• Journal of Practical Engineering Education
• /
• v.15 no.3
• /
• pp.641-647
• /
• 2023

In the fintech environment, ensuring secure financial transactions with smartphones requires authenticating the device owner. Smartphone authentication techniques encompass a variety of approaches, such as passwords, biometrics, SMS authentication, and more. Among these, password-based authentication is commonly used and highly convenient for user authentication. Although it is a simple authentication mechanism, it is susceptible to eavesdropping and keylogging attacks, alongside other threats. Security keypads have been proposed to address vulnerabilities in password input on smartphones. One such innovation is a group keypad, resistant to attacks that guess characters based on touch location. However, improvements are needed for user convenience. In this study, we aim to propose a method that enhances convenience while being resistant to eavesdropping and recording attacks on the existing group keypad. The proposed method uses new signs to allow users to verify instead of the last character confirmation easily and employs dragging-to-touch for blocking recording attacks. We suggest diverse positioning methods tailored for domestic users, improving efficiency and security in password input compared to existing methods.

• Journal of KIISE
• /
• v.42 no.9
• /
• pp.1175-1184
• /
• 2015

Recently, there has been an explosive increase in the volume of multimedia data that is available as a result of the development of multimedia technologies. More and more data is becoming available on a variety of web sites, and it has become increasingly cost prohibitive to have a single data server store and process multimedia files locally. Therefore, many service providers have been likely to outsource data to cloud storage to reduce costs. Such behavior raises one serious concern: how can data users be authenticated in a secure and efficient way? The most widely used password-based authentication methods suffer from numerous disadvantages in terms of security. Multi-factor authentication protocols based on a variety of communication channels, such as SMS, biometric, or hardware tokens, may improve security but inevitably reduce usability. To this end, we present a data block-based authentication scheme that is secure and guarantees usability in such a manner where users do nothing more than enter a password. In addition, the proposed scheme can be effectively used to revoke user rights. To the best of our knowledge, our scheme is the first data block-based authentication scheme for outsourced data that is proven to be secure without degradation in usability. An experiment was conducted using the Amazon EC2 cloud service, and the results show that the proposed scheme guarantees a nearly constant time for user authentication.

• Journal of the Korea Convergence Society
• /
• v.2 no.4
• /
• pp.9-14
• /
• 2011

Phishing is an attack to theft an user's identity by masquerading the user or the device. The number of phishing victims are sharply increased due to wide spread use of smart phones and messenger programs. Smart phones can operate various wi-fi based apps besides typical voice call and SMS functions. Generally, the messenger program such as Kakao Talk or Nate On is consisted of client and server functions. Thus, the authentication between the client and the server is essential to communicate securely. In this paper, we propose the messenger authentication protocol safe against smart phone phishing. To protect communications among clients, the proposed method provides message encryption and authentication functions.

• Journal of the Korea Convergence Society
• /
• v.9 no.9
• /
• pp.15-22
• /
• 2018

As smart devices become popular, users can use authentication services in various methods. Authentication services include authentication using an ID and a password, authentication using a sms, and authentication using an OTP(One Time Password). This paper proposed an authentication system that solves the security problem of knowledge-based authentication using optical character recognition and can easily and quickly authenticate users. The proposed authentication system extracts a character from an uploaded image by a user and authenticates the user using the extracted character information. The proposed authentication system has the advantage of not using a password or an OTP that are easily exposed or lost, and can not be authenticated without using accurate photographs. The proposed authentication system is platform independent and can be used for user authentication, file encryption and decryption.

• Journal of KIISE:Computing Practices and Letters
• /
• v.12 no.6
• /
• pp.367-378
• /
• 2006

A mobile phone has became as a payment tool in e-commerce and on-line banking areas. This trend of a payment system using various types of mobile devices is rapidly growing, especially in the Internet transaction and small-money payment. Hence, there will be a need to define its standard for secure and safe payment technology. In this thesis, we consider the service types of the current mobile payments and the authentication method, investigate the disadvantages, problems and their solutions for smart and secure payment. Also, we propose a novel authentication method which is easily adopted without modification and addition of the existed mobile hardware platform. Also, we present a simple implementation as a demonstration version. Based on virtual machine (VM) approach, the proposed model is to use a pseudo-random number which is confirmed by the VM in a user's mobile phone and then is sent to the authentication site. This is more secure and safe rather than use of a random number received by the previous SMS. For this payment operation, a user should register the serial number at the first step after downloading the VM software, by which can prevent the illegal payment use by a mobile copy-phone. Compared with the previous SMS approach, the proposed method can reduce the amount of packet size to 30% as well as the time. Therefore, the VM-based method is superior to the previous approaches in the viewpoint of security, packet size and transaction time.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2005.05a
• /
• pp.1213-1216
• /
• 2005

인터넷을 통한 자동화된 업무가 증가함에 따라서, 공공 컴퓨터들에 대한 의존도가 높아지고 있다. 그러나 오늘날 웹메일, 옥션, 인터넷 뱅킹, 휴대폰 결제등과 같은 위한 원격 서비스들은 사용자의 신원을 증명하기 위해 사용자의 아이디와 패스워드 또는 주민등록번호를 요구한다. 하지만 안전하지 못한 채널로 전송되는 사용자의 정보는 공격자에 의해서 도청및 재사용될 가능성이 매우 높다. 본 논문에서는 위와 같이 보안이 취약한 환경에서 안전한 사용자 인증이 성공적으로 이루어 질 수 있는 새로운 인증 시스템을 제안하고자 한다. 제안 시스템은 현대의 일반 사용자들이 항상 소지하는 휴대폰의 SMS(Simple Message Service)와 일회용 패스워드(OTP : One Time Password)를 기반으로 한다.

• Journal of Advanced Information Technology and Convergence
• /
• v.9 no.2
• /
• pp.15-27
• /
• 2019

This paper deals with a web-based public address system for conveying information for different institutions. An architecture for a Short Messaging Service (SMS) based public address (PA) system that can be programmed by an authorized mobile phone or device is proposed. This PA system will facilitate information transfer from heads of offices, managers, directors, and deans of the institutions to its constituents or unit area as well as enable postings of information with proper authentication and validation remotely. The system supports high priority messaging, allowing the conveyance of critical and time sensitive information. The mobility management support for the PA system will be based on the Hierarchical Mobile Internet Protocol version 6 (HMIPv6), hence, allowing for a seamless connectivity to the system. The major advantage of this proposed PA system as compared with the traditional electronic displays and bulletin boards is seamless mobility wherein the display devices can be programmed remotely by heads of the institutions and business organization. It also allows faster communication and immediate actions concerning the different institutions, organizations, and businesses, thus, ensuring high productivity.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.10 no.4
• /
• pp.1751-1767
• /
• 2016

Home security has become the prime concern for everyone in present scenario. In this work an attempt has been made to develop a home security system which is accessible, affordable and yet effective.The proposed system is based on 'Remote Embedded Control System' (RECS) which works both on the web and gsm platform for authentication and monitoring. This system is therefore cost effective as it relies on existing network infrastructure. As PCA is most popular and efficient algorithm for face recognition, it has been usedin this work. Next to it an interface has been developed for communication purpose in the embedded security system through the ZigBee module. Based on this embedded system, automated control of door movement has been implemented through electromagnetic door lock technology. This helps the users to monitor the real-time activities through web services/SMS. The web service consists of either web browser command or e-mail provision. The system establishes the communication between the system and authenticated user. The e-mail received by the system from the authorized person will monitor and control the real-time operation and door lock. The entire control system is reinforced using ARM1176JZF-S microcontroller and tested for actual use in the home environment. The result shows the experimental verification of the proposed system.