• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.12 no.1
• /
• pp.231-237
• /
• 2012

In 2011, Das proposed an effective biometrics-based remote user authentication scheme using smart cards that can provide strong authentication and mutual authentication, while eliminating the security drawbacks of Li-Hwang's scheme. In this paper, we have shown that Das's scheme is still insecure against several attacks and does not provide mutual authentication. Also, we proposed the enhanced scheme to overcome these security weaknesses, even if the secret information stored in the smart card is revealed. As a result of security analysis, the enhanced scheme is secure against user impersonation attack, server masquerading attack, off-line password guessing attack, and insider attack. And we can see that the enhanced scheme provides mutual authentication between the user and the server.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.18 no.7
• /
• pp.1634-1642
• /
• 2014

Mobile RFID system, that consists of the existing RFID reader mounted on the mobile devices such as smartphones, is able to provide the users a variety of services and convenience. But security of mobile RFID system is too weak like the existing RFID system. In this paper, the mobile RFID mutual authentication protocol with high level of security is proposed to overcome the troubles such as cryptographic protocols in the existing RFID system responding with the same value in every authentication procedure and the exposure in the exchange of messages. The proposed protocol exchanges messages unexposed by using the random numbers generated in the mutual authentication between the tag and the reader and making numbers coded with the symmetric key. Besides, the protocol uses the mutual authentication utilizing OTP by considering the characteristics of the reader embedded in mobile devices in the mutual authentication process between the reader and the server. Because changed message in every authentication, which produces safe from spoofing attacks and replay attacks, etc.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.6
• /
• pp.1419-1429
• /
• 2017

Recently, environment based authentication technique had proposed reinforced authentication, which generating statistical model per user after user login history classifies into account takeover or legitimate login. But reinforced authentication is likely to be attacked if user was not attacked in past. To improve this problem in this paper, we propose unconsciousness authentication technique that generates 2-Class user model, which trains user's environmental information and others' one using machine learning algorithms. To evaluate performance of proposed technique, we performed evasion attacks: non-knowledge attacker that does not know any information about user, and sophisticated attacker that only knows one information about user. Experimental results against non-knowledge attacker show that precision and recall of Class 0 were measured as 1.0 and 0.998 respectively, and experimental results against sophisticated attacker show that precision and recall of Class 0 were measured as 0.948 and 0.998 respectively.

• KIPS Transactions on Computer and Communication Systems
• /
• v.2 no.12
• /
• pp.517-524
• /
• 2013

Although password-based authentication as known as knowledge-based authentication was commonly used but intrinsic problems such as dictionary attack remain unsolved. For that the study on possession-based authentication was required. User remote authentication using smartcard is proceeding actively since Lee et al. proposed user remote authentication using knowledge-based information(password) and possession-base information(smartcard) in 2002. in 2009, Xu et al. proposed a new protocol preserving user anonymity and Shin et al. proposed enhanced scheme with analysis of its vulnerabilities on user anonymity and masquerading attack in 2012. In this paper, we analyze Shin et al. scheme on forward secrecy and insider attack and present novel user authentication based on elliptic curve cryptosystem which is secure against forward secrecy, insider attack, user anonymity and masquerading attack.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.15 no.4
• /
• pp.29-38
• /
• 2005

Because IEEE 802.11 has several security vulnerabilities, IEEE 802.11i was proposed and accepted. But IEEE 802.11i has much overhead for most of users for the web surfing. Besides not only node the authentication but also the packet authentication is needed to communicate. Although IEEE 802.11i uses TKIP(Temporal Key integrity Protocol) and CCMP(CTR with CBC-MAC Protocol), they have a lot of overheads. In this paper, Lightweight Packet Authentication(LIPA) is proposed. LIPA has less overhead and short delay so that it can be affordable for simple web-surfing which does not need stronger security. After comparing performances of LIPA with those of TKIP and CCMP, LIPA is more efficient than other schemes for transmitting packets.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.18 no.2
• /
• pp.21-31
• /
• 2008

Ubiquitous environment is constructed by development of an IT technology, offer environment of many service changed to mobile environment. Also, existed service offered at fixed position like home or company, but according to development of mobile device. user require service as moving. Wibro can offer as user moving using mobile device. As requirement should be included authentication, in case of authentication between UICC and AAA authentication server is offered in Wibro, service is available. However, when UICC requires initial authentication to AAA authentication server, identification information of UICC expose as plaintext, so privacy infringement of mobile device occurs. Therefore, identification information of terminal generate randomly using OTP(One-Time Password) that generated in mobile terminal, and we proposed mechanism of privacy protection. Also, we proposed mechanism that offer secure service to user as offer authentication from OTP framework, and offer OTP combination authentication detailedly.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.25 no.4A
• /
• pp.528-538
• /
• 2000

Mobile computing system requires both precise identification and secure authentication scheme on remote mobile entities, which is based on the distributed mobile node. In this paper, existing discrete logarithm based $Schnorr^{[7]}$ like entity authentication schemes are improved by the analysis of performance and security on the hi-directional interactive proofs. And $EIGamal^{[14]}$ like efficient authentication schemes are also proposed. Then, these are enhanced with oblivious transfer based mono directional authentication schemes based on trusted third party for applying to the mobile agent based computing systems. Therefore, proposed schemes provide compatible performance and safety on mobile entity authentication processes.

• Proceedings of the IEEK Conference
• /
• 2004.08c
• /
• pp.592-595
• /
• 2004

Recently the numbers of patent about the technology for mobile payment with Ie or bluetooth-chip are being increased more and more. The reasons of patent increment for mobile payment are advancement of wireless internet technology and rising of customer's request for it. The customer wants to be able to pay for purchase, tax and aid with own mobile phone. So every mobile service provider applies for patents about that competitively. And in the near future the biometrics is generalized in the mobile payment system. Especially the payment service of iris recognition is significant technique in this area for the future prospect. The biometrics of iris is an accurate authentication method because it has about 250 distinguish parameters to the finger print's 30. The biometrics of iris can recognize and identify a person for 2 seconds. But the image of iris is changed by transformation of body in the life. And the existing iris authentication system has problem that can be miss-recognized. In this paper, we propose the new method that reduces miss-recognizing rate with Renewable Iris Authentication Algorithm(RIAA) in mobile system.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.34 no.6C
• /
• pp.578-587
• /
• 2009

In 2005, Ko-Kim-Kwon pointed out Henrici-Muller's hash based RFID authentication protocol is insecure to location tracking attack, spoofing attack and Denial of Service attack. Then, they proposed a new RFID authentication protocol(3K-RFID) that can withstand these security problems. However, this paper shows that 3K-RFID authentication protocol is still not only vulnerable to spoofing attack and Denial of Service attack but also does not provide forward secrecy, and then proposes an improved secure I3K-RFID authentication protocol in order to resolve such problems.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.9 no.7
• /
• pp.2719-2735
• /
• 2015

In the cloud environment, users pay more attentions to their data security since all of them are stored in the cloud server. Researchers have proposed many mutual authentication schemes for the access control of the cloud server by using the smart card to protect the sensitive data. However, few of them can resist from the smart card lost problem and provide both of the forward security and the backward security. In this paper, we propose a novel authentication scheme for cloud computing which can address these problems and also provide the anonymity for the user. The trick we use is using the password, the smart card and the public key technique to protect the processes of the user's authentication and key exchange. Under the Elliptic Curve Diffie-Hellman (ECDH) assumption, it is provably secure in the random oracle model. Compared with the existing smart card based authentication schemes in the cloud computing, the proposed scheme can provide better security degree.