• International Journal of Computer Science & Network Security
• /
• v.21 no.7
• /
• pp.119-124
• /
• 2021

Today, both sides of modern culture are decisively invaded by digitalization. Authentication is considered to be one of the main components in keeping this process secure. Cyber criminals are working hard in penetrating through the existing network channels to encounter malicious attacks. When it comes to enterprises, the company's information is a major asset. Question here arises is how to protect the vital information. This takes into account various aspects of a society often termed as hyper connected society including online communication, purchases, regulation of access rights and many more. In this research paper, we will discuss about the concepts of MFA and KBA, i.e., Multi-Factor Authentication and Knowledge Based Authentication. The purpose of MFA and KBA its utilization for human.to.everything..interactions, offering easy to be used and secured validation mechanism while having access to the service. In the research, we will also explore the existing yet evolving factor providers (sensors) used for authenticating a user. This is an important tool to protect data from malicious insiders and outsiders. Access Management main goal is to provide authorized users the right to use a service also preventing access to illegal users. Multiple techniques can be implemented to ensure access management. In this paper, we will discuss various techniques to ensure access management suitable for enterprises, primarily focusing/restricting our discussion to multifactor authentication. We will also highlight the role of knowledge-based authentication in multi factor authentication and how it can make enterprises data more secure from Cyber Attack. Lastly, we will also discuss about the future of MFA and KBA.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.16 no.4
• /
• pp.43-53
• /
• 2020

There are three standards for FIDO1 authentication technology: Universal Second Factor (U2F), Universal Authentication Framework (UAF), and Client to Authenticator Protocols (CTAP). FIDO2 refers to the WebAuthn standard established by W3C for the creation and use of a certificate in a web application that complements the existing CTAP. In Korea, the FIDO certified market is dominated by UAF, which deals with standards for smartphone (Android, iOS) apps owned by the majority of the people. As the market requires certification through FIDO on PCs, FIDO Alliance and W3C established standards that can be certified on the platform-independent Web and published 『Web Authentication: An API for Accessing Public Key Credentials Level 1』 on March 4, 2019. Most PC do not contain biometrics, so they are not being utilized contrary to expectations. In this paper, we intend to present a model that allows login in PC environment through biometric recognition of smartphone and FIDO UAF authentication. We propose a model in which a user requests login from a PC and performs FIDO authentication on a smartphone, and authentication is completed on the PC without any other user's additional gesture.

• Journal of IKEEE
• /
• v.20 no.3
• /
• pp.291-294
• /
• 2016

A new optical one-time pattern password(OTPT) mutual authentication method is proposed, which presents a two-factor authentication by 2-step phase-shifting digital holography and performs a two-way authentication by a challenge-response handshake of the optical OTPT in both directions. Because a client and a server use OTPT once as a random number and encrypt it for mutual authentication, it protects against a replay or a man-in-the middle attack and results in higher security level.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.13 no.2
• /
• pp.978-1002
• /
• 2019

With the rapid development of the Internet of Things, the problem of privacy protection has been paid great attention. Recently, Nikooghadam et al. pointed out that Kumari et al.'s protocol can neither resist off-line guessing attack nor preserve user anonymity. Moreover, the authors also proposed an authentication supportive session initial protocol, claiming to resist various vulnerability attacks. Unfortunately, this paper proves that the authentication protocols of Kumari et al. and Nikooghadam et al. have neither the ability to preserve perfect forward secrecy nor the ability to resist key-compromise impersonation attack. In order to remedy such flaws in their protocols, we design a lightweight authentication protocol using elliptic curve cryptography. By way of informal security analysis, it is shown that the proposed protocol can both resist a variety of attacks and provide more security. Afterward, it is also proved that the protocol is resistant against active and passive attacks under Dolev-Yao model by means of Burrows-Abadi-Needham logic (BAN-Logic), and fulfills mutual authentication using Automated Validation of Internet Security Protocols and Applications (AVISPA) software. Subsequently, we compare the protocol with the related scheme in terms of computational complexity and security. The comparative analytics witness that the proposed protocol is more suitable for practical application scenarios.

• Journal of Digital Convergence
• /
• v.14 no.7
• /
• pp.373-383
• /
• 2016

With mobile-epoch and emerging of Fin-tech, Bio-recognition technology utilizing bio-information in secure method has spread. Specially, In order to change convenient payment services and transportation cards, the combination of biometrics and mobile services are being expanded. The basic concept of authentication such as access control, IA&A, OpenID, OAuth 1.0a, SSO, and Biometrics techniques are investigated, and the protocol stack for security API platform, FIDO, SCIM, OAuth 2.0, JSON Identity Suite, Keystone of OpenStack, Cloud-based SSO, and AIM Agent are described detailed in aspect of application of AIM. The authentication technology in domestic and foreign will accelerate technology development and research of standardization centered in the federated FIDO Universal Authentication Framework(UAF) and Universal 2 Factor Framework(U2F). To accommodate the changing needs of the social computing paradigm recently in this paper, the trends of various authentication technology, and design and function of AIM framework was defined.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.32 no.8B
• /
• pp.502-508
• /
• 2007

This paper proposes a method to shut out all of the not certified network access packet by embodying the two-factor(MAC ADDRESS, ID/PASSWORD) authentication system. The Authenticating Gateway System takes over central server's policy and permit or hold up the packet by inherited policy. And checks the whether or not patched the OS version and getting influenced from computer virus. And takes the information about client's resources(H/W, S/W) without Agent in the client. That makes more stability of network operating circumstance and fast facing the attack from hackers. In the fixed mobile network circumstance, This method provides more simplicity and less expenses than IEEE802.1x authentication system(cisco nac).

• Journal of Digital Convergence
• /
• v.16 no.1
• /
• pp.159-164
• /
• 2018

Biometric information does not need to be stored separately, and there is no risk of loss and no theft. For this reason, it has been attracting attention as an alternative authentication means for existing authentication means such as passwords and authorized certificates. However, there may be a privacy problem due to leakage of personal information stored in the server. To overcome these weaknesses, FIDO solved the problem of leakage of personal information on the server by using biometric information stored on the user device and authenticating. In this paper, we propose a multiple biometric authentication method that can be used in FIDO environment. In order to utilize multiple biometric information, fingerprints and EEG signals can be generated and used in FIDO system. The proposed method can solve the problem due to limitations of existing 2-factor authentication system by authentication using multiple biometric information.

• Journal of the Korea Society of Computer and Information
• /
• v.14 no.6
• /
• pp.27-32
• /
• 2009

Recently, most of information services are provided by the computer network, since the technology of computer communication is developing rapidly, and the worth of information over the network is also increasing with expensive cost. But various attacks to quietly intercept the informations is invoked with the technology of communication developed, and then most of the financial agency currently have used OTP, which is generated by a token at a number whenever a user authenticates to a server, rather than general static password for some services. A 2-Factor OTP generating method using the OTP token is mostly used by the financial agency. However, the method is vulnerable to real attacks and therefore the OTP token could be robbed and disappeared. In this paper, we propose a 3-Factor OTP way using HMAC to conquer the problems and analyze the security of the proposed scheme.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.14 no.11
• /
• pp.5872-5878
• /
• 2013

This study provides two channel structure and two factor authentication. First, a purchasing request by Internet and then user certification and a settlement approval process by mobile communication. Second, it support that proposal protocol utilize a partial factor value of stored in users smartcard, smart phone and password of certificate. Third, storage stability is improved because certificate store in smartcard. Finally, proposal protocol satisfy confidentiality, integrity, authentication, and non- repudiation on required E-commerce guideline. In comparative analysis, Efficiency of the proposal protocol with the existing system was not significantly different. But, In terms of safety for a variety of threats to prove more secure than the existing system was confirmed.

• Journal of Information Processing Systems
• /
• v.15 no.4
• /
• pp.904-919
• /
• 2019

Many security systems rely solely on solutions based on Artificial Intelligence, which are weak in nature. These security solutions can be easily manipulated by malicious users who can gain unlawful access. Some security systems suggest using fingerprint-based solutions, but they can be easily deceived by copying fingerprints with clay. Image-based security is undoubtedly easy to manipulate, but it is also a solution that does not require any special training on the part of the user. In this paper, we propose a multi-factor security framework that operates in a three-step process to authenticate the user. The motivation of the research lies in utilizing commonly available and inexpensive devices such as onsite CCTV cameras and smartphone camera and providing fully secure user authentication. We have used technologies such as Argon2 for hashing image features and physically unclonable identification for secure device-server communication. We also discuss the methodological workflow of the proposed multi-factor authentication framework. In addition, we present the service scenario of the proposed model. Finally, we analyze qualitatively the proposed model and compare it with state-of-the-art methods to evaluate the usability of the model in real-world applications.