• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.5
• /
• pp.1235-1243
• /
• 2015

The purpose of this study was to find if the password composition of domestic users is affected by the different form of the word 'Password' in the interface of login or password change. In particular, 'Password', foreign notation, and 'Secret Number', notation translated by Korean, have a semantic difference. According to the survey of 200 students in S university, passwords made under the word 'Secret Number' are heavy on numbers than alphabet. Because these passwords make much smaller composition space than another case, they have bad security impact. We expect to make use of this paper as a base line data for study to find how improve domestic user's password security.

• The Journal of Information Systems
• /
• v.28 no.2
• /
• pp.93-107
• /
• 2019

Purpose The purpose of this study is to explain the mechanism of user behaviors in password reset context based on descriptive data from conducting interviews. Specifically, this study attempted to describe the process of changing password from the shadow work perspective. Design/methodology/approach This study has interviewed 8 participants who can freely use numerous online web-sites. This study also employed the grounded theory methodology to analyze interview manuscripts. After conducting analyzing the manuscripts, this study has extracted 46 codes in the coding steps and ultimately presented 8 categories by combining similar concepts from those codes. Findings According to the results, this study provides new viewpoints to explain unique user behavior in the password reset context by capturing the shadow work based on the results. This study further offers practical implications to numerous practitioners by finding various codes, which related to users' reaction and behavior.

• Journal of Information Technology Services
• /
• v.8 no.2
• /
• pp.117-136
• /
• 2009

Over the years a password has been used as a popular authentication method between a client and a server because of its easy-to-memorize property. But, most password-based authentication services have focused on a same password authentication scheme which provides an authentication and key exchange between a client and a server with the same password. With rapid change of communication environments in the fields such as mobile networks, home networking, etc., the end-to-end security allowing users to hold different password is considered as one of main concerns. In this paper, we consider a new authentication service of how each client with different own password is able to authenticate each other, which is a quite new service paradigm among the existing services. This new service can be used in the current or next generation network environment where a mobile user in cell A wants to establish a secure end-to-end channel with users in ceil B, C, and D using only their memorable passwords. This end-to-end security service minimizes the interferences from the operator controlled by network components. To achieve this end-to-end security, we propose an authentication and key exchange service for group users in different realm, and analyze its security in a formal way. We also discuss a generic construction with the existing authentication schemes.

• Journal of the Institute of Electronics Engineers of Korea TC
• /
• v.42 no.2 s.332
• /
• pp.33-38
• /
• 2005

In this paper, we propose a password-based authenticated key exchange protocol which authenticates each other and shares a session key using only a small memorable password between a client and a server over an insecure channel. The proposed protocol allows an authenticated client to freely change a his/her own password. The protocol is also secure against various attacks and provides the perfect forward secrecy. Furthermore, it has good efficiency compared with the previously well-known password-based protocols with the same security requirements.

• Journal of the Institute of Electronics and Information Engineers
• /
• v.53 no.3
• /
• pp.29-36
• /
• 2016

In cloud storages, as security of stored files and privacy of users become regarded as important concerns, secure cloud storages have been proposed, where stored files are encrypted with file owner's password and even the cloud service provider can not open the file contents. However, if the file owner forgets one's password, one can no longer access the file. To solve this problem, we propose a scheme for changing password for the secure cloud based on proxy re-encryption, which make the file owner enable to change password even when one forgets it. With the proposed scheme, only the file owner can change the password and re-encrypt the files securely because other user and even the service provider can not see the file contents.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.27 no.11C
• /
• pp.1074-1080
• /
• 2002

In clients/server environments, the one-time password scheme using time is especially useful because it solves the synchronization problem. However, it has the problem that is time-slippage, and causes the authentication to fail. In this paper, we propose an effective one-time password algorithm, which solves the time-slippage problem through the use of 1-bit information, which denotes the duration in which the authentication could be failed because of time-slippage. This algorithm is added easily and quickly to current one-time password systems using time without requiring any change of protocols: the proposed algorithm can be implemented by adding only 1-bit information to the user authentication information, not by modifying the one-time password authentication system protocol. And we propose also the algorithm of time correction, which can be implemented by adding 2-bit information on the proposed one-time password.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.4 no.2
• /
• pp.21-28
• /
• 2008

There are some problems on the system that uses a password comprising a digital signature to identify the secret key owner under the public key infrastructure. For example, the password can be difficult to remember or easy to be disclosure, and users should make more complex password to protect it. A number of studies have been proceeded in order to overcome these defects using the fingerprint identification technologies, but they need to change the current standard of public key infrastructure. On the suggested private key escrow system, the private key can be withdrawn only through the enrollment and identification of a fingerprint template after it is saved to a reliable third system. Therefore, this new private key escrow system can remove previous inconveniences of managingthe private key on current public key infrastructure, and it exhibited superior results in terms of the evaluation items when compared with the integrated method of the existing fingerprint identification and public key infrastructure.

• The Transactions of the Korea Information Processing Society
• /
• v.7 no.11
• /
• pp.3438-3444
• /
• 2000

In this paper, we propose an efficient passwork management scheme using the Pseudopia function which performs a mukti-password management and change scheme in the cyberspace. For a givne user and a web-site, the Pseudopia automatically generates a user name and a password that can be used to establish an anonvous account at the web-site. In the proposed scheme, a user can protect his password using " the personal etropy" which relates to his own life experiences, that identified only by himself. The proposed scheme can be applied to the broad tools for the internet related applications such as electronic commerce and Internet banking system.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2019.05a
• /
• pp.197-200
• /
• 2019

File Transfer Protocol (FTP) is a protocol for transferring files between computers, FTPS with TLS, and SFTP based on similar SSH. The keynote to apply one-time password (OTP) has been diffused to resolve identity and password theft cases. In this paper, it has been confirmed that both data transmission and identity authentication using OTP at TLS level are possible without significant change in user client.

• Knowledge Management Research
• /
• v.19 no.1
• /
• pp.1-18
• /
• 2018

As the online space becomes more active, interest in protecting personal information is increasing. From this point of view, it is important to prevent personal information from being leaked in advance. As a precaution, it is suggested that users change their password periodically to protect their personal information effectively. Currently, various online services provide a request message that prompts users to periodically change their password. These messages are expressed as positive-centric or negative-centric. This message can be seen as a powerful way to trigger users' behavior. In this context, this study suggests that message framing type can be applied to the password change request message, and to investigate the difference between the positive-centric message and the negative-centric message. In addition, this study concluded that the effect of message type may be different depending on the degree of psychological ownership of the individual on the online service. As a result, users with high psychological ownership in online service were more effective when positive-centric message was presented than negative-centric message. On the other hand, users with low psychological ownership in online service were more effective when negative-centric message was presented than positive-centric message.