• The KIPS Transactions:PartC
• /
• v.10C no.2
• /
• pp.141-144
• /
• 2003

We present a new password system, called dual password system, with the user verification procedure. Dual password system is the first password system in the world preventing the exposure of secret information to imposter at the terminal. User of dual password system matches two alphabets at same location of first password and second password iteratively for inputting password. Therefore, the deriving method of first password and second password from the password is important in dual password system. Related to the deriving method of first password and second password from password, a new problem, called dual password derivation problem, is defined, and the evaluation factors for the solutions of the dual password derivation problem are presented.

• KIPS Transactions on Computer and Communication Systems
• /
• v.12 no.2
• /
• pp.69-76
• /
• 2023

Hundreds of thousands of passwords are lost or forgotten every year, making the necessary information unavailable to legitimate owners or authorized law enforcement personnel. In order to recover such a password, a tool for password cracking is required. Using GPUs instead of CPUs for password cracking can quickly process the large amount of computation required during the recovery process. This paper optimizes on GPUs using CUDA, with a focus on decryption of the currently most popular PDF 1.4-1.6 version. Techniques such as eliminating unnecessary operations of the MD5 algorithm, implementing 32-bit word integration of the RC4 algorithm, and using shared memory were used. In addition, autotune techniques were used to search for the number of blocks and threads that affect performance improvement. As a result, we showed throughput of 31,460 kp/s (kilo passwords per second) and 66,351 kp/s at block size 65,536, thread size 96 in RTX 3060, RTX 3090 environments, and improved throughput by 22.5% and 15.2%, respectively, compared to the cracking tool hashcat that achieves the highest throughput.

• Smart Media Journal
• /
• v.9 no.4
• /
• pp.52-59
• /
• 2020

This second survey, which collected 2392 disclosing grades data for 2012~ 2017, nearly twice the first survey, was conducted to supplement the result of the first survey on the reuse of 4-digit passcodes(PCs) data. In addition of second survey, we found that the more number of used PCs, the higher reuse rate, up to 4 numbers of PCs were used for reusing and there may be personal differences even on the single site. The results of this paper that were not available in the first survey were close to the those of foreign research on the reuse of passwords using a mixture of numbers, letters and special characters. This second survey provided an inference that an opportunity to indirectly approach the domestic situation of re-using password, where data collection is impossible and that domestic regulation such as periodic change of password may increase the re-using password.

• Asia pacific journal of information systems
• /
• v.18 no.4
• /
• pp.1-26
• /
• 2008

Rapid progress of information technology and widespread use of the personal computers have brought various conveniences in our life. But this also provoked a series of problems such as hacking, malicious programs, illegal exposure of personal information etc. Information security threats are becoming more and more serious due to enhanced connectivity of information systems. Nevertheless, users are not much aware of the severity of the problems. Using appropriate password is supposed to bring out security effects such as preventing misuses and banning illegal users. The purpose of this research is to empirically analyze a research model which includes a series of factors influencing the effectiveness of passwords. The research model incorporates the concept of risk based on information systems risk analysis framework as the core element affecting the selection of passwords by users. The perceived risk is a main factor that influences user's attitude on password security, security awareness, and intention of security behavior. To validate the research model this study relied on questionnaire survey targeted on evening class MBA students. The data was analyzed by AMOS 7.0 which is one of popular tools based on covariance-based structural equation modeling. According to the results of this study, while threat is not related to the risk, information assets and vulnerability are related to the user's awareness of risk. The relationships between the risk, users security awareness, password selection and security effectiveness are all significant. Password exposure may lead to intrusion by hackers, data exposure and destruction. The insignificant relationship between security threat and perceived risk can be explained by user's indetermination of risk exposed due to weak passwords. In other words, information systems users do not consider password exposure as a severe security threat as well as indirect loss caused by inappropriate password. Another plausible explanation is that severity of threat perceived by users may be influenced by individual difference of risk propensity. This study confirms that security vulnerability is positively related to security risk which in turn increases risk of information loss. As the security risk increases so does user's security awareness. Security policies also have positive impact on security awareness. Higher security awareness leads to selection of safer passwords. If users are aware of responsibility of security problems and how to respond to password exposure and to solve security problems of computers, users choose better passwords. All these antecedents influence the effectiveness of passwords. Several implications can be derived from this study. First, this study empirically investigated the effect of user's security awareness on security effectiveness from a point of view based on good password selection practice. Second, information security risk analysis framework is used as a core element of the research model in this study. Risk analysis framework has been used very widely in practice, but very few studies incorporated the framework in the research model and empirically investigated. Third, the research model proposed in this study also focuses on impact of security awareness of information systems users on effectiveness of password from cognitive aspect of information systems users.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2013.10a
• /
• pp.59-60
• /
• 2013

In this paper, we implemented a digital doorlock using microprocessor Atemega128 made in Atmel. We added RFID reader to identify different existing Doorlock. To operate the system, first, if RFID reader recognize card, LCD is used to operate password input message. Second, if password is correct, door is opened. But if password is incorrect, door will not be open. To extend security intensity for opening door key, we used RFID module and can operate it easily.

• KIPS Transactions on Computer and Communication Systems
• /
• v.3 no.12
• /
• pp.463-478
• /
• 2014

Portal site is not only providing search engine and e-mail service but also various services including blog, news, shopping, and others. The fact that average number of daily login for Korean portal site Naver is reaching 300 million suggests that many people are using portal sites. With the increase in number of users followed by the diversity in types of services provided by portal sites, the attack is also increasing. Most of studies of password authentication is focused on threat and countermeasures, however, in this study, we analyse the security threats and security requirement of membership, login, password reset first phase, password reset second phase. Also, we measure security score with common criteria of attack potential. As a result, we compare password authentication system of domestic and abroad portal sites.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2003.05c
• /
• pp.2221-2224
• /
• 2003

시스템에 대한 보안은 네트워크에 연결되어진 대부분의 시스템이라면 한번쯤은 고려 해봐야 할 것이다. 시스템에 대한 보안이 필요한 가장 큰 이유는 침입으로부터 시스템과 사용자들의 정보를 보호하기 위한 것이다. 특히 일반 사용자들의 계정에 대한 패스워드는 크래킹 당할 위험요소를 많이 가지고 있으므로 이에 대한 보안을 철저히 해야한다. 본 논문에서 제안하는 시스템은 사용자들의 계정에 대하여 임의의 사용자가 로그인하였을 경우 또 다른 패스워드, 즉 SP(Second Password)를 로그인한 사용자로부터 믿어와 재확인 과정을 거쳐 해커가 일반 사용자의 계정으로 쉘을 획득하지 못하도록 하여 사용자 계정과 시스템의 정보를 보호하도록 설계하였다.

• The Transactions of The Korean Institute of Electrical Engineers
• /
• v.66 no.12
• /
• pp.1899-1904
• /
• 2017

This paper presents a new one-time password approach generated based on $4{\times}4$ pattern schedule. It demonstrates generation of passkey from initial seed of random codes and mapping out in table pattern schedule which will produce a new form of OTP scheme in protecting information or data. The OTP-2FA has been recognized by many organizations as a landmark to authentication techniques. OTP is the solution to the shortcomings of the traditional user name/password authentication. With the application of OTP, some have benefited already while others have had second thoughts because of some considerations like cryptographic issue. This paper presents a new method of algorithmic approach based on table schedule (grid authentication). The generation of OTP will be based on the random parameters that will be mapped out in rows and columns allowing the user to form the XY values to get the appropriate values. The algorithm will capture the values and extract the predefined characters that produce the OTP codes. This scheme can work in any information verification system to enhance the security, trust and confidence of the user.

• International Journal of Contents
• /
• v.9 no.2
• /
• pp.14-21
• /
• 2013

Current smartphone authentication systems are deemed inconvenient and difficult for users on remembering their password as well as privacy issues on stolen or forged biometrics. New authentication system is demanded to be implicit to users with very minimum user involvement being. This idea aims towards a future model of authentication system for smartphones users without users realizing them being authenticated. We use the most frequent activity that users carry out with their smartphone, which is the calling activity. We derive two basics related interactions that are first factor being arm's flex (AF) action to pick a phone to be near ones' ears and then once getting near ear using second factor from ear shape image. Here, we combine behavior biometrics from AF in first factor and physical biometrics from ear image in second factor. Our study shows our dual-factor authentication system does not require explicit user interaction thereby improving convenience and alleviating burden from users from persistent necessity to remember password. These findings will augment development of novel implicit authentication system being transparent, easier, and unobtrusive for users.

• Asia-pacific Journal of Multimedia Services Convergent with Art, Humanities, and Sociology
• /
• v.5 no.4
• /
• pp.45-53
• /
• 2015

In this paper, an approach of temporal certification system that can be easily added on current character-based certification system is newly introduced. This technique enhances the security of the password certification process by exploiting temporal information for each character's stroke timing, and using them as another feature of certification information, on top of character comparison process. There are three different temporal conditions: maximum, minimum and no-option. The maximum condition along with a time number (usually 0.2 second or less) means that the next key input should be punched within the time limit, while the minimum condition means the next key stroke should be typed after the time lapse specified. With no-option condition chosen, user can punch the password without any timing constraints. Prototype was developed and tested with four number password case. In comparison with 104 cases, this new approach increases the cases more than 10 digits, enhancing the security of the certification process. One big advantage of this new approach is that user can update his/her password only with different timing constraints, still keeping the same characters, that will enhance the security system management efficiency in a very simple way. Figures and pictures along with process flow are included for the validity of the idea.