• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.6
• /
• pp.1027-1036
• /
• 2014

In 2012, Sonwanshi et al. suggested an efficient smar card based remote user authentication scheme using hash function. In this paper, we point out that their scheme is vulnerable to offline password guessing attack, sever impersonation attack, insider attack, and replay attack and it has weakness for session key vulnerability and privacy problem. Furthermore, we propose an improved scheme which resolves security flaws and show that the scheme is more secure and efficient than others.

• Journal of Korea Society of Industrial Information Systems
• /
• v.16 no.3
• /
• pp.57-63
• /
• 2011

The internet is currently becoming popularized and generalized in our daily life. Recently, a lot of hacking tools have appeared on the internet. And damage size and seriousness the measurement is impossible. The password security protects oneself and information is the tool which is essential for from the internet, if this emphasizes no matter how, does not go to extremes. If applies a encryption, a 7 character password is sufficient, so long as attackers don't pick easily guessed values. In this paper, entering password using the virtual keyboard, I propose a new and improved one time password algorithm using information a part of ID and final approval time.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2001.10a
• /
• pp.510-513
• /
• 2001

OTP(One-time Password) had been used much by method to do user certification so far. Because aspect that user certification that use OTP is efficient and economical fairly is much, it is one of method that can use easily. This treatise would apply OTP in message authentication and wishes to show that OTP is available for inter-authentication. First, examine about OTP's characteristic and overview in introduction, and explain about user certification method to use OTP in main discourse and method of message certification. And finally. wish to examine how OTP offers inter-authentication function.

• The Journal of the Korea Contents Association
• /
• v.15 no.11
• /
• pp.501-508
• /
• 2015

Most web sites, information systems use the ID/Password technique to identify and authenticate users. But ID/Password technique is vulnerable to security. The user must remember the ID/Password and, the password should include alphabets, numbers, and special characters, not to be predicted easily. User also needs to change your password periodically. In this paper, we propose the user authentication method that the user authentication information stored in the external storage to authenticate a user. If another person knows the ID/Password, he can't log in a system without the external storage. Whenever a user logs in a system, authentication information is generated, and is stored in the external storage. Therefore, the proposed user authentication method is the traditional ID/Password security technique, but it enhances security and, increases user convenience.

• Journal of Advanced Navigation Technology
• /
• v.14 no.3
• /
• pp.415-425
• /
• 2010

In public network, user authentication is important security technology. Especially, password-based authentication method is used the most widely in distributed environments, and there are many authentication methods. Their SPMA protocol indicates vulnerability about problem that NSPA protocol does not offer mutual authentication, and proposed Strong Password Mutual Authentication protocol with mutual authentication. However, SPMA protocol has vulnerability of replay attack. In the paper, we analyzed vulnerability to replay attack of SPMA protocol. And we also proposed Improved Strong Password Mutual Authentication protocol to secure on replay attack with same efficiency.

• Journal of Industrial Convergence
• /
• v.21 no.9
• /
• pp.49-56
• /
• 2023

ID is used as identifying information and password as user authentication for ID-based authentication. In order to have a secure user authentication, the password is generated as a hash value on the client and sent to the server, where it is compared with the stored information and authentication is performed. However, if even one character is incorrect, the different hash value is generated, authentication will be failed and cannot be performed and various functions cannot be applied to the password. In this study, we generate several hash value including imaginary number of entered password and transmit to server and perform authentcation. we propose a technique can grants the right differentially to give various rights to the user who have many rights by one account. This can defend shoulder surfing attack by imaginary password and provide convenience to users who have various rights by granting right based on password.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.37 no.6C
• /
• pp.497-501
• /
• 2012

While increasing online services with developing e-businesses, finance, game companies and others have employed OTP(One-Time Password) to overcome vulnerabilities of static passwords. Existing OTP technology has inconvenience that customers always possess reserved token since requiring the token to generate OTP. In order to supplement the issue we propose mobile OTP generated by mobile devices such as smart phones. Our mobile OTP scheme generates OTP by using a non-linear function based on pairing to eject the collision problem of S/Key scheme universally used to design OTP schemes. Our scheme based on a non-linear function over pairing can complements the collision problem and widely applied to finance and various services to increase security level of the services.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.16 no.6
• /
• pp.73-80
• /
• 2006

Recently, Sun et el. proposed a three-party authenticated key exchange protocol using the public key of the server and the derived verifier from the Password of a user. This paper proposes a password-based three-party authenticated key exchange protocol using smartcards. Since the proposed protocol has very low computation cost by using XOR and hash function operation instead of the public key operation, and reduces the count of message transmission to 20% compared with the protocol of Sun et el., it can execute an effective authenticated key exchange. Furthermore, the proposed protocol is safe from password guessing attack by not saving passwords in the server, and it is also safe from server compromise attack because the server cannot know the shared session key between the two users.

• The KIPS Transactions:PartC
• /
• v.11C no.4
• /
• pp.439-446
• /
• 2004

In the Internet, user authentication is the most important service in secure communications. Although password-based mechanism is the most widely used method of the user authentication in the network, people are used to choose easy-to-remember passwords, and thus suffers from some Innate weaknesses. Therefore, using a memorable password it vulnerable to the dictionary attacks. The techniques used to prevent dictionary attacks bring about a heavy computational workload. In this paper, we describe a recent solution, the Optimal Strong-Password Authentication (OSPA) protocol, and that it is vulnerable to the stolen-verifier attack and an impersonation attack. Then, we propose an Improved Optimal Strong-Password Authentication (I-OSPA) protocol, which is secure against stolen-verifier attack and impersonation attack. Also, since the cryptographic operations are computed by the processor in the smart card, the proposed I-OSPA needs relatively low computational workload and communicational workload for user.

• Journal of the Korea Society of Computer and Information
• /
• v.15 no.2
• /
• pp.119-125
• /
• 2010

Recently Hsiang-Shih proposed the user authentication scheme to improve Yoon et al's scheme. But the proposed scheme has not been satisfied security requirements considering in the user authentication scheme using the password based smart card. In this paper, we proved that Hsiang-Shih's scheme is vulnerable to the off-line password guessing attack. In other words, the attacker can get the user's password using the off-line password guessing attack on the scheme when the attacker steals the user's smart card and extracts the information in the smart card. Also, the improved scheme based on the hash function and random number was introduced, thus preventing the attacks, such as password guessing attack, forgery attack and impersonation attack etc. And we suggested the effective mutual authentication scheme that can authenticate each other at the same time between the user and server.