• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.11 no.7
• /
• pp.1367-1372
• /
• 2007

This paper suggests One-time Password key exchange authentication technique for a strong authentication based on MANET and through identify wireless environment security vulnerabilities, analyzes current authentication techniques. The suggested authentication technique consists of 3 steps: Routing, Registration, and Running. The Routing step sets a safe route using AODV protocol. The Registration and Running step apply the One-time password S/key and the DH-EKE based on the password, for source node authentication. In setting the Session key for safe packet transmission and data encryption, the suggested authentication technique encrypts message as H(pwd) verifiers, performs key exchange and utilizes One time password for the password possession verification and the efficiency enhancement. EKE sets end to end session key using the DH-EKE in which it expounds the identifier to hash function with the modula exponent. A safe session key exchange is possible through encryption of the H(pwd) verifier. The suggested authentication technique requires exponentiation and is applicable in the wireless network environment because it transmits data at a time for key sharing, which proves it is a strong and reliable authentication technique based on the complete MANET.

• Journal of KIISE:Computer Systems and Theory
• /
• v.29 no.5
• /
• pp.291-298
• /
• 2002

Mutual authentication is essential for key exchange protocols and password-based authentication scheme is used widely, which is convenient to users and executed on the cheap. Password-based protocol should be not only secure against attach but also efficient to reduce user's load. In this paper, we propose a new key exchange protocol, called OTP-EKE(One Time Password based Encrypted Key Exchange), to provide authentication and to share a session key between a server and a user. We choose a password-based scheme as a user authentication. Especially, we use a one-time-password verifier and server's public password to protect against attacks on server's directory. As for efficiency, we improve the performance by reducing the number of modular exponentiations and the number of rounds.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2000.04a
• /
• pp.314-317
• /
• 2000

최근 정보통신기술을 활용한 전자상거래가 빠르게 발전하고 있다. 전자상거래는 인터넷이라는 공개된 가상공간에서 이루어지기 때문에 시스템 접근에 대한 강력한 인증과 상행위에 대한 정보의 보호가 필수적으로 요구된다. 따라서 본 논문에서는 관련 보안기술과 원타임 패스워드시스템, 그리고 지불시스템 로그인 단계에서 발생할 수 있는 문제점들을 검토하고, 이를 방지할 수 있는 원타임 패스워드시스템을 적용한 지불시스템의 모델을 제시하였다.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2007.10a
• /
• pp.713-716
• /
• 2007

This paper suggests One-time Password key exchange authentication technique for a strong authentication based on Ad-hoc Networks and through identify wireless environment security vulnerabilities, analyzes current authentication techniques. The suggested authentication technique consists of 3 steps: Routing, Registration, and Running. The Routing step sets a safe route using AODV protocol. The Registration and Running step apply the One-time password S/key and the DH-EKE based on the password, for source node authentication. In setting the Session key for safe packet transmission and data encryption, the suggested authentication technique encrypts message as H(pwd) verifiers, performs key exchange and utilizes One time password for the password possession verification and the efficiency enhancement. EKE sets end to end session key using the DH-EKE in which it expounds the identifier to hash function with the modula exponent. A safe session key exchange is possible through encryption of the H(pwd) verifier.

• Proceedings of the Korean Information Science Society Conference
• /
• 2003.10a
• /
• pp.646-648
• /
• 2003

본 연구는 이미지 합성을 이용하여 서버가 사용자를 인증하기 위한 알고리즘을 개발하고 이들을 구현하여 그 성능을 평가하고 분석한다. 서버는 사용자가 소지하는 사용자카드를 랜덤하게 점을 찍어 생성하고, 각 사용자에게 배포된 사용자카드의 정보를 유지.관리한다. 한 사용자로부터 인증요청이 들어오면, 서버는 그 사용자의 사용자카드 정보를 기반으로 서버카드를 실시간에 생성하여 사용자에게 송신한다. 서버카드는 인증마다 다르게 생성되므로 원타임 패스워드 챌린지(challenge) 역할을 한다. 사용자는 본인이 소유하고 있는 사용자카드와 서버로부터 송신된 서버카드를 겹쳤을 때 생성되는 이미지를 판독하여 인증을 수행한다. 보안성을 높이면서 이미지 판독을 효율적으로 하기 위해 다양한 기법을 제시하고 구현을 통하여 실용성을 진단한다.

• Proceedings of the Korean Information Science Society Conference
• /
• 2003.10a
• /
• pp.628-630
• /
• 2003

오늘날의 규모가 매우 크고 복잡한 시스템 및 네트워크 환경 하에서 컴퓨터 시스템의 보안 관리는 매우 중요하다. 역할기반 접근제어 (RBAC : Role-Based Access Control)는 시스템 상의 역할을 기반으로 하는 접근제어 메커니즘으로 복잡한 접근정책을 기술하고, 시스템 관리상의 에러와 비용을 줄일 수 있다. 본 논문은 리눅스 커널에 보안 강화를 지원하는 리눅스 보안 모듈(LSM: Liunx Security Module) 프레임워크 상에서 확장된 역할기반 접근제어 보안 시스템 (LSM-Based Extended RBAC Security Module)을 제안한다. 본 고에서 제안된 시스템은 보안의 강화를 위하여 원 타임 패스워드 (One-Time Password)의 강화된 인증 방식과 부분적 다중 계층 보안 (Partial Multi-Level Security), 임의적 접근 제어(Discretionary Access Control) 및 감사 정보를 통한 보안 정책 오류 검사 및 대응 (Security Policy Validation and Response) 기능을 지원한다.

• Convergence Security Journal
• /
• v.4 no.3
• /
• pp.19-25
• /
• 2004

This research develops an algorithm using image synthesis for a server to authenticate users and implements it. The server creates cards with random dots for users and distribute them to users. The server also manages information of the cards distributed to users. When there is an authentication request from a user, the server creates a server card based on information of the user' s card in real time and send it to the user. Different server card is generated for each authentication. Thus, the server card plays a role of one-time password challenge. The user overlaps his/her card with the server card and read an image(eg. a number with four digits) made up from them and inputs the image to the system. This is the authentication process. Keeping security level high, this paper proposes a technique to generate the image clearly and implements it.

• Proceedings of the KAIS Fall Conference
• /
• 2007.05a
• /
• pp.199-202
• /
• 2007

In this paper, I suggest that as follow. First, it is the algorithm to transmit the encryption key which use ${\ast}$ N Puzzle method more safe than the existing One-path XOR method. Second, it does provide the high quality of security than the existing system because it does not save the generated puzzle to the setter side. Third, it does support the client decryption system which can decrypt the puzzle with OPT in decryption with client side. Fourth, it does adopt more of the safe tansmission method with the compound of ${\ast}$ N Puzzle method and OPT.

• Journal of Korea Society of Industrial Information Systems
• /
• v.7 no.4
• /
• pp.59-65
• /
• 2002

Payment systems in EC need confidentiality, integrity, non-repudiation. All transactions between cardholders and merchants must be authorized by a payment gateway in SET protocol. RSA secret key operation which requires heavy computation takes the most part of the time for payment authorization. For the reason, a heavy traffic of payment authorization requests from merchants causes the payment gateway to execute excessive RSA secret key operations, which may cause the bottleneck of the whole system. To resolve this problem, One-Time Password technique is applied to payment authorization step of the SET protocol.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.11 no.3
• /
• pp.63-69
• /
• 2001

Smartcard is highlighted as infrastructure that has an excellent security for executing functions such as user authentication, access control, information storage and control, and its market is expanding rapidly. But possibilities of forgery and alteration by hacking are increasing as well. This paper proposes a method to prevent card forgery and alteration using angular multiplexing and private key multiplexing method on optical encryption, and proposed a Public Key Infrastructure(PKI)-based authentication system combined with One-Time Password (OTP) for verification of forgery and alteration .