• Title/Summary/Keyword: SMS-based authentication

Search Result 18, Processing Time 0.03 seconds

Smartphone Ownership and Location Checking Scheme for Fixing the Vulnerabilities of SMS-Based Authentication (SMS 기반 인증의 보안 취약점을 개선한 스마트폰 소유 및 위치 확인 기법)

  • Kwon, Seong-Jae;Park, Jun-Cheol
    • The Journal of Korean Institute of Communications and Information Sciences
    • /
    • v.42 no.2
    • /
    • pp.349-357
    • /
    • 2017
  • Many Web sites adopt SMS(Short Message Service)-based user authentication when a user loses her password or approves an online payment. In SMS-based authentication, the authentication server sends a text in plaintext to a user's phone, and it allows an attacker who eavesdrops or intercepts the text to impersonate a valid user(victim). We propose a challenge-response scheme to prove to the authentication server that a user is in a certain place at the moment with her smartphone beside her. The proposed scheme generates a response using a challenge by the server, user's current location, and a secret on the user's smartphone all together. Consequently, the scheme is much more secure than SMS-based authentication that simply asks a user to send the same text arrived on her phone back to the server. In addition to entering the response, which substitutes the SMS text, the scheme also requests a user to input a passphrase to get the authentication process started. We believe, however, the additional typing should be tolerable to most users considering the enhanced security level of the scheme.

Sender Authentication Mechanism based on DomainKey with SMS for Spam Mail Sending Protection (대량 스팸메일 발송 방지를 위한 SMS 기반 DomainKey 방식의 송신자 인증 기법)

  • Lee, Hyung-Woo
    • The Journal of the Korea Contents Association
    • /
    • v.7 no.4
    • /
    • pp.20-29
    • /
    • 2007
  • Although E-mail system is considered as a most important communication media, 'Spam' is flooding the Internet with many copies of the same message, in an attempt to force the message on people who would not otherwise choose to receive it. Most spam is commercial advertising, often for dubious products, get-rich-quick schemes, or quasi-legal services. Therefore advanced anti-spam techniques are required to basically reduce its transmission volume on sender mail server or MTA, etc. In this study, we propose a new sender authentication model with encryption function based on modified DomainKey with SMS for Spam mail protection. From the SMS message, we can get secret information used for verification of its real sender on e-mail message. And by distributing this secret information with SMS like out-of-band channel, we can also combine proposed modules with existing PGP scheme for secure e-mail generation and authentication steps. Proposed scheme provide enhanced authentication function and security on Spam mail protection function because it is a 'dual mode' authentication mechanism.

The Improved-Scheme of Two Factor Authentication using SMS (SMS를 이용하는 개선된 이중 인증 기법)

  • Ji, Seon-Su
    • Journal of Korea Society of Industrial Information Systems
    • /
    • v.17 no.6
    • /
    • pp.25-30
    • /
    • 2012
  • Passwords are a common method of identifying and authenticating a user who wishes to log on to a secure system. Password-based authentication techniques, however, do not provide strong security and recognized as being an poor form of protection. It is not all the responsibility of the user to control password and to protect its confidentiality. In this paper, confirm an appropriate response time and I propose a new and improved method of implementing two factor authentication using SMS via receiving apparatus(mobile and email).

Voice Portal based on SMS Authentication at CTI Module Implementation by Speech Recognition (SMS 인증 기반의 보이스포탈에서의 음성인식을 위한 CTI 모듈 구현)

  • Oh, Se-Il;Kim, Bong-Hyun;Koh, Jin-Hwan;Park, Won-Tea
    • Proceedings of the Korea Information Processing Society Conference
    • /
    • 2001.04b
    • /
    • pp.1177-1180
    • /
    • 2001
  • 전화를 통해 인터넷 정보를 들을 수 있는 보이스 포탈(Voice Portal) 서비스가 인기를 얻고 있다. Voice Portal 서비스란 알고자 하는 정보를 Speech Recognition System에 음성으로 명령하면 전화를 통해 음성으로 원하는 정보를 듣는 서비스이다. Authentication의 절차를 수행하는 SMS (Short Message Service) 서버 Module, PSTN과 Database 서버사이의 Interface를 제공하는 CTI (Computer Telephony Integration) Module, CTI 서버와 WWW (World Wide Web) 사이의 Voice XML Module, 정보를 검색하기 위한 Searching Module들이 필요하다. 본 논문은 Speech Recognition technology를 기반으로 한 CTI Module 설계를 구현하였다. 또한 인정 방식으로 Random한 일회용 password를 기반으로 한 SMS Authentication을 택하므로 더욱 더 안정된 서비스 제공을 목적으로 하였다.

  • PDF

Authentication & Accounting Mechanism on IEEE802.1x with Mobile Phone

  • Lee, Hyung-Woo;Cho, Kwang-Moon
    • International Journal of Contents
    • /
    • v.2 no.4
    • /
    • pp.12-18
    • /
    • 2006
  • The number of wireless public network user is increasing rapidly. Security problem for user authentication has been increased on existing wireless network such as IEEE802.11 based Wireless LAN. As a solution, IEEE802.1x (EAP-MD5, EAP-TLS, EAP-TTLS), X.509, protocol or security system was suggested as a new disposal plan on this problem. In this study, we overview main problem on existing EAP-MD5 authentication mechanism on Wireless LAN and propose a SMS(Short Message Service) based secure authentication and accounting mechanism for providing security enhanced wireless network transactions.

  • PDF

Usability and Security Analysis of Authentication Methods for Mobile Fin-Tech Services (모바일 핀테크 서비스에서 이용 가능한 인증 수단의 사용성, 안전성 분석 연구)

  • Kim, KyoungHoon;Kwon, Taekyoung
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.27 no.4
    • /
    • pp.843-853
    • /
    • 2017
  • In the case of electronic payment, the obligation to use the certificate-based authentication was abolished. As Fin-tech service providers gain autonomy, various authentication methods are provided. SMS, ARS, PIN, Text-passwords, Fingerprints are popular authentication methods in the mobile Fin-tech services. In this study evaluate the usability and security of authentication methods in a unified mobile environment. We evaluate the usability through SUS and interview. Also we evaluate the security level of authentication methods through NIST guideline. At the result of the usability evaluation, Fingerprint authentication method had been determined as the highest usability, also Fingerprint authentication method had been determined as the safest authentication method by obtaining Security Level 4.

A Security Framework for Archiving the Permission of Mobile Terminal in Wireless Environment

  • Byun, Byung-Kil;Lee, Ki-Young
    • Journal of information and communication convergence engineering
    • /
    • v.9 no.2
    • /
    • pp.187-192
    • /
    • 2011
  • Traditional voice traffic over mobile communication has been changed into data and media contents traffic, which makes traffic amount increases and speedy data transfer required. In the near future ubiquitous mobile terminal environment will be common so that security issues will arise due to many heterogeneous equipments and connections. In this paper, many previous methods used for terminal authentication are examined. And we propose new system model which uses our novel user authentication protocol based on strong one-time password (OTP) and short message service (SMS). We verify our system model and protocol by implementation.

Face Recognition System Technologies for Authentication System - A Survey (인증시스템을 위한 얼굴인식 기술 : 서베이)

  • Hwang, Yooncheol;Mun, Hyung-Jin;Lee, Jae-Wook
    • Journal of Convergence Society for SMB
    • /
    • v.5 no.3
    • /
    • pp.9-13
    • /
    • 2015
  • With the advance of ICT, the necessity of user authentication to verify the identity of an opponent online not face to face is increasing. The authentication, the basis of the security, is used in various fields. Because ID-based authentication has weaknesses in terms of stability and losses, two or more than two authentication tools are used in the place in which the security is important. Recently, biometric authentication rather than ID, OTP, SMS authentication has been an issue in terms of credibility and efficiency. As the fields applied to current biometric recognition technologies are increasing, the application of the biometric recognition is being used in various fields such as mobile payment system, intelligent CCTV, immigration inspection, and access control. As the biometric recognition, finger print, iris, retina, vein, and face recognition have been studied actively. This study is to inspect the current state of domestic and foreign standardization including understanding of the face recognition and the trend of technology.

  • PDF

User Authentication based on SMS and OTP (SMS와 OTP 개념을 이용한 사용자 인증)

  • 김우경;이경현
    • Proceedings of the Korean Information Science Society Conference
    • /
    • 2004.10a
    • /
    • pp.433-435
    • /
    • 2004
  • 인터넷을 통한 자동화된 업무를 위하여, 공공 컴퓨터들에 대한 의존도가 높아지고 있다. 그러나 오늘날 웹 메일이나 옥션, 인터넷 뱅킹 흑은 휴대폰 결제 등을 위한 원격 서비스들은 사용자의 신원을 증명하기 위해 반드시 사용자의 아이디와 패스워드 또는 주민등록번호를 요구한다. 하지만 안전하지 못한 채널로 전송되는 사용자의 패스워드는 공격자에 의해서 도청되어, 재사용 될 가능성이 매우 높다. 본 논문에서는 위와 같이 보안이 취약한 환경에서 안전한 사용자 인증이 성공적으로 이루어 질 수 있는 새로운 시스템을 제안하고자 한다. 제안 시스템은 현대의 일반 사용자들이 항상 소지하는 휴대폰의 SMS(Simple Message Service)와 일회용 패스워드(OTP : One Time Password)를 기반으로 한다.

  • PDF

Design and Implementation of User Authentication Protocol for Wireless Devices based on Java Card (자바카드 기반 무선단말기용 사용자 인증 프로토콜의 설계 및 구현)

  • Lee, Ju-Hwa;Seol, Kyoung-Su;Jung, Min-Soo
    • The KIPS Transactions:PartC
    • /
    • v.10C no.5
    • /
    • pp.585-594
    • /
    • 2003
  • Java card is one of promising smart card platform with java technology. Java card defines necessary packages and classes for Embedded device that have small memory such as smart card Jana card is compatible with EMV that is Industry specification standard and ISO-7816 that is international standard. However, Java card is not offers user authentication protocol. In this paper, We design and implement an user authentication protocol applicable wireless devices based on Java Card using standard 3GPP Specification (SMS), Java Card Specification (APDU), Cryptography and so on. Our Java Card user authentication techniques can possibly be applied to the area of M-Commerce, Wireless Security, E-Payment System, Mobile Internet, Global Position Service, Ubiquitous Computing and so on.