• Title/Summary/Keyword: Password-Based

Search Result 476, Processing Time 0.027 seconds

Smart Card Based User Authentication Scheme Secure Against Password Guessing Attack

  • Joo, Young-Do
    • The Journal of Korea Institute of Information, Electronics, and Communication Technology
    • /
    • v.4 no.3
    • /
    • pp.182-188
    • /
    • 2011
  • Recently Yoon et al. proposed the remote user authentication scheme using smart cards. But their scheme has not satisfied security requirements which should be considered in the user authentication scheme using the password based smart card. In this paper, we prove that Yoon et al.'s scheme is vulnerable to a password guessing attack in case that the attacker steals the user's smart card and extracts the information from the smart card. Accordingly, this paper proposes the improved user authentication scheme based on the hash functin and random nonce that can withstand various possible attacks including a password guessing attack. The result of comparative analysis demonstrates that the proposed scheme is more secure and efficient than Yoon et al.'s scheme, with a trivial trade-off to require just a few more exclusive-OR operations.

Password-Based Mutual Authentication Protocol Against Phishing Attacks (피싱 공격에 대응하기 위한 패스워드 기반의 상호 인증 프로토콜)

  • Kim, Iksu;Choi, Jongmyung
    • KIPS Transactions on Computer and Communication Systems
    • /
    • v.7 no.2
    • /
    • pp.41-48
    • /
    • 2018
  • Until now, various studies on anti-phishing have been conducted. The most typical anti-phishing method is a method of collecting URL information of a phishing site in advance and then detecting phishing by comparing the URL of the visited site with the previously stored information. However, this blacklist-based anti-phishing method can not detect new phishing sites. For this reason, various anti-phishing authentication protocols have been proposed. but these protocols require a public key and a private key. In this paper, we propose a password-based mutual authentication protocol that is safe for phishing attacks. In the proposed protocol, the mutual authentication between the client and the server is performed through the authentication message including the password information. The proposed protocol is safe to eavesdropping attack because the authentication message uses the hash value of the password, not the original password, And it is safe to replay attack because different messages are used every time of authentication. In addition, since mutual authentication is performed, it is safe for man-in-the-middle attack. Finally, the proposed protocol does not require a key issuance process for authentication.

Ad-hoc Security Authentication Technique based on Verifier (검증자 기반 Ad-hoc 보안 인증기법)

  • Lee, Cheol-Seung;Hong, Seong-Pyo;Lee, Ho-Young;Lee, Joon
    • Proceedings of the Korean Institute of Information and Commucation Sciences Conference
    • /
    • 2007.10a
    • /
    • pp.713-716
    • /
    • 2007
  • This paper suggests One-time Password key exchange authentication technique for a strong authentication based on Ad-hoc Networks and through identify wireless environment security vulnerabilities, analyzes current authentication techniques. The suggested authentication technique consists of 3 steps: Routing, Registration, and Running. The Routing step sets a safe route using AODV protocol. The Registration and Running step apply the One-time password S/key and the DH-EKE based on the password, for source node authentication. In setting the Session key for safe packet transmission and data encryption, the suggested authentication technique encrypts message as H(pwd) verifiers, performs key exchange and utilizes One time password for the password possession verification and the efficiency enhancement. EKE sets end to end session key using the DH-EKE in which it expounds the identifier to hash function with the modula exponent. A safe session key exchange is possible through encryption of the H(pwd) verifier.

  • PDF

A Password-based Efficient Key Exchange Protocol (패스워드 기반의 효율적인 키 교환 프로토콜)

  • 이성운;김현성;유기영
    • Journal of KIISE:Information Networking
    • /
    • v.31 no.4
    • /
    • pp.347-352
    • /
    • 2004
  • In this paper, we propose a new key exchange protocol which authenticates each other and shares a session key between a user and a server over an insecure channel using only a small password. The security of the protocol is based on the difficulty of solving the discrete logarithm problem and the Diffie-Hellman problem and the cryptographic strength of hash function. The protocol is secure against the man-in-the-middle attack, the password guessing attack, the Denning-Sacco attack, and the stolen-verifier attack, and provide the perfect forward secrecy. Furthermore, it is more efficient than other well-known protocols in terms of protocol execution time because it could be executed in parallel and has a simple structure.

Formal Analysis of Authentication System based on Password using Smart Card (스마트카드를 이용한 패스워드 기반 인증시스템 정형분석)

  • Kim, Hyun-Seok;Kim, Ju-Bae;Jeong, Yeon-Oh;Han, Keun-Hee;Chai, Jin-Young
    • Journal of KIISE:Computer Systems and Theory
    • /
    • v.36 no.4
    • /
    • pp.304-310
    • /
    • 2009
  • Due to widely use of internet, a lot of users frequently access into remote server in distributed computing environment. However, transmitting the information using vulnerable channel without authentication security system can be exposed to replay attack, offline password attack, and impersonation attack. According to this possibility, there is research about authentication protocol to prevent these hostile attacks using smart card. In this paper, we analyze vulnerability of user authentication system based on password and propose modified user authentication system.

Design of One-Time-Pad based on PKI Coordinates Technique for a Safe Key Transmission in E-Commerce Applications (전자상거래 응용에서 안전한 키 전송을 위한 PKI 좌표기법 One-Time-Pad의 설계)

  • Lee, Kil-Hun;Jun, Moon-Seok;Choi, Do-Hyeon
    • The Journal of the Institute of Internet, Broadcasting and Communication
    • /
    • v.15 no.5
    • /
    • pp.51-60
    • /
    • 2015
  • As electronic commerce service became more popular, information equivalent to currency prevails in network. Accordingly, hacking into network often occurs and thus OTP (One-Time-Password) has emerged as an alternative secondary security system. However, weakness has been found in even existing One-Time Password that used to be considered 'perfect'. Therefore, it becomes very urgent to have an additional security countermeasure. As security recommendation is not considered as solution anymore, more specific plan becomes necessary. The present study proposes PKI coordinates technique-based OTP (One-Time-Pad) for a safe key transmission in E-commerce.

A Brokered Authentication Scheme Based on Smart-Card for Multi-Server Authentication (다중서버 인증을 위한 스마트카드 기반 중재 인증 기법 연구)

  • Kim, Myungsun
    • The Journal of Korean Institute of Communications and Information Sciences
    • /
    • v.38B no.3
    • /
    • pp.190-198
    • /
    • 2013
  • Since the facilities for the remote users tend to be deployed in distributed manner, authentication schemes for multi-server communication settings, which provide various web services, are required for real-world applications. A typical way to authenticate a remote user relies on password authentication mostly. However, this method is vulnerable to attacks and inconvenient as the system requires users to maintain different identities and corresponding passwords. On the other hand, the user can make use of a single password for all servers, but she may be exposed to variants of malicious attacks. In this paper, we propose an efficient and secure authentication scheme based on a brokered authentication along with smart-cards in multi-server environment. Further we show that our scheme is secure against possible attacks and analyze its performance with respect to communication and computational cost.

A study on Password Input Method to Protect Keyboard hooking (Keyboard hooking 방지를 위한 패스워드 입력 방법 연구)

  • Kang, Seung-Gu;Kwak, Jin-Suk;Lee, Young-Sil;Lee, Hoon-Jae
    • Proceedings of the Korean Institute of Information and Commucation Sciences Conference
    • /
    • 2011.10a
    • /
    • pp.241-244
    • /
    • 2011
  • Recently, Due to development of Internet techniques, user suddenly increased that Used of Web services and with out constraints of place and time has been provided. typically, Web services used ID/Password authentication. User confirmed personal data Stored on Web servers after user authorized. web service provider is to provide variety security techniques for the protection personal information. However, recently accident has happened is the malicious attackers may capture user information such as users entered personal information through new keyboard hooking. In this paper, we propose a keyboard hooking protected password input method using CAPTCHA. The proposed password input method is based on entering the password using mouse click or touch pad on the CAPTCHA image. The mapping of CAPTCHA image pixels is random.

  • PDF

Improved Strong Password Mutual Authentication Protocol to Secure on Replay Attack (재전송 공격에 안전한 개선된 강력한 패스워드 상호인증 프로토콜)

  • Kim, Jun-Sub;Kwak, Jin
    • Journal of Advanced Navigation Technology
    • /
    • v.14 no.3
    • /
    • pp.415-425
    • /
    • 2010
  • In public network, user authentication is important security technology. Especially, password-based authentication method is used the most widely in distributed environments, and there are many authentication methods. Their SPMA protocol indicates vulnerability about problem that NSPA protocol does not offer mutual authentication, and proposed Strong Password Mutual Authentication protocol with mutual authentication. However, SPMA protocol has vulnerability of replay attack. In the paper, we analyzed vulnerability to replay attack of SPMA protocol. And we also proposed Improved Strong Password Mutual Authentication protocol to secure on replay attack with same efficiency.

On a Enhanced Mobile OTP generator design using Transaction (이체정보를 활용한 강화된 모바일 OTP 생성기 설계)

  • Park, Beum-Su;Cho, Sang-Il;Kim, Tae-Yong;Lee, Hoon-Jae
    • Proceedings of the Korean Institute of Information and Commucation Sciences Conference
    • /
    • 2010.10a
    • /
    • pp.227-228
    • /
    • 2010
  • Generated One-Time Password (OTP) is used only once. This attributes is to safety than to repeated use the same password. Recently, Park's proposed on "Design of A One-time Password Generator on A Mobile Phone Providing An Additional Authentication for A Particular Transaction" use challenge-response based one-time password generator. However, Challenge exchange problem and currently OTP the same security level. In this paper, Park's proposed OTP generator design for us analysis. And then presents a resolution to the problem and new system logic. New system strong to Man-In-Middle attack and replay attack. In addition, OTP security level is higher.

  • PDF