• Journal of information and communication convergence engineering
• /
• v.5 no.4
• /
• pp.346-350
• /
• 2007

Almost all network systems provide an authentication mechanism based on user ID and password. In such system, it is easy to obtain the user password using a sniffer program with illegal eavesdropping. The one-time password and challenge-response method are useful authentication schemes that protect the user passwords against eavesdropping. In client/server environments, the one-time password scheme using time is especially useful because it solves the synchronization problem. It is the stability that is based on Square Root Problem, and we would like to suggest PBSI(Password Based Secure Identification), enhancing the stability, for all of the well-known attacks by now including Off-line dictionary attack, password file compromise, Server and so on. The PBSI is also excellent in the aspect of the performance.

• Journal of information and communication convergence engineering
• /
• v.3 no.4
• /
• pp.213-216
• /
• 2005

Almost all network systems provide an authentication mechanism based on user ID and password. In such system, it is easy to obtain the user password using a sniffer program with illegal eavesdropping. The one-time password and challenge-response method are useful authentication schemes that protect the user passwords against eavesdropping. In client/server environments, the one-time password scheme using time is especially useful because it solves the synchronization problem. It is the stability that is based on Square Root Problem, and we would like to suggest PBI(password Based Identification), enhancing the stability, for all of the well-known attacks by now including Off-line dictionary attack, password file compromise, Server and so on. The PBI is also excellent in the aspect of the performance.

• Journal of information and communication convergence engineering
• /
• v.4 no.4
• /
• pp.166-169
• /
• 2006

Almost all network systems provide an authentication mechanism based on user ID and password. In such system, it is easy to obtain the user password using a sniffer program with illegal eavesdropping. The one-time password and challenge-response method are useful authentication schemes that protect the user passwords against eavesdropping. In client/server environments, the one-time password scheme using time is especially useful because it solves the synchronization problem. In this paper, we present a new identification scheme: OPI(One Pass Identification). The security of OPI is based on the square root problem, and OPI is secure: against the well known attacks including pre-play attack, off-line dictionary attack and server comprise. A number of pass of OPI is one, and OPI processes the password and does not need the key. We think that OPI is excellent for the consuming time to verify the prover.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.13 no.1
• /
• pp.81-86
• /
• 2009

Almost all network systems provide an authentication mechanism based on user ID and password. In such system, it is easy to obtain the user password using a sniffer program with illegal eavesdropping. The one-time password and challenge-response method are useful authentication schemes that protect the user passwords against eavesdropping. In client/server environments, the one-time password scheme using time is especially useful because it solves the synchronization problem. In this paper, we propose a new identification scheme One Pass Identification. The security of Password base System is based on the square root problem, and Password base System is secure against the well known attacks including pre-play attack, off-line dictionary attack and server comprise. A number of pass of Password base System is one, and Password base System processes the password and does not need the key. We think that Password base System is excellent for the consuming time to verify the prover.

• Journal of information and communication convergence engineering
• /
• v.15 no.2
• /
• pp.91-96
• /
• 2017

PIN-entry interfaces have high risks to leak secret values if the malicious attackers perform shoulder-surfing attacks with advanced monitoring and observation devices. To make the PIN-entry secure, many studies have considered invisible radio channels as a secure medium to deliver private information. However, the methods are also vulnerable if the malicious adversaries find a hint of secret values from user's $na{\ddot{i}}ve$ gestures. In this paper, we revisit the state-of-art radio channel based bimodal PIN-entry method and analyze the information leakage from the previous method by exploiting the sight tracking attacks. The proposed sight tracking attack technique significantly reduces the original password complexities by 93.8% after post-processing. To keep the security level strong, we introduce the advanced bimodal PIN-entry technique. The new technique delivers the secret indicator information through a secure radio channel and the smartphone screen only displays the multiple indicator options without corresponding numbers. Afterwards, the users select the target value by following the circular layout. The method completely hides the password and is secure against the advanced shoulder-surfing attacks.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2000.10a
• /
• pp.433-438
• /
• 2000

Now, It is vulnerabilities and problems of adaption in user identification and authentication on the Web environments; the BAA(Basic Access Authentication) of HTTP1.0 is that use. ID and password is passed with clear-text between client and server, For this enhancement, the DAA(Digest Access Authentication) of HTTP1.1 is that use. password is digested by MAC(Message Authentication Code) mechanism. but, this mechanism is not adapted by venders of Web browsers. This paper propose the lava based user identification and authentication model to resolve the above problems. Proposed systems are applied to the Web environment, since it has independence to web server and client.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.7 no.3
• /
• pp.63-74
• /
• 2011

Credit cards are more convenient than cash of heavy. Therefore, credit cards are used widely in on_line (internet) and off_line in nowadays. To use credit cards on internet is commonly secure because client identification based security card and authentication certificate. However, to use in off_line as like shop, store, department, restaurant is unsecure because of irregular accident. As client identification is not used in off_line use of credit cards, the irregular use of counterfeit, stolen and lost card have been increasing in number recently. Therefore, client identification is urgently necessary for secure card using in off_line. And the method of client identification must be simple, don't take long time, convenient for client, card affiliate and card company. In this paper, we study a reform measure of the structure and transaction process for the safety improvement of a credit cards. And we propose several authentication method of short-and long-term for client identification. In the proposal, the client authentication method by OTP application of smart-phone is efficient nowadays.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2003.11c
• /
• pp.2009-2012
• /
• 2003

본 논문은 이른바 패스워드 기반 인증(PBI)이라고 부르는 사람이 기억하기 쉬운 패스워드 처리 과정의 인중 프로토콜을 제안한다. PBI는 온라인 사전 방식의 공격과 패스워드 파일의 중간 결과물의 공격들에 대응하여 안전하다. PBI는 실행 결과에서도 역시 뛰어나다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.12 no.1
• /
• pp.33-42
• /
• 2002

We present a systematic way to armor a zero-knowledge interactive proof based identification scheme that has badly chosen keys. Keys are sometimes mistakenly chosen to be weak(neither random nor long), and a weak key is often preferred to a strong key so that it might be easy for human to remember. Weak keys severely degrade the security of ZKIP based identification schemes. We show using off-line guessing attack how the weak key threats the security of ZlKIP based identification schemes. For the proper usage of ZKIP, we introduce a specialized form of ZKIP, which has a secret coin-tossing stage. Using the secret coin tossing, a secure framework is proposed for ZKIP based identification schemes with weak key in the ideal cipher model. The framework is very useful in password based authentication and key exchange protocol

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.18 no.2
• /
• pp.21-31
• /
• 2008

Ubiquitous environment is constructed by development of an IT technology, offer environment of many service changed to mobile environment. Also, existed service offered at fixed position like home or company, but according to development of mobile device. user require service as moving. Wibro can offer as user moving using mobile device. As requirement should be included authentication, in case of authentication between UICC and AAA authentication server is offered in Wibro, service is available. However, when UICC requires initial authentication to AAA authentication server, identification information of UICC expose as plaintext, so privacy infringement of mobile device occurs. Therefore, identification information of terminal generate randomly using OTP(One-Time Password) that generated in mobile terminal, and we proposed mechanism of privacy protection. Also, we proposed mechanism that offer secure service to user as offer authentication from OTP framework, and offer OTP combination authentication detailedly.