스워드 시스템에 프로토콜의 변경 없이 쉽게 구현이 가능하다.

  • PDF

The Password base System for the safe and Efficient Identification (안전하고 효율적인 신원확인을 위한 암호기반 시스템)

  • Park, Jong-Min;Park, Byung-Jun
    • Journal of the Korea Institute of Information and Communication Engineering
    • /
    • v.13 no.1
    • /
    • pp.81-86
    • /
    • 2009
  • Almost all network systems provide an authentication mechanism based on user ID and password. In such system, it is easy to obtain the user password using a sniffer program with illegal eavesdropping. The one-time password and challenge-response method are useful authentication schemes that protect the user passwords against eavesdropping. In client/server environments, the one-time password scheme using time is especially useful because it solves the synchronization problem. In this paper, we propose a new identification scheme One Pass Identification. The security of Password base System is based on the square root problem, and Password base System is secure against the well known attacks including pre-play attack, off-line dictionary attack and server comprise. A number of pass of Password base System is one, and Password base System processes the password and does not need the key. We think that Password base System is excellent for the consuming time to verify the prover.

Design of A One-time Password Generator on A Mobile Phone Providing An Additional Authentication for A Particular Transaction (특정 트랜잭션용 추가 인증을 제공하는 휴대폰 상의 일회용 암호 생성기 설계)

  • Park, Jun-Cheol
    • Journal of KIISE:Information Networking
    • /
    • v.36 no.6
    • /
    • pp.552-557
    • /
    • 2009
  • One-time passwords are used just once and discarded, which makes it more secure than the repeatedly used conventional passwords. This paper proposes a challenge-response based one-time password generator on a user's mobile phone always carried with the user. The generator can provide an additional authentication for a user to issue a money transfer request within his Internet banking session on a PC. A currently used device for Internet banking generates a password that changes every 30 seconds or so, which allows a man-in-the-middle to use it for stealing money within the 30 seconds. Unlike such a device, the proposed generator resists against the man-in-the-middle attack by a novel challenge-response scheme, provides better accessability and protection against stolen devices. As the currently used devices do, it prevents any unauthorized transfer even if the victim's all other credentials are revealed through his PC infected with spyware such as a keyboard logger.

Efficient Security Mechanism using Light-weight Data Origin Authentication in Sensor Networks (경량화 데이터 Origin 인증을 통한 효율적인 센서 네트워크 보안에 관한 연구)

  • Park, Min-Ho;Lee, Chung-Keun;Son, Ju-Hyung;Seo, Seung-Woo
    • The Journal of Korean Institute of Communications and Information Sciences
    • /
    • v.32 no.5A
    • /
    • pp.402-408
    • /
    • 2007
  • There are many weaknesses in sensor networks due to hardware limitation of sensor nodes besides the vulnerabilities of a wireless channel. In order to provide sensor networks with security, we should find out the approaches different from ones in existing wireless networks; the security mechanism in sensor network should be light-weighted and not degrade network performance. Sowe proposed a novel data origin authentication satisfying both of being light-weighted and maintaining network performance by using Unique Random Sequence Code. This scheme uses a challenge-response authentication consisting of a query code and a response code. In this paper, we show how to make a Unique Random Sequence Code and how to use it for data origin authentication.

A Digital Signature Protocol Supporting Non-repudiation Based on Public-Private Algorithms (부인방지를 지원하는 공개키.관용키 알고리즘에 기반한 전자 서명 프로토콜)

  • 김선희;이헌길
    • Proceedings of the Korean Information Science Society Conference
    • /
    • 1999.10c
    • /
    • pp.309-311
    • /
    • 1999
  • 기존 전자성명방식의 검증의 남용 문제를 해결하기 위한 방법으로 부인방지 서명방식이 제안되었다. 그러나, 부인방지 서명방식은 기밀성이 제공되지 않고, 송.수신자에게 많은 비밀 정보를 요구하며, 그 정보들을 자주 변경하여야 한다. 또한, 문제 발생시에 부인 프로토콜을 따로 수행함으로서 많은 작업 시간을 요구한다. 송.수신자 사이에 서버를 두는 방법도 제안되었지만 클라이언트 수가 많은 경우 서버는 많은 오버헤드를 가지게 되어 효율적이지 못하다. 본 노문에서는 부인 방지를 위해 송.수신자 사이의 Challenge-Response 방식에 기초하여 공개키.관용키 알고리즘을 사용한 새로운 프로토콜을 제시한다. 두 개의 공개키를 사용하여 검증에 필요한 비밀 정보의 수를 줄였고, 영수증을 통해 부인 프로토콜의 필요성을 없앴을 뿐 아니라, 송.수신 부인 방지가 모두 가능하게 하였다. 또한, 관용키 알고리즘으로 원본 메시지를 암호화하여 기밀성을 제공한다.

  • PDF

일회성 티켓을 필요로 하는 사용자에게 동기화된 시계를 요구하지 않는 방식의 Kerberos

  • Kim, Hae-Yeong;Han, Sang-Geun
    • Journal of the Korean Society for Industrial and Applied Mathematics
    • /
    • v.3 no.1
    • /
    • pp.17-29
    • /
    • 1999
  • The reliable authentication of a communicating party and a network component is an essential factor to achieve the security in a computer network. The Kerberos Authentication Services has been the most successful solution which is widely used today but its requirement for synchronized clocks has been a serious limitation to use it. In this paper we presented an extended Kerberos method which avoids the synchronization requirement for a single-time ticket user. We modified the Kerberos protocol minimally by replacing the synchronization requirement with the challenge-response method.

  • PDF

A Review on the Studies of the Societal Challenge and Technological Innovation ('사회문제 해결과 과학기술혁신' 연구의 현황과 과제)

  • Song, Wichin
    • Journal of Technology Innovation
    • /
    • v.25 no.4
    • /
    • pp.17-45
    • /
    • 2017
  • This article reviews studies on the societal challenge and technological innovation. Technological innovation in response to social problems is a relatively recent topic of Innovation Studies. Socially-oriented innovations and policies are different in terms of the goals, innovation processes, and ecosystems when compared with industrial innovation. This study examines the existing research that discusses science and technology innovation from the viewpoint of solving societal problems and discusses the direction of future research. This paper presents major research issues on the characteristics of innovation in societal problem solving, innovation governance, roles and ecosystem of innovators, and relationship between societal problem solving policies and other policies.

One-Pass Identification Processing Password (한 단계로 신원확인을 위한 패스워드)

  • Kim Yong-Hun;Cho Beom-Joon
    • Journal of the Korea Institute of Information and Communication Engineering
    • /
    • v.9 no.3
    • /
    • pp.627-632
    • /
    • 2005
  • Almost all network systems provide an authentication mechanism based on user ID and password. In such system, it is easy to obtain the user password using a sniffer program with illegal eavesdropping. The one-time password and challenge-response method are useful authentication schemes that protect the user passwords against eavesdropping. In client/ server environments, the one-time password scheme using time is especially useful because it solves the synchronization problem. It is the stability that is based on Square Root problem, and we would like to suggest OPI(One Pass Identification), enhancing the stability for all of the well-known attacks by now including Free-playing attack, off-line Literal attack, Server and so on. OPI does not need to create the special key to read the password. OPI is very excellent in identifying the approved person within a very short time.