한국인터넷방송통신학회논문지 (The Journal of the Institute of Internet, Broadcasting and Communication)

  • 제15권4호
  • /
  • Pages.43-53
  • /
  • 2015
  • /
  • 2289-0238(pISSN)
  • /
  • 2289-0246(eISSN)
한국인터넷방송통신학회 (The Institute of Internet, Broadcasting and Communication)
권호 표지
DOI QR코드

DOI QR Code

C/S 시스템에 적합한 보안성이 강화된 생체정보 기반의 사용자 인증 스킴

User Authentication Scheme based on Security-enhanced Biometric Information for C/S System

  • 양형규 (강남대학교 컴퓨터미디어정보공학부)
  • Yang, Hyung-Kyu (Division of Computer&Media-Information engineering, Kangnam University)
  • 투고 : 2015.07.28
  • 심사 : 2015.08.07
  • 발행 : 2015.08.31
PDF 다운로드
⟨ 이전 논문 다음 논문 ⟩

초록

서버-클라이언트 시스템에서 패스워드를 기반으로 하는 인증 스킴은 사용이 편리하지만, 사전 공격 및 무작위 공격에 취약하다는 단점이 있다. 이를 해결하기 위한 방법으로 암호학적으로 안전한 장문의 키를 사용할 수도 있지만, 기억하기가 어렵다는 단점이 있다. 그래서 생체정보를 이용한 인증 스킴을 Das가 처음으로 제안하여 이러한 문제를 해결하고자 했다. 하지만 Das의 인증 기법은 다양한 보안 보안취약점이 있어 이를 해결하고자 Jiping 등이 Das의 스킴을 개선하였지만 여전히 다양한 문제점이 있다. 그래서 본 논문에서 분석한 문제점을 해결한 보다 안전한 생체정보 기반의 사용자 인증 스킴을 제안한다. 그리고 보안성 분석을 통해 안전성을 검증하고 다른 스킴과 비교한다.

Password-based authentication schemes for server-client system are convenient to use, but vulnerable to dictionary attack or brute-force attack. To solve this vulnerability, Cryptographic secret key is used for security, but difficult to memorize. So, for the first time, Das proposed a biometric-based authentication scheme to solve various problems but it has various vulnerabilities. Afterwards, Jiping et al. improved Das's scheme, but some vulnerabilities remain. In this paper, we analyze the cryptanalysis of Jiping et al.'s authentication scheme and then propose improved biometric based user authentication scheme to resolve the analyzed problem. Moreover, we conduct a security analysis for the proposed scheme and make a comparison between the proposed scheme and other biometric based user authentications.

키워드

참고문헌

  1. M. Kim and C. K. Koc, "Asimple attackon a recently introduced hash-based strong-password authentication scheme," International Journal of Network Security, vol. 1, no. 2, pp. 77-80, 2005.
  2. A. K. Das, "Analysis and improvement on an efficient biometric based remote user authentication scheme using smart cards," IET Information Security, vol. 5, no. 3, pp. 145-151, 2011. https://doi.org/10.1049/iet-ifs.2010.0125
  3. C. T. Li, "An enhanced remote user authentication scheme providing mutual authentication and key agreement with Smart Cards," in Proceedings of the 5th International IEEE Computer Society Conference on Information Assurance and Security, pp. 517-520, Xi'an, China, 2009.
  4. L. Jiping, D. Yaoming, X. Zenggang, and L, Shouyin, "An improved biometric-based user authentication scheme for C/S system," International Journal of Distributed Sensor Networks, 2014.
  5. Younsung Choi, et al. "Cryptanalysis of Improved Biometric-Based User Authentication Scheme for C/S System", International Journal of Information and Education Technology, vol. 5, no.7, 2015
  6. N.Y. Lee and Y.C. Chiu, "Improved remote authentication scheme with smart card," Computer Standards and Interfaces, pp. 177-180, 2005.
  7. P. Kocher, J. Jaffe, B. Jun, "Differential power analysis," in Proc. The 19th Annual International Cryptology Conference on Advances in Cryptology, 1999, pp. 388-397.
  8. Seung-Cheol Lim, " A Real-Time Intrusin Detection based on Monitoring in Network Security", Journal of the institute of Inernet, Broadcasting and Comm, vol. 13, issue 3, pp.9-15, Jun. 2013.
  9. J. Nam, K. K. R. Choo, M. Kim, J. Paik and D. Won, "Dictionary Attacks against Password-Based Authenticated Three- Party Key exchange protocols," KSII Transactions on Internet and Information Systems, vol. 7, no. 12, 2013, pp. 3244-3260. https://doi.org/10.3837/tiis.2013.12.016