• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.11 no.5
• /
• pp.131-137
• /
• 2011

Recently Lin et al. proposed a simple remote user authentication scheme using smart cards. But the proposed scheme has not satisfied security requirements which should be considered in the user authentication scheme using the password based smart card. In this paper, we show that Lin et al.'s scheme is insecure against off-line password guessing attack. In their scheme, any legal user's password may be derived from the password guessing when his/her smart card is stolen and the secret information is leaked from the smart card by an attacker. Accordingly, we demonstrate the vulnerability of their scheme and present an enhancement to resolve such security weakness. Our proposed scheme can withstand various possible attacks including password guessing attack. Furthermore, this improved scheme can provide mutual authentication to improve the security robustness. Performance evaluation shows that the proposed scheme is relatively more effective than Lin et al.'s scheme.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.2
• /
• pp.329-341
• /
• 2017

A multi-server architecture has been proposed to increase the efficiency of resources due to the rapid growth of computer networks and service providing servers. The smartcard-based authentication protocol in the multi-server environments has been continuously developed through various studies. Recently, Chun-Ta Li et al proposed an authentication protocol that solves Xiong Li el al's authentication protocol vulnerability to user impersonation attack and session key disclosure attack. However, Chun-Ta Li et al's authentication protocol has a problem with user impersonation in the vulnerability analysis and has an unsuitable authentication process. Therefore, this paper proposes a smartcard-based authentication protocol in the multi-server environments that solves the denial of service attack and replay attack vulnerabilities of the authentication protocol proposed by Xiong Li et al.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.37 no.2C
• /
• pp.132-139
• /
• 2012

In 2011, Woosik Bae proposed a NLMAP(New Low-cost Mutual Authentication Protocol) in RFID based on hash function. They argued that minimize computation such as random number generation. In addition, NLMAP is safe against replay attack, spoofing attack, traffic analysis and eavesdropping attack due to using mutual authentication. So, when applied to RFID system has advantage such as providing a high level of security at a lower manufacturing cost. However, unlike their argue, attacker can obtain Tag's hash computed unique identification information. This paper proves possible the location tracking and spoofing attack using H(IDt) by attacker. In addition, we propose the improved a mutual authentication protocol in RFID based on hash function and CRC code. Also, our protocol is secure against various attacks and suitable for efficient RFID systems better than NLMAP.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.3
• /
• pp.405-415
• /
• 2012

In many applications a reader needs to determine whether a particular tag exists within a group of tags without a server. This is referred to as serverless RFID tag searching. A few protocols for the serverless RFID searching are proposed but they are the single tag search protocol which can search a tag at one time. In this paper, we propose a multi-tag search protocol based on a hash function and a random number generator which can search some tags at one time. For this study, we introduce a protocol which can resolve the problem of synchronization of seeds when communication error occurs in the S3PR protocol[1], and propose a multi-tag search protocol which can reduce the communication overhead. The proposed protocol is secure against tracking attack, impersonation attack, replay attack and denial-of-service attack. This study will be the basis of research for multi-tag serach protocol.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.5
• /
• pp.1057-1068
• /
• 2012

According to advance on vehicle technology, many kinds of ECU(Electronic Control Unit) are equipped inside the vehicle. In-vehicle communication among ECUs is performed through CAN(Controller Area Networks). CAN have high reliability. However, it has many vulnerabilities because there is not any security mechanism for CAN. Recently, many papers proposed attacks of in-vehicle communication by using these vulnerabilities. In this paper, we propose an wireless attack model using a mobile radio communication network. We propose a secure authentication mechanism for in-vehicle network communication that assure confidentiality and integrity of data packets and also protect in-vehicle communication from the replay attack.

• Journal of Digital Convergence
• /
• v.10 no.3
• /
• pp.155-160
• /
• 2012

This paper proposes an authentication protocol based on hash and AES safe from various types of attacks in order to assure the security of communication between tags and readers, which exchange data with each other wirelessly in a RFID system. The proposed authentication protocol resolves a problem in existing hash-based protocols whereby the same hidden value is generated for the same identification in each session. In order to hide tag identification information a number of complicated calculations were required, but using the proposed AES protocol reduces such calculations, strengthens security against replay attack, spoofing attack, traffic analysis, eavesdropping, etc. and assure mutual authentication between tags and readers.

• Journal of Korea Multimedia Society
• /
• v.20 no.8
• /
• pp.1321-1329
• /
• 2017

A quantum computer, based on quantum mechanics, is a paradigm of information processing that can show remarkable possibilities of exponentially improved information processing. This paradigm can be solved in a short time by calculating factoring problem and discrete logarithm problem that are typically used in public key cryptosystems such as RSA(Rivest-Shamir-Adleman) and ECC(Elliptic Curve Cryptography). In 2013, Lei et al. proposed a secure NTRU-based key distribution protocol for quantum computing. However, Lei et al. protocol was vulnerable to man-in-the-middle attacks. In this paper, we propose a NTRU(N-the truncated polynomial ring) key distribution protocol with mutual authentication only using NTRU convolution multiplication operation in order to maintain the security for quantum computing. The proposed protocol is resistant to quantum computing attacks. It is also provided a secure key distribution from various attacks such as man-in-the middle attack and replay attack.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.10 no.2
• /
• pp.313-319
• /
• 2009

Recently the RFID system, which can recognize multiple tags simultaneously through wireless communication, is emerging as a new technology that can replace the barcode system. Furthermore, related industries are carrying out active research on tags and authentication protocols with guaranteed security that are widely applicable to logistics, distribution, etc. The present study proposes a protocol with enhanced security by introducing the concept of RBAC to the authentication protocol, and a method with lower security for effective mass authentication. The proposed method is advantageous in that it guarantees security against spoofing attack, traffic analysis, replay attack, etc. based on hash function.

• The Journal of the Korea Contents Association
• /
• v.9 no.1
• /
• pp.115-122
• /
• 2009

In this paper, we proposed scheme that we use a difference of timestamp in time in Ubiquitous environments as we use the Diffie-Hellman method that OTP was applied to when it deliver a key between nodes, and can detect a malicious node at these papers. Existing methods attempted the malicious node detection in the ways that used correct synchronization or directed antenna in time. We propose an intermediate malicious node detection way at these papers without an directed antenna addition or the Trusted Third Party (TTP) as we apply the OTP which used timestamp to a Diffie-Hellman method, and we verify safety regarding this. A way to propose at these papers is easily the way how application is possible in Ubiquitous environment.

• Journal of the Institute of Electronics Engineers of Korea CI
• /
• v.42 no.1
• /
• pp.45-50
• /
• 2005

Recently, ubiquitous Computing is being actively researched and one of the main technology in ubiquitous computing environments is recognized as RFID system. The RFID system has much benefits but simultaneously has some problems such as user's privacy violation. Therefore, in this paper, we analyze the privacy problems of previous methods and propose more secure and effective authentication method to protect user's privacy. The proposed protocol is secure against replay attack, spoofing attack and tracking by an attacker.