• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 1998.12a
• /
• pp.381-387
• /
• 1998

불법적인 컴퓨터 사용이나 허가되지 않은 자료 접근 등, 컴퓨터 시스템에 대한 치부의 위협 문제들을 해결하기 위해서 사용자 인증 메커니즘(user authentication mechanism)과 같은 보호 메커니즘이 개발되고 있다. 그러나, 기술이 발전해 갈수록 패스워드와 같이 단순한 인증 메커니즘만으로는 이러한 문제를 해결하는 것이 불가능해지게 되었다. 또한, 이러한 문제를 해결하기 위해 지금까지 개발된 일회용 패스워드 메커니즘들도 대부분 특정 하드웨어 장치를 사용해야 하는 방식으로 개발됨으로써 개발품의 단가를 높이고 이를 적용한 시스템의 유지 보수를 까다롭게 해왔다. 이 논문에서는 이러한 점들을 고려하여 기존 일회용 패스워드 생성 메커니즘을 개선함으로써 스마트 카드와 같은 범용 저장 장치를 이용하여 운영하기 적합하도록 인증 메커니즘을 설계하고 구현하였다.

• Journal of the Korea Convergence Society
• /
• v.5 no.4
• /
• pp.101-106
• /
• 2014

Most peoples are used to prefer to view the video contents rather than the other contents since the video contents are more easy to understand with both their eyes and ears. As the wide spread use of smartphones, the demands for the contents services are increasing rapidly. To promote the contents business, it's important to provide security of subscriber authentication and corresponding communication channels through which the contents are delivered. Generally, symmetric key encryption scheme is used to protect the contents in the channel, and the session key should be upadated periodically for the security reasons. In addition, to protect viewing paid contents by illegal users, the proxy authentication should not be allowed. In this paper, we propose biometric based user authentication and one time key generation models. The proposed model is consist of biometric template registration, session key generation and chanel encryption steps. We analyze the difference and benefits of our model with existing CAS models which are made for CATV contents protection, and also provides applications of our model in electronic commerce area.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.15 no.2
• /
• pp.73-80
• /
• 2005

We propose a Quantum Authentication and Key distribution protocol based on one-time n using one-way Hash function. The designated users can authenticate each other and the arbitrator using their one-time ID and distribute a quantum secret key using remained GHZ states after authentication procedure. Though the help of the arbitrator is needed in the process of authentication and key distribution, our protocol prevents the arbitrator from finding out the shared secret key even if the arbitrator becomes an active attacker. Unconditional security can be proved in our protocol as the other QKD protocols.

• Proceedings of the Korean Society of Computer Information Conference
• /
• 2015.01a
• /
• pp.217-218
• /
• 2015

본 논문에서는 사용자 인증이 요구되는 장소에 자동으로 출입을 인증하여 사용자에게 더 나은 편의성과 보안성을 제공하기 위한 자동 출입 인증 시스템을 제안한다. iBeacon과 일회용 인증 방식을 이용하여 정당하지 않은 사용자의 접근을 불허하여 보안성을 강화하고, Bluetooth LE 기술을 기반으로 한 저전력 iBeacon 기술을 이용하여 사용자의 불편한 인증정보를 스마트 디바이스가 자동으로 수행하여 편의성을 제공하고자 한다.

• The Journal of the Korea Contents Association
• /
• v.19 no.7
• /
• pp.421-426
• /
• 2019

Nowadays, various type of technologies are used for user authentication, such as knowledge based(ID/PW, etc.) authentication, biometric based(Iris/fingerprint/vein recognition) authentication, ownership based(OTP, security card, etc.) authentication. ID/PW authentication technology, a knowledge based authentication, despite the advantages of low in implementation and maintenance costs and being familiar to users, there are disadvantages of vulnerable to hacking attacks, Other authentication methods solve the vulnerability in ID/PW authentication technology, but they have high initial investment cost and maintenance cost and troublesome problem of reissuance. In this paper, we proposed to improve security and convenience over existing ID/PW based authentication technology, and to secure user authentication without restriction on the devices used for authentication.

• Journal of KIISE:Computer Systems and Theory
• /
• v.30 no.7_8
• /
• pp.417-425
• /
• 2003

We propose an efficient one-time signature scheme for stream authentication by improving HORS. When one-time signatures are used for authenticating live streams, one of the most serious drawbacks is that its large signature size yields high communication overhead. Compared with the previous one-time signature schemes, proposed scheme has the smallest signature size. Moreover, verification overhead is very low. Compared with the previous schemes for stream authentication, signing overhead of our scheme is larger than that of HORS but much lower than those of BiBa or Powerball. Moreover, signing operation can be trivially parallelized without any additional risk because it does not require sharing of the secret key between distributed servers.

• Journal of Korea Multimedia Society
• /
• v.11 no.8
• /
• pp.1101-1110
• /
• 2008

Nespot provides a convenient wireless internet connection service. The existing IEEE 802.1X EAP-MD5 authentication mechanism can be achieved based on ID/password information for a wireless connection. The Nespot system offers an advanced accounting and authorization procedure for providing wireless user authentication mechanism. However, many problems were found on the existing Nespot EAP-MD5 mechanism such as a ill value exposure, a leakage of personal information on wireless authentication procedure and a weakness on Nespot mutual authentication mechanism. Therefore, we analyzed the limitation of the existing IEEE 802.1X EAP-MD5 certification system, and suggested a one-time session key based authentication mechanism. And then we offered a simplified encryption function on the Nespot certification process for providing secure mutual authentication process.

• Journal of KIISE:Information Networking
• /
• v.36 no.6
• /
• pp.552-557
• /
• 2009

One-time passwords are used just once and discarded, which makes it more secure than the repeatedly used conventional passwords. This paper proposes a challenge-response based one-time password generator on a user's mobile phone always carried with the user. The generator can provide an additional authentication for a user to issue a money transfer request within his Internet banking session on a PC. A currently used device for Internet banking generates a password that changes every 30 seconds or so, which allows a man-in-the-middle to use it for stealing money within the 30 seconds. Unlike such a device, the proposed generator resists against the man-in-the-middle attack by a novel challenge-response scheme, provides better accessability and protection against stolen devices. As the currently used devices do, it prevents any unauthorized transfer even if the victim's all other credentials are revealed through his PC infected with spyware such as a keyboard logger.

• TTA Journal
• /
• s.153
• /
• pp.56-61
• /
• 2014

• Proceedings of the Korean Information Science Society Conference
• /
• 2002.04a
• /
• pp.760.1-762
• /
• 2002

키 교환 프로토콜에서 상호 인증은 필수 요소이며, 사용자에게 편리하고 비용이 적게 드는 패스워드 기반의 인증 방식이 널리 사용되고 있다. 패스워드 기반의 프로토콜은 패스워드가 가지는 제약으로 인한 공격에 대해서 안전해야 할 뿐 아니라, 사용자의 작업량을 줄이기 위한 효율성도 매우 중요한 요건이다. 본 논문에서는 서버와 사용자간의 인증을 제공하고 세션키를 공유하기 위한 키 교환 프로토콜OTP-EKE(One Time Password based Encrypted Key Exchange)를 제안한다. 키 교환을 위한 사용자 인증은 패스워드 방식을 채택하였으며, 특히 서버 디렉토리에 대한 공격 등에 대해서 안전도를 높이기 위하여 일회용 패스워드 확인자와 서버의 공개 패스워드를 이용하였다. 제안한 프로토콜은 모듈라 지수승 계산 횟수와 메시지 전송 횟수를 줄임으로써 효율성 향상을 보인다