• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제10권1호
• /
• pp.395-413
• /
• 2016

Image authentication is a technique aiming at protecting the integrity of digital images. Reversible image authentication has attracted much attention of researcher because it allows to authenticate tampered regions in the image and to reconstruct the stego image to its original version losslessly. In this paper, we propose a new, reversible image authentication scheme based on adaptive prediction error expansion (PEE) technique. In the proposed scheme, each image block is classified into smooth or complex regions. Then, according to the characteristic of each block, the authentication code is embedded adaptively to achieve high performance of tamper detection. The experimental results demonstrated that the proposed scheme achieves good quality of stego images. In addition, the proposed scheme has ability to reconstruct the stego image to its original version, if no modification is performed on it. Also demonstrated in the experimental results, the proposed scheme provides higher accuracy of tamper detection than state-of-the-art schemes.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제11권12호
• /
• pp.6169-6187
• /
• 2017

With the fast growth of mobile services, Mobile Cloud Computing(MCC) has gained a great deal of attention from researchers in the academic and industrial field. User authentication and privacy are significant issues in MCC environment. Recently, Tsai and Lo proposed a privacy-aware authentication scheme for distributed MCC services, which claimed to support mutual authentication and user anonymity. However, Irshad et.al. pointed out this scheme cannot achieve desired security goals and improved it. Unfortunately, this paper shall show that security features of Irshad et.al.'s scheme are achieved at the price of multiple time-consuming operations, such as three bilinear pairing operations, one map-to-point hash function operation, etc. Besides, it still suffers from two minor design flaws, including incapability of achieving three-factor security and no user revocation and re-registration. To address these issues, an enhanced and provably secure authentication scheme for distributed MCC services will be designed in this work. The proposed scheme can meet all desirable security requirements and is able to resist against various kinds of attacks. Moreover, compared with previously proposed schemes, the proposed scheme provides more security features while achieving lower computation and communication costs.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제10권3호
• /
• pp.1467-1480
• /
• 2016

This paper proposes "A Black Hole Detection Protocol Design based on a Mutual Authentication Scheme on VANET." It consists of the Mutual Authentication Scheme (MAS) that processes a Mutual Authentication by transferring messages among a Gateway Node, a Sensor Node, and a User Node and the Black Hole Detection Protocol (BHDP) which detects a Non-Authentication Node by using the Session Key computed in the MAS and a Black Hole by using the Broadcasting Table. Therefore, the MAS can reduce the operation count of hash functions more than the existing scheme and protect a privacy from an eavesdropping attack and an information exposure by hashing a nonce and user's ID and password. In addition, the MAS prevents a replay attack by using the randomly generated nonce and the time stamp. The BHDP improves Packet Delivery ratio and Throughput more than the AODV with Black hole by 4.79% and 38.28Kbps. Also, it improves Packet Delivery ratio and Throughput more than the IDSAODV by 1.53% and 10.45Kbps. Hence it makes VANET more safe and reliable.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제12권1호
• /
• pp.523-549
• /
• 2018

The increasing number of subscribers and demand of multiplicity of services has turned Multi-Server Authentication (MSA) into an integral part of remote authentication paradigm. MSA not only offers an efficient mode to register the users by engaging a trusted third party (Registration Centre), but also a cost-effective architecture for service procurement, onwards. Recently, Lu et al.'s scheme demonstrated that Mishra et al.'s scheme is unguarded to perfect forward secrecy compromise, server masquerading, and forgery attacks, and presented a better scheme. However, we discovered that Lu et al.'s scheme is still susceptible to malicious insider attack and non-compliant to perfect forward secrecy. This study presents a critical review on Lu et al.'s scheme and then proposes a secure multi-server authentication scheme. The security properties of contributed work are validated with automated Proverif tool and proved under formal security analysis.

• 한국인터넷방송통신학회논문지
• /
• 제16권1호
• /
• pp.1-5
• /
• 2016

최근 신용 카드, 멤버쉽 카드, 쿠폰 등을 모아서 관리할 수 있는 올인원 서비스가 활성화되고 있다. 특히 오프라인 결제와 연계하여 O2O(Online to Offline)의 핵심 서비스로 등장하고 있다. 이러한 기업과의 모바일 상거래를 위해서는 고객의 인증 작업을 거쳐야 하는데, 고객이 기업별로 아이디/패스워드를 저장하거나 입력하는 작업은 매우 번거롭다. 따라서 본 논문에서는 올인원 서비스에서 자동적으로 고객을 인증하는 기법을 제안한다. 회원 등록시 고객은 기업으로부터 인증 티켓을 수신한 후, 단말기에 저장한다. 인증 티켓에는 고객의 아이디와 패스워드가 기업용 대칭 키로 암호화되어 있으며 서비스 요청시 인증 티켓을 전달함으로써 자동적으로 인증 절차가 이루어진다.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제8권12호
• /
• pp.4643-4660
• /
• 2014

Integrity authentication of biometric data in Wireless Body Area Network (WBAN) is a critical issue because the sensitive data transmitted over broadcast wireless channels could be attacked easily. However, traditional cryptograph-based integrity authentication schemes are not suitable for WBAN as they consume much computational resource on the sensor nodes with limited memory, computational capability and power. To address this problem, a novel lightweight integrity authentication scheme based on reversible watermark is proposed for WBAN and implemented on a TinyOS-based WBAN test bed in this paper. In the proposed scheme, the data is divided into groups with a fixed size to improve grouping efficiency; the histogram shifting technique is adopted to avoid possible underflow or overflow; local maps are generated to restore the shifted data; and the watermarks are generated and embedded in a chaining way for integrity authentication. Our analytic and experimental results demonstrate that the integrity of biometric data can be reliably authenticated with low cost, and the data can be entirely recovered for healthcare applications by using our proposed scheme.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제8권12호
• /
• pp.4588-4603
• /
• 2014

In this paper, we present a high-quality image authentication scheme based on absolute moment block truncation coding. In the proposed scheme, we use the parity of the bitmap (BM) to generate the authentication code for each compressed image block. Data hiding is used to authenticate whether the content has been altered or not. For image authentication, we embed the authentication code to quantization levels of each image block compressed by absolute moment block truncation coding (AMBTC) which will be altered when the host image is manipulated. The embedding position is generated by a pseudo-random number generator for security concerned. Besides, to improve the detection ability we use a hierarchical structure to ensure the accuracy of tamper localization. A watermarked image can be precisely inspected whether it has been tampered intentionally or incautiously by checking the extracted watermark. Experimental results demonstrated that the proposed scheme achieved high-quality embedded images and good detection accuracy, with stable performance and high expansibility. Performance comparisons with other block-based data hiding schemes are provided to demonstrate the superiority of the proposed scheme.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제10권12호
• /
• pp.5572-5595
• /
• 2016

Multi-server authentication enables the subscribers to enjoy an assortment of services from various service providers based on a single registration from any registration centre. Previously, a subscriber had to register from each service provider individually to avail respective services relying on single server authentication. In the past, a number of multi-server authentication techniques can be witnessed that employed lightweight and even computationally intensive cryptographic operations. In line with this, Zhu has presented a chaotic map based multi-server authentication scheme recently, which is not only vulnerable to denial-of-service attack, stolen-verifier attack, but also lacks anonymity. This research aims at improving the Zhu's protocol in terms of cost and efficiency. Moreover, the comparative study is presented for the performance of improved model against the existing scheme, and the security of proposed model is formally proved using BAN Logic.

• 한국정보통신학회:학술대회논문집
• /
• 한국해양정보통신학회 1999년도 추계종합학술대회
• /
• pp.305-311
• /
• 1999

IETF(Internet Engineering Task Force)의 RFC 2069에서는 HTTP 1.1에 DAA(Digest Access Authentication)방안 채택을 권고하고 있다. 클라이언트가 Web 서버내의 접근보호가 필요한 URI(Uniform Resource Identifier)자원에 접근하고자 할 경우, BAA(Basic Access Authentication)에서는 사용자 패스워드가 네트워크 상에 노출된 상태로 인증이 이루어지기 때문에 안전한 사용자 인증 방안이라고 할 수 없다. 반면에, DAA방안에서는 MAC(Message Authentication Code)를 사용하여 사용자 패스워드를 노출시키지 않고 인증이 이루어지기 때문에 BAA방안보다 안전한 인증 방법이다. 하지만, 이의 문제점은 Web서버와 클라이언트간에 교환되는 메시지에 비밀성 암호서비스를 지원하지 못하고 있다. 본 논문에서는 DAA를 확장하여 Web서버와 클라이언트간에 비밀성 보안서비스를 지원하는 방안을 제안하였다.

• 디지털산업정보학회논문지
• /
• 제10권2호
• /
• pp.83-89
• /
• 2014

An increasing number of children are now using the Internet. They are starting at a younger age, using a variety of devices and spending more time online. It becomes an important problem to protect the children in online environment. The Internet can be a major channel for their education, creativity and self-expression. However, it also carries a spectrum of risks to which children are more vulnerable than adults. In order to solve these problems, we suggested a binding model of user attributes for enhanced user authentication. We also studied the requirements and prerequisites of a binding model of user attributes. In this paper we described the architecture of binding model of user attributes and showed the effectiveness of the suggested model using simulation. This model can be utilized to enhanced user authentication and service authorization.