• The Journal of the Korea Contents Association
• /
• v.19 no.7
• /
• pp.421-426
• /
• 2019

Nowadays, various type of technologies are used for user authentication, such as knowledge based(ID/PW, etc.) authentication, biometric based(Iris/fingerprint/vein recognition) authentication, ownership based(OTP, security card, etc.) authentication. ID/PW authentication technology, a knowledge based authentication, despite the advantages of low in implementation and maintenance costs and being familiar to users, there are disadvantages of vulnerable to hacking attacks, Other authentication methods solve the vulnerability in ID/PW authentication technology, but they have high initial investment cost and maintenance cost and troublesome problem of reissuance. In this paper, we proposed to improve security and convenience over existing ID/PW based authentication technology, and to secure user authentication without restriction on the devices used for authentication.

• The Journal of the Korea Contents Association
• /
• v.15 no.11
• /
• pp.501-508
• /
• 2015

Most web sites, information systems use the ID/Password technique to identify and authenticate users. But ID/Password technique is vulnerable to security. The user must remember the ID/Password and, the password should include alphabets, numbers, and special characters, not to be predicted easily. User also needs to change your password periodically. In this paper, we propose the user authentication method that the user authentication information stored in the external storage to authenticate a user. If another person knows the ID/Password, he can't log in a system without the external storage. Whenever a user logs in a system, authentication information is generated, and is stored in the external storage. Therefore, the proposed user authentication method is the traditional ID/Password security technique, but it enhances security and, increases user convenience.

• The Journal of the Korea Contents Association
• /
• v.18 no.9
• /
• pp.141-148
• /
• 2018

Currently, the user authentication technology used by users to access multiple applications within an organization is being applied with ID/PW-based SSO technology. These user authentication methods have the fundamental disadvantages of ID/PW and SSO. This means that security vulnerabilities in ID/PW can lead to periodic changes in PWs and limits on the number of incorrect PW inputs, and SSO adds high cost of the SSO server, which centrally stores the authentication information, etc. There is also a fundamental vulnerability that allows others to freely use other people's applications when they leave the portal application screen with SSO. In this paper, we proposed an app-based 2-channel authentication scheme to fundamentally eliminate problems with existing ID/PW-based SSO user authentication technologies. To this end, it distributed centralized user authentication information that is stored on SSO server to each individual's smartphone. In addition, when users access a particular application, they are required to be authenticated through their own smartphone apps.

• The KIPS Transactions:PartC
• /
• v.15C no.2
• /
• pp.125-132
• /
• 2008

As the development of Internet technology, the number of IDs managed by each individuals has been increased. And many software development institutes have developed ID/PW management solutions to facilitate secure and convenient management of ID/PW. However, these solutions also can be vulnerable in case of administrator's password exposure. Thus, we need to derive security requirements from the vulnerability analysis of these solutions, also we need evaluation criteria for secure ID/PW management solution development. In this paper, we analyze the vulnerability of ID/PW management solution and propose the evaluation criteria for secure ID/PW management solution.

• The Journal of the Korea Contents Association
• /
• v.17 no.7
• /
• pp.571-578
• /
• 2017

In order to approach information system through smart device and pc, user has to authenticate him or herself via user authentication. At that time when user tries reaching the system, well-used user authentication technologies are ID/PW base, OTP, certificate, security card, fingerprint, etc. The ID/PWbased method is familiar to users, however, it is vulnerable to brute force cracking, keylogging, dictionary attack. so as to protect these attacks, user has to change the passwords periodically as per password combination instructions. In this paper, we designed and implemented a user authentication system using smartphone's USIM without using password while enhancing security than existing ID / PW based authentication technology.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.21 no.1
• /
• pp.61-71
• /
• 2017

ARP Spoofing is a basic and core hacking technology for almost all sniffing. It makes change the flow of packets by faking the 2nd layer MAC address. In this paper we suggested an efficient hacking technology for sniffing remote servers in the switched network environment. The suggested 'Faked ARP Reply Unicast Spoofing' makes the bidirectional packets sniffing possible between the client and server, and it makes simplify the procedures for ARP sniffing and hacking program. In this paper we researched the network hacking and implementation technologies based on the suggested ARP spoofing. And we researched various types of servers hacking such as Root ID and PW of Telnet/FTP server, Root ID and PW of MySQL DB server, ID and PW of Web Portal Server, and account information and transaction history of Web Banking Server. And also we researched the implementation techniques of core hacking programs for the ARP Spoofing.

• The Journal of the Korea Contents Association
• /
• v.14 no.11
• /
• pp.533-540
• /
• 2014

As for the application system or the user authentication scheme that is used in the system, various technologies including simple ID/PW, certificate, fingerprint/iris, phone, security card, and OTP are being used. But simple ID/PW and phone certification lack security features. As for the certificate, fingerprint/iris, and security card/OTP, the weakness in security has been quite strengthened, but there are costs and complexity involved to use these. This paper proposes a new measure of much safer and low-cost user authentication that improves the security level and uses mobile external storage media such as USB that people commonly have.

• The Journal of the Korea Contents Association
• /
• v.19 no.12
• /
• pp.416-424
• /
• 2019

The authentication technologies used to access computers in both IT and operational technology (OT) network areas include ID/PW, public certificate, and OTP. These authentication technologies can be seen as reflecting the nature of the business-driven IT network. The same authentication technologies is used in SCADA control networks where the operational technology is centered. However, these authentication technologies do not reflect the characteristics of the OT control network environment, which requires strict control. In this paper, we proposed a new enhanced user authentication method suitable for the OT SCADA control network centered on control information processing, utilizing the physical terminal address and operator location information characteristics of the operator's mobile terminal and control network.

• Proceedings of the Korea Multimedia Society Conference
• /
• 2012.05a
• /
• pp.46-49
• /
• 2012

스마트워크 환경에서 널리 보급된 인증 방법인 ID/PW 방식은 구현이 간편하지만, 보안 강도가 약하다는 단점이 있다. 본 논문에서 제안하는 얼굴 인식 인증 시스템은 ID/PW 방법과 함께 인증 강화를 위해 사용된다. 제안 시스템의 주요한 특징은 Android 4.0 등의 얼굴 인식 기술의 단점으로 지적되고 있는 사용자 사진만 사용해서 잠금이 해제되는 의도적인 얼굴 인식 회피시도를 사전에 예방한다. 또한 제안하는 시스템은 기기 검증, 생체 정보 암호화 모듈을 포함하고 있어서 보다 안전한 스마트워크 환경을 제공할 것으로 기대된다.

• Journal of Digital Convergence
• /
• v.16 no.10
• /
• pp.235-241
• /
• 2018

The printout management system should analyze the pattern of existence of personal information (resident number, card number) in the output log and users should be provided with functions such as warning message pop-up, forced printing termination, mailing to administrator, independently logs management. Authentication management can also be performed only by registered users by installing an agent on a user PC, and it should have a restriction function to permit or deny work according to user information. In addition, when printing/copying/scanning using this equipment, it is possible to use document printing and multifunction copier after ID card authentication and ID/PW should be input to device when ID card is not used. In this study, we developed these interfaces with WOWSOFT co., Ltd, a security company that has better technology than the existing printout security methods, to construct the printout management system. Also we designed the interface of basic functions necessary for printout management and contributed to the establishment of printout management system.