• 한국정보통신학회:학술대회논문집
• /
• 한국정보통신학회 2017년도 춘계학술대회
• /
• pp.258-259
• /
• 2017

최근 들어 과학기술의 발전으로 인하여 유무선 통신 환경이 통합되는 형태로 발전되고 있다. 인터넷의 발전으로 인하여 사물들이 서로 상호 연결하여 융합하는 사물인터넷 환경으로 발전되고 있다. 이러한 사물인터넷 환경 하에서의 대표적인 응용 시스템으로 홈 네트워크가 그 실 예이다. 사물인터넷을 이용한 센서 노드에서의 통신 환경은 작은 메모리 용량, 낮은 컴퓨팅 파워 등과 같은 제한적인 자원으로 인하여 기존의 암호 알고리즘을 사용을 할 수 없다. 따라서 본 논문에서는 이러한 IoT 환경 기반의 홈 네트워크 하에서의 보안을 위한 기기간의 인증을 분석하였다.

• 아태비즈니스연구
• /
• 제6권1호
• /
• pp.27-43
• /
• 2015

The objective of the present study is to identify the security factors that influence customer trust towards intention to continue using Internet banking in Malaysia. The participants are individual Internet banking users in Peninsular Malaysia. Data was collected through self-administered questionnaires distributed using the drop-off and pick-up (DOPU) technique to bank branch managers who then passed the questionnaires to their customers. A total of 413 respondents completed the questionnaires. The SPSS statistical analysis software package and Partial Least Squares statistical method were used for data analysis and hypothesis testing. The results show that authentication, confidentiality, data integrity and non-repudiation are significant factors that influence customer trust towards intention to continue using Internet banking. Trust plays a critical role in influencing the intention to continue using Internet banking in Malaysia while perceived privacy does not. An understanding of the factors identified in this study will enable Internet banking providers to effectively and efficiently enhance the security of services and thereby promote continued usage of Internet banking among customers. The findings of this study are thus expected to be of great use to Internet banking providers as improvements in Internet banking security will increase business in the long run.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제7권1호
• /
• pp.119-131
• /
• 2013

With the explosive growth of computer networks, many remote service providing servers and multi-server network architecture are provided and it is extremely inconvenient for users to remember numerous different identities and passwords. Therefore, it is important to provide a mechanism for a remote user to use single identity and password to access multi-server network architecture without repetitive registration and various multi-server authentication schemes have been proposed in recent years. Recently, Tsaur et al. proposed an efficient and secure smart card based user authentication and key agreement scheme for multi-server environments. They claimed that their scheme satisfies all of the requirements needed for achieving secure password authentication in multi-server environments and gives the formal proof on the execution of the proposed authenticated key agreement scheme. However, we find that Tsaur et al.'s scheme is still vulnerable to impersonation attack and many logged-in users' attack. We propose an extended scheme that not only removes the aforementioned weaknesses on their scheme but also achieves user anonymity for hiding login user's real identity. Compared with other previous related schemes, our proposed scheme keeps the efficiency and security and is more suitable for the practical applications.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제8권8호
• /
• pp.2930-2947
• /
• 2014

With the rapid growth of the communication technology, intelligent terminals (i.e. PDAs and smartphones) are widely used in many mobile applications. To provide secure communication in mobile environment, in recent years, many user authentication schemes have been proposed. However, most of these authentication schemes suffer from various attacks and cannot provide provable security. In this paper, we propose a novel remote user mutual authentication scheme for multi-server environments using elliptic curve cryptography (ECC). Unlike other ECC-based schemes, the proposed scheme uses ECC in combination with a secure hash function to protect the secure communication among the users, the servers and the registration center (RC). Through this method, the proposed scheme requires less ECC-based operations than the related schemes, and makes it possible to significantly reduce the computational cost. Security and performance analyses demonstrate that the proposed scheme can solve various types of security problems and can meet the requirements of computational complexity for low-power mobile devices.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제12권4호
• /
• pp.1779-1798
• /
• 2018

Heterogeneous wireless sensor networks (HEWSN) is a kind of wireless sensor networks (WSN), each sensor may has different attributes, HEWSN has been widely used in many aspects. Due to sensors are deployed in unattended environments and its resource constrained feature, the design of security and efficiency balanced authentication scheme for HEWSN becomes a vital challenge. In this paper, we propose a secure and lightweight user authentication and key agreement scheme based on biometric for HEWSN. Firstly, fuzzy extractor is adopted to handle the user's biometric information. Secondly, we achieve mutual authentication and key agreement among three entities, which are user, gateway and cluster head in the four phases. Finally, formal security analysis shows that the proposed scheme defends against various security pitfalls. Additionally, comparison results with other surviving relevant schemes show that our scheme is more efficient in term of computational cost, communication cost and estimated time. Therefore, the proposed scheme is well suitable for practical application in HEWSN.

• 인터넷정보학회논문지
• /
• 제13권1호
• /
• pp.15-25
• /
• 2012

모바일 IP 환경 내 MN의 이동 과정에서 인증은 초기화되고, 이러한 시작점으로부터 과도한 비용이 발생한다는 전제하에 현재까지 연구는 특정 상황에서의 비용 감소의 요구사항을 명확히 제시하지 못하고 있다. 본 논문에서는 이런 점에 착안한 제안 기법은 계층적 AAA (Authorization, Authentication, Accounting)로부터 발전되어 빠른 인증과 Diameter 프로토콜 기반의 모바일 IP를 지원하며, AAA 서버는 LMA (Local Mobility Anchor)에 배치하여 짧고 간단한 빠른 이동 인증과 계층적 인증을 통해 도메인 내 인증에서의 비용을 줄여준다. 제안하는 Proxy-AAA 기법은 기존 인증기법들과 바인딩 업데이트 기법들을 개선하였으며 도메인 내 이동과 인증뿐만 아니라 도메인 간에서도 적용된다. 이를 수학적 모델링과 성능 평가를 통해 기존의 단점을 보완할 수 있음을 보여준다.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제10권9호
• /
• pp.4508-4528
• /
• 2016

Widespread use of wireless networks has drawn attention to ascertain confidential communication and proper authentication of an entity before granting access to services over insecure channels. Recently, Truong et al. proposed a modified dynamic ID-based authentication scheme which they claimed to resist smart-card-theft attack. Nevertheless, we find that their scheme is prone to smart-card-theft attack contrary to the author's claim. Besides, anyone can impersonate the user as well as service provider server and can breach the confidentiality of communication by merely eavesdropping the login request and server's reply message from the network. We also notice that the scheme does not impart user anonymity and forward secrecy. Therefore, we present another authentication scheme keeping apart the threats encountered in the design of Truong et al.'s scheme. We also prove the security of the proposed scheme with the help of widespread BAN (Burrows, Abadi and Needham) Logic.

• 한국인터넷방송통신학회논문지
• /
• 제12권6호
• /
• pp.91-98
• /
• 2012

허가받지 않은 접근을 통해 위험에 노출될 수 있는 자원을 보호하기 위해 패스워드 기반의 인증 스킴들이 최근에 폭넓게 채택되어 사용되고 있다. 2008년에 Liu 등은 위조공격에 견딜 수 있는 패스워드 기반의 스마트카드를 사용하는 새로운 상호인증 스킴을 제안하였다. 본 논문은 안전성 분석을 통해 Liu 등의 스킴이 여전히 다양한 보안 공격에 취약함을 증명한다. 아울러, 공격자가 스마트카드에 저장된 비밀 정보를 불법으로 취득한 겅우에도 이러한 보안상의 약점을 극복하면서 동시에 사용자와 원격 인증서버 간 상호인증을 제공하는 개선된 스킴을 제안한다. 저자는 본 연구에서 안전성 분석과 결과 비교를 통해, 제안하는 스킴이 Liu 등의 스킴에 비하여 다양한 공격들로부터 보다 안전하고 효율적인 스킴임을 보여준다.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제9권12호
• /
• pp.4987-5014
• /
• 2015

The bilinear pairing, also known as Weil pairing or Tate pairing, is widely used in cryptography and its properties help to construct cryptographic schemes for different applications in which the security of the transmitted data is a major concern. In remote login authentication schemes, there are two major requirements: i) proving the identity of a user and the server for legitimacy without exposing their private keys and ii) freedom for a user to choose and change his password (private key) efficiently. Most of the existing methods based on the bilinear property have some security breaches due to the lack of features and the design issues. In this paper, we develop a new scheme using the bilinear property of an elliptic point and the biometric characteristics. Our method provides many features along with three major goals. a) Checking the correctness of the password before sending the authentication message, which prevents the wastage of communication cost; b) Efficient password change phase in which the user is asked to give a new password after checking the correctness of the current password without involving the server; c) User anonymity - enforcing the suitability of our scheme for applications in which a user does not want to disclose his identity. We use BAN logic to ensure the mutual authentication and session key agreement properties. The paper provides informal security analysis to illustrate that our scheme resists all the security attacks. Furthermore, we use the AVISPA tool for formal security verification of our scheme.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제13권12호
• /
• pp.6121-6144
• /
• 2019

Numerous privacy-preserving authentication schemes have been proposed but vehicular ad hoc networks (VANETs) still suffer from security and privacy issues as well as computation and communication overheads. In this paper, we proposed a robust conditional privacy-preserving authentication scheme based on pseudonym root with cuckoo filter to meet security and privacy requirements and reduce computation and communication overheads. In our proposed scheme, we used a new idea to generate pseudonyms for vehicles where each on-board unit (OBU) saves one pseudonym, named as "pseudonym root," and generates all pseudonyms from the same pseudonym. Therefore, OBU does not need to enlarge its storage. In addition, the scheme does not use bilinear pairing operation that causes computation overhead and has no certification revocation list that leads to computation and communication overheads. The proposed scheme has lightweight mutual authentication among all parties and just for once. Moreover, it provides strong anonymity to preserve privacy and resists ordinary attacks. We analyzed our proposed scheme and showed that it meets security and privacy requirements of VANETs and is more efficient than traditional schemes. The communication and computation overheads were also discussed to show the cost-effectiveness of the proposed scheme.