• Proceedings of the Korean Information Science Society Conference
• /
• 2002.04a
• /
• pp.760.1-762
• /
• 2002

키 교환 프로토콜에서 상호 인증은 필수 요소이며, 사용자에게 편리하고 비용이 적게 드는 패스워드 기반의 인증 방식이 널리 사용되고 있다. 패스워드 기반의 프로토콜은 패스워드가 가지는 제약으로 인한 공격에 대해서 안전해야 할 뿐 아니라, 사용자의 작업량을 줄이기 위한 효율성도 매우 중요한 요건이다. 본 논문에서는 서버와 사용자간의 인증을 제공하고 세션키를 공유하기 위한 키 교환 프로토콜OTP-EKE(One Time Password based Encrypted Key Exchange)를 제안한다. 키 교환을 위한 사용자 인증은 패스워드 방식을 채택하였으며, 특히 서버 디렉토리에 대한 공격 등에 대해서 안전도를 높이기 위하여 일회용 패스워드 확인자와 서버의 공개 패스워드를 이용하였다. 제안한 프로토콜은 모듈라 지수승 계산 횟수와 메시지 전송 횟수를 줄임으로써 효율성 향상을 보인다

• Journal of the Korea Computer Industry Society
• /
• v.7 no.4
• /
• pp.271-280
• /
• 2006

This study is to propose and design a protocol that offers independent authentication with no necessity of certification authority using password between participants in RS_RCCS(Relay Service-based Remote Computing Control System). In RS_RCCS without authentication center that remote service requesters have mutual authentication with many service managers, there needs for a protocol protected from password attacks. Hereupon, this study is to offer an efficient authentication setting and a protocol for RS_RCCS and helpful for the usefulness of resource management.

• Journal of Information Processing Systems
• /
• v.16 no.5
• /
• pp.1034-1047
• /
• 2020

The personal authentication technique is an essential tool in this complex and modern digital information society. Traditionally, the most general mechanism of personal authentication was using alphanumeric passwords. However, passwords that are hard to guess or to break, are often hard to remember. There are demands for a technology capable of replacing the text-based password system. Graphical passwords can be an alternative, but it is vulnerable to shoulder-surfing attacks. This paper looks through a number of recently developed graphical password systems and introduces a personal authentication system using a machine learning technique with electroencephalography (EEG) signals as a new type of personal authentication system which is easier for a person to use and more difficult for others to steal than other preexisting authentication systems.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.23 no.7
• /
• pp.1851-1859
• /
• 1998

We summarize the password-based authetication protocol K1P which was introduced in our easlier papers [1,2] and then propose three more extended protocols. These protocols preserve a design concept of K1P, i.e., security and efficiency, and canbe used for various purposes. They are a One-time key K1P, a Client public key K1P, and an Exponential key exchange K1P.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2016.05a
• /
• pp.766-768
• /
• 2016

Conventional locking device has a disadvantage such as a security vulnerability caused by using avoid traces of the keypad that are frequently used due to the complex password application. In this study, we proposed a OTP based locks by using user identical informations that overcomes the disadvantages of the conventional apparatus. We implemented and validated the proposed algorithm through simulations.

• The Journal of the Korea Contents Association
• /
• v.17 no.7
• /
• pp.571-578
• /
• 2017

In order to approach information system through smart device and pc, user has to authenticate him or herself via user authentication. At that time when user tries reaching the system, well-used user authentication technologies are ID/PW base, OTP, certificate, security card, fingerprint, etc. The ID/PWbased method is familiar to users, however, it is vulnerable to brute force cracking, keylogging, dictionary attack. so as to protect these attacks, user has to change the passwords periodically as per password combination instructions. In this paper, we designed and implemented a user authentication system using smartphone's USIM without using password while enhancing security than existing ID / PW based authentication technology.

• Journal of Advanced Navigation Technology
• /
• v.20 no.1
• /
• pp.72-78
• /
• 2016

MD-5 has been the hash algorithm to encrypt the user's password on Linux from the beginning. Recently the more reliable password management was demanded and SHA-512 algorithm became the hash algorithm on the recent Enterprise Linux which is more reliable than MD-5. This paper researching the characteristics of the hashing and encryption algorithms and find out about Linux User information management. Based on this analysis, and analysis of the security of the hashing algorithm is applied to the user password. In addition, analyzes the cases used hash algorithm applied to the validation of Open Source Software file, such as Apache, PHP, MySQL. Finally, by analyzing the security tool John The Ripper this paper suggests the enhanced security with the administrative management of passwords.

• The Journal of Society for e-Business Studies
• /
• v.10 no.2
• /
• pp.89-108
• /
• 2005

The SOAP specifications are not provided a functions of information security, especially authentication function. In case of user authentication, delivery of the username and password elements can be exposed to sniffing/replay attack by malicious attacker. In this paper, we propose a new mechanism to protect authentication attacks for the SOAP messages. The proposed mechanism is compensated for weakness of S/KEY system. Our mechanism has no limitation for time and overhead and also provide a more effective and secure delivery.

• Journal of the Institute of Electronics Engineers of Korea CI
• /
• v.46 no.1
• /
• pp.11-19
• /
• 2009

Recently, user authentication is the most important part as far as security to provide confidentiality and integrity over untrusted networks like the Internet. Especially, password-based user authentication method is the most widely-used user authentication method due to various advantages, such as human-memorable simplicity, convenience, mobility, low-cost operations and efficiency. In this paper, we propose a new strong password mutual authentication protocol. As a result, the proposed authentication protocol provides more security and efficiency compare with the previously related protocols. So that, it can be used practically as the Internet authentication protocol.

• Journal of Korea Society of Industrial Information Systems
• /
• v.17 no.6
• /
• pp.25-30
• /
• 2012

Passwords are a common method of identifying and authenticating a user who wishes to log on to a secure system. Password-based authentication techniques, however, do not provide strong security and recognized as being an poor form of protection. It is not all the responsibility of the user to control password and to protect its confidentiality. In this paper, confirm an appropriate response time and I propose a new and improved method of implementing two factor authentication using SMS via receiving apparatus(mobile and email).