• Title/Summary/Keyword: First Password

Search Result 52, Processing Time 0.015 seconds

Hybrid PKI Public Certificate Security Method Based on Device ID (디바이스 ID 기반의 하이브리드 PKI 공인 인증 보안 기법)

  • Son, Young-Hwan;Choi, Woon-Soo;Kim, Ki-Hyun;Choi, Han-Na;Lee, Dae-Yoon;Oh, Chung-Shick;Cho, Yong-Hwan
    • Journal of the Korea Society of Computer and Information
    • /
    • v.15 no.5
    • /
    • pp.113-124
    • /
    • 2010

  • In this study, the hybrid authorization quotation technique is based on the device ID for the integrity of the source region guarantee of user certificate, in order to improve the convenience and security for user in the hybrid PKI certificate Mechanism for authentication. The feature of the model in which it is presented from this paper is 5. First, because the user can select the policy himself in which it matches with each authentication situation and security level, the convenience can be improved. Second, the integrity of the source region of the user certificate can be guaranteed through the comparison of the DLDI Key, that is the hash-value of the device ID. Third, the security can be improved by continuously changing an encoding, and the value of the key in which it decodes through the EOTP Key. Fourth, the index value is added to a certificate, and the storage of a certificate is possible at the Multi-Device. Fifth, since the addi the inan aratus for the integrity of the source region guarantee of a certificate is not needed, the authentication process time can be reduced and the computational load of the certificate server can be reduced also.

  • https://doi.org/10.9708/jksci.2010.15.5.113 인용 PDF KSCI

Shoulder Surfing Attack Modeling and Security Analysis on Commercial Keypad Schemes (어깨너머공격 모델링 및 보안 키패드 취약점 분석)

  • Kim, Sung-Hwan;Park, Min-Su;Kim, Seung-Joo
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.24 no.6
    • /
    • pp.1159-1174
    • /
    • 2014

  • As the use of smartphones and tablet PCs has exploded in recent years, there are many occasions where such devices are used for treating sensitive data such as financial transactions. Naturally, many types of attacks have evolved that target these devices. An attacker can capture a password by direct observation without using any skills in cracking. This is referred to as shoulder surfing and is one of the most effective methods. There has been only a crude definition of shoulder surfing. For example, the Common Evaluation Methodology(CEM) attack potential of Common Criteria (CC), an international standard, does not quantitatively express the strength of an authentication method against shoulder surfing. In this paper, we introduce a shoulder surfing risk calculation method supplements CC. Risk is calculated first by checking vulnerability conditions one by one and the method of the CC attack potential is applied for quantitative expression. We present a case study for security-enhanced QWERTY keyboard and numeric keypad input methods, and the commercially used mobile banking applications are analyzed for shoulder surfing risks.

  • https://doi.org/10.13089/JKIISC.2014.24.6.1159 인용 PDF KSCI HTML