• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.26 no.5
• /
• pp.656-661
• /
• 2022

Password with a combination of 4-digit numbers has been widely adopted for various authentication systems (such as credit card authentication, digital door lock systems and so on). However, this system could not be safe because the 4-digit password can easily be stolen by predicting it from the fingermarks on the keypad or display screen. Furthermore, due to the prolonged COVID-19 pandemic, contactless method has been preferred over contact method in authentication. This paper suggests a new password input method based on eyeblink pattern analysis in video sequence. In the proposed method, when someone stands in front of a camera, the sequence of eyeblink motions is captured (according to counting signal from 0 to 9 or 9 to 0), analyzed and encoded, producing the desired 4-digit decimal numbers. One does not need to touch something like keypad or perform an exaggerated action, which can become a very important clue for intruders to predict the password.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.20 no.3
• /
• pp.9-21
• /
• 2010

Recently, famous online shopping websites were hit by hacking attack, and many users' personal information such as ID, password, account number, personal number, credit card number etc. were compromised. Hackers are continuing to attack online shopping websites, and the number of victims of these hacking is increasing. Especially, the exposure of credit card numbers is dangerous, because hackers maliciously use disclosed card numbers to gain money. In 2007 Financial Cryptography Conference, Ian Molly et al. firstly proposed dynamic card number generator, but it doesn't meet reuse resistant. In this paper, we analyzed security weaknesses of Ian Molly's scheme, and we proposed a new one-time virtual card number generator using a mobile device which meets security requirements of one-time virtual card numbers. Then, we propose one-time credit card number generation and transaction protocol using Integrated Authentication Center for user convenience and security enhancement.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.9 no.10
• /
• pp.1145-1152
• /
• 2014

The RFID (Radio-Frequency Identification) system is a technology to discern things by radio and an epoch-making new method to improve product management such as distribution, transport, mobilization, inventory control. However, RFID, which uses radio, is at risk for information leakage and falsification due to the vulnerability of security of the communication section. We designed the new authentication protocol by applying the tent map, which is the representative complex systems, to the RFID communication system. A more solid and simple authentication system was designed by applying the initial value sensitivity and irregularity, which are the representative characteristics of the complex system, to the reader and tag of RFID. The purpose of this paper is to verify the usability of the RFID authentication protocol design that uses the nonlinear system shown in this thesis by the new system differentiated from the authentication system that depends on the existing hash function or random numbers.

• Journal of information and communication convergence engineering
• /
• v.8 no.4
• /
• pp.437-442
• /
• 2010

Ubiquitous mobile computing is becoming easier and more attractive in this ambient technological Internet world. However, some portable devices such as Personal Digital Assistant (PDAs) and smart phones are still encountering inherent constraints of limited storages and computing resources. To alleviate this problem, we develop a cost-effective protocol, iATA to transfer ATA commands and data over TCP/IP network between mobile appliances and stationary servers. It provides mobile users a virtual storage platform which is physically resided at remote home or office. As communications are made through insecure Internet connections, security risks of adopting this service become a concern. There are many reported cases in the history where attackers masquerade as legitimate users, illegally access to network-based applications or systems by breaking through the poor authentication gates. In this paper, we propose a mutual authentication and secure session termination scheme as the first and last defense steps to combat identity thief and fraud threat in particular for iATA services. Random validation factors, large prime numbers, current timestamps, one-way hash functions and one-time session key are deployed accordingly in the scheme. Moreover, we employ the concept of hard factorization problem (HFP) in the termination phase to against fraud termination requests. Theoretical security analysis discussed in later section indicates the scheme supports mutual authentication and is robust against several attacks such as verifiers' impersonation, replay attack, denial-of-services (DoS) attack and so on.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.21 no.1
• /
• pp.77-84
• /
• 2011

While The passwords that combined with characters and numbers are easy to memorize and use, they have low complexity. Therefore they can easily be revealed by the shoulder-surfing attack when they are inputted through the input devices such like keyboard. To overcome these problems, many new authentication schemes, which change the user secret different form or let users input their secrets through the more complex manners, have been suggested, but it is still hard to find the balanced point between usability and security. S3PAS is one of well-known schemes which had both usability and security against shoulder-surfing attack. However, this scheme was not considered about intersection attack that the attacker tried to pass the authentication system after observing several authentication sessions. In this paper, we consider the security problem of S3PAS; what the attacker can do when he can observe the authentication sessions in several times. We confirm it through user study and experiments. And also we consider the alternative that overcomes the problem.

• International journal of advanced smart convergence
• /
• v.10 no.2
• /
• pp.10-14
• /
• 2021

Today people adopt various contents from their mobile devices which lead to numerous platforms. As technology of 5G, IOT, and smart phone develops, the number of people who create, edit, collect, and share their own videos, photos, and articles continues to increase. As more contents are shared online, the numbers of data being stolen continue to increase too. To prevent these cases, an authentication method is needed to encrypt the content and prove it as its own content. In the report, we propose a few methods to secure various misused content with secondary security. A unique private key is designed when people create new contents through sending photos or videos to platforms. The primary security is to encrypt the "Private Key" with a public key algorithm, making its data-specific "Timeset" that doesn't allow third-party users to enter. For the secondary security, we propose to use Message Authentication Codes(MACs) to certify that we have produced the content.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.21 no.1
• /
• pp.135-141
• /
• 2011

Recent advances in mobile devices and development of various mobile applications dealing with private information of users made user authentication in mobile devices a very important issue. This paper presents a new user authentication method based on touch screen interfaces. This method uses for authentication the PIN digits as well as the exact locations the user touches to input these digits. Our method is fully compatible with the regular PIN entry method which uses numeric keypads, and it provides better usability than the behavioral biometric schemes because its PIN registration process is much simpler. According to our experiments, our method guarantees EERs of 12.8%, 8.3%, and 9.3% for 4-digit PINs, 6-digit PINs, and 11-digit cell phone numbers, respectively, under the extremely conservative assumption that all users have the same PIN digits and cell phone numbers. Thus we can guarantee much higher performance in identification functionality by applying this result to a more practical situation where every user uses distinct PIN and sell phone number. Finally, our method is far more secure than the regular PIN entry method, which is verified by our experiments where attackers are required to recover a PIN after observing the PIN entry processes of the regular PIN and our method under the same level of security parameters.

• Journal of Computing Science and Engineering
• /
• v.5 no.1
• /
• pp.51-70
• /
• 2011

This paper introduces a new credit card payment scheme called No Number Credit Card that can significantly reduce the possibility of credit card fraud. The proposed payment system is loosely based on Kerberos, a cryptographic framework that has stood the test of time. In No Number Credit Card, instead of card numbers, only payment tokens are exchanged between the customers and merchants. The tokens are generated based on the payment amount, payment type, client information, and merchant information. However, it does not contain the credit card number, so the merchant or a database hacker cannot acquire and illegally use any credit card numbers. The No Number Credit Card system is ideal for online e-commerce transactions and can be used with any credit card that users possess. It can be used with minor modifications to the current card payment system. We provide the principles of its operation through scenario analysis, a sample implementation, and a security analysis

• Journal of Digital Convergence
• /
• v.13 no.8
• /
• pp.315-320
• /
• 2015

User Authentication in Online service is essential for accurate and safe service. For this user authentication, One Time Password(OTP) is frequently used. To satisfy one-time-use characteristic of OTP, Offset information to generate OTP or final OTP value get generated through OTP generator or security card which could be lost. In this study, OTP generation method that bypasses OTP generator or security card by using health information collected from u-Health care system is proposed. Suggestion is that health information collected through wearable devices get utilized to offset information that are applied in OTP generations. OTP generated using suggested methods showed similar results than current OTP generation methods in the collision resistance test which tests how often it generate same authentication numbers, this implies that new proposed method can be applied to various on-line services.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.7 no.4
• /
• pp.635-641
• /
• 2006

On the wireless-communication between Electronic Tag of RFID system and Reader, there are some existing problems with weaknesses of security such as spoofing, replay, traffic analysis, position tracking, etc., in the established hash-lock related algorithm. This paper has presented the comparison and analysis of the established hash-lock related algorithm for privacy and in order to make up for this, also suggested a new security authentication algorithm based on hash which has an authentication protocol and creates hash function by using random numbers received from the reader on real-time and every session. The algorithm suggested is able to make RFID wireless authentication system offer a several of usefulness and it has an advantage to reduce the amount of calculations compared to established algorithm. It also uses just the tags needed among a lot of tags around which are expected later and it is expected to reduce a responsibility of the server by ending unnecessary tags' action with time based.