Browse > Article
http://dx.doi.org/10.7840/kics.2012.37C.10.949

A Design Secure QR-Login User Authentication Protocol and Assurance Methods for the Safety of Critical Data Using Smart Device  

Lee, Jae-Sik (숭실대학교 컴퓨터공학과)
You, Han-Na (숭실대학교 컴퓨터공학과)
Cho, Chang-Hyun (숭실대학교 컴퓨터공학과)
Jun, Moon-Seog (숭실대학교)
Publication Information
The Journal of Korean Institute of Communications and Information Sciences / v.37C, no.10, 2012 , pp. 949-964 More about this Journal
Abstract
Our PC have been under constant threat of malicious codes and viruses today. As many new ways of cyber attacks are being developed, such as zero-day-attack, nobody's PC is guaranteed to be safe from the attacks. In case where a user uses the existing verification protocol on a unsecured PC, the user's verification information may well be threatened by sniffing or man-in-the-middle attack. Especially, deadly attacks like memory hacking would give hard time for users to even recognize any symptom of virus infection. Therefore, this paper designs secured QR-Login user verification protocol for smart devices that are ready to communicate with QR-Code and proposes a way to keep critical data safe when using the internet. This way, user would be able to safeguard his/her critical data even when under attack by unknown attacks and safely carry out extremely sensitive task, like financial trading, on the device.
Keywords
QR-Code; Login; Authentication; Smart Device; Multi-Factor; Multi-Channel;
Citations & Related Records
Times Cited By KSCI : 3  (Citation Analysis)
연도 인용수 순위
1 Bruce Schneier. "Two-factor authentication: too little, too late." Commun. ACM 48, pp. 136, Apr. 2005.
2 Ziqing Mao, Florencio, D. Herley, C., "Painless migration from passwords to two factor authentication," Information Forensics and Security (WIFS), 2011 IEEE International Workshop on, Catalunya, Barcelona, pp. 1-6, Nov, 2011.
3 김영식(Young-Sik Kim), 임대운(Dae-Woon Lim), "스마트 카드를 이용한 서버 인증이 필요 없는 디지털 콘텐츠 보호 기법(Digital Contents Protection Without Server Authentication Using Smart Cards)," J-KICS vol.36, no.3, pp. 133-139, Mar, 2011
4 김현석(Hyun-Seok Kim), 김주배(Ju-Bae Kim), 정연오(Yeon-Oh Jeong), 한근희 (Keun-Hee Han), 최진영(Jin-Young Choi), " 스마트카드를 이용한 패스워드 기반 인증시스템 정형분석(Formal Analysis of Authentication System based on Password using Smart Card)," 정보과학회논문지. Journal of KIISE. 시스템 및 이론, pp. 304-310, Aug, 2009   과학기술학회마을
5 Xinyi Huang, Yang Xiang, Chonka. A., Jianying Zhou, Deng. R.H., "A generic framework for three-factor authentication: preserving security and privacy in Ddstributed systems," Parallel and Distributed Systems, IEEE Transactions on, vol.22, no.8, pp. 1390-1397, Aug, 2011.   DOI   ScienceOn
6 Chun-I Fan, Yi-Hui Lin, "Provably secure remote truly three-factor authentication scheme with privacy protection on biometrics," Information Forensics and Security, IEEE Transactions on, vol.4, no.4, pp. 933-945, Kaohsiung, Taiwan, Dec, 2009.   DOI   ScienceOn
7 유한나(Han-na You), 이재식(Jae-Sik Lee), 김 정재(Jung-Jae Kim), 박재표(Jae-Pio Park), 전 문석(Moon-Seog Jun), "인터넷 뱅킹 환경에서 사용자 인증 보안을 위한 Two-Channel 인증 방식(A Study on the Two-channel Authentication Method which Provides Two-way Authentication using Mobile Certificate in the Internet Banking Environment)," J-KICS vol.36, no.8, pp. 939-946, Aug, 2011.   과학기술학회마을   DOI   ScienceOn
8 Vapen. A., Byers. D., Shahmehri. N., "2-clickAuth optical challenge-response authentication," Availability, Reliability, and Security, 2010. ARES '10 International Conference on, Krakow, Poland, pp. 79-86, Feb. 2010.
9 Ben Dodson, Debangsu Sengupta, Dan Boneh, Monica S. Lam., "Secure, consumer-friendly web authentication and payments with a phone," In Conference on Mobile Computing, Applications, and Services (MobiCASE'10), pp. 17-38, Santa Clara, CA, USA, Oct, 2010.
10 Jaesik Lee, C. H. Cho, M. S. Jun, "Secure quick response-payment(QR-Pay) system using mobile device," Advanced Communication Technology (ICACT), 2011 13th International Conference on, pp. 1424-1427, Seoul, South Korea, Feb. 2011.
11 Kyeongwon Choi, Changbin Lee, Woongryul Jeon, Kwangwoo Lee, Dongho Won, "A mobile based anti-phishing authentication scheme using QR code," Mobile IT Convergence (ICMIC), 2011 International Conference on, pp. 109-113, Suwon, South Korea, Sep. 2011.
12 Kuan-Chieh Liao, Wei-Hsun Lee, Min-Hsuan Sung, Ting-Ching Lin, "A one-time password scheme with QR-Code based on mobile phone," INC, IMS and IDC, 2009. NCM '09. Fifth International Joint Conference on, pp. 2069-2071, Taichung, Taiwan, 25-27 Aug. 2009.
13 Kuan-Chieh Liao, Wei-Hsun Lee, "A novel user authentication scheme based on QR-Code," Journal of Networks, vol 5, no 8 (2010), pp. 937-941, Aug. 2010.
14 Michiru Tanaka, Yoshimi Teshigawara, "A method and its usability for user authentication by utilizing a matrix code reader on mobile phones," Information Security Applications (WISA), 2006 Workshop on, LNCS 4298, pp. 225-236, Jeju Island, Korea, Aug, 2006.
15 Widipedia, "QR-Code," http://en.wikipedia.org/wiki/QR_code, June 2012.
16 Yamamoto. N., Wakahara. T., "A user attestation system using a cellular phone equipped with digital camera," P2P, Parallel, Grid, Cloud and Internet Computing (3PGCIC), 2010 International Conference on, pp. 431-435, Fukuoka, Japan, Nov. 2010.
17 Wikipedia, "Smart device", "http://en.wikipedia.org/wiki/Smart_device", Wikipedia, June. 2012.
18 Faldo, "Theories and methods of memory hacking," https://game-bot-aim-trainer-delphi.googlecode.com/files/Theories%20and%20Methods%20of%20Hacking.pdf, Dec, 2008.
19 Widipedia, "Transport Layer Security." http://en.wikipedia.org/wiki/Transport_Layer_Security, June 2012.