• KIPS Transactions on Computer and Communication Systems
• /
• 제2권11호
• /
• pp.503-510
• /
• 2013

Recently, the rapid development of network technology has enabled people to use various services on the internet. However, the existing password-based user authentication system used in the internet environment requires a password table, which is a potential security threat as it could be leaked by an insider. To solve this issue, remote user authentication methods that do not require a user password table have been proposed. Regarding remote user authentication using a smart card in particular, various methods have been suggested to reduce expenses and to improve stability and efficiency, but the possibility of impersonation attacks and password-guessing attacks using information saved in a user's smart card still exist. Therefore, this study proposes a remote user authentication method that can safeguard against impersonation attacks and password guessing attacks, by analyzing weak points of conventional methods and creating a smart card's ID and password that are based on the user's ID and password.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• 제12권6호
• /
• pp.91-98
• /
• 2012

Password-based authentication schemes have been widely adopted in order to protect resources from unauthorized access. In 2008, Liu et al. proposed a new mutual authentication scheme using smart cards which can withstand the forged attack. In this paper, author has proven that Liu et al.'s scheme is still vulnerable to the various attacks by analyzing the security of their scheme. This paper introduces an enhanced scheme to overcome these security weakness and to provide mutual authentication between the user and the server, even if the secrete information stored in the smart card is revealed by an attacker. The comparative result from the security analysis demonstrates that the proposed scheme is more secure against the possible attacks than Liu et al.'s scheme.

• Journal of Internet Computing and Services
• /
• 제9권5호
• /
• pp.23-34
• /
• 2008

The number of web service user is increasing steadily as web-based service is offered in various form. But, web service has a vulnerability such as SQL Injection, Parameter Injection and DoS attack. Therefore, it is required for us to develop Web IDS system and additionally to offer Rule-base intrusion detection/response mechanism against those attacks. However, existing Web IDS system didn't correspond properly on recent web attack mechanism because they didn't including suitable pre-processing procedure on huge web log data. Therfore, we propose an efficient web log pre-processing mechanism for enhancing rule based detection and improving the performance of web IDS base attack response system. Proposed algorithm provides both a field unit parsing and a duplicated string elimination procedure on web log data. And it is also possible for us to construct improved web IDS system.

• The Transactions of the Korea Information Processing Society
• /
• 제6권11호
• /
• pp.3011-3019
• /
• 1999

Denial of service is about knocking off services, without permission for example through crashing the whole system. This kind of attacks are easy to launch and it is hard to protect a system against them. The basic problem is that Unix assumes that users on the system or on other systems will be well behaved. This paper analyses system-based inside denial of services attack(DoS) and system metric for performance of each machine provided. And formalize the conclusions results in ways that clearly expose the performance impact of those observations. So, we present new approach. It is detecting DoS attack using performance signature for system and program behavior. We present new approach. It is detecting DoS attack using performance signature for system and program behavior. We believe that metric will be to guide to automated development of a program to detect the attack. As a results, we propose the AIDPS(Architecture for Intrusion Detection using Performance Signature) model to detect DoS attack using performance signature.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• 제27권4호
• /
• pp.831-841
• /
• 2017

This paper presents a secure and DoS-resistant fragment authentication technique for Content-Centric Networking (CCN). Our approach not only guarantees the authenticity of each fragment, but also provides a high resistance to DoS attacks through the immediate verification of fragment authenticity at interim nodes on the routing path. Our experimental results demonstrate that the proposed approach provides much stronger security than the existing approach, without imposing a significant overhead.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• 제11권6호
• /
• pp.303-310
• /
• 2011

Recently, many user authentication schemes using smart cards have been proposed to improve the security weaknesses in user authentication process. In 2009, Wang et al. proposed a more effective and secure dynamic ID-based remote user authentication scheme to improve the security weakness of Das et al.'s scheme, and asserted that the improved scheme is secure against independent of password in authentication phase and provides mutual authentication between the user and the remote server. However, in this paper, we analyze the security of Wang et al. scheme and demonstrate that Wang et al.'s scheme is vulnerable to the man-in-the-middle attack and the off-line password guessing attack. In addition, we show that Wang et al. scheme also fails to provide mutual authentication. Accordingly, we propose an improved scheme to overcome these security weakness even if the secrete information stored in the smart card is revealed. Our proposed scheme can withstand the user impersonation attack, the server masquerading attack and off-line password guessing attack. Furthermore, this improved scheme provides the mutual authentication and is more effective than Wang et al.'s scheme in term of the computational complexities.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• 제12권1호
• /
• pp.231-237
• /
• 2012

In 2011, Das proposed an effective biometrics-based remote user authentication scheme using smart cards that can provide strong authentication and mutual authentication, while eliminating the security drawbacks of Li-Hwang's scheme. In this paper, we have shown that Das's scheme is still insecure against several attacks and does not provide mutual authentication. Also, we proposed the enhanced scheme to overcome these security weaknesses, even if the secret information stored in the smart card is revealed. As a result of security analysis, the enhanced scheme is secure against user impersonation attack, server masquerading attack, off-line password guessing attack, and insider attack. And we can see that the enhanced scheme provides mutual authentication between the user and the server.

• Journal of Internet Computing and Services
• /
• 제10권6호
• /
• pp.229-239
• /
• 2009

To solve user authentication problem, many remote user authentication schemes using password and smart card at the same time have been proposed. Due to the increasing of interest in personal privacy, there were some recent researches to provide user anonymity. In 2004, Das et al. firstly proposed an authentication scheme that guarantees user anonymity using a dynamic ID. In 2005, Chien et al. pointed out that Das et al.'s scheme has a vulnerability for guaranteing user anonymity and proposed an improved scheme. However their authentication scheme was found some weaknesses about insider attack, DoS attack, and restricted replay attack. In this paper, we propose an enhanced scheme which can remove vulnerabilities of Chien et al.'s scheme. The proposed authentication protocol prevented insider attack by using user's Nonce value and removed the restricted replay attack by replacing time stamp with random number. Furthermore, we improved computational efficiency by eliminating the exponentiation operation.

• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 한국정보보호학회 2003년도 동계학술대회
• /
• pp.483-488
• /
• 2003

XKASS(XML Key Agreement Specification)는 사용자를 통해 XKMS와 연동하여 인증서 기반으로 클라이언트를 확인하고 키 동의를 하는 프로토콜이다. 기존 XKASS 에서는 공개키 암호화 기법을 사용해 키 교환을 하는 방식과 전자서명 기법을 사용해 키 교환을 하는 방식을 사용한다 기존 XKASS의 전자서명과 공개키 방식의 암호화 해독화 방법은 인증서를 그냥 전달함으로써 사용자의 신원이 노출되는 문제점이 있고, 계산 비용이 많이 든다. 본 논문에서는 기존의 XKASS 프로토콜에서 인증서 기반 공개키 암호화 방식을 사용한 키 교환 프로토콜을 사용하지 않고 키 교환 프로토콜을 수행하여 공격자에게 사용자의 신원보호를 제공하고 계산 비용을 줄인 확장된 XKASS 방식을 제안한다. 사용자에게 제한된 priority를 주는 것으로 DoS(Denial of Service) 공격을 예방한 기존의 XKASS를 확장하여 다중 영역에 사용할 수 있도록 제안하였다.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• 제39B권1호
• /
• pp.29-37
• /
• 2014

In this paper we show that a dynamic ID authentication scheme using smart cards proposed by Tsai et al. is not secure against DoS attack and insider attack. Further we claim that their scheme may raise a security problem when a user changes his/her password. Then we come up with a security-enhanced version only with small additional computational cost. Our scheme is based on the security of cryptographic hash function and the infeasibility assumption of discrete logarithm problem. In addition, we provide details of security and computational cost analysis.