• Journal of Communications and Networks
• /
• v.11 no.6
• /
• pp.574-588
• /
• 2009

Although much research has been conducted in the area of authentication in wireless networks, vehicular ad-hoc networks (VANETs) pose unique challenges, such as real-time constraints, processing limitations, memory constraints, frequently changing senders, requirements for interoperability with existing standards, extensibility and flexibility for future requirements, etc. No currently proposed technique addresses all of the requirements for message and entity authentication in VANETs. After analyzing the requirements for viable VANET message authentication, we propose a modified version of TESLA, TESLA++, which provides the same computationally efficient broadcast authentication as TESLA with reduced memory requirements. To address the range of needs within VANETs we propose a new hybrid authentication mechanism, VANET authentication using signatures and TESLA++ (VAST), that combines the advantages of ECDSA signatures and TESLA++. Elliptic curve digital signature algorithm (ECDSA) signatures provide fast authentication and non-repudiation, but are computationally expensive. TESLA++ prevents memory and computation-based denial of service attacks. We analyze the security of our mechanism and simulate VAST in realistic highway conditions under varying network and vehicular traffic scenarios. Simulation results show that VAST outperforms either signatures or TESLA on its own. Even under heavy loads VAST is able to authenticate 100% of the received messages within 107ms. VANETs use certificates to achieve entity authentication (i.e., validate senders). To reduce certificate bandwidth usage, we use Hu et al.'s strategy of broadcasting certificates at fixed intervals, independent of the arrival of new entities. We propose a new certificate verification strategy that prevents denial of service attacks while requiring zero additional sender overhead. Our analysis shows that these solutions introduce a small delay, but still allow drivers in a worst case scenario over 3 seconds to respond to a dangerous situation.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.42 no.2
• /
• pp.349-357
• /
• 2017

Many Web sites adopt SMS(Short Message Service)-based user authentication when a user loses her password or approves an online payment. In SMS-based authentication, the authentication server sends a text in plaintext to a user's phone, and it allows an attacker who eavesdrops or intercepts the text to impersonate a valid user(victim). We propose a challenge-response scheme to prove to the authentication server that a user is in a certain place at the moment with her smartphone beside her. The proposed scheme generates a response using a challenge by the server, user's current location, and a secret on the user's smartphone all together. Consequently, the scheme is much more secure than SMS-based authentication that simply asks a user to send the same text arrived on her phone back to the server. In addition to entering the response, which substitutes the SMS text, the scheme also requests a user to input a passphrase to get the authentication process started. We believe, however, the additional typing should be tolerable to most users considering the enhanced security level of the scheme.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.2
• /
• pp.329-341
• /
• 2017

A multi-server architecture has been proposed to increase the efficiency of resources due to the rapid growth of computer networks and service providing servers. The smartcard-based authentication protocol in the multi-server environments has been continuously developed through various studies. Recently, Chun-Ta Li et al proposed an authentication protocol that solves Xiong Li el al's authentication protocol vulnerability to user impersonation attack and session key disclosure attack. However, Chun-Ta Li et al's authentication protocol has a problem with user impersonation in the vulnerability analysis and has an unsuitable authentication process. Therefore, this paper proposes a smartcard-based authentication protocol in the multi-server environments that solves the denial of service attack and replay attack vulnerabilities of the authentication protocol proposed by Xiong Li et al.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2022.10a
• /
• pp.344-345
• /
• 2022

ogy is being used in many fields, such as smart farms, smart oceans, smart homes, and smart energy. Various IoT terminals are used for these IoT services. Here, IoT devices are physically installed in various places. A malicious attacker can access the IoT service using an unauthorized IoT device, access unauthorized important information, and then modify it. In this study, to solve these problems, we propose an authentication system for IoT devices used in IoT services. The IoT device authentication system proposed in this study consists of an authentication module mounted on the IoT device and an authentication module of the IoT server. If the IoT device authentication system proposed in this study is used, only authorized IoT devices can access the service and access of unauthorized IoT devices can be denied. Since this study proposes only the basic IoT device authentication mechanism, additional research on additional IoT device authentication functions according to the security strength is required.IoT technol

• Proceedings of the IEEK Conference
• /
• 2003.07d
• /
• pp.1503-1506
• /
• 2003

In this paper, we propose a mutual Authentication module, using ECDSA(Elliptic Curve Digital Signature Algorithm) for web-Camera system. which. is based on three module. first is authentication module which is based on ECDSA algorithm. second is transfort module using stream socket. the last module is graphic module. This paper describes cipher algorithm which can be used restrict condition for the same secret service with wire internet. we made a authentication module using based client and server system.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.34 no.9B
• /
• pp.931-938
• /
• 2009

Recently, Holbl et al. proposed an improvement to Peyravian-Jeffries's password-based authentication protocol to overcome some security flaws. However, Munilla et al. showed that Holbl et al.'s improvement is still vulnerable to off-line password guessing attack. In this paper, we provide a secure password-based authentication protocol which gets rid of the security flaws of Holbl et al.'s protocol.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.10 no.6
• /
• pp.1070-1075
• /
• 2006

TETRA system provides the radio authentication service which permits only authorized radio to access network. Radio authentication is the process which checks the sameness of authentication-key(K) shared between radio and authentication center by challenge-response protocol. TETRA standard authentication protocol can prevent the clone radio to copy ISSI from accessing network, but can't prevent the clone radio to copy ISSI & authentication-key. This paper analyzes authentication-key generation/delivery/infection model in TETRA authentication system and analyzes the threat of clone radio caused by authentication-key exposure. Finally we propose the new authentication protocol which prevent the clone radio to copy ISSI & authentication-key from accessing network.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.34 no.4B
• /
• pp.419-427
• /
• 2009

This paper propose DA-UDC(Double Authentication User, Device, Cross) Module which solves the cost problem and the appropriation of Certificate using User Authentication, Device Authentication and Cross Authentication with OTA(One Time Authentication) Key, and which is designed not to subscribe to the service of Home network business. Home Server transmits its public key which is needed to create OTA to the user which passed the first step of authentication which verifies User ID, Device ID and Session Key. And it performs the second step of authentication process which verifies the OTA key created by a user. Whenever the OTA key of DA-UDC module is generated, the key is designed to be changed. Therefore, DA-UDC Module prevents the exposure of User and Device ID by performing the two steps of authentication and enhances the authentication security of Home Network from malicious user with OTA key. Also, DA-UDC Module is faster than the existing authentication system in processing speed because it performs authentication calculation only once. Though DA-UDC Module increases data traffic slightly because of the extra authentication key, it enhances the security more than the existing technique.

• Journal of KIISE:Information Networking
• /
• v.31 no.6
• /
• pp.566-572
• /
• 2004

In this paper, we define the secure authentication model to provide a mobile node with global roaming service and integrate the Fast Handoff scheme with our approach to minimize the service latency. By starting the AAA(Authentication, Authorization and Account) procedure with Fast Handoff simultaneously when a roaming occurs, authentication latency is reduced significantly and provision of fast and seamless service is possible. The previous works such as IPsec(Internet Protocol Security), RR (Return Routability) and AAA define the procedures performed after the completion of Layer2 Handoff which leads us to study a way of providing the real time and QoS guaranteed service during this period. The proposed scheme is for this goal and when appling it to roaming environment it shows the cost reduction up to 55% and 17% for the case of the MN receiving the FBACK and not respectively before L2 Handoff occurs.

• Journal of the Korea Convergence Society
• /
• v.1 no.1
• /
• pp.93-100
• /
• 2010

Diverse kind of attack using the vulnerability of user authentication on Internet service is announced recently. Especially, security accidents on the Internet banking service and Internet telephony service(SIP) are increased rapidly. Attack skills are also evolved into intelligent mechanism. Therefore, more enhanced authentication mechanism is required on existing Internet banking and telephone services for preventing those kinds of attacks using personal identity information such as biometric data. In this research, the proposed B-OTP mechanism can be used to enhance security on a user authentication procedure by combining biometric data with existing OTP mechanism. As a result, the security on internet banking and Internet telephone service will be more improved by using proposed B-OTP mechanism.