• Journal of Korea Multimedia Society
• /
• v.12 no.4
• /
• pp.540-549
• /
• 2009

An arbitrary mobile device configures Ad-hoc network to provide the transmission of a data and services using wireless communications. A mobile device requires authentication and encryption key management to securely communicate in the Ad-hoc network. This paper examines the trend of the authentication in the Ad-hoc network and the group key management and suggests the plan for ID-based mutual authentication and group key establishment. ID-based mutual authentication in proposed scheme uses zero knowledge in the absence of shared information and is applied to establish a session key and group key. In addition, the proposed scheme is applied to Ad-hoc network to increase the efficiency and the safety of security technology.

• The KIPS Transactions:PartC
• /
• v.15C no.6
• /
• pp.469-480
• /
• 2008

The recently proposed RFID(Radio Frequency Identification) authentication protocol based on a hash function can be divided into two types according to the type of information used for authentication between a reader and a tag: either a value fixed or one updated dynamically in a tag memory. In this paper, we classify the protocols into a static ID-based and a dynamic-ID based protocol and then analyze their respective strengths and weaknesses. Also, we define a new security model including forward/backward traceability, synchronization, forgery attacks. Based on the model, we analyze the previous protocols and propose a new dynamic-ID based RFID mutual authentication protocol. Our protocol provide enhanced RFID user privacy compared to previous protocols and identify a tag efficiently in terms of the operation quantity of a tag and database.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.12 no.1
• /
• pp.3-10
• /
• 2002

This paper proposes an ID-based entity-aunthentication and authenticated key exchange protocol with ECC via two-pass communications between two parties who airs registered to the trusted third-party KC in advance. The proposed protocol developed by applying ECDSA and Diffie-Hellman key exchange scheme to the ID-based key distribution scheme over ECC proposed by H. Sakazaki, E. Okamoto and M. Mambo(SOM scheme). The security of this protocol is based on the Elliptic Curve Discrete Logarithm Problem(ECDLP) and the Elliptic Curve Diffie-Hellman Problem(ECDHP). It is strong against unknown key share attack and it provides the perfect forward secrecy, which makes up for the weakness in SOM scheme,

• Journal of Digital Convergence
• /
• v.11 no.2
• /
• pp.309-316
• /
• 2013

Machine-to-machine (M2M) communication occurs when devices exchange information independent of human intervention. Prominent among the technical challenges to M2M communication are security issues, such as eavesdropping, spoofing, modification, and privacy violation. Hence, it is very important to establish secure communication. In this paper, we propose a remote authentication scheme, based on dynamic ID, which provides secure communication while avoiding exposure of data through authentication between the M2M domain and the network domain in the M2M architecture. We then prove the correctness and security of the proposed scheme using a logic-based formal method.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.13 no.1
• /
• pp.273-278
• /
• 2013

Recently, user authentication schemes using smart cards for multi-server environment have been proposed for practical applications. In 2009, Liao-Wang proposed a secure dynamic ID based remote user authentication scheme for multi-server environment that can withstand the various possible attacks and provide user anonymity. In this paper, we analyze the security of Liao-Wang's scheme, and we show that Liao-Wang's scheme is still insecure against the forgery attack, the password guessing attack, the session key attack, and the insider attack. In addition, Liao-Wang's scheme does not provide user anonymity between the user and the server.

• The Journal of the Korea Contents Association
• /
• v.14 no.11
• /
• pp.533-540
• /
• 2014

As for the application system or the user authentication scheme that is used in the system, various technologies including simple ID/PW, certificate, fingerprint/iris, phone, security card, and OTP are being used. But simple ID/PW and phone certification lack security features. As for the certificate, fingerprint/iris, and security card/OTP, the weakness in security has been quite strengthened, but there are costs and complexity involved to use these. This paper proposes a new measure of much safer and low-cost user authentication that improves the security level and uses mobile external storage media such as USB that people commonly have.

• The KIPS Transactions:PartC
• /
• v.10C no.3
• /
• pp.273-280
• /
• 2003

When an existing user authorization systems in Grid access many user to local system and subject DN (Distinguished Name) in a user-proxy authenticate and ID in local system is one-to-one mapping, they have difficulties in ID management, memory resource management and resource management. At this, a variety of subject DN is shared of one local ID in an existing Grid. But this faces many difficulties in applying all requirements for many Grid users. Thus, we suppose user authorization system based on a certificate not them based on ID in this paper. That is, we add user's access level to extension field in a certificate, and make a supposed authorization system decide access limitation level on resources instead of an existing ID mapping methods.

• The Transactions of the Korean Institute of Electrical Engineers P
• /
• v.54 no.4
• /
• pp.217-223
• /
• 2005

In this paper, we have proposed a secure dynamic ID allocation protocol using mutual authentication on the RFID tag. Currently, there are many security protocols focused on the low-price RFID tag. The conventional low-price tags have limitation of computing power and rewritability of memory. The proposed secure dynamic ID allocation protocol targets to the high-performance RFID tags which have more powerful performance than conventional low-price tag by allocating a dynamic ID to RFID using mutual authentication based on symmetric encryption algorithm. This protocol can be used as a partial solution for ID tracing and forgery.

• IEIE Transactions on Smart Processing and Computing
• /
• v.3 no.5
• /
• pp.298-305
• /
• 2014

In this study, a novel Randomly Shifted Certification Authority Authentication protocol was used in ad hoc networks to provide authentication by considering the MAC layer characteristics. The nodes achieve authentication through the use of public key certificates issued by a CA, which assures the certificate's ownership. As a part of providing key management, the active CA node transfers the image of the stored public keys to other idle CA nodes. Finally the current active CA randomly selects the ID of the available idle CA and shifts the CA ownership by transferring it. Revoking is done if any counterfeit or duplicate non CA node ID is found. Authentication and integrity is provided by preventing MAC control packets, and Enhanced Hash Message Authentication Code (EHMAC) can be used. Here EHMAC with various outputs is introduced in all control packets. When a node transmits a packet to a node with EHMAC, verification is conducted and the node replies with the transmitter address and EHMAC in the acknowledgement.

• Journal of the Korea Society of Computer and Information
• /
• v.19 no.10
• /
• pp.99-106
• /
• 2014

In this paper, we analyze weaknesses of the biometrics-based user authentication scheme proposed by An. The result of analysis An's authentication scheme by the login success scenario proposed in this paper, if the attacker successes to get user's random number, he/she can pass user authentication phase of the legal server. Also the biometrics guessing scenario proposed in this paper shows the legal user's the biometric information is revealed in lost smart card. Since An's authentication scheme submit user ID and biometrics in plain text to the server, it is very vulnerable to inner attack and it is not provide the user anonymity to the server as well as the one to the third by user ID in plain text. Besides An's authentication scheme is contextual error too, due to this, it has weakness and so on that it did not check the validity of the smart card holder.