• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2004.05b
• /
• pp.733-738
• /
• 2004

In a distributed network system, Kerberos certification mechanism is operated by a user in local area on the premise reliability of Kerberos server in another area. But it has a demerit. If security information of certification server between Kerberos servers is released, Kerberos server can not guarantee the reliability. To solve this problem, the proposed mechanism prevents password speculating attack by increasing the random of password certifier through use of distributed password in stead of certification center and certification which was presented by existing Kerberos mechanism. Besides, it used password based certification method which uses secret distributed technique

• KIPS Transactions on Computer and Communication Systems
• /
• v.2 no.12
• /
• pp.525-532
• /
• 2013

Recently smartphones, tablet, etc. Various types of smart terminal is due to the increased security in mobile devices are becoming an issue. How to enter the password in this environment is a very important issue. Difficult to have a secure password input device on various types of mobile devices. In addition you enter on the touch screen the password of character, uncomfortable and it is vulnerable to SSA attack. Therefore, in this paper provide for defense the SSA(Shoulder Surfing Attacks) and useful password input mechanism is proposed with Smartphone GPS uses a value generated via a graphical password techniques.

• Journal of the Korea Society of Computer and Information
• /
• v.20 no.1
• /
• pp.119-125
• /
• 2015

In this paper, we propose a user friendly password input method for mobile devices which is secure against SSA. The proposed method is a numeric password input method such as a conventional PIN method. One of the buttons, numbers and colors, so as to display the two pieces of information to double. The user can select one of the colors or numbers within one button to type in the password. Because an attacker does not know whether the user has entered any color and number, the proposed technique is safe from the SSA. Also to be secure for smudge attacks and password guessing attacks through random changes in the number and color information.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2010.11a
• /
• pp.1267-1270
• /
• 2010

현재 타블렛PC, 전자칠판, 디지털 키오스크 단말, 은행 ATM기기 등에서 키보드 및 버튼이 아닌 터치패널을 이용해 사용자가 더욱 직관적인 입력을 할 수 있도록 지원하고 있다. 나아가 이러한 터치패널은 하나의 접점만 인식하는 것이 아닌 현재 기술로 여러 개의 접점을 인식하는 멀티터치 방식을 채택하고 있다. 본 논문에서는 이러한 멀티터치 환경에서의 다중 입력을 통한 사용자 인증 방식에 대한 아이디어를 소개하고자 한다. 멀티터치 환경에서의 비밀 번호 입력으로 이전의 싱글터치 기반에서 1글자씩 입력되던 비밀번호가 멀티터치 기반에서는 2개 이상의 글자로 입력될 수 있다. 멀티터치 기반의 패스워드 입력은 단순히 [ 1, 2, 3, 4 ] 로 입력되던 패스워드를 [ (1,3), 2, (3,4), (1,2,3) ] 와 같은 방식으로 설정함으로써 사용자 패스워드의 암호화 강도를 높이고 패스워드 노출 위험을 줄이려 하였다. 본 연구는 나아가 멀티터치 기반에서 사용자 패스워드를 넘어 개인 인증을 위한 보안 기술 연구의 초석으로 활용 될 것이다.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2021.05a
• /
• pp.117-119
• /
• 2021

In this paper, the strengths and weaknesses of each type of personal authentication system are examined and the development direction of the personal authentication system is presented. Currently, the personal authentication system commonly used is a text-based password system. However, most of the current text-based password systems are weak in usability and security. In order to solve this problems a personal authentication system that can replace the text-based password system is required. In this paper, we take the recently developed graphical password system as an example to find the conditions and possibilities to replace the text-based password system, and present the development direction of the personal authentication system.

• Journal of Digital Convergence
• /
• v.11 no.12
• /
• pp.423-430
• /
• 2013

With the active Internet e-commerce and the financial sector, mutual authentication between users and service providers has become very important. Because ID- and password-based authentication is of low security, one-time password authentication methods are widely used. The existing one-time password authentication scheme of S/Key authentication method is fraught with a number of issues in addition to plain text transmission, and the method of Kim Gong-ki et al. does not offer suggestions for session key generation and distribution method. Proposed in this paper is a protocol that solves these problems.

• Journal of Korea Multimedia Society
• /
• v.11 no.10
• /
• pp.1403-1408
• /
• 2008

A number of three party key exchange protocols using smart card in effort to reduce server side workload and two party password based key exchange authentication protocols has been proposed. In this paper, we introduce the survey and analysis on security vulnerability of smart card based three party authenticated key exchange protocols. Furthermore, we analyze Kwak et al's password based key exchange and authentication protocols which have shown security weakness such as Shim et al's off-line password guessing attack and propose the countermeasure to deter such attack.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.9 no.3
• /
• pp.627-632
• /
• 2005

Almost all network systems provide an authentication mechanism based on user ID and password. In such system, it is easy to obtain the user password using a sniffer program with illegal eavesdropping. The one-time password and challenge-response method are useful authentication schemes that protect the user passwords against eavesdropping. In client/ server environments, the one-time password scheme using time is especially useful because it solves the synchronization problem. It is the stability that is based on Square Root problem, and we would like to suggest OPI(One Pass Identification), enhancing the stability for all of the well-known attacks by now including Free-playing attack, off-line Literal attack, Server and so on. OPI does not need to create the special key to read the password. OPI is very excellent in identifying the approved person within a very short time.

• Journal of the Korea Society for Simulation
• /
• v.20 no.1
• /
• pp.39-49
• /
• 2011

Nowaday, Many equipments like TabletPC, Digital kiosk, ATM using touch-panel service instead of keyboard or button, to support intuitively input for user. Furthermore these days touch-panels recognize up to 5 contact points using recent technology. On this study, I Introduce password input/store methodology on multi-touch environment. On past, User must input password 1 character by 1 character, like [1, 2, 3, 4]. but, on multi-touch environment user can input more than one character at the same time, like [(1,3), 2, (3,4), (1,2,3)]. In result, users can use password more intensely. This study is utilized post security technology study on multi-touch environment.

• Journal of Internet of Things and Convergence
• /
• v.6 no.2
• /
• pp.93-100
• /
• 2020

Although various home services are developed as increasing the number of home devices with wire and wireless connection, privacy infringement and private information leakage are occurred by unauthorized remote connection. It is almost caused by without of device authentication and protection of transmission data. In this paper, the devices' secret value are stored in a safe memory of a smartphone. A smartphone processes device authentication. In order to prevent leakage of a device's password, a shadow password multiplied a password by the private key is stored in a device. It is proposed mutual authentication between a smartphone and a device, and session key agreement for devices using recovered passwords on SRP. The proposed protocol is resistant to eavesdropping, a reply attack, impersonation attack.