• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.20 no.3
• /
• pp.9-21
• /
• 2010

Recently, famous online shopping websites were hit by hacking attack, and many users' personal information such as ID, password, account number, personal number, credit card number etc. were compromised. Hackers are continuing to attack online shopping websites, and the number of victims of these hacking is increasing. Especially, the exposure of credit card numbers is dangerous, because hackers maliciously use disclosed card numbers to gain money. In 2007 Financial Cryptography Conference, Ian Molly et al. firstly proposed dynamic card number generator, but it doesn't meet reuse resistant. In this paper, we analyzed security weaknesses of Ian Molly's scheme, and we proposed a new one-time virtual card number generator using a mobile device which meets security requirements of one-time virtual card numbers. Then, we propose one-time credit card number generation and transaction protocol using Integrated Authentication Center for user convenience and security enhancement.

• Journal of Digital Convergence
• /
• v.13 no.1
• /
• pp.283-288
• /
• 2015

A disposable password is necessary to avoid any danger by the use of a static password and reinforce the user's authentication. In order to prevent personal information from being exposed, OTP generation algorithm is regarded as important. The OTP generation algorithm we suggest in this thesis generates 256-bit-size OTP Data by using Seed value and Time value. This value that the generated OTP Data are arranged with a matrix and a 32-bit-value is extracted on an irregular basis becomes the final value. We can find out that the more OTP generation frequency we have, the lower probability of clash tolerance we get in our suggested algorithm, compared to the previous algorithm.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.2
• /
• pp.345-358
• /
• 2016

In this paper, we present a security tool which called Digital Legal Seal. The Digital Legal Seal scans a barcode on a paper and print it with the tag generated by Hash-based Message Authentication Code(HMAC) in text format on a display device. The result of HMAC can be used for user authentication or secure message transmission on both online and offline. We examine not only how the Digital Legal Seal can make up the weak points of security card and OTP (One Time Password), but also the possibility of reducing the forgery of promissory note on offline.

• The Journal of Society for e-Business Studies
• /
• v.12 no.1
• /
• pp.89-97
• /
• 2007

Recently, a large number of authentication schemes based on smart cards have been proposed, using the thinking of OTP (one-time password) to withstand replay attack. Unfortunately, if these schemes implement on PCs instead of smart cards, most of themcannot withstand impersonation attack and Stolen-Verifier attack since the data on PCs is easy to read and steal. In this paper, a secure authentication scheme based on a security key and a renewable token is proposed to implement on PCs. A comparison with other schemes demonstrates the proposed scheme has following merits: (1) Withstanding Stolen-Verifier attack (2) Withstanding Impersonation attack (3) Providing mutual authentication; (4) Easy to construct secure session keys.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.38B no.5
• /
• pp.377-384
• /
• 2013

In order to improve the security strength in the password based user authentication, in which the security vulnerability is increased while the same password is repeatedly used, the OTP(One-Time Password) system has been introduced. In the OTP systems, however, the user account information and OTP value may be hacked if the user PC is infected by the malicious codes, because the user types the OTP value, which is generated by the mobile device synchronized with the server, directly onto the user PC. In this paper, we propose a new method, called DTOTP(Dual Transmission OTP), to solve this security problem. The DTOTP system is an improved two-factor authentication method by using the dual transmission, in which the user performs the server authentication by typing the user account and password information onto the PC, and then for the OTP authentication the mobile device scans the QR code displayed on the PC and the OTP value is sent to the server directly. The proposed system provides more improved security strength than that of the existing OTP system, and also can adopt the existing OTP algorithm without any modification. As a result, the proposed system can be safely applied to various security services such like banking, portal, and game services.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.13 no.5
• /
• pp.209-220
• /
• 2013

Handover is the technology to minimize data lose of mobile devices and make continuous communication possible even if the device could be moved from one digital cell site to another one. That is, it is a function that enables the mobile user to avoid the disconnection of phone conversations when moving from a specific mobile communication area to another. Today, there are a lot of ongoing researches for fast and efficient hand-over, in order to address phone call's delay and disconnection which are believed to be the mobile network's biggest problems, and these should essentially be resolved in all mobile networks. Thanks to recent technology development in mobile network, the LTE network has been commercialized today and it has finally opened a new era that makes it possible for mobile phones to process data at high speed. In LTE network environment, however, a new authentication key must be generated for the hand-over. In this case, there can be a problem that the authentication process conducted by the hand-over incurs its authentication cost and delay time. This essay suggests an efficient key caching hand-over method which simplifies the authentication process: when UE makes hand-over from oMME to nMME, the oMME keeps the authentication key for a period of time, and if it returns to the previous MME within the key's lifetime, the saved key can be re-used.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.36 no.8B
• /
• pp.1028-1037
• /
• 2011

Recently, Selim et al proposed public key cryptography based privacy preserving multi-context RFID authentication protocol. However Selim et al's proposed protocol not only doesn't fit into passive tag based RFID system because it uses public key based encryption algorithm to perform authentication between reader and tag, but also is insecure to an impersonation attack because it doesn't provide mutual authentication. In order to eliminate the above described efficiency problem and security vulnerabilities, this paper proposes a new multi-context RFID mutual authentication protocol that can prevent privacy invasion and tag impersonation attack through providing mutual authentication between single passive tag which is located different application space and readers which provide multi-context purposes and can secure against relay attack and denial-of-service attack. As a result, the proposed protocol performs secure mutual authentication based on the collected space and time information from the RFID reader and provides strong security and high computation efficiency because if performs secure one-way hash function and symmetric encryption operations suitable to the environments of passive RFID tags.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.3
• /
• pp.463-472
• /
• 2012

This paper propose a security method that performs mutual authentication between the SIP UA and the server, check for integrity of the signaling channel and protection of SDP information for VoIP using a One-Time Password. To solve the vulnerability of existing HTTP Digest authentication scheme in SIP, Various SIP Authentication schemes have been proposed. But, these schemes can't meet security requirements of SIP or require expensive cryptographic operations. Proposed method uses OTP that only uses hash function and is updated each authentication. So Proposed method do not require expensive cryptographic operations but performs user authentication efficiently and safely than existing methods. In addition, Proposed method verifies the integrity of the SIP messages and performs SDP encryption/decryption through OTP that used for user authentication. So Proposed method can reduce communication overhead when applying S/MIME or TLS.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.34 no.4B
• /
• pp.435-441
• /
• 2009

The one-time password system solves the problem concerning password reuse caused by the repeated utilization of an identical password. The password reuse problem occurs due to the cyclic repetition at the time of password creation, and authentication failure can occur due to time deviation or non-synchronization of the number of authentication. In this study, the password is created asynchronously and exchanged with the user, who then signs using a digital signature in exchange for the password and a valid verification is requested along with the certificate to ensure non-repudiation. Besides this, a verification system for one-time password is proposed and designed to improve security by utilizing the validity verification that is divided into certificate verification and password verification. Comparative analysis shows that the mechanism proposed in this study is better than the existing methods in terms of replay attack, non-repudiation and synchronization failure.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.12 no.2
• /
• pp.892-905
• /
• 2018

In smart home environment, certificate based signature technology is being studied by communication with Internet of Things(IoT) device. However, block - chain technology has attracted much attention because of the problems such as single - point error and management overhead of the trust server. Among them, Keyless Signature Infrastructure(KSI) provides integrity by configuring user authentication and global timestamp of distributed server into block chain by using hash-based one-time key. In this paper, we provide confidentiality by applying group key and key management based on multi - solution chain. In addition, we propose a smart home environment that can reduce the storage space by using Extended Merkle Tree and secure and efficient KSI-based authentication and communication with enhanced security strength.