• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.11 no.6
• /
• pp.303-310
• /
• 2011

Recently, many user authentication schemes using smart cards have been proposed to improve the security weaknesses in user authentication process. In 2009, Wang et al. proposed a more effective and secure dynamic ID-based remote user authentication scheme to improve the security weakness of Das et al.'s scheme, and asserted that the improved scheme is secure against independent of password in authentication phase and provides mutual authentication between the user and the remote server. However, in this paper, we analyze the security of Wang et al. scheme and demonstrate that Wang et al.'s scheme is vulnerable to the man-in-the-middle attack and the off-line password guessing attack. In addition, we show that Wang et al. scheme also fails to provide mutual authentication. Accordingly, we propose an improved scheme to overcome these security weakness even if the secrete information stored in the smart card is revealed. Our proposed scheme can withstand the user impersonation attack, the server masquerading attack and off-line password guessing attack. Furthermore, this improved scheme provides the mutual authentication and is more effective than Wang et al.'s scheme in term of the computational complexities.

• Journal of the Korea Society of Computer and Information
• /
• v.15 no.2
• /
• pp.119-125
• /
• 2010

Recently Hsiang-Shih proposed the user authentication scheme to improve Yoon et al's scheme. But the proposed scheme has not been satisfied security requirements considering in the user authentication scheme using the password based smart card. In this paper, we proved that Hsiang-Shih's scheme is vulnerable to the off-line password guessing attack. In other words, the attacker can get the user's password using the off-line password guessing attack on the scheme when the attacker steals the user's smart card and extracts the information in the smart card. Also, the improved scheme based on the hash function and random number was introduced, thus preventing the attacks, such as password guessing attack, forgery attack and impersonation attack etc. And we suggested the effective mutual authentication scheme that can authenticate each other at the same time between the user and server.

• Convergence Security Journal
• /
• v.23 no.4
• /
• pp.43-52
• /
• 2023

Many businesses and organizations use smartcard-based user authentication for remote access. In the meantime, through various studies, dynamic ID-based remote user authentication protocols for distributed multi-server environments have been proposed to protect the connection between users and servers. Among them, Qiu et al. proposed an efficient smart card-based remote user authentication system that provides mutual authentication and key agreement, user anonymity, and resistance to various types of attacks. Later, Andola et al. found various vulnerabilities in the authentication scheme proposed by Qiu et al., and overcame the flaws in their authentication scheme, and whenever the user wants to log in to the server, the user ID is dynamically changed before logging in. An improved authentication protocol is proposed. In this paper, by analyzing the operation process and vulnerabilities of the protocol proposed by Andola et al., it was revealed that the protocol proposed by Andola et al. was vulnerable to offline smart card attack, dos attack, lack of perfect forward secrecy, and session key attack.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.6 no.3
• /
• pp.69-77
• /
• 2010

Authentication and key establishment are fundamental procedures to establish secure communications over public insecure network. A password-based scheme is common method to provide authentication. In 2008, Khan proposed an efficient password-based authentication scheme using smart cards to solve the problems inherent in Wu-Chieu's authentication scheme. As for security, Khan claimed that his scheme is secure and provides mutual authentication between legal users and a remote server. In this paper, we demonstrate Khan's scheme to be vulnerable to various attacks, i. e., password guessing attack, insider attack, reflection attack and forgery attack. Our study shows that Khan's scheme does not provide mutual authentication and is insecure for practical applications. This paper proposes an improved scheme to overcome these problems and to preserve user anonymity that is an issue in e-commerce applications.

• 한국정보통신설비학회:학술대회논문집
• /
• 2007.08a
• /
• pp.142-146
• /
• 2007

Digital Rights Management (DRM) technology has been widely used for protecting the digital contents over the recent years. But the digital contents protected by DRM are vulnerable to various video memory capture programs when DRM packaged contents are decrypted on the consumers' multimedia devices. To make up for this kind of DRM security holes the Forensic Marking (FM) technology is being deployed into the content protection area. Most leading DRM companies as well as big electronics companies like Thomson and Philips already have commercial FM solutions. Forensic Marking technology uses the digital watermarking to insert the user information such as user id, content playing time and etc. into the decrypted and decoded content at the playback time on the consumer devices. When the content containing watermarked user information (Forensic Mark) is illegally captured and distributed over the Internet, the FM detection system takes out the inserted FM from the illegal contents and informs contents service providers of the illegal hacker's information. In this paper the requirements and test conditions are discussed for the commercial Forensic Marking systems.

• Journal of Korea Multimedia Society
• /
• v.20 no.12
• /
• pp.1913-1927
• /
• 2017

Encryption technology is to hide information in a cyberspace built using a computer and to prevent third parties from changing it. If a malicious user accesses unauthorized device or application services on the Internet of objects, it may be exposed to various security threats such as data leakage, denial of service, and privacy violation. One way to deal with these security threats is to encrypt and deliver the data generated by a user. Encrypting data must be referred to a technique of changing data using a complicated algorithm so that no one else knows the content except for those with special knowledge. As computers process computations that can be done at a very high speed, current cryptographic techniques are vulnerable to future computer performance improvements. We designed and implemented a new encryption program that combines ancient and modern cryptography so that the user never knows about data management, and transmission. The significance of this paper is that it is the safest method to combine various kinds of encryption methods to secure the weaknesses of the used cryptographic algorithms.

• Journal of Communications and Networks
• /
• v.15 no.5
• /
• pp.514-526
• /
• 2013

With a long sensing period, the inter-frame spectrum sensing in IEEE 802.22 standard is vulnerable to the effect of the traffic of the primary user (PU). In this article, we address the two degrading factors that affect the inter-frame sensing performance with respect to the random arrival/leaving of the PU traffic. They are the noise-only samples under the random arrival traffic, and the PU-signal-contained samples under the random leaving traffic. We propose the model in which the intra-frame sensing cooperates with the inter-frame one, and the inter-frame sensing uses the time-of-arrival (ToA), and time-of-leave (ToL) detectors to reduce the two degrading factors in the inter-frame sensing time. These ToA and ToL detectors are used to search for the sample which contains either the ToA or ToL of the PU traffic, respectively, which allows the partial cancelation of the unnecessary samples. At the final stage, the remaining samples are input into a primary user detector, which is based on the energy detection scheme, to determine the status of PU traffic in the inter-frame sensing time. The analysis and the simulation results show that the proposed scheme enhances the spectrum-sensing performance compared to the conventional counter-part.

• Journal of Fisheries and Marine Sciences Education
• /
• v.28 no.3
• /
• pp.790-798
• /
• 2016

Currently, web-based online games is becoming popular in supporting learning process due to their effective and efficient tool. However, online games have lack of security aspect, in particular due to increase in the number of personal information leakage. Since the data are transmitted over insecure channel, it will be vulnerable of being intercepted by attackers who want to exploit user's identity. This paper aims to propose an online web-based educational game, Vidyanusa which allows the students to register their personal information using a unique code, a user name and a password. It manages the users according to their schools, subject teachers and class levels. In addition, by adopting a unique code, the confidentiality of the user identity can be kept away from attackers. Moreover, in order to provide a secure data communication between client and server, Secure Socket Layer (SSL) protocol is adopted. The performance of the system after implementing SSL protocol is examined by loading a number of requests for various users. From the experiment result, it can be concluded that the SSL protocol can be applied to web-based educational system in order to offer security services and reliable connection.

• Journal of Internet Computing and Services
• /
• v.14 no.4
• /
• pp.43-51
• /
• 2013

User authentication and access control are two important components in high security applications. Recently, Chen and Yeh proposed a method to integrate both of them seamlessly. However, Chen-Yeh's scheme is vulnerable to a stolen verifier attack, since it maintains a smart card identifier table in a remote server. Therefore, this paper modifies Chen-Yeh's scheme and propose a new integrated authentication and access control scheme that is resilient to the stolen verifier attack while inheriting all the merits of Chen-Yeh's scheme. Security analysis shows that the proposed scheme withstands well-known security attacks and exhibits many good features.

• Journal of Platform Technology
• /
• v.6 no.3
• /
• pp.17-22
• /
• 2018

Smart home is a technology for monitoring and controlling all the information about a house by integrating various home applications like cooling, heating, lighting, kitchen and security systems into a network. Although home appliances have become more convenient to use due to the development of smart home technology, they are also more vulnerable to information security hazards. Unauthorized visitors may have access to any of home appliance to arbitrarily control it or acquire information. This causes serious privacy and security problems, which should be solved to further smart home technology. This present paper proposed a dynamic user access control system for privacy protection in smart homes. The proposed system defines the role of a user of smart home services by automatically identifying the status information of the user and dynamically controls the access range for the service. In this way, the privacy of a user can be protected and the inter-smart device service is effectively provided. Consequently, the proposed dynamic user access control for smart home will improve the security service for protecting privacy in smart home devices.