• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.19 no.6
• /
• pp.191-194
• /
• 2009

Recently, an anonymous authentication scheme has been proposed by Chang, Lee, and Chiu. In this paper, we show the insecurity of the scheme. To prove the insecurity of the scheme, we describe some attacks that can be used to recover an user's identity.

• The KIPS Transactions:PartC
• /
• v.14C no.2
• /
• pp.129-138
• /
• 2007

AAA(Aluthentieation, Authorization, Accounting) protocol is an information securitv technology that offer secure and reliable user Authentication, Authorization, Accounting function systematically in various services. protocol and wireless network work as well as win network. Currently IETF(Internet Engineering Task Force) AAA Working Group deal with about AAA protocol and studying with activity, But, recently it exposing much problems side to user's anonymity and privacv violation. Therefore, in this paper, AAAH(Home Authentication Server) authenticaters Mobile device, after that, use ticket that is issued from AAAH even if move to outside network and can be serviced offering authentication in outside network without approaching by AAAH, Also, we study mechanism that can offer user's privacy and anonymousness to when use service. Our mechanism is using Time Synchronization OTP and focusing authentication and authorization. Therefore, our mechanism is secure from third party attack and offer secure and effective authentication scheme. Also only right user can offer services by using ticket. can reduce signal and reduce delay of message exchanged, can offer persistent service and beighten security and efficiency.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.14 no.2
• /
• pp.27-33
• /
• 2018

User authentication scheme is a method for controlling unauthorized users' access to securely share the services and resources provided by the server and for verifying users with access rights. Initial user authentication scheme was based on passwords. Nowadays, various authentication schemes such as ID based, smart-card based, and attribute based are being researched. The study of Lee et al. suggested a user authentication scheme that provides forward secrecy and protects anonymity of users. However, it is vulnerable to attacks by outsiders and attackers who have acquired smart-cards. In this paper, we propose a modified smart-card authentication scheme to complement the weakness of the previous studies. The proposed user authentication scheme provides the security for the ID guessing attack and the password guessing attacks of the attacker who obtained the login request message and the user's smart-card.

• Journal of KIISE:Information Networking
• /
• v.28 no.4
• /
• pp.570-577
• /
• 2001

In recent years, Internet-based application services on the mobile environment have been activated, and the developments of mobile internet application for user authentication and privacy have been required. Especially, the research for preventing disclosure of identity caused by user mobility is on the progress. In this paper, we introduce the study of an authentication protocol for anonymity and untraceability supporting the protection of user identity and the authenticated secure association mechanism between mobile hosts and remote domains. In this protocol use public cryptography.

• Journal of Korea Multimedia Society
• /
• v.20 no.11
• /
• pp.1768-1775
• /
• 2017

The SIP(Session Initiation Protocol) is an application layer call signaling protocol which can create, modify and terminate the session of user, and provides various services in combination with numerous existing protocols. However, most of cryptosystems for SIP cannot prevent quantum computing attack because they have used ECC(Elliptic Curve Cryptosystem). In this paper, we propose a NTRU based authentication and key distribution protocol for SIP in order to protect quantum computing attacks. The proposed protocol can prevent various attacks such as quantum computing attack, server spoofing attack, man-in-the middle attack and impersonation attack anonymity, and our protocol can provide user's anonymity.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.13 no.3
• /
• pp.1546-1565
• /
• 2019

Signcryption schemes offer the possibility to simultaneously sign and encrypt a message. In order to guarantee the authentication of both signer and receiver in the most efficient way during the signcryption, certificate based solutions have been proposed in literature. We first compare into detail three recently proposed certificate based signcryption systems relying on the elliptic curve discrete logarithm problem and without the usage of compute intensive pairing operations. Next, we demonstrate how the performance of these certificate based systems can be improved by using the Elliptic Curve Qu Vanstone (ECQV) implicit certificates. What is more, generalized signcryption schemes are easily derived from these schemes and the anonymity feature of sender and receiver is already inherently included or can be very efficiently obtained without a significant additional cost.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.13 no.12
• /
• pp.6071-6080
• /
• 2012

Regarding the official authentication method which is a strong encrypt method for financial transactions, there has recently been a concern for the problem of storage. As a solution for such problems, this study provides the anonymous authentication method based on the smart card used for such a purpose by utilizing the pseudo ID replacing the user's personal data. Such an anonymous authentication method makes it possible to prevent any inside leakage, intermediary attack, limited re-transmission attack, service-denying attack, directional safety attack and secret inspector attack in regard to the user's personal data. As a result, there would be no concern for the leakage of any personal data. In comparative analysis, after executing the comparison and analysis process through the experiment for the authentication process by using the previously-used smart card, the new one has shown about 10% a high level of efficiency for the encrypt and decrypt process together with excellent features in terms of flexibility in regard to the user's anonymity and tracking ability.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.19 no.5
• /
• pp.93-103
• /
• 2009

Since message forgery or alteration in VANET may cause severe consequences, authentication of critical messages must be provided. However, using normal digital signature may infringe privacy of drivers. Therefore, VANET requires authentication systems that provide conditional anonymity. In this paper, we propose a new authentication system for VANET. In our proposed system, each vehicle can update its pseudonym using re-encryption technique and digitally sign messages using representation problem on the pseudonym. By limiting the usage period, revocation of individual pseudonym is not required. Moreover, we also provide a way to revoke the vehicle itself. Secureness of our system partially rely on the usage of tamper-resistance hardware.

• Journal of Digital Convergence
• /
• v.18 no.9
• /
• pp.57-62
• /
• 2020

Smart home based on Internet of things (IoT) is rapidly emerging as an exciting research and industry field. However, security and privacy have been critical issues due to the open feature of wireless communication channel. As a step towards this direction, Shuai et al. proposed an anonymous authentication scheme for smart home environment using Elliptic curve cryptosystem. They provided formal proof and heuristic analysis and argued that their scheme is secure against various attacks including de-synchronization attack, mobile device loss attack and so on, and provides user anonymity and untraceability. However, this paper shows that Shuai et al.'s scheme does not provide user anonymity nor untraceability, which are very important features for the contemporary IoT network environment.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.19 no.4
• /
• pp.105-114
• /
• 2009

Messages exchanged among vehicles must be authenticated in order to provide collision avoidance and cooperative driving services in VANET. However, digitally signing the messages can violate the privacy of users. Therefore, we require authentication systems that can provide conditional anonymity. Recently, Zhang et al. proposed conditionally anonymous authentication system for VANET using tamper-resistant hardware. In their system, vehicles can generate identity-based public keys by themselves and use them to sign messages. Moreover, they use batch verification to effectively verify signed messages. In this paper, we provide amelioration to Zhang et al.'s system in the following respects. First, we use a more efficient probabilistic signature scheme. Second, unlike Zhang et al., we use a security proven batch verification scheme. We also provide effective solutions for key revocation and anonymity revocation problems.