• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.4
• /
• pp.879-888
• /
• 2018

Along with the recent worldwide development of fintech, FIDO (Fast IDentity Online) using biometric technology is rapidly growing in the mobile payment market, replacing the existing password system. This FIDO authentication must be processed in a reliable environment that requires high level of security, as sensitive biometrics is being processed. However, this environment is currently dependent on the manufacturer as it is supported by certain hardware on the smartphone. Therefore, this thesis proposes a server-based authentication model using distributed management of compliance based biometric information that can be used universally safely without the need for specific hardware in mobile environments.

• Convergence Security Journal
• /
• v.19 no.4
• /
• pp.43-53
• /
• 2019

Recently, a number of military intranet infiltrations suspected of North Korea have been discovered. There was a problem that a vulnerability could occur due to the modification of user authentication data that can access existing military information systems. In this paper, we applied mutual verification technique and API (Application Programming Interface) forgery / forgery blocking and obfuscation to solve the authentication weakness in web browsers that comply with FIDO (Fast IDentity Online) standard. In addition, user convenience is improved by implementing No-Plugin that does not require separate program installation. Performance tests show that most browsers perform about 0.1ms based on the RSA key generation rate. In addition, it proved that it can be used for commercialization by showing performance of less than 0.1 second even in the digital signature verification speed of the server. The service is expected to be useful for improving military information system security as an alternative to browser authentication by building a web secure storage.

• Journal of the Korea Convergence Society
• /
• v.9 no.1
• /
• pp.465-471
• /
• 2018

Recently, biometric technology has begun to be used as a fusion of IT technology and financial system. Using this biometric technology, FIDO(Fast Identity Online) technology, Samsung and Apple started Samsung Pay and Apple Pay service. FIDO authentication technology replaces existing authentication methods such as passwords. Among the biometric technologies, fingerprint recognition technology is attracting attention because it can minimize the device and user rejection at a relatively low price. However, fingerprint information has a limited number of users and it can not be reused if fingerprint information is leaked by an external attacker. Therefore, in this paper, we propose a method to authenticate a user using EEG signal which is one of biometrics technologies. W propose a method to use EEG signal measurement value in FIDO system by using convenience channel by using short channel EEG device. And propose a method to utilize EEG signal when the user recognizes a specific entity by measuring the EEG signal before and after recognizing a specific entity.

• Journal of Internet Computing and Services
• /
• v.20 no.6
• /
• pp.129-135
• /
• 2019

Recently, studies have been conducted to improve the m-commerce process in the NFC-based mobile environment and the increase of the number of smart phones built in NFC. Since authentication is important in mobile electronic payment, FIDO(Fast IDentity Online) and 2 Factor electronic payment system are applied. In addition, block-chains using distributed raw materials have emerged as a representative technology of the fourth industry. In this study, for the mobile gallery auction of the traders using NFC embedded terminal (smartphone) in a small gallery auction in which an unspecified minority participates, password-based authentication and biometric authentication technology (fingerprint) were applied to record transaction details and ownership transfer of the auction participants in electronic payment. And, for the cost reduction and data integrity related to gallery auction, the private distributed director block chain was constructed and used. In addition, domestic and foreign cases applying block chain in the auction field were investigated and compared. In the future, the study will also study the implementation of block chain networks and smart contract and the integration of block chain and artificial intelligence to apply the proposed method.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.10 no.11
• /
• pp.5674-5691
• /
• 2016

Fast IDentity Online(FIDO) supports biometric authentications in an online environment without transmitting biometric templates over the network. For a given FIDO client, the "Fuzzy Vault" securely stores biometric templates, houses additional biometric templates, and unlocks private keys via biometrics. The Fuzzy Vault has been extensively researched and some vulnerabilities have been discovered, such as brute force, correlation, and key inversions attacks. In this paper, we propose a simple fingerprint Fuzzy Vault for FIDO clients. By using the FIDO feature, a simple minutiae alignment, and point-to-point matching, our Fuzzy Vault provides a secure algorithm to combat a variety of attacks, such as brute force, correlation, and key inversions. Using a case study, we verified our Fuzzy Vault by using a publicly available fingerprint database. The results of our experiments show that the Genuine Acceptance Rate and the False Acceptance Rate range from 48.89% to 80% and from 0.02% to 0%, respectively. In addition, our Fuzzy Vault, compared to existing similar technologies, needed fewer attempts.

• KIPS Transactions on Computer and Communication Systems
• /
• v.2 no.12
• /
• pp.533-540
• /
• 2013

Anonymity is the one of main reasons for substantial improvement of Internet. It encourages various users to express their opinion freely and helps Internet based distributed systems vitalize. But, anonymity can cause unexpected threats because personal information of an online user is hidden. Especially, distributed systems are threatened by Sybil attack, where one malicious user creates and manages multiple fake online identities. To prevent Sybil attack, the traditional solutions include increasing the complexity of identity generation and mapping online identities to real-world identities. But, even though the high complexity of identity generation increases the generation cost of Sybil identities, eventually they are generated and there is no further way to suppress their activity. Also, the mapping between online identities and real identities may cause high possibility of losing anonymity. Recently, some methods using online social network to prevent Sybil attack are researched. In this paper, a new method is proposed for extracting a user's system-wide Sybil-resistant trust value by using the properties embedded in online social network graphs. The proposed method can be categorized into 3 types based on sampling and decision strategies. By using graphs sampled from Facebook, the performance of the 3 types of the proposed method is evaluated. Moreover, the impact of Sybil attack on nodes with different characteristics is evaluated in order to understand the behavior of Sybil attack.

• Convergence Security Journal
• /
• v.19 no.3
• /
• pp.29-36
• /
• 2019

The convergence of traditional industry and ICT is a combination of security threats and vulnerabilities in ICT and specific industry-specific problems of existing industries, and new security threats and vulnerabilities are emerging. In particular, in the medical ICT convergence industry, various problems regarding user authentication are derived from the medical information system, which is being used for abuse and security weaknesses. According, this study designed and implemented a user authentication system for secure user management in medical ICT convergence environment. Specifically, we design and implement measures to solve the abuse and security weaknesses of ID sharing and to solve the inconvenience of individual ID / PW authentication by performing user authentication using personalized devices based on medical information systems.