• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.8 no.8
• /
• pp.2930-2947
• /
• 2014

With the rapid growth of the communication technology, intelligent terminals (i.e. PDAs and smartphones) are widely used in many mobile applications. To provide secure communication in mobile environment, in recent years, many user authentication schemes have been proposed. However, most of these authentication schemes suffer from various attacks and cannot provide provable security. In this paper, we propose a novel remote user mutual authentication scheme for multi-server environments using elliptic curve cryptography (ECC). Unlike other ECC-based schemes, the proposed scheme uses ECC in combination with a secure hash function to protect the secure communication among the users, the servers and the registration center (RC). Through this method, the proposed scheme requires less ECC-based operations than the related schemes, and makes it possible to significantly reduce the computational cost. Security and performance analyses demonstrate that the proposed scheme can solve various types of security problems and can meet the requirements of computational complexity for low-power mobile devices.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.1
• /
• pp.221-227
• /
• 2014

When implementing cryptographic algorithms in mobile devices like smart cards, the security against side-channel attacks should be considered. Side-channel attacks try to find critical information from the side-channel infromation obtained from the underlying cryptographic devices' execution. Especially, the power analysis attack uses the power consumption profile of the devices as the side-channel information. This paper proposes a new gate-level countermeasure against the power analysis attack and the glitch attack and suggests how to apply the measure to securely implement AES.

• Journal of Korean Society of Industrial and Systems Engineering
• /
• v.33 no.4
• /
• pp.130-137
• /
• 2010

This paper analyzes the main factors affecting user selection of a small-sum electronic payment system using survey data of 396 users. Several findings emerge. First, users consider three pillars and eight factors in adopting a new system : system features(stability, security, and flexibility), transaction cost(payment commission and settlement period), and financial capability of provider(stability of financial structure, risk management capability, and funding capability). Second, the stability of the financial structure of the system provider is the most important factor to user acceptance of a new e-payment system. Users tend to consider uncertainty risk more seriously than transaction cost. This reflects the reality that electronic payment system service industry has not fully fledged yet. Third, some moderating effects exist according to payment methods and business usages. As for payment methods, speedy settlement cycle for wired/wireless phone payment, system stability for credit card and account transfer payment, and security for advance payment means are crucial factors. As for business usages, the stability of financial structure for online game content, system stability for music and video content, proxy payment commission for e-learning content, flexibility of the payment system for digital adult content, and security for public services are decisive ones.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2003.05a
• /
• pp.469-472
• /
• 2003

The computational cost of encryption is a barrier to wider application of a variety of data security protocols. Virtually all research on Elliptic Curve Cryptography(ECC) provides evidence to suggest that ECC can provide a family of encryption algorithms that implementation than do current widely used methods. This efficiency is obtained since ECC allows much shorter key lengths for equivalent levels of security. This paper suggests how improvements in execution of ECC algorithms can be obtained by changing the representation of the elements of the finite field of the ECC algorithm. Specifically, this research compares the time complexity of ECC computation eve. a variety of finite fields with elements expressed in the polynomial basis(PB) and normal basis(NB).

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.11 no.3
• /
• pp.1742-1760
• /
• 2017

Recent evolution in the open access internet technology demands that the identifying information of a user must be protected. Authentication is a prerequisite to ensure the protection of user identification. To improve Qu et al.'s scheme for remote user authentication, a recent proposal has been published by Huang et al., which presents a key agreement protocol in combination with ECC. It has been claimed that Huang et al. proposal is more robust and provides improved security. However, in the light of our experiment, it has been observed that Huang et al.'s proposal is breakable in case of user impersonation. Moreover, this paper presents an improved scheme to overcome the limitations of Huang et al.'s scheme. Security of the proposed scheme is evaluated using the well-known random oracle model. In comparison with Huang et al.'s protocol, the proposed scheme is lightweight with improved security.

• Journal of the Korean Institute of Telematics and Electronics T
• /
• v.36T no.4
• /
• pp.17-23
• /
• 1999

This paper described a security system using text-independent speaker recognition algorithm. Security system is based on PIC16F84 and sound card. Speaker recognition algorithm applied a k-means based model and weighted cepstrum for speech features. As the experimental results, recognition rate of the training data is 100%, non-training data is 99%. Also false rejection rate is 1%, false acceptance rate is 0% and verification mean error rate is 0.5% for registered 5 persons.

• International Journal of Internet, Broadcasting and Communication
• /
• v.8 no.1
• /
• pp.7-18
• /
• 2016

Several authentication methods have been developed to make use of tokens in the mobile networks and smart payment systems. Token used in smart payment system is genearated in place of Primary Account Number. The use of token in each payment transaction is advantageous because the token authentication prevents enemy from intercepting credit card number over the network. Existing token authentication methods work together with the cryptogram, which is computed using the shared key that is provisioned by the token service provider. Long lifetime and repeated use of shared key cause potential brawback related to its vulnerability against the brute-force attack. This paper proposes a per-transaction shared key mechanism, where the per-transaction key is agreed between the mobile device and token service provider for each smart payment transaction. From server viewpoint, per-transaction key list is easy to handle because the per-transaction key has short lifetime below a couple of seconds and the server does not need to maintain the state for the mobile device. We analyze the optimum size of the per-transaction shared key which satisfy the requirements for transaction latency and security strength for secure payment transactions.

• The Transactions of The Korean Institute of Electrical Engineers
• /
• v.65 no.12
• /
• pp.2167-2176
• /
• 2016

In the multi-server environment, remote user authentication has a very critical issue because it provides the authorization that enables users to access their resource or services. For this reason, numerous remote user authentication schemes have been proposed over recent years. Recently, Lin et al. have shown that the weaknesses of Baruah et al.'s three factors user authentication scheme for multi-server environment, and proposed an enhanced biometric-based remote user authentication scheme. They claimed that their scheme has many security features and can resist various well-known attacks; however, we found that Lin et al.'s scheme is still insecure. In this paper, we demonstrate that Lin et al.'s scheme is vulnerable against the outsider attack and user impersonation attack, and propose a new biometric-based scheme for authentication and key agreement that can be used in the multi-server environment. Lastly, we show that the proposed scheme is more secure and can support the security properties.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.12 no.11
• /
• pp.5245-5251
• /
• 2011

Seo et al. criticizes that Hu-Niu-Yang's certification scheme is not enough to satisfy the security requirements of a smart card-based certification scheme because it has a weakness of password guessing attack as well as gives attackers opportunities to be disguised as legitimate users. However, Seo et al. also has a weakness not satisfying the security requirements. This paper suggests a new scheme that contains the characteristics of certification scheme provided by Seo et al. but compensates weak points. The findings show that the new scheme is more safety and efficient than Seo et al.'s

• Convergence Security Journal
• /
• v.22 no.3
• /
• pp.79-86
• /
• 2022

Voice phishing is a cyber crime in which fake financial institutions, the Public Prosecutor's Office, and the National Police Agency are impersonated to find out an individual's Certification number and credit card number or withdraw a deposit. Recently, voice phishing has been carried out in a subtle and secret way. Analyzing the trend of voice phishing that occurred in '18~'21, it was found that there is a seasonality that occurs rapidly at a time when the movement of money is intensifying in the trend of voice phishing, giving ambiguity to time series analysis. In this research, we adjusted seasonality using the X-12 seasonality adjustment methodology for accurate prediction of voice phishing occurrence trends, and predicted the occurrence of voice phishing in 2022 using the ARIMA model.