• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.21 no.6
• /
• pp.133-140
• /
• 2011

Password-based authentication is the protocol that two entities share a password in advance and use the password as the basic of authentication. Password authentication schemes are divided into weak-password and strong-password authentication scheme. SPAS protocol, one of the strong-password authentication scheme, was proposed for secure against DoS attack. However it has vulnerability of the replay attack. In this paper, we analyze the vulnerability to the replay attack in SPAS protocol. Then we also propose an Improved-Strong Password Authentication Scheme (I-SPAS) with secure against the replay attack.

• Journal of Advanced Navigation Technology
• /
• v.14 no.3
• /
• pp.415-425
• /
• 2010

In public network, user authentication is important security technology. Especially, password-based authentication method is used the most widely in distributed environments, and there are many authentication methods. Their SPMA protocol indicates vulnerability about problem that NSPA protocol does not offer mutual authentication, and proposed Strong Password Mutual Authentication protocol with mutual authentication. However, SPMA protocol has vulnerability of replay attack. In the paper, we analyzed vulnerability to replay attack of SPMA protocol. And we also proposed Improved Strong Password Mutual Authentication protocol to secure on replay attack with same efficiency.

• Journal of Internet Computing and Services
• /
• v.10 no.4
• /
• pp.223-230
• /
• 2009

Among the remote user authentication schemes, password-based authentication methods are the most widely used. In 2004, Das et al. proposed a "Dynamic ID Based Remote User Authentication Scheme" that is the password based scheme with smart-cards, and is the light-weight technique using only one-way hash algorithm and XOR calculation. This scheme adopts a dynamic ID that protects against ID-theft attack, and can resist replay attack with timestamp features. Later, many flaws of this scheme were founded that it allows any passwords to be authenticated, and can be vulnerable to impersonation attack, and guessing attack. By this reason many modifications were announced. These scheme including all modifications are similarly maintained security against replay the authentication message attack by the timestamp. But, if advisory can replay the login immediately, this attempt can be succeeded. In this paper, we analyze the security vulnerabilities of Das scheme, and propose improved scheme which can resist on real-time replay attack using the counter of authentication. Besides our scheme still secure against impersonation attack, guessing attack, and also provides mutual authentication feature.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2019.05a
• /
• pp.247-250
• /
• 2019

The first-generation RKE(Remote Keyless Entry) system is very vulnerable to replay attacks and the encryption of the second-generation RKE system is known to be disabled by four to eight signal receptions and analysis. In order to enhance the security of the RKE system, we introduce a physical-layer security methods in the RKE system and propose a technique to disable the replay attack by reducing the quality of the signal received by an eavesdropper.

• Journal of Advanced Navigation Technology
• /
• v.13 no.6
• /
• pp.876-883
• /
• 2009

In 2008, Kim-Jun proposed RFID Mutual Authentication Protocol based on One-Time Random Numbers which are strong in Eavesdropping Attack, Spoofing attack and Replay attack. However, In 2009, Yoon-Yoo proved that it was weak in Replay attack and proposed a protocol which can prevent Replay attack. But Yoon-Yoo's protocol has problems that efficiency on communication and Brute-force attack. This paper shows weak points of Yoon-Yoo's protocol and proposes an RFID mutual authentication protocol with security and performance improvements.

• Journal of KIISE:Information Networking
• /
• v.36 no.2
• /
• pp.90-97
• /
• 2009

In 2008, Kim-Jun proposed a RFID mutual authentication protocol using one-time random number that can withstand malicious attacks by the leakage of important information and resolve the criminal abuse problems. Through the security analysis, they claimed that the proposed protocol can withstand various security attacks including the replay attack. However, this paper demonstrates that Kim-Jun' s RFID authentication protocol still insecure to the replay attack. In addition, this paper also proposes a simply improved RFID mutual authentication protocol using one-time random number which not only provides same computational efficiency, but also withstands the replay attack.

• KIPS Transactions on Computer and Communication Systems
• /
• v.4 no.1
• /
• pp.31-36
• /
• 2015

As web accessibility has been easier, security issue becomes much more important in web applications demanding user authentication. Cookie is used to reduce the load of the server from the session in web applications and manage the user information efficiently. However, the cookie containing user information can be sniffed by an attacker. With this sniffed cookie, the attacker can retain the web application session of the lawful user as if the attacker is the lawful user. This kind of attack are called cookie replay attack and it causes serious security problems in web applications. In this paper, we have introduced a mechanism to detect cookie replay attacks and defend them, and verified effectiveness of the mechanism.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.6
• /
• pp.1027-1036
• /
• 2014

In 2012, Sonwanshi et al. suggested an efficient smar card based remote user authentication scheme using hash function. In this paper, we point out that their scheme is vulnerable to offline password guessing attack, sever impersonation attack, insider attack, and replay attack and it has weakness for session key vulnerability and privacy problem. Furthermore, we propose an improved scheme which resolves security flaws and show that the scheme is more secure and efficient than others.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.5
• /
• pp.769-780
• /
• 2014

In general, internet users need to remember several IDs and passwords when they use diverse web sites. From an effective management perspective, SSO system was suggested to reduce user inconvenience. Kerberos authentication, which uses centralized system management, is a typical example of a broker-based SSO authentication model. However, further research is required, because the existing Kerberos authentication system has security vulnerability problems of password and replay attacks. In SSO authentication systems, a major security vulnerability is the replay attack. When user credentials are seized by attackers, an authorized session can be obtained through a replay attack. In this paper, an improved SSO authentication model based on the broker-based model and a secure lightweight SSO mechanism against credential replay attack is proposed.

• Journal of KIISE:Information Networking
• /
• v.35 no.3
• /
• pp.243-250
• /
• 2008

Recently, researched RFID authentication protocols still have vulnerability of attack, such as location tracking attack, replay attack. spoofing attack etc. This paper designed method of making one time random number in DB server side unlike previously researched protocols, and it protects RFID communication from location tracking, replay attack and spoofing attack.