• Title/Summary/Keyword: Replay

Search Result 318, Processing Time 0.028 seconds

Design of Security-Enhanced RFID Authentication Protocol Based on AES Cipher Algorithm (AES 암호 알고리듬 기반 보안성이 강화된 RFID 인증 프로토콜 설계)

  • Kang, Min-Sup
    • The Journal of the Institute of Internet, Broadcasting and Communication
    • /
    • v.12 no.6
    • /
    • pp.83-89
    • /
    • 2012
  • This paper proposes the design of a security-enhanced RFID authentication protocol which meets the privacy protection for tag bearers. The protocol which uses AES(Advanced Encryption Standard) cipher algorithm is based on a three-way challenge response authentication scheme. In addition, three different types of protocol packet formats are also presented by extending the ISO/IEC 18000-3 standard for realizing the security-enhanced authentication mechanism in RFID system environment. Through the comparison of security, it was shown that the proposed scheme has better performance in user data confidentiality, Man-in-the-middle replay attack, and replay attack, and forgery resistance, compared with conventional some protocols. In order to validate the proposed protocol, a digital Codec of RFID tag is also designed based on the protocol. This Codec has been described in Verilog HDL and also synthesized using Xilinx Virtex XCV400E device.

A Scalable and Practical Authentication Protocol in Mobile IP (Mobile IP에서 확장성과 실용성 있는 인증 프로토콜 제안 및 분석)

  • Lee, Yong;Lee, Goo-Yeon
    • Journal of the Institute of Electronics Engineers of Korea TC
    • /
    • v.42 no.11
    • /
    • pp.35-44
    • /
    • 2005
  • In Mobile IP protocol, because a mobile node still uses its home IP address even though it moves to foreign network from home network, authentication among mobile node, foreign network and home network is critical issue. Many researches about this issue have been based on shared secret, for example mobile node and home agent authenticate each other with pre-shared symmetry key. And they missed several security issues such as replay attack. Although public key scheme could be applied to this issue easily, since the public key cryptography is computationally complicated, it still has the problem that it is not practical to realistic environment. In this paper, we describe several security issues in Mobile IP protocol. And we propose new Mobile IP authentication protocol that is applicable to realistic environment using public key algorithm based on certificate. It has scalability for mobile nodes and is applicable to the original Mobile IP protocol without any change. Finally we prove security of the proposed protocol and that it might not affect performance of the original Mobile IP protocol.

A Robust and Secure Remote User Authentication Scheme Preserving User Anonymity (사용자 익명성을 보장하는 안전하고 개선된 원격 사용자 인증스킴)

  • Shin, Kwang-Cheul
    • The Journal of Society for e-Business Studies
    • /
    • v.18 no.2
    • /
    • pp.81-93
    • /
    • 2013
  • Remote user authentication is a method, in which remote server verifies the legitimacy of a user over an common communication channel. Currently, smart card based remote user authentication schemes have been widely adopted due to their low computational cost and convenient portability for the mutual authentication. 2009 years, Wang et al.'s proposed a dynamic ID-based remote user authentication schemes using smart cards. They presented that their scheme preserves anonymity of user, has the feature of storing password chosen by the server, and protected from several attacks. However, in this paper, I point out that Wang et al.'s scheme has practical vulnerability. I found that their scheme does not provide anonymity of a user during authentication. In addition, the user does not have the right to choose a password. And his scheme is vulnerable to limited replay attacks. In particular, the parameter y to be delivered to the user is ambiguous. To overcome these security faults, I propose an enhanced authentication scheme, which covers all the identified weakness of Wang et al.'s scheme and an efficient user authentication scheme that preserve perfect anonymity to both the outsider and remote server.

Design of a User Authentication System using the Device Constant Information (디바이스 불변 정보를 이용한 사용자 인증 시스템 설계)

  • Kim, Seong-Ryeol
    • Journal of Convergence Society for SMB
    • /
    • v.6 no.3
    • /
    • pp.29-35
    • /
    • 2016
  • This paper presents the design of a user authentication system (DCIAS) using the device constant information. Defined design a new password using the access device constant information to be used for user authentication during system access on the network, and design a new concept the user authentication system so that it can cope with the threat required from passive replay attacks to re-use the password obtained in other applications offer. In addition, by storing a password defined by the design of the encrypted random locations in the server and designed to neutralize the illegal access to the system through the network. Therefore proposed using the present system, even if access to the system through any of the network can not know whether any where the password is stored, and if all right even stored information is not easy to crack's encrypted to neutralize any replay attacks on the network to that has strong security features.

Cryptanalysis and Improvement of RSA-based Authentication Scheme for Telecare Medical Information Systems

  • Kim, Keewon
    • Journal of the Korea Society of Computer and Information
    • /
    • v.25 no.2
    • /
    • pp.93-103
    • /
    • 2020
  • The telecare medical information system (TMIS) supports convenient and rapid health-care services. A secure and efficient authentication and key agreement scheme for TMIS provides safeguarding electronic patient records (EPRs) and helps health care workers and medical personnel to rapidly making correct clinical decisions. Giri et al. proposed an RSA-based remote user authentication scheme using smart cards for TMIS and claimed that their scheme could resist various malicious attacks. In this paper, we point out that their scheme is still vulnerable to lost smart card attacks and replay attacks and propose an improved scheme to prevent the shortcomings. As compared with the previous authentication schemes for TMIS, the proposed scheme is more secure and practical.

A Robust Pair-wise Key Agreement Scheme based on Multi-hop Clustering Sensor Network Environments (멀티홉 클러스터 센서 네트워크 환경 기반에서 견고한 키 교환)

  • Han, Seung-Jin
    • Journal of the Korea Society of Computer and Information
    • /
    • v.16 no.3
    • /
    • pp.251-260
    • /
    • 2011
  • In this paper, we proposed a scheme that it safely exchanges encrypted keys without Trust Third Party (TTP) and Pre-distributing keys in multi-hop clustering sensor networks. Existing research assume that it exists a TTP or already it was pre-distributed a encrypted key between nodes. However, existing methods are not sufficient for USN environment without infrastructure. Some existing studies using a random number Diffie-Hellman algorithm to solve the problem. but the method was vulnerable to Replay and Man-in-the-middle attack from the malicious nodes. Therefore, authentication problem between nodes is solved by adding a ��TESLA. In this paper, we propose a modified Diffie-Hellman algorithm that it is safe, lightweight, and robust pair-wise agreement algorithm by adding One Time Password (OTP) with timestamp. Lastly, authentication, confidentiality, integrity, non-impersonation, backward secrecy, and forward secrecy to verify that it is safe.

Efficient RFID Search Protocols Providing Enhanced User Privacy (강화된 사용자 프라이버시를 보장하는 효율적인 RFID 검색 프로토콜)

  • Lim, Ji-Hwan;Oh, Hee-Kuck;Nyang, Dae-Hun;Lee, Mun-Kyu;Kim, Sang-Jin
    • The KIPS Transactions:PartC
    • /
    • v.16C no.3
    • /
    • pp.347-356
    • /
    • 2009
  • In an RFID search protocol, a reader uses designated query to determine whether a specific tag is in the vicinity of the reader. This fundamental difference makes search protocol more vulnerable to replay attacks than authentication protocols. Due to this, techniques used in existing RFID authentication protocols may not be suitable for RFID search protocols. In this paper, we propose two RFID search protocols, one based on static ID and the other based on dynamic ID, which use counter to prevent replay attacks. Moreover, we propose a security model for RFID search protocols that includes forward/backward traceability, de-synchronization and forgery attack. Based on this model, we analyze security of our protocols and related works.

A Remote Authentication Protocol Using Smartcard to Guarantee User Anonymity (사용자 익명성을 제공하는 스마트카드 기반 원격 인증 프로토콜)

  • Baek, Yi-Roo;Gil, Kwang-Eun;Ha, Jae-Cheol
    • Journal of Internet Computing and Services
    • /
    • v.10 no.6
    • /
    • pp.229-239
    • /
    • 2009
  • To solve user authentication problem, many remote user authentication schemes using password and smart card at the same time have been proposed. Due to the increasing of interest in personal privacy, there were some recent researches to provide user anonymity. In 2004, Das et al. firstly proposed an authentication scheme that guarantees user anonymity using a dynamic ID. In 2005, Chien et al. pointed out that Das et al.'s scheme has a vulnerability for guaranteing user anonymity and proposed an improved scheme. However their authentication scheme was found some weaknesses about insider attack, DoS attack, and restricted replay attack. In this paper, we propose an enhanced scheme which can remove vulnerabilities of Chien et al.'s scheme. The proposed authentication protocol prevented insider attack by using user's Nonce value and removed the restricted replay attack by replacing time stamp with random number. Furthermore, we improved computational efficiency by eliminating the exponentiation operation.

  • PDF

A Robust Pair-wise Key Agreement Scheme without Trusted Third Party and Pre-distributing Keys for MANET Environments (MANET에서 제 3 신뢰기관(TTP)과 사전 키 분배가 필요 없는 강인한 키 교환 방식)

  • Han, Seung-Jin;Choi, Jun-Hyeog
    • Journal of the Korea Society of Computer and Information
    • /
    • v.13 no.5
    • /
    • pp.229-236
    • /
    • 2008
  • In this paper, re proposed scheme that it safely exchange encrypted keys without Trust Third Party(TTP) and Pre-distributing keys in ubiquitous environments. Existing paper assume that exist a TTP or already pre-distributed encrypted keys between nodes. However, there methods are not sufficient for wireless environments without infrastructure. Some existing paper try to use the Diffie-Hellman algorithm for the problem, but it is vulnerable to Replay and Man-in-the middle attack from the malicious nodes. Therefore, Authentication problem between nodes is solved by modified the Diffie-Hellman algorithm using ${\mu}TESLA$. We propose safe, lightweight, and robust pair-wise agreement algorithm adding. One Time Password(OTP) using timestamp to modified the Diffie-Hellman in ubiquitous environments, and verify a safety about proposed algorithm.

  • PDF

A Study on Improvement of User Interface(UI) based on Multi-Point Replay System (다시점 리플레이 시스템을 기반으로 사용자 인터페이스(UI) 개선방안 연구)

  • Seo, Chang Ho;Lee, Ji Eun;Choi, Seong Jhin
    • Journal of Broadcast Engineering
    • /
    • v.24 no.2
    • /
    • pp.341-352
    • /
    • 2019
  • The inconvenience of using the product weakens the competitiveness of the product and makes it difficult to obtain various users. This study proposes a 5-step evaluation method that is derived from a formal usability evaluation to suggest improvement directions for easier and more convenient manipulation of complex or inconvenient user interface. The 5-step usability evaluation method can not be applied to all broadcasting equipments, but it is expected to improve the user interface of broadcasting equipments. In addition, it is expected to provide an opportunity to more flexible access to user interface development to be applied to new application services in a variety of telecommunication convergence equipment industry, while leading the era of convergence of broadcasting industry throughout broadcasting equipment industry.