• Journal of Digital Convergence
• /
• v.13 no.8
• /
• pp.315-320
• /
• 2015

User Authentication in Online service is essential for accurate and safe service. For this user authentication, One Time Password(OTP) is frequently used. To satisfy one-time-use characteristic of OTP, Offset information to generate OTP or final OTP value get generated through OTP generator or security card which could be lost. In this study, OTP generation method that bypasses OTP generator or security card by using health information collected from u-Health care system is proposed. Suggestion is that health information collected through wearable devices get utilized to offset information that are applied in OTP generations. OTP generated using suggested methods showed similar results than current OTP generation methods in the collision resistance test which tests how often it generate same authentication numbers, this implies that new proposed method can be applied to various on-line services.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.10 no.10
• /
• pp.1087-1092
• /
• 2015

It was diversified demand for a wireless network to the rapid growth of the Internet, the time and space that are not in the new level of Internet technology, limits the Ad-hoc networks are needed. Ad-hoc networks do not communicate with the central station, each of the mobile nodes included in the network communicate with each other by the relay role. In recent years, the Ad-hoc wireless networks in a variety of routing protocols and network security, research is actively underway for the authentication method, but the security of wireless Internet and Ad-hoc networks, certification is incomplete situation. This paper considers the authentication and key agreement technique applicability of the USIM card using the DSR routing protocol of the Java Card and Ad-hoc networks, we propose a secure authentication mechanism between the mobile node.

• The Journal of Society for e-Business Studies
• /
• v.17 no.4
• /
• pp.1-16
• /
• 2012

Shieh and Wang [10] recently proposed an efficient mutual authentication scheme that combined the cost-effectiveness of operations of Lee et al. [6]. scheme and the security and key agreement of Chen and Yeh scheme. Shieh and Wang [10] scheme, however, does not satisfy the security requirements against a third party (the man-in the middle, attacker) that have to be considered in remote user authentication scheme using password-based smart cards. Shieh and Wang weaknesses are the inappropriateness that it cannot verify the forged message in 3-way handshaking mutual authentication, and the vulnerability that the system (server) secret key can easily be exposed. This paper investigates the problems of Shieh and Wang scheme in the verification procedure of the forged messages intercepted by the eavesdrop. An enhanced two-way remote user authentication scheme is proposed that is safe and strong against multiple attacks by adding the ability to perform integrity check on the server and proposed scheme is not expose user password information and the system's confidential information.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.37 no.8C
• /
• pp.697-702
• /
• 2012

In 2011, C.-T. Li et al. proposed a secure user authentication scheme, which is an improvement over Kim et al.'s scheme to resolve several security flaws such as off-line password guessing attack and masquerading attack. C.-T. Li et al. claimed that their scheme prevents smart card security related attacks. Moreover, it provides mutual authentication and session key establishment. However, we found that their scheme is vulnerable to password guessing attack through password change phase, smart card forgery attack and stolen verifier attack. Moreover, C.-T. Li et al.'s scheme is not secure against password guessing attack as they claimed. In this paper, we also point out that their scheme is not practical to use.

• Journal of the Institute of Electronics Engineers of Korea CI
• /
• v.45 no.6
• /
• pp.60-67
• /
• 2008

At present, RFID system is highly welcomed as a substitute system with its bar code recognition system and self recognition equipment. Consequently, the system has multi applications and can be complementing to its security. In particular, RFID system is significantly related with electronic transaction equipments : transportation card, ID card in check point, attendance sheet. Based upon these characteristic, the system is becoming extremely popular in the field of logistics, harbor and stock management, animal control and product circulation & distribution. In this dissertation, I would like to present a more efficient and stable remote entry control system with the network-based TCP/IP. It is a simple example of ubiquitous computing function. Above all, approved protocol system should be applied to the remote entry control function. Its efficient function with the applied approval protocol based-remote entry control system should be confirmed. Therefore, a preliminary test should be prerequisite in automatic entrance function with the embedded and TCP/IP-based RFID system.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.12 no.10
• /
• pp.4612-4617
• /
• 2011

Hsiang-Shin proposed a user authentication scheme which was created by improving Yoon's scheme. Afterwards, An showed the failure to meet security requirements which are considered in user authentication using password-based smart card in Hsiang-Shih-suggested scheme. In other words, it was found that an attacker can steal a user's card, and detect a user's password by temporarily accessing it and extracting the information stored in it. However, An-proposed scheme also showed its vulnerability to password-guessing attack and forgery/impersonation attack, etc. and thus, this paper proposed the improved user authentication scheme. The proposed authentication scheme can thwart the password-guessing attack completely and this paper proposed scheme also includes an efficient mutual authentication method that can make it possible for users and authentication server to certify the other party.

• Journal of The Korean Association of Information Education
• /
• v.23 no.6
• /
• pp.513-520
• /
• 2019

The general learning method aims at conveying knowledge by conveying the contents of the learning set to numerous of learners. However, such a method is difficult to induce the interest of the learner, and the unilateral delivery method has a disadvantage in that the concentration of the learner can be lowered and the overall academic achievement can be lowered. In order to solve this problem, the gay learning method which induces the interest of the students themselves is studied, and the gay learning game which combines the education and the game can influence the learning by inducing the interest of the student. In this paper, we propose a method to prevent the forgery and falsification of the blockchain, which has been widely discussed by the 4th Industrial Revolution, as a card game, And suggests ways to contribute to the development of the process.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.9 no.2
• /
• pp.25-36
• /
• 1999

In this paper we propose a one-time password mechanism that solves the problems of the S/KEY: the limitation of a usage and the need of storage for keys. because of using a cryptographic algorithm the proposed mechanism has no the limitation of a usage. Also because of producing the key for an authentication from a user's password it is easy to manage the authentication key and is possible to share the session key between a client and a server after the authentication process. In addition the proposed mechanism is easy to protect and manage the authentication information because of using a smart card and is adopted by the system that needs a noe-way authentication from a client to a server without the challenge of a server.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.5
• /
• pp.993-999
• /
• 2015

OTP(One time password) is widely used as an authentication method for financial and other security-sensitive transactions. OTP provides strong security since each password is used only one time while normal password-based authentications use passwords as long term secrets. However, OTP-based authentications relatively lack usability since they require users to hold an OTP card or generator. To overcome such a problem, smartphones start replacing OTP cards and such a method is called smart OTP. However, smart OTP inherits security vulnerabilities that smartphones have. In this paper, we propose a smart OTP authentication based on an extremely light authentication protocol called HB+. HB+ protocol is developed for low-cost devices and has small communication and computation costs. We present our solution and discuss its security, efficiency and practicality. Our contribution is providing a method to securely use smart OTP without losing its efficiency and usability.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.14 no.1
• /
• pp.45-55
• /
• 2018

Recently, because the arrival of the fourth industrial revolution era, many information and telecommunication services have grown rapidly in the mobile business market. So, companies are based Mobile Apps on user customized services and expanding their services. From the standpoint of the business, to generate revenue, the company needs to maintain the existing current computer environment and develop Mobile Apps to offer convenience in various areas such as finance, admiration, e-commerce and sales support. However, as the number of users increase due to expansion of various Mobile services, security threats that are related to Mobile Apps are increasing and its damage is also increasing. Due to the rapid technological transformation of Mobile devices using the Internet, the level of security threats to Smartphones are rising and getting more advance, so this thesis is structured as follows. In Chapter 2, it will look at the overall trends of Mobile Apps as related research. In Chapter 3, it will discuss various security concerns that related to the latest Mobile Apps and learn about the threatening factors. In Chapter 4, it will compare and analyze the threatening factors. Then it will find and suggest the possible plan. In Chapter 5, it will end with conclusion. Finally, to protect mobile devices from security threats, the environment of operating system which manages the resources and data of Apps needs to be protected. Also, it is important that users to have awareness and check activation FinTech technology security in the process of simple payment with fingerprint or IC card.