• Title/Summary/Keyword: Session Authentication

Search Result 233, Processing Time 0.026 seconds

EAP Using Split Password-based Authenticated Key Agreement Protocol for IEEE Std 802.1x User Authentication (IEEE Std 802.1x 사용자 인증을 위한 분할된 패스워드 인증 기반 EAP)

  • Ryu, Jong-Ho;Seo, Dong-Il;Youm, Heung-Youl
    • Journal of Internet Computing and Services
    • /
    • v.6 no.5
    • /
    • pp.27-43
    • /
    • 2005
  • EAP provides authentication for each entity based on IEEE Std 802.1x Wireless lAN and RADIUS/DIAMETER protocol, and it uses certificate, dual scheme(e.g., password and token) with the authentication method. The password-based authentication scheme for authenticated key exchange is the most widely-used user authentication method due to various advantages, such as human-memorable simplicity, convenience, mobility, A specific hardware device is also unnecessary, This paper discusses user authentication via public networks and proposes the Split Password-based Authenticated Key Exchange (SPAKE), which is ideal for both authenticating users and exchanging session keys when using a subsequent secure communication over untrusted network, And then we provides EAP authentication framework EAP-SPAKE by using it.

  • PDF

Two Factor Authentication for Cloud Computing

  • Lee, Shirly;Ong, Ivy;Lim, Hyo-Taek;Lee, Hoon-Jae
    • Journal of information and communication convergence engineering
    • /
    • v.8 no.4
    • /
    • pp.427-432
    • /
    • 2010
  • The fast-emerging of cloud computing technology today has sufficiently benefited its wide range of users from individuals to large organizations. It carries an attractive characteristic by renting myriad virtual storages, computing resources and platform for users to manipulate their data or utilize the processing resources conveniently over Internet without the need to know the exact underlying infrastructure which is resided remotely at cloud servers. However due to the loss of direct control over the systems/applications, users are concerned about the risks of cloud services if it is truly secured. In the literature, there are cases where attackers masquerade as cloud users, illegally access to their accounts, by stealing the static login password or breaking the poor authentication gate. In this paper, we propose a two-factor authentication framework to enforce cloud services' authentication process, which are Public Key Infrastructure (PKI) authentication and mobile out-of-band (OOB) authentication. We discuss the framework's security analysis in later session and conclude that it is robust to phishing and replay attacks, prohibiting fraud users from accessing to the cloud services.

A Design of DA_UDC(Double Authentication User.Device.Cross) Module using OTA(One Time Authentication) Key in Home Network Environment (홈 네트워크 환경에서 OTA(One Time Authentication)키를 이용한 DA_UDC(Double Authentication User.Device.Cross) 모듈 설계)

  • Jeong, Eun-Hee;Lee, Byung-Kwan
    • The Journal of Korean Institute of Communications and Information Sciences
    • /
    • v.34 no.4B
    • /
    • pp.419-427
    • /
    • 2009
  • This paper propose DA-UDC(Double Authentication User, Device, Cross) Module which solves the cost problem and the appropriation of Certificate using User Authentication, Device Authentication and Cross Authentication with OTA(One Time Authentication) Key, and which is designed not to subscribe to the service of Home network business. Home Server transmits its public key which is needed to create OTA to the user which passed the first step of authentication which verifies User ID, Device ID and Session Key. And it performs the second step of authentication process which verifies the OTA key created by a user. Whenever the OTA key of DA-UDC module is generated, the key is designed to be changed. Therefore, DA-UDC Module prevents the exposure of User and Device ID by performing the two steps of authentication and enhances the authentication security of Home Network from malicious user with OTA key. Also, DA-UDC Module is faster than the existing authentication system in processing speed because it performs authentication calculation only once. Though DA-UDC Module increases data traffic slightly because of the extra authentication key, it enhances the security more than the existing technique.

The One Time Biometric Key Generation and Authentication Model for Portection of Paid Video Contents (상용 비디오 콘텐츠 보호를 위한 일회용 바이오메트릭 키 생성 및 인증 모델)

  • Yun, Sunghyun
    • Journal of the Korea Convergence Society
    • /
    • v.5 no.4
    • /
    • pp.101-106
    • /
    • 2014
  • Most peoples are used to prefer to view the video contents rather than the other contents since the video contents are more easy to understand with both their eyes and ears. As the wide spread use of smartphones, the demands for the contents services are increasing rapidly. To promote the contents business, it's important to provide security of subscriber authentication and corresponding communication channels through which the contents are delivered. Generally, symmetric key encryption scheme is used to protect the contents in the channel, and the session key should be upadated periodically for the security reasons. In addition, to protect viewing paid contents by illegal users, the proxy authentication should not be allowed. In this paper, we propose biometric based user authentication and one time key generation models. The proposed model is consist of biometric template registration, session key generation and chanel encryption steps. We analyze the difference and benefits of our model with existing CAS models which are made for CATV contents protection, and also provides applications of our model in electronic commerce area.

An Anonymous Authentication Scheme for Health Information Push Service Based on Indoor Location in Hospital (병원 실내 위치기반 의료정보 푸쉬 서비스를 위한 익명 인증 스킴)

  • Ahn, Hae-Soon;Yoon, Eun-Jun;Nam, In-Gil
    • The Journal of Korean Institute of Communications and Information Sciences
    • /
    • v.37 no.5C
    • /
    • pp.410-419
    • /
    • 2012
  • This paper proposes a secure and efficient anonymous authentication scheme for health information push service based on indoor location in hospital. The proposed scheme has the following benefits: (1)It is just based on a secure one-way hash function for avoiding complex computations for both health care operations users and health care centers. (2)It does not require sensitive verification table which may cause health care centers to become an attractive target for numerous attacks(e.g., insertion attacks and stolen-verifier attacks), (3)It provides higher security level (e.g., secure mutual authentication and key establishment, confidential communication, user's privacy, simple key management, and session key independence). As result, the proposed scheme is very suitable for various location-based medical information service environments using lightweight-device(e.g., smartphone) because of very low computation overload on the part of both health care operations users and health care centers.

Low-cost Authentication Protocol Using Pre-synchronized Search Information in RFID System (검색 정보 사전 동기화를 이용한 저비용 RFID 인증 방식)

  • Ha, Jae-Cheol;Park, Jea-Hoon;Ha, Jung-Hoon;Kim, Hwan-Koo;Moon, Sang-Jae
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.18 no.1
    • /
    • pp.77-87
    • /
    • 2008
  • Recently, many hash-based authentication protocols were presented to guarantee mutual authentication between tag and DB in RFID system. To be suitable for distributed DB environment, one generally uses fixed constant value as a tag ID. However, some existing protocols have security flaws or heavy computational loads in DB in order to search a tag ID. We propose a secure authentication protocol which is suitable for distributed DB environment by using unchangeable tag ID. The storage method of pre-synchronized information in DB at previous session is core idea of our proposal which gives low-cost ID search of DB at next session. In normal synchronization state, our protocol only requires 3 hash operations in tag and DB respectively.

Design of a Strong Authentication Mechanism using Public-Key based on Kerberos (공개키를 이용한 커버로스 기반의 강력한 인증 메커니즘 설계)

  • 김은환;전문석
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.12 no.4
    • /
    • pp.67-76
    • /
    • 2002
  • Kerberos is designed to provide strong authentication between client and application servers which are working in distributed network environment by using symmetric-key cryptography, and supposed to trust other systems of the realm. In this paper, we design an efficient and strong authentication mechanism by introducing the public/private-key to Kerberos. In the mechanism to make a system more secure, the value of the session key is changed everytime using MAC(message authentication code) algorithm with the long-term key for user-authentication and a random number exchanged through the public key. Also, we employ a mutual authentication method, which is used on challenge-response mechanism based on digital signatures, to improve trust between realms, and present a way of reducing the number of keys by simplifying authentication steps.

Boundary Zone Overlapping Scheme for Fast Handoff Based on Session Key Reuse (AAA MIP 환경에서 공유영역 기반 세션키 재사용을 통한 고속 핸드오프 방식 연구)

  • Choi, Yu-Mi;Chung, Min-Young;Choo, Hyun-Seung
    • The KIPS Transactions:PartC
    • /
    • v.12C no.4 s.100
    • /
    • pp.481-488
    • /
    • 2005
  • The Mobile W provides an efficient and scalable mechanism for host mobility within the Internet. However, the mobility implies higher security risks than static operations in fixed networks. In this paper, the Mobile IP has been adapted to allow AAA protocol that supports authentication, authorization, and accounting(AAA) for security and collection for accounting information of network usage by mobile nodes(MNs). For this goal, we Propose the boundary tone overlapped network structure while solidifying the security for the authentication of an MN. That is, the Proposed scheme delivers the session keys at the wired link for MN's security instead of the wireless one, so that it provides a fast and seamless handoff mechanism. According to the analysis of modeling result, the proposed mechanism compared to the existing session key reuse method is up to about $40\%$ better in terms of normalized surcharge for the handoff failure rate that considers handoff total time.

Public-Key Based Registration/Session-Key Distribution Protocol in AAA for Mobile IP (Mobile IP AAA에서의 등록과 세션키 분배 프로토콜)

  • 황재훈;송홍엽
    • The Journal of Korean Institute of Communications and Information Sciences
    • /
    • v.27 no.3C
    • /
    • pp.220-225
    • /
    • 2002
  • Mobile IP aims to support mobility within the Internet. This paper concerned with the security aspect of Mobile IP. We show that current registration protocol has a possible replay attack despite the use of authenticated registration message and replay protection. We propose a public-key based registration protocol that also distributes a session-key distribution protocol in AAA. Proposed protocol provides authentication of mobile node and session-key distribution simultaneously. It also provides non-repudiation of service request.

A Study on Authentication of Wireless Sensor Networks based on Hash Function (해쉬 함수 기반의 무선 센서 네트워크 인증에 관한 연구)

  • Bae, Sung-Hyun;Moon, Young-Joon;Kim, Hae-Mun
    • Journal of IKEEE
    • /
    • v.21 no.4
    • /
    • pp.348-352
    • /
    • 2017
  • A lot of researches have done for WSN(Wireless Sensor Networks) authentication. Those are divided by whether using certificates or not for the authentication. In this paper, we proposed certificateless protocol. As simplifying the process of authentication, overall the process become faster and the load of the sensor node is decreased. Using the method we proposed, the energy consumption is decreased. That is because instead using keyed hash authentication code(HMAC) simple one way hash function was used. The study confirmed that it could operate on sensor nodes with extremely limited resources and low processing power.