• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제9권12호
• /
• pp.4987-5014
• /
• 2015

The bilinear pairing, also known as Weil pairing or Tate pairing, is widely used in cryptography and its properties help to construct cryptographic schemes for different applications in which the security of the transmitted data is a major concern. In remote login authentication schemes, there are two major requirements: i) proving the identity of a user and the server for legitimacy without exposing their private keys and ii) freedom for a user to choose and change his password (private key) efficiently. Most of the existing methods based on the bilinear property have some security breaches due to the lack of features and the design issues. In this paper, we develop a new scheme using the bilinear property of an elliptic point and the biometric characteristics. Our method provides many features along with three major goals. a) Checking the correctness of the password before sending the authentication message, which prevents the wastage of communication cost; b) Efficient password change phase in which the user is asked to give a new password after checking the correctness of the current password without involving the server; c) User anonymity - enforcing the suitability of our scheme for applications in which a user does not want to disclose his identity. We use BAN logic to ensure the mutual authentication and session key agreement properties. The paper provides informal security analysis to illustrate that our scheme resists all the security attacks. Furthermore, we use the AVISPA tool for formal security verification of our scheme.

• 정보보호학회논문지
• /
• 제28권4호
• /
• pp.879-888
• /
• 2018

최근 국내외 핀테크의 발전과 더불어 모바일 결제 시장에서 생체 인식 기술을 이용한 FIDO(Fast IDentity Online)가 기존의 패스워드 방식을 대체하며 빠르게 성장하고 있다. 이러한 FIDO 인증은 민감한 생체정보를 처리해야 하므로 반드시 높은 보안성이 요구되는 신뢰할 수 있는 환경에서 처리가 이루어져야 한다. 그러나 이러한 신뢰할 수 있는 환경은 스마트폰의 특정 하드웨어에서 지원하므로 제조사에 의존적일 수밖에 없다. 이에 본 논문에서는 모바일 환경에서 특정 하드웨어가 탑재되지 않아도 보편적으로 안전하게 사용할 수 있는 컴플라이언스 기반의 생체정보의 분산 관리를 이용한 서버 기반의 인증 모델을 제안하고자 한다.

• 대한원격탐사학회:학술대회논문집
• /
• 대한원격탐사학회 2005년도 Proceedings of ISRS 2005
• /
• pp.678-682
• /
• 2005

IETF suggested AAA for safe and reliable user authentication on various network and protocol caused by development in internet and increase in users. Diameter standard authentication system does not provide mutual authentication and non-repudiation. AAA authentication system using public key was suggested to supplement such Diameter authentication but application in mobile service control nodes is difficult due to overhead of communication and arithmetic. ID based AAA authentication system was suggested to overcome such weak point but it still has the weak point against collusion attack or forgery attack. In this thesis, new ID based AAA authentication system is suggested which is safe against collusion attack and forgery attack and reduces arithmetic quantity of mobile nodes with insufficient arithmetic and power performance. In this thesis, cryptological safety and arithmetical efficiency is tested to test the suggested system through comparison and assessment of current systems. Suggested system uses two random numbers to provide stability at authentication of mobile nodes. Also, in terms of power, it provides the advantage of seamless service by reducing authentication executing time by the performance of server through improving efficiency with reduced arithmetic at nodes.

• 한국산학기술학회논문지
• /
• 제9권3호
• /
• pp.727-733
• /
• 2008

사용자가 안전한 WiBro 서비스를 받기 위해서 사용자 단말과 ACR(Access Control Router) 간에 인증이 선행되어야 한다. 그렇지 않을 경우, 많은 공격 위험으로부터 노출될 수 있다. 따라서 한국정보통신기술협회(TTA)에서는 휴대인터넷(와이브로) 서비스를 위한 상호 인증 절차 표준을 제정하였다. 이 표준 프로토콜은 PISIM(Portable Internet Subscriber Identity Module)을 이용하여 PE(Portable Equipment)와 ACR 간에 상호 인증을 수행한다. 그러나 표준은 인증에 필요한 메시지의 수가 대체적으로 많은 편이며 PISIM의 분실과 에러가 발생했을 경우에는 사용자는 무선인터넷 서비스를 사용할 수 없게 된다. 따라서 본 논문에서는 ACR과 PSS 간에 키 동의 프로토콜을 수행하여 PSS를 인증한다. 이때 PSS의 계산량을 지원하기 위한 PSD(Power Support Device)가 키 동의 프로토콜에 참여하게 된다. 이렇게 생성된 키는 ACR과 안전한 통신 세션을 맺고 있는 KAS(Key Authentication Server)에 PSS의 식별자와 키 정보를 암호화에서 저장한다. 끝으로 제안된 프로토콜의 안전성과 효율성을 분석한다.

• 전자공학회논문지
• /
• 제50권10호
• /
• pp.21-29
• /
• 2013

본 논문에서는 U-헬스케어를 위한 무선 매쉬 네트워크에서 고 신뢰성 있는 응급 생체 데이터 관리를 위한 정책기반의 신원 인증 및 전송 구조를 제시한다. U-헬스케어 모니터링 서비스에서 모니터링 되는 응급 생체 데이터는 생명과 직결되기 때문에 고 신뢰성 있는 생체 데이터 관리 뿐만 아니라 데이터 전송 관리가 요구된다. 좀 더 구체적으로, 측정된 생체 데이터의 신원 인증 기술과 인증된 생체 데이터의 개인 맞춤형 응급 상태 진단 기술, 응급 데이터 전송 기술이 무엇보다 중요하다. 이를 위해, 본 논문에서는 무선 매쉬 네트워크 환경에서 IEEE 11073 PHD를 확장한 정책기반 신원 인증 관리 구조 및 프로토콜, 고 신뢰성 있는 관리를 위한 정책 기반 응급 데이터 관리 구조, 신뢰성 있는 데이터 전송을 위한 무선 매쉬 네트워크 기반의 Resilient 라우팅 프로토콜을 제시한다.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제8권12호
• /
• pp.4661-4676
• /
• 2014

In Wireless Mesh Networks (WMN), an authentication technique can be compromised due to the distributed network architecture, the broadcast nature of the wireless medium and dynamic network topology. Several vulnerabilities exist in different protocols for WMNs. Hence, in this paper, we propose trust based authentication and key establishment for secure routing in WMN. Initially, a trust model is designed based on Ant Colony Optimization (ACO) to exchange the trust information among the nodes. The routing table is utilized to select the destination nodes, for which the link information is updated and the route verification is performed. Based on the trust model, mutual authentication is applied. When a node moves from one operator to another for accessing the router, inter-authentication will be performed. When a node moves within the operator for accessing the router, then intra-authentication will be performed. During authentication, keys are established using identity based cryptography technique. By simulation results, we show that the proposed technique enhances the packet delivery ratio and resilience with reduced drop and overhead.

• Journal of Communications and Networks
• /
• 제14권6호
• /
• pp.606-613
• /
• 2012

In a smart grid environment, data for the usage and control of power are transmitted over an Internet protocol (IP)-based network. This data contains very sensitive information about the user or energy service provider (ESP); hence, measures must be taken to prevent data manipulation. Mutual authentication between devices, which can prevent impersonation attacks by verifying the counterpart's identity, is a necessary process for secure communication. However, it is difficult to apply existing signature-based authentication in a smart grid system because smart meters, a component of such systems, are resource-constrained devices. In this paper, we consider a smart meter and propose an efficient mutual authentication protocol. The proposed protocol uses a matrix-based homomorphic hash that can decrease the amount of computations in a smart meter. To prove this, we analyze the protocol's security and performance.

• Journal of Information Processing Systems
• /
• 제16권3호
• /
• pp.599-611
• /
• 2020

With the application and promotion of biometric technology, biometrics has become more and more important to identity authentication. In order to ensure the privacy of the user, the biometrics cannot be stored or manipulated in plaintext. Aiming at this problem, this paper analyzes and summarizes the scheme and performance of the existing biometric authentication system, and proposes an iris-based ciphertext authentication system based on fully homomorphic encryption using the FV scheme. The implementation of the system is partly powered by Microsoft's SEAL (Simple Encrypted Arithmetic Library). The entire system can complete iris authentication without decrypting the iris feature template, and the database stores the homomorphic ciphertext of the iris feature template. Thus, there is no need to worry about the leakage of the iris feature template. At the same time, the system does not require a trusted center for authentication, and the authentication is completed on the server side directly using the one-time MAC authentication method. Tests have shown that when the system adopts an iris algorithm with a low depth of calculation circuit such as the Hamming distance comparison algorithm, it has good performance, which basically meets the requirements of real application scenarios.

• 전자통신동향분석
• /
• 제36권4호
• /
• pp.135-144
• /
• 2021

The field of user authentication in Korea has experienced new dimensions since December 2020. Accredited certificate, which had been in use for 21 years since 1999, has been abolished. Accredited certificates have provided a trust foundation for various ICT-based industrial developments; however, new changes in the authentication sector are also required due to changes in the service and policy environment. Changes in the service environment occur rapidly because of the emergence of new technologies such as AI, IoT, Bio, Blockchain, and the daily use of non-face-to-face environments caused by COVID-19. Even with changes in the service environment, user authentication remains an essential foundation for providing services. This paper summarizes the current status of user authentication techniques, analyzes major changes in the service environment (such as Metaverse) associated with user authentication, and presents the direction of authentication techniques (Decentralized, Invisible, Privacy-preserving) through the derived implications.

• 한국정보과학회논문지:정보통신
• /
• 제28권4호
• /
• pp.570-577
• /
• 2001

이동 네트워크 상에서의 인터넷 서비스가 활성화됨에 따라 이동 호스트에 대한 인증 및 비밀성이 요구되었고, 이동 호스트의 이동성에 따른 익명성 및 불추적성이 중요한 고려사항이 되었다. 본 논문에서는 이동 호스트가 도메인간을 이동하면서 노출될 수 있는 이동 호스트의 Identity의 보호를 위해 사용자 Alias를 사용하였으며, 원격 도메인에도 Alias를 사용함으로 익명성 보장 및 불추적성을 지원한 안전한 인증 프로토콜을 제시한다. 본 논문에서는 안전성을 높이기 위해서 Alias 생성시 공개키 암호 시스템을 이용하였다.