Browse > Article
http://dx.doi.org/10.7472/jksii.2018.19.5.55

Study on Elliptic Curve Diffie-Hellman based Verification Token Authentication Implementation  

Choi, Cheong H. (Dept. of MIS, Kwangwoon Univ.)
Publication Information
Journal of Internet Computing and Services / v.19, no.5, 2018 , pp. 55-66 More about this Journal
Abstract
Since existing server-based authentications use vulnerable password-based authentication, illegal leak of personal data occurs frequently. Since this can cause illegal ID compromise, alternative authentications have been studied. Recently token-based authentications like OAuth 2.0 or JWT have been used in web sites, however, they have a weakness that if a hacker steals JWT token in the middle, they can obtain plain authentication data from the token, So we suggest a new authentication method using the verification token of authentic code to encrypt authentication data with effective time. The verification is to compare an authentication code from decryption of the verification-token with its own code. Its crypto-method is based on do XOR with ECDH session key, which is so fast and efficient without overhead of key agreement. Our method is outstanding in preventing the personal data leakage.
Keywords
Authentication; Diffie-Hellman; Elliptic Curve Crypto;
Citations & Related Records
Times Cited By KSCI : 1  (Citation Analysis)
연도 인용수 순위
1 "Leakage of 1,230 Personal Info. in KT LGU+ SKT," Moneytoday, MARCH 11, 2014. http://news.mt.co.kr/mtview.php?no=2014031111001655436&type=1
2 "Leakage of 20 millin personal info. of drivers in Administrative Portal of Automotive Complaints," MBCnews, March 26, 2014, http://imnews.imbc.com/replay/2014/nwdesk/article/3436559_18451.html
3 Sun-Jae Sung, "Personal Information Protection Act," Seoul Economy and Management Pub., 2014. ISBN 9788997937172
4 "Personal Information Leakage Accident 'Nonghyup, KB Card, Lotte Card' Penalty," http://news.jtbc.joins. com/article/ArticlePrint.aspx?news_id=NB11273154, [JTBC] input 2016-07-15 17:16:05 modified
5 Tae-Myung Jung, 2, "A study on the prevention of a privacy exposure and the protection of privacy information on the Internet," Korea Information Security Agency, Technical Report KISA-WP-2007-0042, Dec. 2007, https://www.kisa.or.kr/jsp/common/libraryDown.jsp?folder=012271
6 Kyung-Ae Kim, "The First cause of Personal Information is External Attack! Frequent 4 Hacking method is:," Security News, http://www.boannews.com/media/view.asp?idx=56616, Aug-2, 2017. http://dx.doi.org/10.14257/jse.2017.04.02
7 S.R,Cho, O.S. Choi, S.H, Jin and H.H. Lee, "Passwordless Authentication Technology-FIDO," Electronics and Telecommunications Trends, Vol. 29, Issue 4, Aug. 2014. https://doi.org/10.22648/ETRI.2014.J.290411   DOI
8 Byung-Rae Cha, Nam-Ho Kim, Jong-Won Kim, "Design of OTP based on Mobile Device using Voice Characteristic Parameter," The journal of Korea Navigation Institute, Vol 14 Issue 4, Aug. 2010. http://kiss.kstudy.com/thesis/thesis-view.asp?key=2867972
9 Nam Ho Kim, Bu Hyun Hwang, "Fingerprint overlay technique of mobile OTP to extent seed of password," The journal of Korea Navigation Institute, Vol. 16, No. 2, pp. 375-385, 2012. https://doi.org/10.12673/jkoni.2012.16.2.375
10 Woo Chan Hong, Kwang Woo Lee, Seung Joo Kim, Dong Ho Won, "Vulnerabilities Analysis of the OTP Implemented on a PC," The KIPS Transactionsty C, Vol. 17, No. 4, pp. 361-370, 2010. https://doi.org/ 10.3745/KIPSTC.2010.17C.4.361
11 Seo Il Kang, Im Yeong Lee, "A Study on PIN-based Authentication and ID Registration by Transfer in AAA System," The KIPS transactions : Part C, Vol. 13, No. 3, 2006. http://www.riss.kr/link? id=A101859859
12 Hardt, D., Ed., "The OAuth 2.0 Authorization Framework", RFC 6749, Oct. 2012. https://doi.org/10.17487/RFC6749
13 velopert, "[JWT] Introduction on Token based Authentication," Dec. 4 2016. https://velopert.com/2350
14 Byoungcheon Lee, “Strengthening of Token Authentication Using Time-based Randomization,” Journal of Security Engineering, Vol. 14, No. 2, pp. 103-114, 2017. http://dx.doi.org/10.14257/jse.2017.04.02   DOI
15 Namho Kim, ChoongSeon Hong, "OAuth-Based Authentication with Kerberos for IoT Network," 2016 Proceedings of the Korean Information Science Society Conference, 2016. https://www.dbpia.co.kr/Journal/ArticleDetail/NODE07017547
16 Cheong H. Choi, "IBE based Mobile IP Security", Proceedings for ICONI & APIC-IST 2010, Mactan Island, Philippines, pp115-118, 2010-12-17.
17 Jin-Tak Choi, "A Study on Authentication Management Technique Used of SSO," J. KSIAM IT series, Vol. 7, No. 2, pp. 1-9, 2003. https://www.dbpia.co.kr/Journal/ArticleDetail/NODE00992033
18 I. Liusvaara, "CFRG Elliptic Curve Diffie-Hellman (ECDH) and Signatures in JSON Object Signing and Encryption (JOSE)," Request for Comments: 8037, January 2017. http://dx.doi.org/10.17487/RFC8037, https://tools.ietf.org/html/rfc8037
19 Song, Bo-Yeon, Kim, Kwang-Jo, "Key Agreement Protocol based on Diffie-Hellman Problem Over Elliptic Curve ," Proceedings of the Korea Information Processing Society Conference (1), pp.785-788, Oct. 13 2000. http://caislab.kaist.ac.kr/publication/paper_files/2000/bysong/kips14_song.pdf
20 Kyoungsook Jung, TaeChoong Chung, "Hybrid Cryptosystem based on Diffie-Hellman over Elliptic Curve," Journal of the Korea Society of Computer and Information, Vol. 8, No. 4, pp. 104-110, Dec. 2003. http://insight.dbpia.co.kr/article/related.do?nodeId=NODE06535740
21 Hyun-Wook You, "Design of a XOR encryption based file sharing system that provides efficient in cloud server environments ", Thesis of MS, Hanyang Univ., Feb 2017. http://www.riss.kr/link?id=T14385365