• Journal of Internet Computing and Services
• /
• v.10 no.4
• /
• pp.223-230
• /
• 2009

Among the remote user authentication schemes, password-based authentication methods are the most widely used. In 2004, Das et al. proposed a "Dynamic ID Based Remote User Authentication Scheme" that is the password based scheme with smart-cards, and is the light-weight technique using only one-way hash algorithm and XOR calculation. This scheme adopts a dynamic ID that protects against ID-theft attack, and can resist replay attack with timestamp features. Later, many flaws of this scheme were founded that it allows any passwords to be authenticated, and can be vulnerable to impersonation attack, and guessing attack. By this reason many modifications were announced. These scheme including all modifications are similarly maintained security against replay the authentication message attack by the timestamp. But, if advisory can replay the login immediately, this attempt can be succeeded. In this paper, we analyze the security vulnerabilities of Das scheme, and propose improved scheme which can resist on real-time replay attack using the counter of authentication. Besides our scheme still secure against impersonation attack, guessing attack, and also provides mutual authentication feature.

• Journal of Digital Convergence
• /
• v.11 no.7
• /
• pp.141-148
• /
• 2013

Smart grid can two-way communication using ICT(Information & Communication Technology). Also, smart grid can supply to dynamic power that grafted to electric vehicle can activate to electric vehicle charging infrastructure and used to storage battery of home. Storage battery of home can resale to power provider. These electric vehicle charging infrastructure locate fixed on home, apartment, building, etc charging infrastructure that used fluid on user. If don't authentication for user of fluid user use to charging infrastructure, electric charging service can occurred to illegal use, electric charges and leakgage of electric information. In this paper, we propose smartcard and dynamic ID based user authentication scheme for used secure to electric vehicle service in smart grid environment.

• Journal of Internet Computing and Services
• /
• v.10 no.6
• /
• pp.229-239
• /
• 2009

To solve user authentication problem, many remote user authentication schemes using password and smart card at the same time have been proposed. Due to the increasing of interest in personal privacy, there were some recent researches to provide user anonymity. In 2004, Das et al. firstly proposed an authentication scheme that guarantees user anonymity using a dynamic ID. In 2005, Chien et al. pointed out that Das et al.'s scheme has a vulnerability for guaranteing user anonymity and proposed an improved scheme. However their authentication scheme was found some weaknesses about insider attack, DoS attack, and restricted replay attack. In this paper, we propose an enhanced scheme which can remove vulnerabilities of Chien et al.'s scheme. The proposed authentication protocol prevented insider attack by using user's Nonce value and removed the restricted replay attack by replacing time stamp with random number. Furthermore, we improved computational efficiency by eliminating the exponentiation operation.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.2
• /
• pp.347-355
• /
• 2012

A biometric hardware security module is a physical device that comes in the form of smartcard or some other USB type security token is composed with biometric sensor and microcontroller unit (MCU). These modules are designed to process key generation and electronic signature generation inside of the device (so that the security token can safely save and store confidential information, like the electronic signature generation key and the biometric sensing information). However, the existing model is not consistent that can be caused by the disclosure of an ID and password, which is used by the existing personal authentication technique based on the security token, and provide a high level of security and personal authentication techniques that can prevent any intentional misuse of a digital certificate. So, this paper presents a model that can provide high level of security by utilizing the biometric security token and Public Key Infrastructure efficiently, presenting a model for privacy preserving personal authentication that links the biometric security token and the digital certificate.

• The Journal of The Korea Institute of Intelligent Transport Systems
• /
• v.21 no.3
• /
• pp.1-17
• /
• 2022

Accurate analysis of the causes of metro rail traffic congestion provides a means of addressing issues arising from metro rail traffic congestion in metropolitan areas. Currently, congestion analysis based on counting, weight detection, CCTVs, and mobile Wi-Fi is limited by poor accuracies or because studies have been restricted to single routes and trains. In this study, a train congestion analysis model was used that includes the transfer and multi-path behavior of metro passengers and train operation plans for metropolitan urban railroads. Analysis accuracy was improved by considering traffic patterns in which passengers must wait for next trains due to overcrowding. The model updates train crowding levels every 10 minutes, provides information to potential passengers, and thus, is expected to increase the social benefits provided by the Seoul metropolitan subway

• Convergence Security Journal
• /
• v.23 no.4
• /
• pp.43-52
• /
• 2023

Many businesses and organizations use smartcard-based user authentication for remote access. In the meantime, through various studies, dynamic ID-based remote user authentication protocols for distributed multi-server environments have been proposed to protect the connection between users and servers. Among them, Qiu et al. proposed an efficient smart card-based remote user authentication system that provides mutual authentication and key agreement, user anonymity, and resistance to various types of attacks. Later, Andola et al. found various vulnerabilities in the authentication scheme proposed by Qiu et al., and overcame the flaws in their authentication scheme, and whenever the user wants to log in to the server, the user ID is dynamically changed before logging in. An improved authentication protocol is proposed. In this paper, by analyzing the operation process and vulnerabilities of the protocol proposed by Andola et al., it was revealed that the protocol proposed by Andola et al. was vulnerable to offline smart card attack, dos attack, lack of perfect forward secrecy, and session key attack.

• Journal of the Institute of Electronics and Information Engineers
• /
• v.50 no.6
• /
• pp.159-166
• /
• 2013

Recently, because the interest and needs in privacy protection are growing, smartcard-based remote user authentication schemes have been actively studied to provide the user anonymity. In 2008, Kim et al. first proposed an authentication scheme in order to ensure the user anonymity against both external attackers and the remote server and track malicious users with the help of a trusted trace sever. However, in 2010, Lee et al. showed that Kim et al.'s scheme cannot provide the user anonymity against remote server, which is because the server can trace users without any help of the trace server, and then proposed a improved scheme. On the other hand, in 2010, Horng et al. proposed an authentication scheme with non-tamper resistant smart cards, in which the non-tamper resistant smart card means that an attacker may find out secret information stored in the smart card through special data analysis techniques such as monitoring power consumption, to be secure against a variety of attacks and to provide the user anonymity against external attackers. In this paper, we will propose a remote user authentication scheme with non-tamper resistant smart cards not only to ensure the user anonymity against both external attackers and the remote server but also to track malicious users with only the help of a trusted trace sever.

• Journal of the Institute of Electronics Engineers of Korea SD
• /
• v.42 no.9 s.339
• /
• pp.51-60
• /
• 2005

The design of efficient cryptosystems is mainly appointed by the efficiency of the underlying finite field arithmetic. Especially, among the basic arithmetic over finite field, the rnultiplicative inversion is the most time consuming operation. In this paper, a fast inversion algerian in finite field $GF(2^m)$ with the standard basis representation is proposed. It is based on the Extended binary gcd algorithm (EBGA). The proposed algorithm executes about $18.8\%\;or\;45.9\%$ less iterations than EBGA or Montgomery inverse algorithm (MIA), respectively. In practical applications where the dimension of the field is large or may vary, systolic array sDucture becomes area-complexity and time-complexity costly or even impractical in previous algorithms. It is not suitable for low-weight and low-power systems, i.e., smartcard, the mobile phone. In this paper, we propose a new hardware architecture to apply an area-efficient and a synchronized inverter on low-complexity systems. It requires the number of addition and reduction operation less than previous architectures for computing the inverses in $GF(2^m)$ furthermore, the proposed inversion is applied over either prime or binary extension fields, more specially $GF(2^m)$ and GF(P) .

• The Journal of The Korea Institute of Intelligent Transport Systems
• /
• v.18 no.5
• /
• pp.1-18
• /
• 2019

A short-turn bus is a bus that is operated within a subsection of an existing bus line. Previous studies regarding short-turn buses decided optimal turn-back points for a single bus line rather than a bus network. Also, in-vehicle crowding which has a significant impact on transit convenience was rarely considered. Therefore, this study aimed to develop a methodology to set priorities for the introduction of short-turn buses of bus lines and sections, considering crowding. To achieve this objective, we calculated occupancies and crowding alleviation benefits of existing bus lines overlapping a new short-turn route based on transit card data, before and after the introduction of short-turn strategy. Also, operator and social costs caused by the introduction of short-turn buses were calculated. Those procedures were iterated over bus lines and sections to operate a short-turn service, and a section whose benefit-to-cost ratio (B/C) is the largest in a line was selected to operate a short-turn service in the line. After, priorities of bus lines to introduce short-turn services could be determined based on B/C values, and the optimum total fleet size could be determined when a short-turn strategy is applied in multiple lines.