• Journal of Multimedia Information System
• /
• v.1 no.1
• /
• pp.23-43
• /
• 2014

With the rapidity of the development on electronic technology, various mobile devices are produced to make human life more convenient. The user is always in constant search of middle with ease of deployment. Therefore, the development of infrastructure and application with ubiquitous nature gets a growing keen interest. Recently, the number of pervasive network services is expanding into ubiquitous computing environment. To get desired services, user presents personal details about this identity, location and private information. The information transmitted and the services provided in pervasive computing environments (PCEs) are exposed to eavesdropping and various attacks. Therefore, the need to protect this environment from illegal accesses has become extremely urgent. In this paper, we propose an anonymous authentication and access control scheme to secure the interaction between mobile users and services in PCEs. The proposed scheme integrates a biometric authentication in PKI model. The proposed authentication aims to secure access remote in PCE for guaranteeing reliability and availability. Our authentication concept can offer pervasive network service users convenience and security.

• International Commerce and Information Review
• /
• v.9 no.1
• /
• pp.297-312
• /
• 2007

The GUIDEC I was published in November 1997 by the International Chamber of Commerce (ICC) and then the GUIDEC was published in October 2000 in the name of GUIDEC II. The GUIDEC II is the next version of GUIDEC I. This paper examines the electronic authentication and certification practices under GUIDEC II in detail. Therefore, this paper can help parties concerned to understand electronic authentication and certification practices of electronic commerce. GUIDEC II maintains the content of GUIDEC I, but GUIDEC II adds some new definitions such as authenticating a message and explains the rights and responsibility of subscribers, certifiers, and relying parties in detail. The aim of the GUIDEC II is to enhance the ability of international business community to execute trustworthy digital transactions utilizing legal principles that promote reliable digital authentication and certification practice.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2005.05a
• /
• pp.1461-1464
• /
• 2005

In contrast with conventional networks, mobile ad hoc networks usually do not provide online access to trusted authorities or to centralized servers, and they exhibit frequent partitioning due to link and node failures and node mobility. For these reasons, traditional security solutions that require online trusted authorities or certificate repositories, but those are not well-suited for securing ad hoc networks. Moreover, a fundamental issue of securing mobile ad hoc networks is to ensure mobile nodes can authenticate each other. Because of its strength and efficiency, public key and digital signature is an ideal mechanism to construct the authentication service. Although this is already mature in the internet application, providing public key based authentication is still very challenging in mobile ad hoc networks. In this paper I propose a secure public key authentication service based on clustering model and trust model to protect nodes from getting false public keys of the others efficiently when there are malicious nodes in the network.

• 한국정보통신설비학회:학술대회논문집
• /
• 2008.08a
• /
• pp.146-149
• /
• 2008

The RFID system is very useful in various fields such as the distribution industry and the management of the material, etc. However, the RFID system suffers from various attacks since it does not have a complete authentication protocol. Therefore, this paper propose the authentication protocol that used key server to resist various attacks including DoS(Denial of Service) attack. For easy implementation, the proposed protocol also uses CRC, RN16 generation function existing in EPCglobal class 1 gen2 protocol. This paper performed security analysis to prove that the proposed protocol is resistant to various attacks. The analytical results showed that the proposed protocol offered a secure RFID system.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.12 no.6
• /
• pp.1016-1021
• /
• 2008

A number of wireless technologies have been implemented, but each technology has its limitation in terms of coverage and bandwidth. WLAN and 3G cellular network has emerged to be a complementary platform for wireless data communications. However, the mobility of roaming terminals in heterogeneous networks poses several risks. To maintain secure communications in universal roaming, the effective authentication must be implemented. The focus of this paper is on analysis of authentication architecture involved in integrated WLAN/3G networks.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.7 no.1
• /
• pp.119-131
• /
• 2013

With the explosive growth of computer networks, many remote service providing servers and multi-server network architecture are provided and it is extremely inconvenient for users to remember numerous different identities and passwords. Therefore, it is important to provide a mechanism for a remote user to use single identity and password to access multi-server network architecture without repetitive registration and various multi-server authentication schemes have been proposed in recent years. Recently, Tsaur et al. proposed an efficient and secure smart card based user authentication and key agreement scheme for multi-server environments. They claimed that their scheme satisfies all of the requirements needed for achieving secure password authentication in multi-server environments and gives the formal proof on the execution of the proposed authenticated key agreement scheme. However, we find that Tsaur et al.'s scheme is still vulnerable to impersonation attack and many logged-in users' attack. We propose an extended scheme that not only removes the aforementioned weaknesses on their scheme but also achieves user anonymity for hiding login user's real identity. Compared with other previous related schemes, our proposed scheme keeps the efficiency and security and is more suitable for the practical applications.

• The Journal of The Korea Institute of Intelligent Transport Systems
• /
• v.9 no.2
• /
• pp.104-109
• /
• 2010

In this paper, we propose a user authentication technology to protect wiretapping and attacking from others in the telematics environment, which users in vehicle can use internet service in local area network via mobile device. In the proposed user authentication technology, the packet speech data is encrypted by speech-based biometric key, which is generated from the user's speech signal. Thereafter, the encrypted data packet is submitted to the information communication server(ICS). At the ICS, the speech feature of the user is reconstructed from the encrypted data packet and is compared with the preregistered speech-based biometric key for user authentication. Based on implementation of our proposed communication method, we confirm that our proposed method is secure from various attack methods.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.10 no.9
• /
• pp.4508-4528
• /
• 2016

Widespread use of wireless networks has drawn attention to ascertain confidential communication and proper authentication of an entity before granting access to services over insecure channels. Recently, Truong et al. proposed a modified dynamic ID-based authentication scheme which they claimed to resist smart-card-theft attack. Nevertheless, we find that their scheme is prone to smart-card-theft attack contrary to the author's claim. Besides, anyone can impersonate the user as well as service provider server and can breach the confidentiality of communication by merely eavesdropping the login request and server's reply message from the network. We also notice that the scheme does not impart user anonymity and forward secrecy. Therefore, we present another authentication scheme keeping apart the threats encountered in the design of Truong et al.'s scheme. We also prove the security of the proposed scheme with the help of widespread BAN (Burrows, Abadi and Needham) Logic.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.33 no.10C
• /
• pp.749-757
• /
• 2008

In this paper, we propose an authentication scheme for EVPT (Emergency Vehicle Priority Transit) service in Vehiclar Ad-hoc Networks (VANET) enable a variety of vehicle comfort services, traffic management applications, and infotainment services. These are the basis for a new generation of preventive and active safety functions. By intelligently controlling signalling at intersections, providing additional information to the driver and warning the driver in critical situations. we therefore focus on vehicle-to-infrastructure communication for the authentication between emergency vehicles and traffic lights system. This authentication process should identify the vehicle, and provide privacy protection.

• Journal of KIISE:Information Networking
• /
• v.36 no.2
• /
• pp.90-97
• /
• 2009

In 2008, Kim-Jun proposed a RFID mutual authentication protocol using one-time random number that can withstand malicious attacks by the leakage of important information and resolve the criminal abuse problems. Through the security analysis, they claimed that the proposed protocol can withstand various security attacks including the replay attack. However, this paper demonstrates that Kim-Jun' s RFID authentication protocol still insecure to the replay attack. In addition, this paper also proposes a simply improved RFID mutual authentication protocol using one-time random number which not only provides same computational efficiency, but also withstands the replay attack.