• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.3
• /
• pp.463-472
• /
• 2012

This paper propose a security method that performs mutual authentication between the SIP UA and the server, check for integrity of the signaling channel and protection of SDP information for VoIP using a One-Time Password. To solve the vulnerability of existing HTTP Digest authentication scheme in SIP, Various SIP Authentication schemes have been proposed. But, these schemes can't meet security requirements of SIP or require expensive cryptographic operations. Proposed method uses OTP that only uses hash function and is updated each authentication. So Proposed method do not require expensive cryptographic operations but performs user authentication efficiently and safely than existing methods. In addition, Proposed method verifies the integrity of the SIP messages and performs SDP encryption/decryption through OTP that used for user authentication. So Proposed method can reduce communication overhead when applying S/MIME or TLS.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.37 no.3C
• /
• pp.241-250
• /
• 2012

In 2010, Jeon-Kim proposed HMAP(Hash-based Mutual Authentication Protocol for RFID Environment) to resolve a variety of problem related to security using Mutual authentication scheme, the hash function and secret key is used to update in RFID system. Jeon-Kim proved RMAP was safe for a variety of attacks including eavesdropping attacks through safety analysis. However, unlike the claims of the proposed protocol is vulnerable to next session of the secret key exposure due to eavesdropping. In this paper, we analyze the problem of RMAP and proves it through security analysis. And we also propose improved an RFID Mutual Authentication Protocol based on Hash Function to solve problems of HMAP.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.11 no.12
• /
• pp.6169-6187
• /
• 2017

With the fast growth of mobile services, Mobile Cloud Computing(MCC) has gained a great deal of attention from researchers in the academic and industrial field. User authentication and privacy are significant issues in MCC environment. Recently, Tsai and Lo proposed a privacy-aware authentication scheme for distributed MCC services, which claimed to support mutual authentication and user anonymity. However, Irshad et.al. pointed out this scheme cannot achieve desired security goals and improved it. Unfortunately, this paper shall show that security features of Irshad et.al.'s scheme are achieved at the price of multiple time-consuming operations, such as three bilinear pairing operations, one map-to-point hash function operation, etc. Besides, it still suffers from two minor design flaws, including incapability of achieving three-factor security and no user revocation and re-registration. To address these issues, an enhanced and provably secure authentication scheme for distributed MCC services will be designed in this work. The proposed scheme can meet all desirable security requirements and is able to resist against various kinds of attacks. Moreover, compared with previously proposed schemes, the proposed scheme provides more security features while achieving lower computation and communication costs.

• The Journal of Information Systems
• /
• v.27 no.2
• /
• pp.53-75
• /
• 2018

Purpose The purpose of this study is to provide implications by examining the factors affecting the consumers' innovation resistance and intention to use FIDO technology based on the innovation resistance model. In addition, we investigate the difference between FIDO group using biometric authentication technology and those using knowledge / possessive authentication technology. Design/methodology/approach This study investigated the factors influencing innovation resistance and intention to use based on the innovation resistance model. And the structural equation model was applied to analyze the effect of innovation resistance and intention to use. Findings According to empirical results, this study found that perceived relative advantage (+), perceived risk (+), perceived complexity (+), and existing product attitude(+) influenced innovation resistance, and perceived relative advantage (+), self efficacy(+), and innovation resistance(-) influenced intention to use. In addition, this study found that there is a significant difference between the group using the bio-based authentication technology and the group using the knowledge / possessive based authentication technology.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2007.10a
• /
• pp.917-920
• /
• 2007

In this paper, we designed the authentication system for home network service and applied it to actual sensor nodes. SNEP protocol of SPINS provides confidentiality of data and authentication. We achieved authentication key, encryption and decryption applied RCS encryption algorithm of SNEP. In addition, we used pair-wise key pre-distribution for prevention of authentication sniffing in wireless sensor network. The experiment environment consists of a base station receiving data and sensor nodes sending data. Each sensor nodes sends both the data and encrypted authentication key to the base station. The experiences had shown that the malfunction doesn't happen in communication among other groups. And we confirmed in tests that the system is secure when a sensor having malicious propose is added.

• Journal of Convergence Society for SMB
• /
• v.4 no.3
• /
• pp.27-31
• /
• 2014

According to increasing of payment and settlements like smart banking, internet shopping and contactless transaction in smart device, the security issues are on the rise, such as the vulnerability of the mobile OS and certificates abuse problem, we need a secure user authentication. We apply the OTP using biometrics and PKI as user authentication way for dealing with this situation. Biometrics is less risk of loss and steal than other authentication that, in addition, the security can be enhanced more when using the biometric with OTP. In this paper, we propose a user authentication using biometrics and OTP in the mobile device.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.35 no.6B
• /
• pp.962-969
• /
• 2010

Recently, RFID technology can successfully be used to reduce medical errors. This technology can aid in the accurate matching of patients with their medications and treatments. The enthusiasm for using RFID technology in medical settings has been tempered by privacy concerns. In this paper, we propose a secure and efficient RFID authentication system to not only authenticate patients' authenticity but also protect patients' personal medical informations. The proposed system consists of RFID-based patient authentication protocol and database security protocol. As a result, since the proposed RFID authentication system provides strong security and efficiency, it can be used practically for patient authentication and personal medical information protection on the high technology medical environments such as u-Hospital and u-Healthcare.

• Journal of Convergence Society for SMB
• /
• v.6 no.3
• /
• pp.57-64
• /
• 2016

Since the information transmitted in VANET is distributed in an open access environment, the security problem is one of the most critical issue in VANET. For the communicate efficiently in VANET, each RSU(Roadside Unit) or OBU(On-Board Units) need certain features that will help them to gather information, to inform their neighbors and to make decisions by considering all of the collected information. In this paper, we propose a novel authentication scheme guaranteeing secure RSUs to OBUs of VANET in highway used the ID-based authentication scheme. We show a usefulness and effectiveness of proposed authentication scheme after compared with previous works.

• Convergence Security Journal
• /
• v.19 no.3
• /
• pp.29-36
• /
• 2019

The convergence of traditional industry and ICT is a combination of security threats and vulnerabilities in ICT and specific industry-specific problems of existing industries, and new security threats and vulnerabilities are emerging. In particular, in the medical ICT convergence industry, various problems regarding user authentication are derived from the medical information system, which is being used for abuse and security weaknesses. According, this study designed and implemented a user authentication system for secure user management in medical ICT convergence environment. Specifically, we design and implement measures to solve the abuse and security weaknesses of ID sharing and to solve the inconvenience of individual ID / PW authentication by performing user authentication using personalized devices based on medical information systems.

• KIISE Transactions on Computing Practices
• /
• v.22 no.8
• /
• pp.345-350
• /
• 2016

Cloud computing services have different characteristics from the traditional computing environment such as resource sharing, virtualization, etc. These characteristics of cloud computing environment necessitate specific properties such as user identify, access control, security control property, etc. Recently, Yoo proposed an attribute-based authentication scheme for secure cloud computing. However, Yoo's authentication scheme is vulnerable to customer attack and an adversary can modify the authentication request message. In this paper, we propose a secure and efficient attribute-based authentication scheme for cloud computing based on Yoo's scheme.