• Title/Summary/Keyword: Password-Based

Search Result 477, Processing Time 0.025 seconds

Multifactor Authentication Using a QR Code and a One-Time Password

  • Malik, Jyoti;Girdhar, Dhiraj;Dahiya, Ratna;Sainarayanan, G.
    • Journal of Information Processing Systems
    • /
    • v.10 no.3
    • /
    • pp.483-490
    • /
    • 2014
  • In today's world, communication, the sharing of information, and money transactions are all possible to conduct via the Internet, but it is important that it these things are done by the actual person. It is possible via several means that an intruder can access user information. As such, several precautionary measures have to be taken to avoid such instances. The purpose of this paper is to introduce the idea of a one-time password (OTP), which makes unauthorized access difficult for unauthorized users. A OTP can be implemented using smart cards, time-based tokens, and short message service, but hardware based methodologies require maintenance costs and can be misplaced Therefore, the quick response code technique and personal assurance message has been added along with the OTP authentication.

Key Exchange Protocol using Password on CDN (CDN에서 패스워드를 이용한 키 교환 프로토콜)

  • Shin Seung-Soo;Han Kun-Hee
    • Journal of the Korea Society of Computer and Information
    • /
    • v.10 no.3 s.35
    • /
    • pp.133-141
    • /
    • 2005
  • Digital contents can be distributed via internet without qualify defect and this will bring a great loss to the contents provider. Therefore, it is necessary to investigate on the key exchanging protocol to protect the digital contents effectively. In this study we propose the key exchanging protocol based on password to send the digital contents efficiently. The stability suggested here is based on the difficulty of the discrete algebra and Diffie-Hellman problem and also it provides a secure safety against various attacks such as a guess attack on the password.

  • PDF

Security Analysis and Enhancement on Smart card-based Remote User Authentication Scheme Using Hash Function (효율적인 스마트카드 기반 원격 사용자 인증 스킴의 취약점 분석 및 개선 방안)

  • Kim, Youngil;Won, Dongho
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.24 no.6
    • /
    • pp.1027-1036
    • /
    • 2014
  • In 2012, Sonwanshi et al. suggested an efficient smar card based remote user authentication scheme using hash function. In this paper, we point out that their scheme is vulnerable to offline password guessing attack, sever impersonation attack, insider attack, and replay attack and it has weakness for session key vulnerability and privacy problem. Furthermore, we propose an improved scheme which resolves security flaws and show that the scheme is more secure and efficient than others.

Cryptanalysis of an Efficient RSA-Based Password-Authenticate Key Exchange Protocol against Dictionary Attack (RSA-EPAKE의 사전공격에 대한 안전성 분석)

  • Youn, Taek-Young;Park, Young-Ho;Ryu, Heui-Su
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.18 no.6A
    • /
    • pp.179-183
    • /
    • 2008
  • Recently, an efficient password-authenticated key exchange protocol based on RSA has been proposed by Park et al. with formal security proof. In this letter, we analyze their protocol, and show that it is not secure against an active adversary who performs a dictionary attack. Moreover, we analyze the performance of the proposed attack and show that the attack is a threatening attack against the protocol.

Efficient Password-based Key Exchange Protocol for Two users Registered in a Server (동일 서버를 사용하는 두 사용자간 효율적인 패스워드 기반의 키 교환 프로토콜)

  • Shin Seong-chul;Lee Sung-woon
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.15 no.6
    • /
    • pp.127-133
    • /
    • 2005
  • This paper presents a password-based key exchange protocol to guarantee secure communications for two users registered in a sever. In this protocol, the server is only responsible for the legality of the users but does not how the session key agreed between them. The protocol can resist the various attacks including server compromise attack and provide the perfect forward secrecy. The proposed protocol is efficient in terms of computation cost because of not employing the sewer's public key.

An Extension of Firmware-based LFSR One-Time Password Generators

  • HoonJae Lee;ByungGook Lee
    • International journal of advanced smart convergence
    • /
    • v.13 no.2
    • /
    • pp.35-43
    • /
    • 2024
  • In this paper, we propose two 127-bit LFSR (Linear Feedback Shift Register)-based OTP (One-Time Password) generators. One is a 9-digit decimal OTP generator with thirty taps, while the other is a 12-digit OTP generator with forty taps. The 9-digit OTP generator includes only the positions of Fibonacci numbers to enhance randomness, whereas the 12-digit OTP generator includes the positions of prime numbers and odd numbers. Both proposed OTP generators are implemented on an Arduino module, and randomness evaluations indicate that the generators perform well across six criteria and are straightforward to implement with Arduino.

Design of User Authentication Protocol based on Human Memorable Password (패스워드 기반 인증 프로토콜)

  • 박익수;오병균
    • Proceedings of the Korea Institutes of Information Security and Cryptology Conference
    • /
    • 2003.12a
    • /
    • pp.198-204
    • /
    • 2003
  • 지금까지 제안된 패스워드를 이용하는 인증 프로토콜은 오프라인 추측 공격이나 패스워드 파일 컴프로마이즈에 대하여 안전하지 않으므로 이에 대한 연구가 요구되고 있다. 본 논문에서는 패스워드를 이용하는 인증 프로토콜인 스키마 PAP(Password based Authentication Protocol)을 적용하여 새로운 인증 프로토콜 PAPRSA를 제안하였다. PAP는 패스워드를 표현하는 많은 값들 중에서 임의로 선택한 한 값을 처리하는 것을 특징으로 한다. PAPRSA는 패스워드를 표현하는 값을 처리하기 위하여 RSA를 이용하는 PAP기반 인중 프로토콜이다. 제안된 PAPRSA는 오프라인 추측 공격과 패스워드 파일 컴프로마이즈를 포함한 공격들로부터 안전하였으며, 패스 수와 계산량을 측정한 결과 효율성 면에서 매우 우수하였다.

  • PDF

QR Code Based Mobile Dual Transmission OTP System (QR 코드를 이용한 모바일 이중 전송 OTP 시스템)

  • Seo, Se Hyeon;Choi, Chang Yeol;Lee, Goo Yeon;Choi, Hwang Kyu
    • The Journal of Korean Institute of Communications and Information Sciences
    • /
    • v.38B no.5
    • /
    • pp.377-384
    • /
    • 2013
  • In order to improve the security strength in the password based user authentication, in which the security vulnerability is increased while the same password is repeatedly used, the OTP(One-Time Password) system has been introduced. In the OTP systems, however, the user account information and OTP value may be hacked if the user PC is infected by the malicious codes, because the user types the OTP value, which is generated by the mobile device synchronized with the server, directly onto the user PC. In this paper, we propose a new method, called DTOTP(Dual Transmission OTP), to solve this security problem. The DTOTP system is an improved two-factor authentication method by using the dual transmission, in which the user performs the server authentication by typing the user account and password information onto the PC, and then for the OTP authentication the mobile device scans the QR code displayed on the PC and the OTP value is sent to the server directly. The proposed system provides more improved security strength than that of the existing OTP system, and also can adopt the existing OTP algorithm without any modification. As a result, the proposed system can be safely applied to various security services such like banking, portal, and game services.

Implementation of Secure Keypads based on Tetris-Form Protection for Touch Position in the Fintech (핀테크에서 터치 위치 차단을 위한 테트리스 모양의 보안 키패드의 구현)

  • Mun, Hyung-Jin;Kang, Sin-Young;Shin, ChwaCheol
    • Journal of Convergence for Information Technology
    • /
    • v.10 no.8
    • /
    • pp.144-151
    • /
    • 2020
  • User-authentication process is necessary in Fintech Service. Especially, authentication on smartphones are carried out through PIN which is inputted through virtual keypads on touch screen. Attacker can analogize password by watching touched letter and position over the shoulder or using high definition cameras. To prevent password spill, various research of virtual keypad techniques are ongoing. It is hard to design secure keypad which assures safety by fluctuative keypad and enhance convenience at once. Also, to reconfirm user whether password is wrongly pressed, the inputted information is shown on screen. This makes the password easily exposed through high definition cameras or Google Class during recording. This research analyzed QWERTY based secure keypad's merits and demerits. And through these features, creating Tetris shaped keypad and piece them together on Android environment, and showing inputted words as Tetris shape to users through smart-screen is suggested for the ways to prevent password spill by recording.

Authentication Protocol based on Efficient OTP (효율적인 OTP 기반의 인증 프로토콜)

  • Shin, Seung-Soo;Han, Kun-Hee
    • Journal of the Korea Academia-Industrial cooperation Society
    • /
    • v.11 no.4
    • /
    • pp.1301-1306
    • /
    • 2010
  • The protocol based on password have very important qualifications that not only satisfy against attacks cause of restricting that have, but also efficiency of reducing users' workload. It has a problem of speculative attacks for the user authentication protocol based on password with most case, because users use password that can remember easily. Song and Etc. have proposed new mechanism that improved the problem of S/KEY system. The protocol proposed by Song has a problem in registration process, and user information can be abused by the malevolent server. We propose a new authentication protocol based on efficient OPT, that improved above problems.