Journal of the Korea Convergence Society (한국융합학회논문지)

Korea Convergence Society (한국융합학회)
권호 표지
DOI QR코드

DOI QR Code

Authentication Algorithm using Random Graphic Code

무작위적인 그래픽 코드를 이용한 인증 알고리즘

  • Jeong, Pil-Seong (Dept. of Information Technology Communication, Myongji College) ;
  • Cho, Yang-Hyun (Division of Computer & Mechatronics Engineering, Sahmyook University)
  • 정필성 (명지전문대학 정보통신공학과) ;
  • 조양현 (삼육대학교 컴퓨터.메카트로닉스공학부)
  • Received : 2019.11.07
  • Accepted : 2019.12.20
  • Published : 2019.12.28
Download PDF
⟨ Previous Next ⟩

Abstract

Using a smartphone allows quick and easy authentication and payment. However, smartphone security threats are evolving into a variety of new hacking technologies, and are changing to attacks specific to the mobile environment. Therefore, there is a demand for an authentication method suitable for a mobile environment. In order to solve security weaknesses in knowledge-based authentication, many companies provide two-step authentication services such as OTP(One Time Password) to provide authentication services such as finance, games, and login. Although OTP service is easy to use, it is easy to duplicate random number table and has a disadvantage that can be reused because it is used as valid value within time limit. In this paper, we propose a mechanism that enables users to quickly and easily authenticate with high security using the authentication method that recognizes special characters through smartphone's dedicated application.

스마트폰을 이용하면 쉽고 빠르게 인증과 결제가 가능하다. 하지만 스마트폰 보안 위협이 다양하고 새로운 해킹기술로 진화하고 있고 모바일 환경에 특화된 공격 형태로 변화하고 있다. 따라서 모바일 환경에 적합한 인증방법이 요구되고 있다. 현재 지식기반 인증의 보안 취약점을 해결하기 위한 방법으로 금융, 게임, 로그인 등 인증 서비스를 제공하기 위해서 많은 업체에서 일회용 비밀번호(One Time Password)와 같은 2단계 인증 서비스를 제공하고 있다. OTP 서비스는 사용하기 쉽지만 난수표에 대한 복제가 용이하며 제한시간 내에는 유효한 값으로 사용되기 때문에 재사용이 가능한 단점이 존재한다. 본 논문에서는 스마트폰의 전용 애플리케이션을 통해 특수 문자를 인식한 인증 방법을 이용하여 이용자가 높은 보안성을 가지고 쉽고 빠르게 인증을 진행할 수 있는 매커니즘에 대해서 제안한다.

Keywords

References

  1. J. W. Jung, J. D. Kim, M. G. Song & C. G. Jin. (2015). A study on Development of Certification Schemes for Cloud Security, The Journal of digital policy & management, 13(8), 43-49. DOI: 10.14400/JDC.2015.13.8.43
  2. S. H. Hong. (2012). New Authentication Methods based on User's Behavior Big Data Analysis on Cloud, Journal of Convergence for Information Technology, 2(2), 35-41. DOI: 10.22156/CS4SMB.2016.6.4.031
  3. M. K. Choi, T. C. Kwan & D. H. Lee. (2013). Analysis of Security Vulnerability in Home Trading System, and its Countermeasure using Cell phone, Journal of The Korea Institute of Information Security and Cryptology, 23(1), 19-32. DOI: 10.13089/jkiisc.2013.23.1.019
  4. S. J. Kim. (2010). Information Security Plan on Cloud Computing - Information Security Management System, Korean Review of Management Consulting, 1(2), 194- 208.
  5. Y. Ko, J. Choi & B. Kim. (2012). Protecting Individuals from Secondary Privacy Loss using Breached Personal Data Information Center, Journal of the Korea Institute of Information Security & Cryptology, 22(2), 391-400.
  6. J. H. Kim, J. Y. Go & K. H. Lee. (2015). A Scheme of Social Engineering Attacks and Countermeasures Using Big Data based Conversion Voice Phishing, Journal of the Korea Convergence Society, 6(1), 85-91. DOI : 10.15207/JKCS.2015.6.1.085
  7. T. H. Park, G. R. Lee & H. W. Kim. (2017). Survey and Prospective on Privacy Protection Methods on Cloud Platform Environment, Journal of the Korea Institute of Information Security & Cryptology, 27(5), 1149-1155. DOI : 10.13089/JKIISC.2017.27.5.1149
  8. H. J. Mum. (2018). Biometric Information and OTP based on Authentication Mechanism using Blockchain, Journal of Convergence for Information Technology, 8(3), 85-90. https://doi.org/10.22156/CS4SMB.2018.8.3.085
  9. F. Zhang, A. Kondoro & S. Muftic. (2012). Location-Based Authentication and Authorization Using Smart Phones, TRUSTCOM '12 Proceedings of the 2012 IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications, 1285-1292. DOI : 10.1109/TrustCom.2012.198
  10. H. Takamizawa & N. Tanaka. (2012). Authentication system using location information on ipad or smartphone, International Journal of Computer Theory and Engineering, 4(2), 153-157. https://doi.org/10.7763/IJCTE.2012.V4.441
  11. W. Jansen & V. Korolev. (2009). A location-based mechanism for mobile device security, Computer Science and Information Engineering, 2009 WRI World Congress on IEEE, 1, 99-104. DOI : 10.9723/jksiis.2012.17.6.025
  12. H. Ketabdar, K. A. Yuksel, A. Jahnbekarn, M. Roshandel & D. Skirop. (2010). MagiSign: User Identification/Authentication Based on 3D Around Device Magnetic Signatures, Proc. Of UBICOMM'10, 31-34.
  13. J. S. Seo & J. S. Moon. (2015). A Study on User Authentication with Smartphone Accelerometer Sensor, Journal of The Korea Institute of Information Security and Cryptology, 25(2), 1477-1484. https://doi.org/10.13089/JKIISC.2015.25.6.1477
  14. A. Bianchi, I. Oakley, V. Kostakos & D. S. Kwon. (2011). The Phone Lock: Audio and Haptic Shoulder-Surfing Resistant PIN Entry Methods for Mobile Devices, TEI'11 Proceedings of the fifth international conference on Tangible, embedded, and embodied interaction, 197- 200.
  15. T. K. Lee, Y. H. Kim & E. G. Im. (2017). Biometric User Authentication Method of Mobile Appilication in Trustable Space, Journal of The Korea Institute of Information Security and Cryptology, 27(2), 201-212. https://doi.org/10.13089/JKIISC.2017.27.2.201