• Journal of Korea Society of Digital Industry and Information Management
• /
• v.10 no.1
• /
• pp.81-87
• /
• 2014

Password-based authentication using smart card provides two factor authentications, namely a successful login requires the client to have a valid smart card and a correct password. While it provides stronger security guarantees than only password authentication, it could also fail if both authentication factors are compromised ((1) the user's smart card was stolen and (2) the user's password was exposed). In this case, there is no way to prevent the adversary from impersonating the user. Now, the new technology of biometrics is becoming a popular method for designing a more secure authentication scheme. In terms of physiological and behavior human characteristics, biometric information is used as a form of authentication factor. Biometric information, such as fingerprints, faces, voice, irises, hand geometry, and palmprints can be used to verify their identities. In this article, we review the biometric-based authentication scheme by Cheng et al. and provide a security analysis on the scheme. Our analysis shows that Cheng et al.'s scheme does not guarantee any kind of authentication, either server-to-user authentication or user-to-server authentication. The contribution of the current work is to demonstrate these by mounting two attacks, a server impersonation attack and a user impersonation attack, on Cheng et al.'s scheme. In addition, we propose the enhanced authentication scheme that eliminates the security vulnerabilities of Cheng et al.'s scheme.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.11 no.1
• /
• pp.59-67
• /
• 2015

A novel authentication mechanism is biometric authentication where users are identified by their measurable human characteristics, such as fingerprint, voiceprint, and iris scan. The technology of biometrics is becoming a popular method for engineers to design a more secure user authentication scheme. In terms of physiological and behavioral human characteristics, biometrics is used as a form of identity access management and access control, and it services to identity individuals in groups that are under surveillance. In this article, we review the biometric-based authentication protocol by Althobati et al. and provide a security analysis on the scheme. Our analysis shows that Althobati et al.'s scheme does not guarantee server-to-user authentication. The contribution of the current work is to demonstrate this by mounting threat of data integrity and bypassing the gateway node on Althobati et al.'s scheme. In addition, we analysis the security vulnerabilities of Althobati et al.'s protocol.

• International Journal of Internet, Broadcasting and Communication
• /
• v.8 no.3
• /
• pp.41-49
• /
• 2016

Recently, many biometrics-based user authentication schemes for telecare medicine information systems (TMIS) have been proposed to improve the security problems in user authentication system. In 2014, Mishra et al. proposed an improvement of Awasthi-Srivastava's biometric based authentication for TMIS which is secure against the various attacks and provide mutual authentication, efficient password change. In this paper, we discuss the security of Mishra et al.'s authentication scheme, and we have shown that Mishra et al.'s authentication scheme is still insecure against the various attacks. Also, we proposed the improved scheme to remove these security problems of Mishra et al.'s authentication scheme, even if the secret information stored in the smart card is revealed. As a result, we can see that the improved biometric based authentication scheme is secure against the insider attack, the password guessing attack, the user impersonation attack, the server masquerading attack and provides mutual authentication between the user and the telecare system.

• Journal of Korea Multimedia Society
• /
• v.10 no.12
• /
• pp.1655-1662
• /
• 2007

Although the PKl-based user authentication solution has been widely used, the security of it can be deteriorated by a simple password. This is because a long and random private key may be protected by a short and easy-to-remember password. To handle this problem, many biometric-based user authentication solutions have been proposed. However, protecting biometric data is another research issue because the compromise of the biometric data will be permanent. In this paper, we present an implementation to improve the security of the typical PKI-based authentication by protecting the private key with a fingerprint. Compared to the unilateral authentication provided by the typical biometric-based authentication, the proposed solution can provide the mutual authentication. In addition to the increased security, this solution can alleviate the privacy issue of the fingerprint data by conglomerating the fingerprint data with the private key and storing the conglomerated data in a user-carry device such as a smart card. With a 32-bit ARM7-based smart card and a Pentium 4 PC, the proposed fingerprint-based PKI authentication can be executed within 1.3second.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.40 no.1
• /
• pp.132-141
• /
• 2015

There might have been weakness in securing user authentication or verification with real time service approach, while existing unimodal biometric authentication has been used mainly for user identification and recognition. Accordingly, it is essential to research and develop ways that upgrade security performance with multi biometric based real time authentication and verification technology. This paper focused to suggest binding assignment and strategy for developing multi biometric authentication technology through investigation of advanced study and patents. Description includes introduction, technology outline, technology trend, patent analysis, and conclusion.

• Journal of Information Technology Applications and Management
• /
• v.27 no.2
• /
• pp.1-21
• /
• 2020

The purpose of this study is to investigate the behavioral factors affecting the security attitude and intention to use biometrics password based on the protection motivation theory. This study also investigates security awareness training to understand trust, privacy, and security vulnerability regarding biometric authentication password. This empirical analysis reveals security awareness training boosts the protection motivational factors that affect on the behavior and intention of using biometric authentication passwords. This study also indicates that biometric authentication passwords can be used when the overall belief in a biometric system is present. After all, security awareness training enhances the belief of biometric passwords and increase the motivation to protect security threats. The study will provide insights into protecting security vulnerability with security awareness training.

• Journal of the Korea Convergence Society
• /
• v.7 no.1
• /
• pp.49-55
• /
• 2016

In a delegate authentication, a user can lend his/her own authentication data to the third parties to let them be authenticated instead of himself/herself. The user authentication schemes based on the memory of unique data such as password, are vulnerable to this type of attack. Biometric authentication could minimize the risk of delegate authentication since it uses the biometric data unique by each person. Group authentication scheme is used to prove that each group member belongs to the corresponding group. For applications such as an electronic voting or a mobile meeting where the number of group members is changing dynamically, a new group authentication method is needed to reflect the status of group in real time. In this paper, we propose biometric authentication based dynamic group signature scheme. The proposed scheme is composed of biometric key generation, group public key creation, group signature generation, group signature verification and member update protocols. The proposed member update protocol is secure against colluding attacks of existing members and could reflect group status in real time.

• Journal of Multimedia Information System
• /
• v.3 no.2
• /
• pp.13-20
• /
• 2016

Biometric authentication for account-based mobile payment continues to gain attention because of improvements on sensors that can collect biometric information. We propose an enhanced method for mobile payment security based on biometric authentication. In this mobile payment system, the communication between the user and the relying party is based on public key infrastructure. This method secures both the key and the biometric template in the user side using fuzzy vault biometric cryptosystems, which is based on non-random chaff point generator. In this paper, we consider an important process for the common fuzzy vault system, that is, the feature extraction method. We evaluate various feature extraction methods to enhance the accurate performance of the system.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.1
• /
• pp.69-79
• /
• 2016

Biometric authentication is considered as being an efficient authentication method, since a user is not required to possess or memorize any other information other than biometrics. However, since biometric information is sensitive and could be permanently unavailable in case of revealing that information just once, it is essential to preserve privacy of biometrics. In addition, since noise is inherent in the user of biometric recognition technologies, the biometric authentication needs to handle the noise. Recently, biometric authentication protocols using fuzzy extractor have been actively researched, but the fuzzy extractor-based authentication has a problem that a user should memorize an additional information, called helper data, to deal with their noisy biometric information. In this paper, we propose a novel biometric authentication protocol using Hidden Vector Key Encapsulation Mechanism(HV-KEM) which is one of functional encryption schemes. A primary advantage of our protocol is that a user does not need to possess or memorize any additional information. We propose security requirements of HV-KEM necessary for constructing biometric authentication protocols, and analyze our proposed protocol in terms of correctness, security, and efficiency.

• International Journal of Computer Science & Network Security
• /
• v.21 no.11
• /
• pp.321-327
• /
• 2021

Mobile devices have recently developed to be an integral part of humans' daily lives because they meet business and personal needs. It is challenging to design a feasible and effective user authentication method for mobile devices because security issues and data privacy threats have significantly increased. Biometric approaches are more effective than traditional authentication methods. Therefore, this paper aims to analyze the existing biometric user authentication methods on mobile platforms, particularly those that use face recognition, to demonstrate the methods' feasibility and challenges. Next, this paper evaluates the methods according to seven characteristics: universality, uniqueness, permanence, collectability, performance, acceptability, and circumvention. Last, this paper suggests that solely using the method of biometric authentication is not enough to identify whether users are authentic based on biometric traits.