• Journal of Internet Computing and Services
• /
• v.23 no.4
• /
• pp.65-72
• /
• 2022

In this paper, a zero trust-based complex biometric authentication was proposed in a passwordless environment. The linkage of FIDO 2.0 (Fast IDENTITY Online) transaction authentication platforms was designed in conjunction with metaverse. In particular, it was applied with the location information of a smart terminal according to a geomagnetic sensor, an accelerator sensor, and biometric information for multi-factor authentication(MFA). At this time, a FIDO transaction authentication platform was presented for adaptive complex authentication with user's environment through complex authentication with secondary authentication based on situational awareness such as illuminance and temperature/humidity. As a result, it is possible to authenticate secondary users based on zero trust with behavior patterns such as fingerprint recognition, iris recognition, face recognition, and voice according to the environment. In addition, it is intended to check the linkage result of the FIDO platform for complex integrated authentication and improve the authentication accuracy of the linkage platform for transaction authentication using FIDO2.0.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2013.11a
• /
• pp.676-679
• /
• 2013

최근 피싱과 파밍으로 인한 사용자들의 피해가 속출하고 있다. 또, OTP(One Time Password)의 MITM 공격에 대한 취약성이 밝혀지면서 기존의 인증기법을 개선할 필요가 있다. 그러므로 피싱과 파밍 공격을 방지하고 OTP의 취약점을 개선한 인증기법을 제안하는 것은 매우 중요한 문제이다. 본 논문에서는 메신저를 이용한 피싱/파밍 방지기능을 제안한다. 또한 제안하는 기법은 1차로 기존과 같은 ID / PWD 방식 인증과 2차로 모바일 메신저 상에서의 인증시작버튼, 3차로 물리적인 QR코드 인식 후 인증을 하는 3단계 인증을 통해 개선한다. 제안하는 인증기법은 일상생활 속에서 많이 사용하는 메신저와 카메라 기능을 통해 진행되므로 사용자는 추가적인 기능을 배울 필요가 없으며, 친숙하게 사용할 수 있다. 피싱/파밍 공격은 물론 MITM공격에 대한 취약점을 메신저의 특징과 2차, 3차 인증단계를 이용해 막아낼 수 있을 것으로 기대된다.

• The Journal of Society for e-Business Studies
• /
• v.24 no.2
• /
• pp.217-228
• /
• 2019

In the 4th Industrial Revolution, the Internet of Things emerged and various services and convenience improved. As the frequency of use increases, security threats such as leakage of personal information coexist and the importance of security are increasing. In this paper, we analyze the security threats of the Internet of things and propose a model for enhancing security through user authentication using Fast IDentity Online (FIDO). As a result, we propose to implement strong user authentication by introducing second authentication through FIDO.

• The Journal of Society for e-Business Studies
• /
• v.25 no.2
• /
• pp.1-14
• /
• 2020

ISO 15118 is an international standard that defines communication between electric vehicles and electric vehicle chargers. Plug & Charge (PnC) was also defined as a technology to automatically authenticate users when using charging services. PnC indicates automatic authentication technology where all processes such as electric vehicle user authentication, charging and billing are automatically processed. According to the standard, certificates for chargers and CPSs (Certificate Provisioning Services) should be under the V2G (Vehicle to Grid) Root certificate. In Korea, the utility company operates its own PKI (Public Key Infrastructure), making it difficult to provide chargers under the V2G Root Certificate. Therefore, a method that can be authenticated is necessary even when you have different Root Certificates. This paper proposes to apply cross-certificate technology to PnC authentication. Automatic authentication of Cross Certification is to issue a cross-certificate of the Root CA and include it in the certificate chain to proceed with automatic authentication, even if you have different Root certificates. Applying cross-certificate technology enables verification of certificates under other Root certificates. In this paper, the PnC automatic authentication and cross certificate automatic authentication is implemented, so as to proceed with proof of concept proving that both methods are available. Define development requirements, certificate profiles, and user authentication sequences, and implement and execute them accordingly. This experiment confirms that two automatic authentication are practicable, especially the scalability of automatic authentication using cross-certificate PnC.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.2
• /
• pp.373-381
• /
• 2017

Currently, various types of user authentication methods based on public certificates are used in domestic financial transactions. Such an authorized certificate method has a problem that a different security module must be installed every time a user connects an individual financial company to a web server. Also, the financial company relying on this authentication method has a problem that a new security module should be additionally installed for each financial institution whenever a next generation authentication method such as biometric authentication is newly introduced. In order to solve these problems, we propose an integrated authentication system that handles user authentication on behalf of each financial institution in financial transactions, and proposes an integrated authentication protocol that handles secure user authentication between user and financial company web server. The new authentication protocol is a modified version of OAuth2.0 that increases security and efficiency. It is characterized by performing a challenge-response protocol with a pre-shared secret key between the authentication server and the financial company web server. This gives users a convenient and secure Single Sign-On (SSO) effect.

• The KIPS Transactions:PartC
• /
• v.14C no.4
• /
• pp.321-330
• /
• 2007

This paper proposes a two-phase server login authentication system by XML-Signature schema extension to protect server's information resources opened on network which offer various web contents. A proposed system requests and publishes XML-based certificate through on-line, registers certificate extension information provided by CA(Certification Authority) to XCMS(XML Certificate Management Server), and performs prior authentication using user's certificate password. Then, it requests certificate extension information added by user besides user's certificate password and certificate extension information registered in XCMS by using SOAP message, and performs posterior authentication by comparing these certificate extension information. As a result, a proposed system is a security reinforced system compared with existing systems.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.22 no.1
• /
• pp.75-82
• /
• 2018

As user of mobile device increases, various user authentication methods are actively researched. The user authentication methods includes a method of using a user ID and a password, a method of using user biometric feature, a method of using location based, and a method of authenticating secondary authentication such as OTP(One Time Password) method is used. In this paper, we propose a user system which improves the problem of existing authentication method and encryption can proceed in a way that user desires. The proposed authentication system is composed of an authentication factor collection module that collects authentication factors using a mobile device, a security key generation module that generates a security key by combining the collected authentication factors, and a module that performs authentication using the generated security key module.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2010.11a
• /
• pp.1339-1341
• /
• 2010

디지털 TV 시대를 맞아 다양한 형태의 사용자와 상호작용할 수 있는 콘텐츠의 개발이 활성화되고 있고, 이에 따른 IPTV 의 활성화와 함께 방송 콘텐츠의 2 차 이용에 사용되는 VOD 의 제작과 활용이 높아지고 있다. 제작되는 VOD 는 2 차 이용을 위해 영화, 드라마, 다큐 등 다양한 콘텐츠를 포함하고 있는데, 이를 시청하기 위해서는 반드시 다운로드를 받아야 한다. 이러한 다운로드는 1 차적인 사용자 인증 및 기기 인증 후에는 일방적인 전송을 수행하고, 이미 다운로드 되어 있는 파일은 별도의 처리 없이 재생이 가능하기 때문에 VOD 의 불법적인 배포에 대응하기 어렵다. 따라서 VOD 콘텐츠가 다운로드 된 후, 반복 재생 시에 영상에 포함된 인증 정보를 통해 콘텐츠의 보호를 위한 모델을 제안한다.

• Communications of the Korean Institute of Information Scientists and Engineers
• /
• v.36 no.2
• /
• pp.43-48
• /
• 2018

• Journal of KIISE:Computer Systems and Theory
• /
• v.36 no.2
• /
• pp.94-101
• /
• 2009

We introduce a user authentication system using distance estimation and a simple challenge response protocol based on a pre-established key. Using the time difference of arrival between an RF signal and an ultrasonic signal, an authenticator verifies if a user's authentication token is within its threshold distance, and it also verifies if the token's response to its random challenge is valid. We implement our authentication system and we analyze the success rates for authentication according to the variations in the distances and facing angles between the authenticator and the token. Our experimental results show that the token is authenticated with very high probability in reasonable settings.