• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.9 no.8
• /
• pp.1768-1773
• /
• 2005

The IEEE 802.1x standard provides an architectural framework which can be used various authentication methods. But, IEEE 802.1x also has vulnerabilities about the DoS, the session hijacking and the Man in the Middle attack due to the absence of AP authentication. In this paper, we propose a WLAN secure system which can offer a robust secure communication and a user authentications with the IEEE 802.1x framework. The user authentication on the WLAN secure system accomplishes mutual authentications between authentication severs, clients and the AP using PKI and prevents an illegal user from intervening in communication to disguise oneself as a client, the AP or authentication servers. Also, we guarantee the safety of the communication by doing secure communication between clients and the AP by the Dynamic WEP key distribution.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.17 no.2
• /
• pp.139-144
• /
• 2007

Due to the increasing use of Internet and spread of ubiquitous environment the security of private information became an important issue. For this reason, many suggestions have been made in order to protect the privacy of users. In the study of authentication system using a smart card which is one of the methods for protecting private information, the main idea is to offer user anonymity. In 2004, Das et al. suggested an authentication system that guarantees anonymity by using a dynamic ID for the first time. However, this scheme couldn't guarantee complete anonymity as the identity of the user became revealed at log-in phase. In 2005, Chien at al. suggested a authentication system that guarantees anonymity, but this was only safe to the outsider(attacker). In this paper, we propose a scheme that enables the mutual authentication between the user and the sewer by using a smart card. For the protection of the user privacy, we suggest an efficient user authentication system that guarantees perfect anonymity to both the outsider and remote server.

• Proceedings of the Korean Society of Computer Information Conference
• /
• 2012.07a
• /
• pp.187-190
• /
• 2012

This paper proposes an one-time authentication system for web applications by making use of the quick-response code, which is widely used nowadays. The process is not time-consuming. It does not require any browser extensions or specific hardware to complete a task. The system uses QR code which is basically a two-dimensional black and white image encoding a piece of digital information. When a user logs into a site, the web server will generate a challenge encoded to form a QR code. The user captures a picture of QR code with a mobile camera which results in decoding the QR code. The challenge shall be sent back to the server; the web server then logs the PC browser in. The authentication using Challenge-Response is easy to understand and the process is fast. The system proposes the improvement of usability and security of online authentication.

• Journal of information and communication convergence engineering
• /
• v.18 no.2
• /
• pp.132-146
• /
• 2020

Biometric technologies have become widely available in many different fields. However, biometric technologies using existing physical features such as fingerprints, facial features, irises, and veins must consider forgery and alterations targeting them through fraudulent physical characteristics such as fake fingerprints. Thus, a trend toward next-generation biometric technologies using behavioral biometrics of a living person, such as bio-signals and walking characteristics, has emerged. Accordingly, in this study, we developed a bio-signal authentication algorithm using electrocardiogram (ECG) signals, which are the most uniquely identifiable form of bio-signal available. When using ECG signals with our system, the personal identification and authentication accuracy are approximately 90% during a state of rest. When using fingerprints alone, the equal error rate (EER) is 0.243%; however, when fusing the scores of both the ECG signal and fingerprints, the EER decreases to 0.113% on average. In addition, as a function of detecting a presentation attack on a mobile phone, a method for rejecting a transaction when a fake fingerprint is applied was successfully implemented.

• IE interfaces
• /
• v.25 no.3
• /
• pp.290-299
• /
• 2012

Keystroke dynamics refers to a way of typing a string of characters. Since one has his/her own typing behavior, one's keystroke dynamics can be used as a distinctive biometric feature for user authentication. In this paper, two authentication algorithms based on keystroke dynamics of long and free texts are proposed. The first is the K-S score, which is based on the Kolmogorov-Smirnov test, and the second is the 'R-A' measure, which combines 'R' and 'A' measures proposed by Gunetti and Picardi (2005). In order to verify the authentication performance of the proposed algorithms, we collected more than 3,000 key latencies from 34 subjects in Korean and 35 subjects in English. Compared with three benchmark algorithms, we found that the K-S score was outstanding when the reference and test key latencies were not sufficient, while the 'R-A' measure was the best when enough reference and test key latencies were provided.

• International Journal of Computer Science & Network Security
• /
• v.23 no.12
• /
• pp.81-90
• /
• 2023

Cloud computing is an emerging business model popularized during the last few years by the IT industry. Providing "Everything as a Service" has shifted many organizations to choose cloud-based services. However, some companies still fear shifting their data to the cloud due to issues related to the security and privacy. The paper suggests a novel Trust based Mutual Authentication Mechanism using Secret P-box based Mutual Authentication Mechanism (TbMAM-SPb) on the criticality of information. It uses a particular passcodes from one of the secret P-box to act as challenge to one party. The response is another passcode from other P-box. The mechanism is designed in a way that the response given by a party to a challenge is itself a new challenge for the other party. Access to data is provided after ensuring certain number of correct challenge-responses. The complexity can be dynamically updated on basis of criticality of the information and trust factor between the two parties. The communication is encrypted and time-stamped to avoid interceptions and reuse. Overall, it is good authentication mechanism without the use of expensive devices and participation of a trusted third party.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.2
• /
• pp.467-478
• /
• 2015

Recently interest in Internet of Things(IoT) is increasing, and a variety of the security technologies that are suitable for Internet of Things has being studied. Especially sensor network area of the device is an increased using and diversified for a low specification devices because of characteristic of the Internet of Things. However, there is difficulty in directly applying the security technologies such as the current authentication technologies to a low specification device, so also increased security threats. Therefore, authentication protocol between entities on the sensor network communication in Internet of Things has being studied. In 2014, Porambage et al. suggested elliptic curve cryptography algorithm based on a sensor network authentication protocol for advance security of Internet of Things environment, but it is vulnerability exists. Accordingly, in this paper, we analyze the vulnerability in elliptic curve cryptography algorithm based on authentication protocol proposed by Porambage et al. and propose an improved authentication protocol for sensor networks in Internet of Things environment.

• Journal of Convergence for Information Technology
• /
• v.7 no.3
• /
• pp.91-96
• /
• 2017

IoT which is an abbreviation of Internet of Things refers to the communication network service among various objects such as people-people, objects-objects interconnection. The characteristic of IoT that enables direct connection among each device makes security to be considered as more emphasized factor. Though a security module such as an authentication protocol for resolving various security problems that may occur in the IoT environment has been developed, some weak points in security are still being revealed. Therefore, this paper proposes a method for including a protocol including gateway authentication procedure and mutual authentication between the devices and gateways. Protocols with additional authentication procedures can appropriately respond to attackers' spoofing attacks. In addition, important information in the message used for authentication process is protected by encryption or hash function so that it can respond to wiretapping attacks.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.29 no.3C
• /
• pp.426-435
• /
• 2004

The DIAMETER protocol provides Authentication, Authorization, and Accounting (AAA) transactions across the Internet. SIP(Session Initiation Protocol) will be used for new types of signaling, such as instant messaging and application level mobility across networks. And SIP will be a major signaling protocol for next generation wireless networks. But the Digest authentication scheme is not using a secure method of user authentication in SIP, and it is vulnerable to man-in-the-middle attacks or dictionary attacks. This study focused on designing a SIP proxy for interworking with AAA server with respect to user authentication and security analysis. We compared and analyzed the security aspects of the scenarios and propose two proposals that a response which include the user address and password-based mutual authentication and key agreement protocol. It is claimed to be more secure against common attacks than current scenarios.

• Smart Media Journal
• /
• v.9 no.1
• /
• pp.30-37
• /
• 2020

Enforcing additional authentication to password-based authentication, in addition to attempting to increase the security of the password itself, helps to improve the security of the password authentication scheme. For a well-known problem of using strong passwords that differ from site to site, we propose a scheme for password generation and management with an inherent supplementary authentication. Like the so-called password manager, the scheme retrieves and presents a strong site-specific password whenever requested without requiring the user to remember multiple passwords. Unlike the existing methods, however, the scheme permits the password retrieval process to proceed only through the authenticated user's ownership verified smartphone. Hence, even for sites not enforcing or supporting two-factor authentication, the logon process can benefit from the scheme's assurance of enhanced security with its two-factor equivalent authentication. The scheme can also prevent an attacker from impersonating a user or stealing secrets even when the stored information of the server for password retrieval service or the user's smartphone is leaked.