• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.17 no.10
• /
• pp.2844-2861
• /
• 2023

Internet is the most prevailing word being used nowadays. Over the years, people are becoming more dependent on the internet as it makes their job easier. This became a part of everyone's life as a means of communication in almost every area like financial transactions, education, and personal-health operations. A lot of data is being converted to digital and made online. Many researchers have proposed different authentication factors - biometric and/or non-biometric authentication factors - as the first line of defense to secure online data. Among all those factors, passwords and passphrases are being used by many users around the world. However, the usability of these factors is low. Also, the passwords are easily susceptible to brute force and dictionary attacks. This paper proposes the generation of a novel passcode from the hybrid authentication factor - sound. The proposed passcode is evaluated for its strength to resist brute-force and dictionary attacks using the Shannon entropy and Passcode (or password) entropy formulae. Also, the passcode is evaluated for its usability. The entropy value of the proposed is 658.2. This is higher than that of other authentication factors. Like, for a 6-digit pin - the entropy value was 13.2, 101.4 for Password with Passphrase combined with Keystroke dynamics and 193 for fingerprint, and 30 for voice biometrics. The proposed novel passcode is far much better than other authentication factors when compared with their corresponding strength and usability values.

• The Journal of the Korea Contents Association
• /
• v.20 no.9
• /
• pp.389-396
• /
• 2020

E-authentication is one of the key functions for electronic transactions with the identification function made through the information systems. With the abolition of the mandatory use of public certificates, various private e-authentication services have emerged, and are developing to provide various additional services in addition to e-authentication. In this study, we explored the factors that affect user satisfaction with e-authentication services, compared the relative influence among the factors that we explored, and produced implications that could contribute to strengthening the competitiveness of e-authentication services. Based on the characteristics of e-authentication service, we searched and found four factors such as availability, convenience, added functionality and security. After that, we established and analyzed our research model to analyze the causal relationship between these four factors and user satisfaction. The analysis results showed that availability, convenience and security had significant effects on user satisfaction, but added functionality had no significant impact. In addition, compared to availability and convenience, security had a very strong impact on user satisfaction. This study suggests that e-authentication service providers should make efforts to make users aware of the usefulness of additional services while enhancing security.

• Journal of Korea Multimedia Society
• /
• v.25 no.7
• /
• pp.932-944
• /
• 2022

Smartphones, are currently equipped with high-performance hardware to process large amounts of data and provide most of the functions provided by desktop PCs. In addition, the smartphones enable quick user authentication through biometric information collected from embedded sensors. However, the biometric authentication method is sometimes rejected due to social and cultural environment, security vulnerabilities, and misrecognition rate. Thus, conventional authentication methods such as PIN and pattern authentication are still mainly used. Consider the latest foldable and bendable smartphones. These devices may be vulnerable to social engineering attacks as they use conventional authentication methods without considering their form factors. In this study, therefore, we propose an authentication method using partial elements of PIN and pattern authentication as a way to increase the security of the conventional authentication methods and consider the recent form factors. According to the performance evaluation results, our method provides improved safety compared to the conventional methods.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.22 no.1
• /
• pp.75-82
• /
• 2018

As user of mobile device increases, various user authentication methods are actively researched. The user authentication methods includes a method of using a user ID and a password, a method of using user biometric feature, a method of using location based, and a method of authenticating secondary authentication such as OTP(One Time Password) method is used. In this paper, we propose a user system which improves the problem of existing authentication method and encryption can proceed in a way that user desires. The proposed authentication system is composed of an authentication factor collection module that collects authentication factors using a mobile device, a security key generation module that generates a security key by combining the collected authentication factors, and a module that performs authentication using the generated security key module.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.11 no.1
• /
• pp.511-535
• /
• 2017

Internet banking is one of many services provided by financial institutions that have become very popular with an increasing trend. Due to the increased amount of usage of the service, Internet banking has become a target from adversaries. One of the points that are at risk of an attack is the login process. Therefore, it is necessary to have a security mechanism that can reduce this risk. This research designs and develops a multi-factor authentication protocol, starting from a registration system, which generates authentication factors, to an actual authentication mechanism. These factors can be categorised into two groups: short term and long term. For the authentication protocol, only three messages need to be exchanged between a client and a financial institution's server. Many cryptographic processes are incorporated into the protocol, such as symmetric and asymmetric cryptography, a symmetric key generation process, a method for generating and verifying digital signatures. All of the authentication messages have been proved and analysed by the logic of GNY and the criteria of OWASP-AT-009. Even though there are additional factors of authentication, users do not really feel any extra load on their part, as shown by the satisfactory survey.

• Journal of Digital Convergence
• /
• v.12 no.2
• /
• pp.549-554
• /
• 2014

Studies on the intelligent vehicles that are converged with IT and vehicular technologies are currently under active discussion. A variety of communication technologies for safety intelligent vehicle services are support. As such intelligent vehicles use communication technologies, they are exposed to the diverse factors of security threats. To conduct intelligent vehicle security authentication solutions, there are some factors that can be adopted ownership, knowledge and biometrics[6,7]. This paper proposes to analyze the factors to threaten intelligent vehicle, which are usually intruded through communication network system and the security solution using biometric authentication scheme. This study proposed above user's biometrics information-based authentication scheme that can solve the anticipated problems with an intelligent vehicle, which requires a higher level of security than existing authentication solution.

• The Journal of Information Systems
• /
• v.27 no.2
• /
• pp.53-75
• /
• 2018

Purpose The purpose of this study is to provide implications by examining the factors affecting the consumers' innovation resistance and intention to use FIDO technology based on the innovation resistance model. In addition, we investigate the difference between FIDO group using biometric authentication technology and those using knowledge / possessive authentication technology. Design/methodology/approach This study investigated the factors influencing innovation resistance and intention to use based on the innovation resistance model. And the structural equation model was applied to analyze the effect of innovation resistance and intention to use. Findings According to empirical results, this study found that perceived relative advantage (+), perceived risk (+), perceived complexity (+), and existing product attitude(+) influenced innovation resistance, and perceived relative advantage (+), self efficacy(+), and innovation resistance(-) influenced intention to use. In addition, this study found that there is a significant difference between the group using the bio-based authentication technology and the group using the knowledge / possessive based authentication technology.

• Journal of Information Technology Applications and Management
• /
• v.27 no.2
• /
• pp.1-21
• /
• 2020

The purpose of this study is to investigate the behavioral factors affecting the security attitude and intention to use biometrics password based on the protection motivation theory. This study also investigates security awareness training to understand trust, privacy, and security vulnerability regarding biometric authentication password. This empirical analysis reveals security awareness training boosts the protection motivational factors that affect on the behavior and intention of using biometric authentication passwords. This study also indicates that biometric authentication passwords can be used when the overall belief in a biometric system is present. After all, security awareness training enhances the belief of biometric passwords and increase the motivation to protect security threats. The study will provide insights into protecting security vulnerability with security awareness training.

• The Transactions of The Korean Institute of Electrical Engineers
• /
• v.65 no.12
• /
• pp.2167-2176
• /
• 2016

In the multi-server environment, remote user authentication has a very critical issue because it provides the authorization that enables users to access their resource or services. For this reason, numerous remote user authentication schemes have been proposed over recent years. Recently, Lin et al. have shown that the weaknesses of Baruah et al.'s three factors user authentication scheme for multi-server environment, and proposed an enhanced biometric-based remote user authentication scheme. They claimed that their scheme has many security features and can resist various well-known attacks; however, we found that Lin et al.'s scheme is still insecure. In this paper, we demonstrate that Lin et al.'s scheme is vulnerable against the outsider attack and user impersonation attack, and propose a new biometric-based scheme for authentication and key agreement that can be used in the multi-server environment. Lastly, we show that the proposed scheme is more secure and can support the security properties.

• Journal of the Korea Society of Computer and Information
• /
• v.17 no.12
• /
• pp.159-167
• /
• 2012

The authentication system of the PKI(public key infrastructure) provides the authenticity and security, accessibility, economic feasibility, and convenience to the service provider and users. Therefore the public and private companies in Korea widely use it as the authentication method of the web service. However, the safety client system is threatened by many vulnerable factors which possibly caused when using PKI-based authentication system. Thus, in this article vulnerable factors caused by using the PKI-based authentication system will be analyzed, which is expected to be the useful data afterwards for the construction of the new authentication system as well as performance improvement.