• ETRI Journal
• /
• v.33 no.4
• /
• pp.611-620
• /
• 2011

Since card-type one-time password (OTP) generators became available, power and area consumption has been one of the main issues of hardware OTPs. Because relatively smaller batteries and smaller chip areas are available for this type of OTP compared to existing token-type OTPs, it is necessary to implement power-efficient and compact dedicated OTP hardware modules. In this paper, we design and implement a low-power small-area hardware OTP generator based on the Advanced Encryption Standard (AES). First, we implement a prototype AES hardware module using a 350 nm process to verify the effectiveness of our optimization techniques for the SubBytes transform and data storage. Next, we apply the optimized AES to a real-world OTP hardware module which is implemented using a 180 nm process. Our experimental results show the power consumption of our OTP module using the new AES implementation is only 49.4% and 15.0% of those of an HOTP and software-based OTP, respectively.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.4
• /
• pp.857-869
• /
• 2016

It is a well-known fact that password based authentication system has been threatened for crucial data leakage through monitoring key log. Recently, to prevent this type of attack using keystroke logging, virtual onscreen keyboards are widely used as one of the solutions. The virtual keyboards, however, also have some crucial vulnerabilities and the major weak point is that important information, such as password, can be exposed by tracking the trajectory of the mouse cursor. Thus, in this paper, we discuss the vulnerabilities of the onscreen keyboard, and present hypothetical attack scenario and a method to crack passwords. Finally to evaluate the performance of the proposed scheme, we demonstrate an example experiment which includes attacking and cracking by utilizing password dictionary and analyze the result.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.10 no.12
• /
• pp.3708-3714
• /
• 2009

Recently, most of information services are provided by the computer network, since the technology of computer communication is developing rapidly, and the worth of information over the network is also increasing with expensive cost. But various attacks to quietly intercept the informations is invoked with the technology of communication developed, and then most of the financial agency currently have used OTP, which is generated by a token at a number whenever a user authenticates to a server, rather than general static password for some services. A 2-factor OTP generating method using the OTP token is mostly used by the financial agency. However, the method is vulnerable to real attacks and therefore the OTP token could be robbed and disappeared. In this paper, we propose a 3-factor OTP way using HMAC to conquer the problems and analyze the security of the proposed scheme.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.20 no.3
• /
• pp.565-570
• /
• 2016

User requirements for access and authentication increase daily because of the diversification of the Internet of Things (IoT) and social structures. The increase in authentication needs requires the generation of new passwords. Users want to utilize the same passwords for memorization convenience. However, system administrators request each user to use different passwords, as well as passwords that include special symbols. Differnet passwords and including special symbols passwords seem to exceed the tolerance range within your memorization skills. It fetches a very negative consequences in terms of password management. This paper proposes a preference symbol password system that does not require memorization by users. First, a survey is conducted to prove statistical safety, and based on this, an evolution-type password system that uses preference symbols is designed. Preference symbol passwords show superiority with respect to installation cost and convenience, compared with conventional non-memorizing password systems such as biometrics, keystrokes, and mouse patterns.

• Journal of KIISE:Computer Systems and Theory
• /
• v.29 no.11
• /
• pp.622-633
• /
• 2002

Authentication and Key Agreement using password provide convenience and amenity, but what human can remember has extremely low entropy. To overcome its defects, AMP(Authentiration and key agreement via Memorable Password) which performs authentication and key agreement securely via low entropy password are presented. AMP uses Diffie-Hellman problem that depends on discrete logarithm problem. Otherwise, this thesis applies elliptic curve cryptosystem to AMP for further efficiency That is, this thesis presents EC-AMP(Elliptic Curve-AMP) protocol based on elliptic curve discrete logarithm problem instead of discrete logarithm problem, and shows its high performance through the implementation. EC-AMP secures against various attacks in the random oracle model just as AMP Thus, we nay supply EC-AMP to the network environment that requires authentication and key agreement to get both convenience and security from elliptic curve discrete logarithm problem.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.12 no.10
• /
• pp.4612-4617
• /
• 2011

Hsiang-Shin proposed a user authentication scheme which was created by improving Yoon's scheme. Afterwards, An showed the failure to meet security requirements which are considered in user authentication using password-based smart card in Hsiang-Shih-suggested scheme. In other words, it was found that an attacker can steal a user's card, and detect a user's password by temporarily accessing it and extracting the information stored in it. However, An-proposed scheme also showed its vulnerability to password-guessing attack and forgery/impersonation attack, etc. and thus, this paper proposed the improved user authentication scheme. The proposed authentication scheme can thwart the password-guessing attack completely and this paper proposed scheme also includes an efficient mutual authentication method that can make it possible for users and authentication server to certify the other party.

• Journal of the Korea Society for Simulation
• /
• v.20 no.1
• /
• pp.39-49
• /
• 2011

Nowaday, Many equipments like TabletPC, Digital kiosk, ATM using touch-panel service instead of keyboard or button, to support intuitively input for user. Furthermore these days touch-panels recognize up to 5 contact points using recent technology. On this study, I Introduce password input/store methodology on multi-touch environment. On past, User must input password 1 character by 1 character, like [1, 2, 3, 4]. but, on multi-touch environment user can input more than one character at the same time, like [(1,3), 2, (3,4), (1,2,3)]. In result, users can use password more intensely. This study is utilized post security technology study on multi-touch environment.

• Journal of the Korea Convergence Society
• /
• v.8 no.6
• /
• pp.37-44
• /
• 2017

Mobile devices provide various services through payment and authentication by inputting important information such as passwords on the screen with the virtual keypads. In order to infer the password inputted by the user, the attacker captures the user's touch location information. The attacker is able to infer the password by using the location information or to obtain password information by peeping with Google Glass or Shoulder Surfing Attack. As existing secure keypads place the same letters in a set order except for few keys, considering handy input, they are vulnerable to attacks from Google Glass and Shoulder Surfing Attack. Secure keypads are able to improve security by rearranging various shapes and locations. In this paper, we propose secure keypads that generates 13 different shapes and sizes of Tetris and arranges keypads to be attached one another. Since the keypad arranges different shapes and sizes like the game, Tetris, for the virtual keypad to be different, it is difficult to infer the inputted password because of changes in size even though the attacker knows the touch location information.

• Journal of the Korea Society of Computer and Information
• /
• v.14 no.3
• /
• pp.133-138
• /
• 2009

Recently Lin et al. proposed the remote user authentication scheme using smart cards. But the proposed scheme has not been satisfied security requirements considering in the user authentication scheme using the password based smart card. In this paper, we showed that he can get the user's password using the off-line password guessing attack on the scheme when the adversary steals the user's smart card and extracts the information in the smart card. Also, we proposed the seven security requirements for evaluating remote user authentication schemes using smart card. As a result of analysis, in Lin et al's scheme we have found the deficiencies of security requirements. So we suggest the improved scheme, the mutual authentication scheme that does not store the user's password verifier in server and can authenticate each other at the same time between the user and server.

• International Journal of Internet, Broadcasting and Communication
• /
• v.9 no.3
• /
• pp.35-43
• /
• 2017

In 2013, Lee-Lie proposed secure smart card based authentication scheme of Zhu's authentication for TMIS which is secure against the various attacks and efficient password change. In this paper, we discuss the security of Lee-Lie's smart card-based authentication scheme, and we have shown that Lee-Lie's authentication scheme is still insecure against the various attacks. Also, we proposed the improved scheme to overcome these security problems of Lee-Lie's authentication scheme, even if the secret information stored in the smart card is revealed. As a result, we can see that the improved smart card based user authentication scheme for TMIS is secure against the insider attack, the password guessing attack, the user impersonation attack, the server masquerading attack, the session key generation attack and provides mutual authentication between the user and the telecare system.