• Electronics and Telecommunications Trends
• /
• v.29 no.4
• /
• pp.101-109
• /
• 2014

패스워드 기반의 사용자 인증은 비용이 적게 들고 편리성 때문에 보안상 취약점이 있어도 현재까지 광범위하게 사용되고 있다. 이러한 패스워드 기반 인증의 보안 취약성을 개선하기 위해 생체 인증을 사용하거나 다중 요소 인증기술을 적용하려는 시도는 그동안 계속되어 왔다. 하지만 기술에 따라 사용자의 편리성이 떨어지거나 광범위하게 설치하기에 비용부담이 증가하여 응용서비스에 적용하기에는 무리가 있었다. FIDO(Fast IDentity Online)는 인증 프로토콜과 인증수단을 분리하여 패스워드 없이 인증강도를 높이면서 사용자의 편리성도 높이려는 시도를 하는 기술로 패스워드의 문제를 극복하여 스마트 모바일 환경에 적합한 인증기술로 활용될 수 있다.

• Proceedings of the Korean Society of Computer Information Conference
• /
• 2014.07a
• /
• pp.75-76
• /
• 2014

스마트폰의 대중화로 다양한 서비스를 제공받게 되면서 보안에 대한 위협도 커지고 있다. 본 논문에서는 사용자의 편의성과 안전성을 고려한 안전한 패스워드 기법을 제안하고자 한다. 암호 설정 단계에서는 연산자와 연산 결과값을 설정하고, 패스워드 입력 시 연산 결과값이 되도록 0~9의 숫자를 입력하여 인증을 하도록 한다. 허수를 삽입할 수 있으며 연산에 기반하기 때문에 패스워드의 길이, 값, 순서를 동적으로 변화시킬 수 있어 안전성을 향상시킬 수 있다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.21 no.6
• /
• pp.133-140
• /
• 2011

Password-based authentication is the protocol that two entities share a password in advance and use the password as the basic of authentication. Password authentication schemes are divided into weak-password and strong-password authentication scheme. SPAS protocol, one of the strong-password authentication scheme, was proposed for secure against DoS attack. However it has vulnerability of the replay attack. In this paper, we analyze the vulnerability to the replay attack in SPAS protocol. Then we also propose an Improved-Strong Password Authentication Scheme (I-SPAS) with secure against the replay attack.

• Proceedings of the Korea Multimedia Society Conference
• /
• 2002.11b
• /
• pp.279-282
• /
• 2002

고전적인 암호 프로토콜은 사용자-선택 키를 기반으로 하였다. 하지만 이러한 방법은 공격자에게 패스워드-예측 공격을 허용하는 문제점을 가지고 있다. 기존에 제안된 방식들은 패스워드에 대한 보호를 강화함으로써 패스워드를 보호하여 하였다. 이러한 문제점으로부터 안전하지 못한 네트워크 상에서 사용자를 인증하고 서로간의 세션키를 공유하는 새로운 방법을 제안한다. 제안된 프로토콜은 능동적인 공격자에 의한 사전공격(Dictionary attack), 패스워트 추측 공격, forward secrecy, server compromise, client compromise와 세션키 분실에 안전하게 설계되었다.

• Smart Media Journal
• /
• v.9 no.1
• /
• pp.30-37
• /
• 2020

Enforcing additional authentication to password-based authentication, in addition to attempting to increase the security of the password itself, helps to improve the security of the password authentication scheme. For a well-known problem of using strong passwords that differ from site to site, we propose a scheme for password generation and management with an inherent supplementary authentication. Like the so-called password manager, the scheme retrieves and presents a strong site-specific password whenever requested without requiring the user to remember multiple passwords. Unlike the existing methods, however, the scheme permits the password retrieval process to proceed only through the authenticated user's ownership verified smartphone. Hence, even for sites not enforcing or supporting two-factor authentication, the logon process can benefit from the scheme's assurance of enhanced security with its two-factor equivalent authentication. The scheme can also prevent an attacker from impersonating a user or stealing secrets even when the stored information of the server for password retrieval service or the user's smartphone is leaked.

• Journal of Internet Computing and Services
• /
• v.6 no.5
• /
• pp.27-43
• /
• 2005

EAP provides authentication for each entity based on IEEE Std 802.1x Wireless lAN and RADIUS/DIAMETER protocol, and it uses certificate, dual scheme(e.g., password and token) with the authentication method. The password-based authentication scheme for authenticated key exchange is the most widely-used user authentication method due to various advantages, such as human-memorable simplicity, convenience, mobility, A specific hardware device is also unnecessary, This paper discusses user authentication via public networks and proposes the Split Password-based Authenticated Key Exchange (SPAKE), which is ideal for both authenticating users and exchanging session keys when using a subsequent secure communication over untrusted network, And then we provides EAP authentication framework EAP-SPAKE by using it.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.11 no.4
• /
• pp.1301-1306
• /
• 2010

The protocol based on password have very important qualifications that not only satisfy against attacks cause of restricting that have, but also efficiency of reducing users' workload. It has a problem of speculative attacks for the user authentication protocol based on password with most case, because users use password that can remember easily. Song and Etc. have proposed new mechanism that improved the problem of S/KEY system. The protocol proposed by Song has a problem in registration process, and user information can be abused by the malevolent server. We propose a new authentication protocol based on efficient OPT, that improved above problems.

• KIPS Transactions on Computer and Communication Systems
• /
• v.2 no.11
• /
• pp.503-510
• /
• 2013

Recently, the rapid development of network technology has enabled people to use various services on the internet. However, the existing password-based user authentication system used in the internet environment requires a password table, which is a potential security threat as it could be leaked by an insider. To solve this issue, remote user authentication methods that do not require a user password table have been proposed. Regarding remote user authentication using a smart card in particular, various methods have been suggested to reduce expenses and to improve stability and efficiency, but the possibility of impersonation attacks and password-guessing attacks using information saved in a user's smart card still exist. Therefore, this study proposes a remote user authentication method that can safeguard against impersonation attacks and password guessing attacks, by analyzing weak points of conventional methods and creating a smart card's ID and password that are based on the user's ID and password.

• Journal of Korea Multimedia Society
• /
• v.8 no.4
• /
• pp.525-535
• /
• 2005

A password-based authenticated tripartite key exchange protocol based on A. Joux's protocol was proposed. By using encryption scheme with shared password, we can resolve man-in-the-middle attack and lack of authentication problems. We also suggested a scheme to avoid the offline dictionary attack to which symmetric encryption schemes are vulnerable. The proposed protocol does not require a trusted party which is required in certificate or identity based authentication schemes. Therefore in a ad hoc network which is difficult to install network infrastructure, the proposed protocol would be very useful. The proposed protocol is more efficient in computation aspect than any existing password-based authenticated tripartite key exchange protocols. When it is used as a base line protocol of tree based group key exchange protocol, the computational weak points of the proposed protocol are compensated.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2003.05c
• /
• pp.2105-2108
• /
• 2003

고전적인 암호 프로토콜은 사용자-선택키를 기반으로 하였다. 하지만 이러한 방법은 공격자에게 패스워드-예측 공격을 허용하는 문제점을 가지고 있다. 기존에 제안된 방식들은 패스워드에 대한 보호를 강화함으로써 패스워드를 보호하여 하였다. 이리한 문제점으로부터 안전하지 못한 네트워크 상에서 사용자를 인증하고 서로간의 세션키를 공유하는 새로운 방법을 제안한다. 제안된 프로토콜은 능동적인 공격자에 의한 사전공격(Dictionary attack), 패스워드 추측 공격, forward secrecy. server compromise, client compromise와 세션키 분실에 안전하게 설계되었다.