• International journal of advanced smart convergence
• /
• 제6권2호
• /
• pp.65-71
• /
• 2017

Fingerprints are increasingly used for user authentication in small devices such as mobile phones. Therefore, it is important for Fingerprint authentication systems in personal devices to protect the user's fingerprint information while performing efficiently with a lightweight matching algorithm. In this paper, we propose a new method to extract strong minutiae with unique numbers from fingerprint images. Strong minutiae are at all times obtained from fingerprint images, and can be useful for secure and rapid fingerprint authentication. The binary information of strong minutiae of a fingerprint can be transformed securely and can create cancelable fingerprint templates. Also the bit-strings of strong minutiae decrease computing time necessary for the matching procedure between two fingerprints due to the simplicity of bitwise operations. First, we enroll several fingerprints images of a finger. From these images we select a reference fingerprint and put a number on each minutia. Following this procedure, we search for mated-minutiae between the reference fingerprint and other fingerprints one by one. Finally we derive unique numbers of strong minutiae of the finger. In the experiment with the FVC2004 fingerprint database, we show that using the proposed method, strong minutiae can be extracted successfully.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제17권4호
• /
• pp.1049-1065
• /
• 2023

Recently, with the development of IoT, AI, and mobile terminals, medical information platforms are expanding. The medical information platform can determine a patient's emergency situation, and medical staff can easily access patient information through a mobile terminal. However, in the existing platform, emergency situation decision is delayed, and faster and stronger authentication is required in emergency situations. Therefore, we propose an edge computing-based medical information platform for automatic authentication using patient situations. We design an edge computing-based medical information platform architecture capable of rapid transmission of biometric data of IoT and quick emergency situation decision, and implement the platform data flow in emergency situations. Relying on this platform, we propose the automatic authentication using patient situations. The automatic authentication protects patient information through patient-centered authentication by using the patient's situation as an authentication factor, and enables quick authentication by automatically proceeding with mobile terminal authentication after user authentication in emergencies without user intervention. We compared the proposed platform with existing platforms to show that it can make quick and stable emergency decisions. In addition, comparing the automatic authentication with existing authentication showed that it is fast and protects medical information centered on patient situations in emergency situations.

• 한국산업정보학회논문지
• /
• 제16권1호
• /
• pp.9-19
• /
• 2011

Secure and efficient authentication schemes over insecure networks have been a very important issue with the rapid development of networking technologies. Wang et al. proposed a remote user authentication scheme using smart cards. However, recently, Chen et al. pointed out that their scheme is vulnerable to the impersonation attack and the parallel session attack, and they proposed an enhanced authentication scheme. Chen et al. claimed that their scheme is secure against the various attacks. However, we have found that their scheme cannot resist the parallel attack and the stolen smart card attack. Therefore, in this paper, we show the security flaws in Chen et al.'s scheme and propose an improved remote user authentication scheme using tamper-resistant smart cards to solve the problem of Chen et al.'s scheme. We also analyze our scheme in terms of security and performance.

• 한국IT서비스학회지
• /
• 제8권2호
• /
• pp.117-136
• /
• 2009

Over the years a password has been used as a popular authentication method between a client and a server because of its easy-to-memorize property. But, most password-based authentication services have focused on a same password authentication scheme which provides an authentication and key exchange between a client and a server with the same password. With rapid change of communication environments in the fields such as mobile networks, home networking, etc., the end-to-end security allowing users to hold different password is considered as one of main concerns. In this paper, we consider a new authentication service of how each client with different own password is able to authenticate each other, which is a quite new service paradigm among the existing services. This new service can be used in the current or next generation network environment where a mobile user in cell A wants to establish a secure end-to-end channel with users in ceil B, C, and D using only their memorable passwords. This end-to-end security service minimizes the interferences from the operator controlled by network components. To achieve this end-to-end security, we propose an authentication and key exchange service for group users in different realm, and analyze its security in a formal way. We also discuss a generic construction with the existing authentication schemes.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제6권1호
• /
• pp.131-146
• /
• 2012

As one of the four basic technologies of IOT (Internet of Things), M2M technology whose advance could influence on the technology of Internet of Things has a rapid development. Mobile Payment is one of the most widespread applications in M2M. Due to applying wireless network in Mobile Payment, the security issues based on wireless network have to be solved. The technologies applied in solutions generally include two sorts, encryption mechanism and authentication mechanism, the focus in this paper is the authentication mechanism of Mobile Payment. In this paper, we consider that there are four vital things in the authentication mechanism of Mobile Payment: two-way authentication, re-authentication, roaming authentication and inside authentication. Two-way authentication is to make the mobile device and the center system trust each other, and two-way authentication is the foundation of the other three. Re-authentication is to re-establish the active communication after the mobile subscriber changes his point of attachment to the network. Inside authentication is to prevent the attacker from obtaining the privacy via attacking the mobile device if the attacker captures the mobile device. Roaming authentication is to prove the mobile subscriber's legitimate identity to the foreign agency when he roams into a foreign place, and roaming authentication can be regarded as the integration of the above three. After making a simulation of our proposed authentication mechanism and analyzing the existed schemes, we summarize that the authentication mechanism based on the mentioned above in this paper and the encryption mechanism establish the integrate security framework of Mobile Payment together. This makes the parties of Mobile Payment apply the services which Mobile Payment provides credibly.

• 한국멀티미디어학회논문지
• /
• 제20권4호
• /
• pp.614-628
• /
• 2017

Recently, Due to the rapid development of the internet and IT technology, users can conveniently use various services provided by the server anytime and anywhere. However, these technologies are exposed to various security threat such as tampering, eavesdropping, and exposing of user's identity and location information. In 2016, Nikooghadam et al. proposed a lightweight authentication and key agreement protocol preserving user anonymity. This paper overcomes the vulnerability of Nikooghadam's authentication protocol proposed recently. This paper suggests an enhanced remote user authentication protocol that protects user's password and provides perfect forward secrecy.

• 한국정보통신학회논문지
• /
• 제21권7호
• /
• pp.1411-1419
• /
• 2017

PKI(Public Key Infrastructure) 인증은 개인키 소지(possession)와 개인키 보호 패스워드 지식(knowledge)이라는 2 요소 인증(2 factor authentication) 능력과 안전한 공개키 암호 프로토콜을 통해 인터넷 거래의 신뢰 인프라 구축에 많은 기여를 해왔다. 하나의 인증서로 모든 PKI 사이트를 접근할 수 있는 점도 PKI 인증의 활성화에 기여하였다. 그럼에도 불구하고 인증서 인프라 구축 비용, 인증서 관리에 따른 사용자 불편함, 그리고 개인키 보호 패스워드 관리의 어려움 등에 따른 여러 가지 문제점들이 노출되어 왔다. 최근에 주목받고 있는 FIDO(Fast IDentity Online) 인증은 PKI 인증과 같이 공개키 암호 프로토콜에 기초한 강력한 인증 서비스를 제공하면서도 사용자별 인증서 발급이 불필요하고, 생체 인증 등과 결합하여 안전하고 편리한 인증 서비스 제공을 추구하고 있다. 본 논문은 PKI 인증과 FIDO 인증의 동작 방식을 구체적으로 비교하여 각각의 장단점을 분석하고, 그에 따른 각각의 응용 분야를 제시하는 데 목적이 있다.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제13권2호
• /
• pp.978-1002
• /
• 2019

With the rapid development of the Internet of Things, the problem of privacy protection has been paid great attention. Recently, Nikooghadam et al. pointed out that Kumari et al.'s protocol can neither resist off-line guessing attack nor preserve user anonymity. Moreover, the authors also proposed an authentication supportive session initial protocol, claiming to resist various vulnerability attacks. Unfortunately, this paper proves that the authentication protocols of Kumari et al. and Nikooghadam et al. have neither the ability to preserve perfect forward secrecy nor the ability to resist key-compromise impersonation attack. In order to remedy such flaws in their protocols, we design a lightweight authentication protocol using elliptic curve cryptography. By way of informal security analysis, it is shown that the proposed protocol can both resist a variety of attacks and provide more security. Afterward, it is also proved that the protocol is resistant against active and passive attacks under Dolev-Yao model by means of Burrows-Abadi-Needham logic (BAN-Logic), and fulfills mutual authentication using Automated Validation of Internet Security Protocols and Applications (AVISPA) software. Subsequently, we compare the protocol with the related scheme in terms of computational complexity and security. The comparative analytics witness that the proposed protocol is more suitable for practical application scenarios.

• Journal of information and communication convergence engineering
• /
• 제2권3호
• /
• pp.167-171
• /
• 2004

The evolution of modern imaging modalities, followed by the rapid development of computer technology has introduced many new features in the communication networks used in medical facilities. Since it is very important to keep patient's record accurately, the ability to exchange medical data securely over the communication network is essential for any medical information. In this paper, therefore, we introduce some problems which occur from digitizing medical images such as MRI (Magnetic Resonance Imaging), CT (Computed Tomography), CR(Computed Radiography), etc., and then we propose a authentication mechanism for medical image verification using secret watermark images.

• 정보보호학회논문지
• /
• 제27권2호
• /
• pp.329-341
• /
• 2017

컴퓨터 네트워크 및 서비스 제공 서버 등의 급속한 성장으로 인해 자원의 효율성을 높이기 위한 다중 서버 아키텍처가 제안되었다. 이러한 다중 서버 환경의 스마트카드 기반 인증 프로토콜은 다양한 연구를 통해 지속적으로 발전되어 왔다. 최근 Chun-Ta Li 등은 Xiong Li 등의 인증 프로토콜이 사용자 가장 공격, 세션키 유출 공격에 취약하다는 문제점을 제기하고 취약점을 해결한 인증 프로토콜을 제안하였으나, Chun-Ta Li 등이 제안한 인증 프로토콜은 취약점 분석에 있어서 사용자 가장 공격 등에 문제가 있고 부적합한 인증 절차 문제를 가진다. 따라서 본 논문에서는 Xiong Li 등이 제안한 인증 프로토콜의 서비스 거부 공격 및 재전송 공격 등의 취약점을 해결하고 안전성이 향상된 다중 서버환경의 스마트카드 기반 인증 프로토콜을 제안하고자 한다.