• Journal of information and communication convergence engineering
• /
• v.9 no.5
• /
• pp.562-566
• /
• 2011

As telecommunication technologies in telemedicine services are developed, the expeditious development of wireless and mobile networks has stimulated wide applications of mobile electronic healthcare systems. However, security is an essential system requirement since many patients have privacy concerns when it comes to releasing their personal information over the open wireless channels. Due to the invisible feature of mobile signals, hackers have easier access to hospital networks than wired network systems. This may result in several security incidents unless security protocols are well prepared. In this paper, we analyzed authentication and authorization procedures for healthcare system architecture to apply secure M-health systems in the hospital environment. From the analyses, we estimate optimal requirements as a countermeasure to its vulnerabilities.

• International Journal of Fuzzy Logic and Intelligent Systems
• /
• v.14 no.1
• /
• pp.34-40
• /
• 2014

Today, with the wide use of mobile devices, the amount of business transactions conducted through such devices is increasing drastically. However, there are several limitations in the area of authentication for mobile use, which requires strong authentication mechanisms to satisfy security and convenience requirements. The proposed model and application system provide a framework to ensure the security and reliability of the flow of biometric information for telebiometric applications using mobile devices. We also specify protocols for each model and implement a mobile telebiometric application to improve security vulnerabilities compared to storage in a microSD match on card (MOC) based on the proposed model. As a consequence of this implementation, we propose substantial guidelines for security countermeasures from both technical and managerial perspectives in order to establish a safe mobile environment for the use of telebiometric systems.

• Journal of the Korea Society of Computer and Information
• /
• v.15 no.1
• /
• pp.139-147
• /
• 2010

A remote user authentication scheme is a two-party protocol whereby an authentication server in a distributed system confirms the identity of a remote individual logging on to the server over an untrusted, open network. In 2005, Liao et al. proposed a remote user authentication scheme using a smart card, in which users can be authenticated anonymously. Recently, Yoon et al. have discovered some security flaws in Liao et al.'s authentication scheme and proposed an improved version of this scheme to fix the security flaws. In this article, we review the improved authentication scheme by Yoon et al. and provide a security analysis on the scheme. Our analysis shows that Yoon et al.'s scheme does not guarantee not only any kind of authentication, either server-to-user authentication or user-to-server authentication but also password security. The contribution of the current work is to demonstrate these by mounting two attacks, a server impersonation attack and a user impersonation attack, and an off-line dictionary attack on Yoon et al.'s scheme. In addition, we propose the enhanced authentication scheme that eliminates the security vulnerabilities of Yoon et al.'s scheme.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.9 no.4
• /
• pp.433-438
• /
• 2014

The demanding in construction of the stand-alone networks and interconnection between convergence devices have led an increase in research on MANET and the application of MANET has been paid much attention as a Ubiquitous computing which is growing fast in the field of computer science. With performance both as hosts and routers, easy network configuration, and fast response, mobile nodes participating in MANET are suitable for Embedded computing but have vulnerable points, about lack of dynamic network topology due to mobility, network scalability, passive attacks, and active attacks which make it impossible to manage continuous security authentication service. In this study, proposes S-EKE authentication mechanism for a robust authentication based on MANET and through identify wireless environment security vulnerabilities, currently being used in OTP S/Key and DH-EKE analyzes.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.11 no.7
• /
• pp.1367-1372
• /
• 2007

This paper suggests One-time Password key exchange authentication technique for a strong authentication based on MANET and through identify wireless environment security vulnerabilities, analyzes current authentication techniques. The suggested authentication technique consists of 3 steps: Routing, Registration, and Running. The Routing step sets a safe route using AODV protocol. The Registration and Running step apply the One-time password S/key and the DH-EKE based on the password, for source node authentication. In setting the Session key for safe packet transmission and data encryption, the suggested authentication technique encrypts message as H(pwd) verifiers, performs key exchange and utilizes One time password for the password possession verification and the efficiency enhancement. EKE sets end to end session key using the DH-EKE in which it expounds the identifier to hash function with the modula exponent. A safe session key exchange is possible through encryption of the H(pwd) verifier. The suggested authentication technique requires exponentiation and is applicable in the wireless network environment because it transmits data at a time for key sharing, which proves it is a strong and reliable authentication technique based on the complete MANET.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.5
• /
• pp.1057-1068
• /
• 2012

According to advance on vehicle technology, many kinds of ECU(Electronic Control Unit) are equipped inside the vehicle. In-vehicle communication among ECUs is performed through CAN(Controller Area Networks). CAN have high reliability. However, it has many vulnerabilities because there is not any security mechanism for CAN. Recently, many papers proposed attacks of in-vehicle communication by using these vulnerabilities. In this paper, we propose an wireless attack model using a mobile radio communication network. We propose a secure authentication mechanism for in-vehicle network communication that assure confidentiality and integrity of data packets and also protect in-vehicle communication from the replay attack.

• The Journal of the Korea Contents Association
• /
• v.18 no.9
• /
• pp.141-148
• /
• 2018

Currently, the user authentication technology used by users to access multiple applications within an organization is being applied with ID/PW-based SSO technology. These user authentication methods have the fundamental disadvantages of ID/PW and SSO. This means that security vulnerabilities in ID/PW can lead to periodic changes in PWs and limits on the number of incorrect PW inputs, and SSO adds high cost of the SSO server, which centrally stores the authentication information, etc. There is also a fundamental vulnerability that allows others to freely use other people's applications when they leave the portal application screen with SSO. In this paper, we proposed an app-based 2-channel authentication scheme to fundamentally eliminate problems with existing ID/PW-based SSO user authentication technologies. To this end, it distributed centralized user authentication information that is stored on SSO server to each individual's smartphone. In addition, when users access a particular application, they are required to be authenticated through their own smartphone apps.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.42 no.2
• /
• pp.349-357
• /
• 2017

Many Web sites adopt SMS(Short Message Service)-based user authentication when a user loses her password or approves an online payment. In SMS-based authentication, the authentication server sends a text in plaintext to a user's phone, and it allows an attacker who eavesdrops or intercepts the text to impersonate a valid user(victim). We propose a challenge-response scheme to prove to the authentication server that a user is in a certain place at the moment with her smartphone beside her. The proposed scheme generates a response using a challenge by the server, user's current location, and a secret on the user's smartphone all together. Consequently, the scheme is much more secure than SMS-based authentication that simply asks a user to send the same text arrived on her phone back to the server. In addition to entering the response, which substitutes the SMS text, the scheme also requests a user to input a passphrase to get the authentication process started. We believe, however, the additional typing should be tolerable to most users considering the enhanced security level of the scheme.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.2
• /
• pp.329-341
• /
• 2017

A multi-server architecture has been proposed to increase the efficiency of resources due to the rapid growth of computer networks and service providing servers. The smartcard-based authentication protocol in the multi-server environments has been continuously developed through various studies. Recently, Chun-Ta Li et al proposed an authentication protocol that solves Xiong Li el al's authentication protocol vulnerability to user impersonation attack and session key disclosure attack. However, Chun-Ta Li et al's authentication protocol has a problem with user impersonation in the vulnerability analysis and has an unsuitable authentication process. Therefore, this paper proposes a smartcard-based authentication protocol in the multi-server environments that solves the denial of service attack and replay attack vulnerabilities of the authentication protocol proposed by Xiong Li et al.

• Journal of Internet Computing and Services
• /
• v.10 no.4
• /
• pp.223-230
• /
• 2009

Among the remote user authentication schemes, password-based authentication methods are the most widely used. In 2004, Das et al. proposed a "Dynamic ID Based Remote User Authentication Scheme" that is the password based scheme with smart-cards, and is the light-weight technique using only one-way hash algorithm and XOR calculation. This scheme adopts a dynamic ID that protects against ID-theft attack, and can resist replay attack with timestamp features. Later, many flaws of this scheme were founded that it allows any passwords to be authenticated, and can be vulnerable to impersonation attack, and guessing attack. By this reason many modifications were announced. These scheme including all modifications are similarly maintained security against replay the authentication message attack by the timestamp. But, if advisory can replay the login immediately, this attempt can be succeeded. In this paper, we analyze the security vulnerabilities of Das scheme, and propose improved scheme which can resist on real-time replay attack using the counter of authentication. Besides our scheme still secure against impersonation attack, guessing attack, and also provides mutual authentication feature.