• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.19 no.5
• /
• pp.175-188
• /
• 2009

Besides the passwords have low complexity, they can easily be revealed by the shoulder-surfing attack when they are inputted through the input devices such like keyboard. To overcome these problems, many new authentication schemes, which change the user secret different form or let users input their secrets through the more complex manners, have been suggested, but it is still hard to find the balanced point between usability and security. In this paper, we introduce a new authentication scheme that use the traditional alpha-numeric password as user secret based on operation of them on matrix. We show the security strength of our proposal through the analyses in the various aspects and confirm the difficulty that users feel from our proposal through the user study.

• Smart Media Journal
• /
• v.9 no.4
• /
• pp.52-59
• /
• 2020

This second survey, which collected 2392 disclosing grades data for 2012~ 2017, nearly twice the first survey, was conducted to supplement the result of the first survey on the reuse of 4-digit passcodes(PCs) data. In addition of second survey, we found that the more number of used PCs, the higher reuse rate, up to 4 numbers of PCs were used for reusing and there may be personal differences even on the single site. The results of this paper that were not available in the first survey were close to the those of foreign research on the reuse of passwords using a mixture of numbers, letters and special characters. This second survey provided an inference that an opportunity to indirectly approach the domestic situation of re-using password, where data collection is impossible and that domestic regulation such as periodic change of password may increase the re-using password.

• International Journal of Computer Science & Network Security
• /
• v.21 no.8
• /
• pp.360-368
• /
• 2021

This study aims at knowing both the level of information security awareness in the use of social media among female secondary school students in Makkah Al-Mukarramah, and the procedures that students follow when exposed to hacking or other security problems. The study relied on the descriptive survey approach. The results showed a high percentage of social media use among the study sample, and the most used applications by the students are snapchat and Instagram applications successively. In fact, 48% of the study sample have awareness of information security, the majority of the students memorize the password in the devices, most of them do not change them, and they have knowledge of fake gates and social engineering. However, their knowledge of electronic hacking is weak, and students do not share passwords with anyone at a rate of 67%. At the same time, they do not update passwords. Moreover, most of the procedures followed by students when exposed to theft and hacking is to change the e-mail data and the password, and the results varied apart from that, which reflects the weak awareness of the students and the weakness of procedures related to information security. The study recommends the necessity to raise awareness and education of the importance of information security and safety, especially in light of what the world faces from data electronic attacks and hackings of electronic applications.

• International Journal of Internet, Broadcasting and Communication
• /
• v.9 no.3
• /
• pp.35-43
• /
• 2017

In 2013, Lee-Lie proposed secure smart card based authentication scheme of Zhu's authentication for TMIS which is secure against the various attacks and efficient password change. In this paper, we discuss the security of Lee-Lie's smart card-based authentication scheme, and we have shown that Lee-Lie's authentication scheme is still insecure against the various attacks. Also, we proposed the improved scheme to overcome these security problems of Lee-Lie's authentication scheme, even if the secret information stored in the smart card is revealed. As a result, we can see that the improved smart card based user authentication scheme for TMIS is secure against the insider attack, the password guessing attack, the user impersonation attack, the server masquerading attack, the session key generation attack and provides mutual authentication between the user and the telecare system.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.15 no.4
• /
• pp.63-70
• /
• 2015

The numerous improved schemes of user authentication based on password have been proposed in order to prevent the data access from the unauthorized person. The importance of user authentication has been remarkably growing in the expanding application areas of wireless sensor networks. Recently, emerging wireless sensor networks possesses a hierarchy among the nodes which are divided into cluster heads and sensor nodes. Such hierarchical wireless sensor networks have more operational advantages by reducing the energy consumption and traffic load. In 2012, Das et al. proposed a user authentication scheme to be applicable for the hierarchical wireless sensor networks. Das et al. claimed that their scheme is effectively secure against the various security flaws. In this paper, author will prove that Das et al.'s scheme is still vulnerable to man-in-the-middle attack, password guessing/change attack and does not support mutual authentication between the user and the cluster heads.

• Journal of Information Processing Systems
• /
• v.6 no.3
• /
• pp.335-346
• /
• 2010

The present study investigates the difficulty of solving the mathematical problem, namely the DLP (Discrete Logarithm Problem) for ephemeral keys. The DLP is the basis for many public key cryptosystems. The ephemeral keys are used in such systems to ensure security. The DLP defined on a prime field $Z^*_p of random prime is considered in the present study. The most effective method to solve the DLP is the ICM (Index Calculus Method). In the present study, an efficient way of computing the DLP for ephemeral keys by using a new variant of the ICM when the factors of p-1 are known and small is proposed. The ICM has two steps, a pre-computation and an individual logarithm computation. The pre-computation step is to compute the logarithms of a subset of a group and the individual logarithm step is to find the DLP using the precomputed logarithms. Since the ephemeral keys are dynamic and change for every session, once the logarithms of a subset of a group are known, the DLP for the ephemeral key can be obtained using the individual logarithm step. Therefore, an efficient way of solving the individual logarithm step based on the newly proposed precomputation method is presented and the performance is analyzed using a comprehensive set of experiments. The ephemeral keys are also solved by using other methods, which are efficient on random primes, such as the Pohlig-Hellman method, the Van Oorschot method and the traditional individual logarithm step. The results are compared with the newly proposed individual logarithm step of the ICM. Also, the DLP of ephemeral keys used in a popular password key exchange protocol known as Chang and Chang are computed and reported to launch key recovery attack.

• Convergence Security Journal
• /
• v.2 no.2
• /
• pp.199-207
• /
• 2002

Comes in into recent times and there is on with a level where the attack against the computer virus and the hacking which stand is serious. The recently computer virus specific event knows is the substantial damage it will be able to occur from our life inside is a possibility of feeling. The virus which appears specially in 1999 year after seemed the change which is various, also the virus of the form which progresses appeared plentifully The part virus does it uses the password anger technique which relocates the cord of the oneself. Hereupon consequently the vaccine programs in older decode anger to do the password anger of the virus again are using emulation engine. The password anger technique which the like this virus is complicated and decode anger technique follow in type of O.S. and the type is various. It uses a multi emulation engine branch operation setup consequently from one system and to respect it will be able to use a multiple operation setup together it will use the VMware which is an application software which it does as a favor there is a possibility where it will plan 'Virus Test Simulation' and it will embody.

• Journal of the Korea Society of Computer and Information
• /
• v.12 no.6
• /
• pp.201-206
• /
• 2007

Development of Information and Communication technology coming to activity of internet banking and electronic business, and smart card of medium is generalized prevailing for user authentication of electronic signature certificate management center with cyber cash, traffic card, exit and entrance card. In field that using public network, security of smart cart and privacy of card possessor's is very important. Point of smart card security is use safety for smart card by user authentication. Anonymous establishment for privacy protection and denial of service attack for availability is need to provision. In this paper, after analyze for Hwang-Li, Sun's, L-H-Y scheme, password identify element is a change of safety using one time password hash function. We proposed an efficient new smart card authentication protocol against anonymity and denial of service.

• Journal of the Korea Society of Computer and Information
• /
• v.18 no.2
• /
• pp.87-94
• /
• 2013

In this paper, we analyse the weaknesses of authentication scheme preserving user anonymity proposed by Khan et al in 2011 and we propose a new authentication schemes preserving user anonymity that improved these weaknesses. Khan et al's authentication scheme is vulnerable to insider attack and doesn't provide user anonymity to the server. Also, this scheme is still a weakness of wrong password input by mistake in spite of proposing the password change phase. In this paper, we will show that Khan et al's scheme is vulnerable to the stolen smart card attack and the strong server/user masquerade attack. The proposed authentication scheme propose the improved user anonymity, which can provide more secure privacy to user by improving these weaknesses.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.18 no.10
• /
• pp.2482-2488
• /
• 2014

This paper proposes that a user account of the MS-SQL is checked whether expirated or not in C++ program environment. Vulnerability checking module decides security weakness for password change time or user configuration time. The proposed module prevents and protects a user account from a malicious user account. Recently, Information Assets becomes more important. If the loss of database information it would make large damage in our life. This paper develops user account checking module, which checks whether user password have not been changed for a long time or whether the user account expirated in the MS-SQL Database. By checking security vulnerability using this feature, a malicious user cannot access the Database.