• Title/Summary/Keyword: 사용자 가장 공격

Search Result 140, Processing Time 0.021 seconds

Impersonation Attacks on Anonymous User Authentication and Key Agreement Scheme in Wireless Sensor Networks (무선센서네트워크에서 익명의 사용자 인증과 키동의 기법에 대한 가장 공격)

  • Choi, Hae-Won;Kim, Hyunsung
    • Journal of Digital Convergence
    • /
    • v.14 no.10
    • /
    • pp.287-293
    • /
    • 2016
  • Wireless sensor networks (WSNs) have many applications and are deployed in a wide variety of areas. They are often deployed in potentially adverse or even hostile environment so that there are concerns on security issues in these WSNs. Recently, an anonymous user authentication and key agreement scheme (AUAKAS) was proposed based on symmetric cryptosystem in WSNs. It is claimed in AUAKAS that it assures security against different types of attacks including impersonation attacks. However, this paper shows that AUAKAS does not cope from user impersonation attack and gateway impersonation attack from the legally registered user on the gateway. The security analysis could guide the required features of the security scheme to be satisfied.

Design Flaws and Cryptanalysis of Cui et al's User Authentication Scheme

  • Park, Mi-Og
    • Journal of the Korea Society of Computer and Information
    • /
    • v.24 no.10
    • /
    • pp.41-48
    • /
    • 2019
  • In 2018, Cui et al proposed a three-factor remote user authentication scheme using biometrics. Cui et al claimed that their authentication scheme is vulnerable to eavesdropping attack, stolen smart card attack, and especially Dos(denial-of-service) attack. Also they claimed that it is safe to password guessing attack, impersonation attack, and anonymity attack. In this paper, however, we analyze Cui et al's authentication scheme and show that it is vulnerable to replay attack, insider attack, stolen smart card attack, and user impersonation attack, etc. In addition, we present the design flaws in Cui et al's authentication scheme as well.

User Authentication Protocol preserving Enhanced Anonymity and Untraceability for TMIS

  • Mi-Og Park
    • Journal of the Korea Society of Computer and Information
    • /
    • v.28 no.10
    • /
    • pp.93-101
    • /
    • 2023
  • In this paper, as a result of analyzing the TMIS authentication protocol using ECC and biometric information proposed by Chen-Chen in 2023, there were security problems such as user impersonation attack, man-in-the-middle attack, and user anonymity. Therefore, this paper proposes an improved authentication protocol that provides user anonymity to solve these problems. As a result of analyzing the security of the protocol proposed in this paper, it was analyzed to be secure for various attacks such as offline password guessing attack, user impersonation attack, smart-card loss attack, insider attack, perfect forward attack. It has also been shown to provided user privacy by guaranteeing user anonymity and untraceability, which must be guaranteed in TMIS. In addition, there was no significant increase in computational complexity, so the efficiency of execution time was achieved. Therefore, the proposed protocol in this paper is a suitable user authentication protocol for TMIS.

Security Analysis and Improvements of a Biometrics-based User Authentication Scheme Using Smart Cards (스마트 카드를 이용한 생체인식 기반 사용자 인증 스킴의 안전성 분석 및 개선)

  • An, Young-Hwa
    • Journal of the Korea Society of Computer and Information
    • /
    • v.17 no.2
    • /
    • pp.159-166
    • /
    • 2012
  • Many biometrics-based user authentication schemes using smart cards have been proposed to improve the security weaknesses in user authentication system. In 2010, Chang et al. proposed an improved biometrics-based user authentication scheme without concurrency system which can withstand forgery attack, off-line password guessing attack, replay attack, etc. In this paper, we analyze the security weaknesses of Chang et al.'s scheme and we have shown that Chang et al.'s scheme is still insecure against man-in-the-middle attack, off-line biometrics guessing attack, and does not provide mutual authentication between the user and the server. And we proposed the improved scheme to overcome these security weaknesses, even if the secret information stored in the smart card is revealed. As a result, the proposed scheme is secure for the user authentication attack, the server masquerading attack, the man-in-the-middle attack, and the off-line biometrics guessing attack, does provide the mutual authentication between the user and the remote server. And, in terms of computational complexities, the proposed scheme is more effective than Chang et al.'s scheme.

RTT based Password Authentication regarding Security and Usability (보안성과 유용성을 고려한 RTT기반의 패스워드 인증 방안)

  • 이희정;이금석
    • Proceedings of the Korean Information Science Society Conference
    • /
    • 2003.10a
    • /
    • pp.670-672
    • /
    • 2003
  • 패스워드 인증방법은 온라인 사전 공격에는 약하다는 단점이 있음에도 달구하고, 사용하기에 가장 편리하다는 장점 때문에 오늘날 가장 일반적으로 사용되는 인증방법이다. 기존의 패스워드 인증방법처럼 편리하게 이용할 수 있으면서도 보다 보안성을 높이는 방안으로 RTT를 이용한 인증 프로토콜이 제안되어 왔다. RTT를 이용한 인증 프로토콜은 사용자가 아이디와 패스워드를 입력할 뿐만 아니라. 자동 프로그램 사람을 구별할 수 있는 질문에 응답하게 함으로써 자동 프로그램으로 공격하는 것을 막는다. 그러나 이 프로토콜에 이용되는 RTT의 여러 모델들에서 간단한 이미지는 공격 프로그램으로 공격 가능성이 있고, 복잡한 이미지는 사용자 입장에서 유용성이 취약함을 보인다. 따라서 이런 모델들의 취약성을 분석하여 공격에 대해서는 강하면서도 사용자들이 이용하기에는 편리하도록 하기 위해 새로운 모델을 제안하고, 보안성과 유용성을 고려한 RTT기반의 인증방안을 제안한다.

  • PDF

Weaknesses Cryptanalysis of Khan's Scheme and Improved Authentication Scheme preserving User Anonymity (Khan 인증기법의 취약점 분석과 개선된 사용자 익명성 제공 인증기법)

  • Park, Mi-Og
    • Journal of the Korea Society of Computer and Information
    • /
    • v.18 no.2
    • /
    • pp.87-94
    • /
    • 2013
  • In this paper, we analyse the weaknesses of authentication scheme preserving user anonymity proposed by Khan et al in 2011 and we propose a new authentication schemes preserving user anonymity that improved these weaknesses. Khan et al's authentication scheme is vulnerable to insider attack and doesn't provide user anonymity to the server. Also, this scheme is still a weakness of wrong password input by mistake in spite of proposing the password change phase. In this paper, we will show that Khan et al's scheme is vulnerable to the stolen smart card attack and the strong server/user masquerade attack. The proposed authentication scheme propose the improved user anonymity, which can provide more secure privacy to user by improving these weaknesses.

Analysis and Improved Solution of Hussian et al.'s Authentication Protocol for Digital Rights Management

  • Mi-Og Park
    • Journal of the Korea Society of Computer and Information
    • /
    • v.28 no.5
    • /
    • pp.67-74
    • /
    • 2023
  • In this paper, we analyze the authentication protocol for DRM proposed by Hussain et al. in 2022, and present an improved solution. Hussain et al. argued that their authentication protocol guarantees man-in-the-middle attack, replay attacks, and mutual authentication. However, as a result of analyzing Hussain et al.'s authentication protocol in this paper, Hussain et al.'s authentication protocol still has an insider attack problem, a problem with Yu et al.'s authentication protocol that they pointed out. For this reason, when an inside attacker acquires information on a mobile device, a user impersonation attack was also possible. In addition, there were problems with the user's lack of ID format verification and the problem of the secret key mismatch of the digital contents between the server and the user. Therefore, this paper proposes an improved solution to solve these problems. As a result of analysis in this paper, the improved solution is safe from various attacks such as smart card attack, insider attack, and password guessing attack and can safely authenticate users of DRM.

Cryptanalysis of Remote User Authentication Scheme (원격 사용자 인증 구조의 암호학적 분석)

  • Choi, Jong-Seok;Shin, Seung-Soo;Han, Kun-Hee
    • Journal of the Korea Academia-Industrial cooperation Society
    • /
    • v.10 no.2
    • /
    • pp.327-333
    • /
    • 2009
  • In 2004, Das et al. proposed a scheme for preserving a user anonymity. However, In 2005, Chien and Chen pointed out that Das et al. scheme fail to protect the user anonymity, and proposed a new scheme. And then in 2007, Hu et al. pointed out that Chien and Chen scheme also has some problems; it is Strong masquerading server/user attack, Restricted replay attack, Denial of service attack. it also slow wrong password detection, and proposed a new scheme. In 2008, Bindu et al. repeatedly pointed out on Chien and Chen scheme and proposed their scheme. However, we point out that all of their scheme also has some problems; it is not to protect the user anonymity and Denial of service attack. In addition, Bindu et al. is vulnerable to Strong masquerading server/user attack. Therefore, we demonstrate that their scheme also have some problems; it is the user anonymity and denial of service attack as above.

패턴 기반 사용자 인증 시스템 기술 연구 동향 및 비교

  • Shin, Hyungjune;Hur, Junbeom
    • Review of KIISC
    • /
    • v.25 no.3
    • /
    • pp.36-43
    • /
    • 2015
  • 최근 다양한 스마트기기의 대중화로 인해, 사용자의 개인 정보를 이용한 다양한 스마트 서비스들이 제공되고 있다, 이에 따라 해당 정보의 사용자를 확인하는 사용자 인증 기법의 중요성이 대두되고 있다. 가장 대표적으로 널리 쓰이는 인증기법인 패스워드 인증기법은 사용자가 기억하기 쉬운 형태로 패스워드를 설정하기 때문에 추측공격(Guessing Attack)과 사전공격(Dictionary Attack)에 취약하다. 또한 터치 스크린 기반의 시스템에서 사용할 경우, 가상 키보드의 불편함으로 인해 편리성이 떨어진다. 본 논문에서는 패스워드 인증 기법의 문제점을 해결한 여러 가지 패턴 기반 사용자 인증기법들의 연구 동향에 대해 분석하고, 해당 인증 기법들을 비교하여 분석한다.

An Unproved Optimal Strong-Password Authentication (I-OSPA) Protocol Secure Against Stolen-Verifier Attack and Impersonation Attack (Stolen-Verifier 공격과 Impersonation 공격에 안전한 개선된 OSPA 프로토콜)

  • Kwak, Jin;Oh, Soo-Hyun;Yang, Hyung-Kyu;Won, Dong-Ho
    • The KIPS Transactions:PartC
    • /
    • v.11C no.4
    • /
    • pp.439-446
    • /
    • 2004
  • In the Internet, user authentication is the most important service in secure communications. Although password-based mechanism is the most widely used method of the user authentication in the network, people are used to choose easy-to-remember passwords, and thus suffers from some Innate weaknesses. Therefore, using a memorable password it vulnerable to the dictionary attacks. The techniques used to prevent dictionary attacks bring about a heavy computational workload. In this paper, we describe a recent solution, the Optimal Strong-Password Authentication (OSPA) protocol, and that it is vulnerable to the stolen-verifier attack and an impersonation attack. Then, we propose an Improved Optimal Strong-Password Authentication (I-OSPA) protocol, which is secure against stolen-verifier attack and impersonation attack. Also, since the cryptographic operations are computed by the processor in the smart card, the proposed I-OSPA needs relatively low computational workload and communicational workload for user.