• Proceedings of the Korea Information Processing Society Conference
• /
• 2013.11a
• /
• pp.676-679
• /
• 2013

최근 피싱과 파밍으로 인한 사용자들의 피해가 속출하고 있다. 또, OTP(One Time Password)의 MITM 공격에 대한 취약성이 밝혀지면서 기존의 인증기법을 개선할 필요가 있다. 그러므로 피싱과 파밍 공격을 방지하고 OTP의 취약점을 개선한 인증기법을 제안하는 것은 매우 중요한 문제이다. 본 논문에서는 메신저를 이용한 피싱/파밍 방지기능을 제안한다. 또한 제안하는 기법은 1차로 기존과 같은 ID / PWD 방식 인증과 2차로 모바일 메신저 상에서의 인증시작버튼, 3차로 물리적인 QR코드 인식 후 인증을 하는 3단계 인증을 통해 개선한다. 제안하는 인증기법은 일상생활 속에서 많이 사용하는 메신저와 카메라 기능을 통해 진행되므로 사용자는 추가적인 기능을 배울 필요가 없으며, 친숙하게 사용할 수 있다. 피싱/파밍 공격은 물론 MITM공격에 대한 취약점을 메신저의 특징과 2차, 3차 인증단계를 이용해 막아낼 수 있을 것으로 기대된다.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.35 no.2B
• /
• pp.183-190
• /
• 2010

Recently, there is still vulnerability of attack, such as location tracking attack, replay attack, spoofing attack etc for all that is much research for Mobile RFID authentication. This paper designed method of making one time random number in DB server side unlike previously researched protocols, and it protects RFID communication from location tracking, replay attack and spoofing attack.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.22 no.1
• /
• pp.75-82
• /
• 2018

As user of mobile device increases, various user authentication methods are actively researched. The user authentication methods includes a method of using a user ID and a password, a method of using user biometric feature, a method of using location based, and a method of authenticating secondary authentication such as OTP(One Time Password) method is used. In this paper, we propose a user system which improves the problem of existing authentication method and encryption can proceed in a way that user desires. The proposed authentication system is composed of an authentication factor collection module that collects authentication factors using a mobile device, a security key generation module that generates a security key by combining the collected authentication factors, and a module that performs authentication using the generated security key module.

• Journal of the Korea Society of Computer and Information
• /
• v.16 no.11
• /
• pp.163-171
• /
• 2011

Because RFID systems use radio frequency, they have many security problems such as eavesdropping, location tracking, spoofing attack and replay attack. So, many mutual authentication protocols and cryptography methods for RFID systems have been proposed in order to solve security problems, but previous proposed protocols using AES(Advanced Encryption Standard) have fixed key problem and security problems. In this paper, we analyze security of proposed protocols and propose our protocol using OTP(One-Time Pad) and AES to solve security problems and to reduce hardware overhead and operation. Our protocol encrypts data transferred between RFID reader and tag, and accomplishes mutual authentication by one time random number to generate in RFID reader. In addition, this paper presents that our protocol has higher security and efficiency in computation volume and process than researched protocols and S.Oh's Protocol. Therefore, our protocol is secure against various attacks and suitable for lightweight RFID tag system.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.9 no.4
• /
• pp.433-438
• /
• 2014

The demanding in construction of the stand-alone networks and interconnection between convergence devices have led an increase in research on MANET and the application of MANET has been paid much attention as a Ubiquitous computing which is growing fast in the field of computer science. With performance both as hosts and routers, easy network configuration, and fast response, mobile nodes participating in MANET are suitable for Embedded computing but have vulnerable points, about lack of dynamic network topology due to mobility, network scalability, passive attacks, and active attacks which make it impossible to manage continuous security authentication service. In this study, proposes S-EKE authentication mechanism for a robust authentication based on MANET and through identify wireless environment security vulnerabilities, currently being used in OTP S/Key and DH-EKE analyzes.

• Journal of Korea Society of Industrial Information Systems
• /
• v.22 no.6
• /
• pp.17-22
• /
• 2017

In this paper, a password recognition system that can overcome a shoulder-surfing attack is developed. During the time period of password insertion, the developed system can prevent the attack and enhance the safety of the password. In order to raise the detection rate of the password image, the mopology technique is utilized. By adapting 4 times of the expansion and dilation, the niose from the binary image of the password is removed. Finally, the mobile phone application is also developed to recognize the one time password and the detection rate is measured. It is shown that the detection rate of 90% is achieved under the dark light condition.

• The Journal of the Korea Contents Association
• /
• v.19 no.12
• /
• pp.416-424
• /
• 2019

The authentication technologies used to access computers in both IT and operational technology (OT) network areas include ID/PW, public certificate, and OTP. These authentication technologies can be seen as reflecting the nature of the business-driven IT network. The same authentication technologies is used in SCADA control networks where the operational technology is centered. However, these authentication technologies do not reflect the characteristics of the OT control network environment, which requires strict control. In this paper, we proposed a new enhanced user authentication method suitable for the OT SCADA control network centered on control information processing, utilizing the physical terminal address and operator location information characteristics of the operator's mobile terminal and control network.

• Convergence Security Journal
• /
• v.13 no.4
• /
• pp.53-59
• /
• 2013

As the hacking technology for cyber-terror and financial fraud evolves, the research and development for advanced and standardized information security technology is growing to be more and more important. In this paper, the domestic level of technology and standardization for information security as compared to advanced country is diagnosed, and future policy is presented by analyzing the influence effect for market and technology. The information security is classified into information security-based & user protection, network & system security, and application security & evaluation validation with details of OTP-based validation, smart-phone app security, and mobile electronic finance, etc. The analytic results indicate that domestic level is some poor for advanced country, the technological development and standardization capability for smart-phone app security and mobile electronic finance is needed, and finally the government's supporting policy for the future Internet is urgently needed.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.21 no.7
• /
• pp.1393-1400
• /
• 2017

As the number of smartphone users increases, vulnerability to privacy protection is increasing. This is because personal information is stored on various servers connected to the Internet and the user is authenticated using the same ID and password. Authentication methods such as OTP, FIDO, and PIN codes have been introduced to solve traditional authentication methods, but their use is limited for authentication that requires sharing with other users. In this paper, we propose the authentication method that is needed for the management of shared information such as hospitals and corporations. The proposed algorithm is an algorithm that can authenticate users in the same place in real time using smart phone IMEI, QR code, BLE, push message. We propose an authentication algorithm that can perform user authentication through mutual cooperation using a smart phone and can cancel realtime authentication. And we designed and implemented a mutual authentication system using proposed algorithm.

• Journal of Convergence Society for SMB
• /
• v.5 no.3
• /
• pp.9-13
• /
• 2015

With the advance of ICT, the necessity of user authentication to verify the identity of an opponent online not face to face is increasing. The authentication, the basis of the security, is used in various fields. Because ID-based authentication has weaknesses in terms of stability and losses, two or more than two authentication tools are used in the place in which the security is important. Recently, biometric authentication rather than ID, OTP, SMS authentication has been an issue in terms of credibility and efficiency. As the fields applied to current biometric recognition technologies are increasing, the application of the biometric recognition is being used in various fields such as mobile payment system, intelligent CCTV, immigration inspection, and access control. As the biometric recognition, finger print, iris, retina, vein, and face recognition have been studied actively. This study is to inspect the current state of domestic and foreign standardization including understanding of the face recognition and the trend of technology.