• Journal of Korea Society of Digital Industry and Information Management
• /
• v.10 no.1
• /
• pp.81-87
• /
• 2014

Password-based authentication using smart card provides two factor authentications, namely a successful login requires the client to have a valid smart card and a correct password. While it provides stronger security guarantees than only password authentication, it could also fail if both authentication factors are compromised ((1) the user's smart card was stolen and (2) the user's password was exposed). In this case, there is no way to prevent the adversary from impersonating the user. Now, the new technology of biometrics is becoming a popular method for designing a more secure authentication scheme. In terms of physiological and behavior human characteristics, biometric information is used as a form of authentication factor. Biometric information, such as fingerprints, faces, voice, irises, hand geometry, and palmprints can be used to verify their identities. In this article, we review the biometric-based authentication scheme by Cheng et al. and provide a security analysis on the scheme. Our analysis shows that Cheng et al.'s scheme does not guarantee any kind of authentication, either server-to-user authentication or user-to-server authentication. The contribution of the current work is to demonstrate these by mounting two attacks, a server impersonation attack and a user impersonation attack, on Cheng et al.'s scheme. In addition, we propose the enhanced authentication scheme that eliminates the security vulnerabilities of Cheng et al.'s scheme.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.1
• /
• pp.69-79
• /
• 2016

Biometric authentication is considered as being an efficient authentication method, since a user is not required to possess or memorize any other information other than biometrics. However, since biometric information is sensitive and could be permanently unavailable in case of revealing that information just once, it is essential to preserve privacy of biometrics. In addition, since noise is inherent in the user of biometric recognition technologies, the biometric authentication needs to handle the noise. Recently, biometric authentication protocols using fuzzy extractor have been actively researched, but the fuzzy extractor-based authentication has a problem that a user should memorize an additional information, called helper data, to deal with their noisy biometric information. In this paper, we propose a novel biometric authentication protocol using Hidden Vector Key Encapsulation Mechanism(HV-KEM) which is one of functional encryption schemes. A primary advantage of our protocol is that a user does not need to possess or memorize any additional information. We propose security requirements of HV-KEM necessary for constructing biometric authentication protocols, and analyze our proposed protocol in terms of correctness, security, and efficiency.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.11 no.1
• /
• pp.59-67
• /
• 2015

A novel authentication mechanism is biometric authentication where users are identified by their measurable human characteristics, such as fingerprint, voiceprint, and iris scan. The technology of biometrics is becoming a popular method for engineers to design a more secure user authentication scheme. In terms of physiological and behavioral human characteristics, biometrics is used as a form of identity access management and access control, and it services to identity individuals in groups that are under surveillance. In this article, we review the biometric-based authentication protocol by Althobati et al. and provide a security analysis on the scheme. Our analysis shows that Althobati et al.'s scheme does not guarantee server-to-user authentication. The contribution of the current work is to demonstrate this by mounting threat of data integrity and bypassing the gateway node on Althobati et al.'s scheme. In addition, we analysis the security vulnerabilities of Althobati et al.'s protocol.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.40 no.1
• /
• pp.132-141
• /
• 2015

There might have been weakness in securing user authentication or verification with real time service approach, while existing unimodal biometric authentication has been used mainly for user identification and recognition. Accordingly, it is essential to research and develop ways that upgrade security performance with multi biometric based real time authentication and verification technology. This paper focused to suggest binding assignment and strategy for developing multi biometric authentication technology through investigation of advanced study and patents. Description includes introduction, technology outline, technology trend, patent analysis, and conclusion.

• Journal of Information Technology Applications and Management
• /
• v.27 no.2
• /
• pp.1-21
• /
• 2020

The purpose of this study is to investigate the behavioral factors affecting the security attitude and intention to use biometrics password based on the protection motivation theory. This study also investigates security awareness training to understand trust, privacy, and security vulnerability regarding biometric authentication password. This empirical analysis reveals security awareness training boosts the protection motivational factors that affect on the behavior and intention of using biometric authentication passwords. This study also indicates that biometric authentication passwords can be used when the overall belief in a biometric system is present. After all, security awareness training enhances the belief of biometric passwords and increase the motivation to protect security threats. The study will provide insights into protecting security vulnerability with security awareness training.

• ETRI Journal
• /
• v.32 no.6
• /
• pp.950-960
• /
• 2010

In response to increased security concerns, biometrics is becoming more focused on overcoming or complementing conventional knowledge and possession-based authentication. However, biometric authentication requires special care since the loss of biometric data is irrecoverable. In this paper, we present a biometric authentication framework, where several novel techniques are applied to provide security and privacy. First, a biometric template is saved in a transformed form. This makes it possible for a template to be canceled upon its loss while the original biometric information is not revealed. Second, when a user is registered with a server, a biometric template is stored in a special form, named a 'soft vault'. This technique prevents impersonation attacks even if data in a server is disclosed to an attacker. Finally, a one-time template technique is applied in order to prevent replay attacks against templates transmitted over networks. In addition, the whole scheme keeps decision equivalence with conventional face authentication, and thus it does not decrease biometric recognition performance. As a result, the proposed techniques construct a secure face authentication framework in open networks.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.11 no.9
• /
• pp.3548-3557
• /
• 2010

Security enhancement technologies are required to preventing phishing and pharming attacks on Internet banking. One-time password(OTP) should be used with certificate for enhancing user authentication and security performance. However, existing OTP technique is weak on MITM(Man-In-The-Middle) attack and synchnonization should be provided on OTP system. Therefore, more advanced mechanism such as combining biometic data with OTP can be suggested to enhancing security on authentication system. In this paper, we designed and implemented a multifactor authentication system using one-time biometric template to generate unique authentication data after adapting biometric transform on each user's biometric data.

• Journal of Industrial Convergence
• /
• v.20 no.11
• /
• pp.191-196
• /
• 2022

In the fintech field, financial transactions with smart phones are actively conducted. User authentication technology is essential for safe financial transactions. PIN authentication through the existing security keypads is convenient to input but has weaknesses in security and others. The biometric authentication technique is secure, but there is a possibility of false positive and false negative authentication. To compensate for this, two-factor authentication is used. In this paper, we propose the 1.5-factor authentication that can increase convenience and security through PIN input with biometric authentication. It provides the stability of fingerprint authentication and convenience of two or three PIN inputs, and this makes safe financial transaction possible. Since biometric authentication is performed at the same time when entering PIN, while security is required by applying fingerprint authentication to the area touched while entering PIN. The User authentication is performed while ensuring convenience to input through additional PIN input in situations where high safety is required, and Safe financial transactions are possible.

• Journal of the Korea Convergence Society
• /
• v.7 no.1
• /
• pp.49-55
• /
• 2016

In a delegate authentication, a user can lend his/her own authentication data to the third parties to let them be authenticated instead of himself/herself. The user authentication schemes based on the memory of unique data such as password, are vulnerable to this type of attack. Biometric authentication could minimize the risk of delegate authentication since it uses the biometric data unique by each person. Group authentication scheme is used to prove that each group member belongs to the corresponding group. For applications such as an electronic voting or a mobile meeting where the number of group members is changing dynamically, a new group authentication method is needed to reflect the status of group in real time. In this paper, we propose biometric authentication based dynamic group signature scheme. The proposed scheme is composed of biometric key generation, group public key creation, group signature generation, group signature verification and member update protocols. The proposed member update protocol is secure against colluding attacks of existing members and could reflect group status in real time.

• Journal of Digital Convergence
• /
• v.11 no.11
• /
• pp.795-801
• /
• 2013

As the life which existed only offline has changed into a life part of which is led online, it is an important problem to identify whether an online user is legitimate one or not. Biometric authentication technology was developed to identify the user more correctly either online or in offline daily life. Biometric authentication is a technology where a person is identified by his or her unique characteristics, and is highlighted as a next-generation authentication technology replacing password. There are various kinds of traits unique to each individual, and biometric authentication technologies drawing on such traits use various devices and algorithms. Firstly, this paper classified such various biometric authentication technologies, and analyzed the effects of them when they are applied on smartphone, smartwatch and M2M of the different devices platforms. Secondly, it suggested the effectiveness-based AIB(Authentication for Integrated Biometrics) authentication technique, a comprehensive authentication technique, which can be used in different devices platforms. We have successfully included the establishment scheme of the effectiveness authentication using biometrics.