• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2011.10a
• /
• pp.299-302
• /
• 2011

Recently, Voice over Internet protocol(VoIP) in IP-based wired and wireless voice, as well as by providing multimedia information transfer. Wired and wireless VoIP is easy on illegal eavesdropping of phone calls and VoIP call control signals on the network. In addition, service misuse attacks, denial of service attacks can be targeted as compared to traditional landline phones, there are several security vulnerabilities. In this paper, VoIP equipment in order to obtain information on the IP Phone is scanning. And check the password of IP Phone, and log in successful from the administrator's page. Then after reaching the page VoIP IP Phone Administrator Settings screen, phone number, port number, certification number, is changed. In addition, IP Phones that are registered in the administrator page of the call records check and personal information is the study of hacking.

• Journal of Internet Computing and Services
• /
• v.10 no.6
• /
• pp.229-239
• /
• 2009

To solve user authentication problem, many remote user authentication schemes using password and smart card at the same time have been proposed. Due to the increasing of interest in personal privacy, there were some recent researches to provide user anonymity. In 2004, Das et al. firstly proposed an authentication scheme that guarantees user anonymity using a dynamic ID. In 2005, Chien et al. pointed out that Das et al.'s scheme has a vulnerability for guaranteing user anonymity and proposed an improved scheme. However their authentication scheme was found some weaknesses about insider attack, DoS attack, and restricted replay attack. In this paper, we propose an enhanced scheme which can remove vulnerabilities of Chien et al.'s scheme. The proposed authentication protocol prevented insider attack by using user's Nonce value and removed the restricted replay attack by replacing time stamp with random number. Furthermore, we improved computational efficiency by eliminating the exponentiation operation.

• Journal of the Korea Society of Computer and Information
• /
• v.26 no.10
• /
• pp.101-108
• /
• 2021

In this paper, we analyze Shin's proposed dynamic ID-based user authentication scheme for TMIS(Telecare Medicine Information System), and Shin's authentication scheme is vulnerable to smart card loss attacks, allowing attackers to acquire user IDs, which enables user impersonation attack. In 2019, Shin's proposed authentication scheme attempted to generate a strong random number using ECC, claiming that it is safe to lose a smart card because it is impossible to calculate random number r'i due to the difficulty of the ECC algorithm without knowing random number ri. However, after analyzing Shin's authentication scheme in this paper, the use of transmission messages and smart cards makes it easy to calculate random numbers r'i, which also enables attackers to generate session keys. In addition, Shin's authentication scheme were analyzed to have significantly greater overhead than other authentication scheme, including vulnerabilities to safety analysis, the lack of a way to pass the server's ID to users, and the lack of biometric characteristics with slightly different templates.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.13 no.5
• /
• pp.91-104
• /
• 2003

A masquerader is someone who pretends to be another user while invading the target user's accounts, directories, or files. The masquerade attack is the most serious computer misuse. Because, in most cases, after securing the other's password, the masquerader enters the computer system. The system such as IDS could not detect or response to the masquerader. The masquerade detection is the effort to find the masquerader automatically. This system will detect the activities of a masquerader by determining that user's activities violate a profile developed for that user with his audit data. From 1988, there are many efforts on this topic, but the success of the offers was limited and the performance was unsatisfactory. In this report we propose efficient masquerade detection system using SVM which create the user profile.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.18 no.1
• /
• pp.11-21
• /
• 2008

Biometrics-based user authentication has several advantages over traditional password-based systems for standalone authentication applications. This is also true for new authentication architectures known as crypto-biometric systems, where cryptography and biometrics are merged to achieve high security and user convenience at the same time. Recently, a cryptographic construct, called fuzzy vault, has been proposed for crypto-biometric systems. This construct aims to secure critical data(e.g., secret key) with the fingerprint data in a way that only the authorized user can access the secret by providing the valid fingerprint, and some implementations results for fingerprint have been reported. However, the previous results had some limitation of the provided security due to the limited numbers of chaff data fer hiding real fingerprint data. In this paper, we propose an approach to provide both the automatic alignment of fingerprint data and higher security by using a 3D geometric hash table. Based on the experimental results, we confirm that the proposed approach of using the 3D geometric hash table with the idea of the fuzzy vault can perform the fingerprint verification securely even with more chaff data included.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.12 no.1
• /
• pp.33-42
• /
• 2002

We present a systematic way to armor a zero-knowledge interactive proof based identification scheme that has badly chosen keys. Keys are sometimes mistakenly chosen to be weak(neither random nor long), and a weak key is often preferred to a strong key so that it might be easy for human to remember. Weak keys severely degrade the security of ZKIP based identification schemes. We show using off-line guessing attack how the weak key threats the security of ZlKIP based identification schemes. For the proper usage of ZKIP, we introduce a specialized form of ZKIP, which has a secret coin-tossing stage. Using the secret coin tossing, a secure framework is proposed for ZKIP based identification schemes with weak key in the ideal cipher model. The framework is very useful in password based authentication and key exchange protocol

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.6
• /
• pp.1243-1252
• /
• 2012

Due to the widespread use of smart devices, threats of direct observation attacks such as shoulder surfing and recording attacks, by which user secrets can be stolen at user interfaces, are increasing greatly. Although formal security models are necessary to evaluate the possibility of and security against those attacks, such a model does not exist. In this paper, based on the previous work in which a HCI cognitive model was firstly utilized for analyzing security, we propose STM-GOMS model as an improvement of GOMS-based model with regard to memory limitations. We then apply STM-GOMS model for analyzing usability and security of a password entry scheme commonly used in smart devices and show the scheme is vulnerable to the shoulder-surfing attack. We finally conduct user experiments to show the results that support the validity of STM-GOMS modeling and analysis.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.20 no.2
• /
• pp.15-21
• /
• 2010

The user authentication using fingerprint information not only provides the convenience but also high security. However, the fingerprint information for user authentication can cause serious problems when it has been compromised. It cannot change like passwords, because the user only has ten fingers on two hands. Recently, there is an increasing research of the fuzzy fingerprint vault system to protect fingerprint information. The research on the problem of fingerprint alignment using geometric hashing technique carried out. This paper proposes the hardware architecture fuzzy fingerprint vault system based on geometric hashing. The proposed architecture consists of software and hardware module. The hardware module has charge of matching between enrollment hash table and verification hash table. Based on the experimental results, the execution time of the proposed system with 36 real minutiae is 0.2 second when 100 chaff minutiae, 0.53 second when 400 chaff minutiae.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.20 no.3
• /
• pp.9-21
• /
• 2010

Recently, famous online shopping websites were hit by hacking attack, and many users' personal information such as ID, password, account number, personal number, credit card number etc. were compromised. Hackers are continuing to attack online shopping websites, and the number of victims of these hacking is increasing. Especially, the exposure of credit card numbers is dangerous, because hackers maliciously use disclosed card numbers to gain money. In 2007 Financial Cryptography Conference, Ian Molly et al. firstly proposed dynamic card number generator, but it doesn't meet reuse resistant. In this paper, we analyzed security weaknesses of Ian Molly's scheme, and we proposed a new one-time virtual card number generator using a mobile device which meets security requirements of one-time virtual card numbers. Then, we propose one-time credit card number generation and transaction protocol using Integrated Authentication Center for user convenience and security enhancement.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.20 no.5
• /
• pp.81-88
• /
• 2010

Sun et al. proposed a new design of wearable token system for security of mobile devices, such as a notebook and PDA. In this paper, we show that Sun et al.'s system is vulnerable to off-line password guessing attack and man in the middle attack based on known plain-text attack. We propose an improved scheme which overcomes the weaknesses of Sun et al.'s system. The proposed protocol requires to perform one modular multiplication in the wearable token, which has low computation ability, and modular exponentiation in the mobile devices, which have sufficient computing resources. Our protocol has no security problem, which threatens Sun's system, and known vulnerabilities. That is, the proposed protocol overcomes the security problems of Sun's system with minimal overheads.