• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.42 no.2
• /
• pp.349-357
• /
• 2017

Many Web sites adopt SMS(Short Message Service)-based user authentication when a user loses her password or approves an online payment. In SMS-based authentication, the authentication server sends a text in plaintext to a user's phone, and it allows an attacker who eavesdrops or intercepts the text to impersonate a valid user(victim). We propose a challenge-response scheme to prove to the authentication server that a user is in a certain place at the moment with her smartphone beside her. The proposed scheme generates a response using a challenge by the server, user's current location, and a secret on the user's smartphone all together. Consequently, the scheme is much more secure than SMS-based authentication that simply asks a user to send the same text arrived on her phone back to the server. In addition to entering the response, which substitutes the SMS text, the scheme also requests a user to input a passphrase to get the authentication process started. We believe, however, the additional typing should be tolerable to most users considering the enhanced security level of the scheme.

• The Journal of the Korea Contents Association
• /
• v.7 no.4
• /
• pp.20-29
• /
• 2007

Although E-mail system is considered as a most important communication media, 'Spam' is flooding the Internet with many copies of the same message, in an attempt to force the message on people who would not otherwise choose to receive it. Most spam is commercial advertising, often for dubious products, get-rich-quick schemes, or quasi-legal services. Therefore advanced anti-spam techniques are required to basically reduce its transmission volume on sender mail server or MTA, etc. In this study, we propose a new sender authentication model with encryption function based on modified DomainKey with SMS for Spam mail protection. From the SMS message, we can get secret information used for verification of its real sender on e-mail message. And by distributing this secret information with SMS like out-of-band channel, we can also combine proposed modules with existing PGP scheme for secure e-mail generation and authentication steps. Proposed scheme provide enhanced authentication function and security on Spam mail protection function because it is a 'dual mode' authentication mechanism.

• Journal of Korea Society of Industrial Information Systems
• /
• v.17 no.6
• /
• pp.25-30
• /
• 2012

Passwords are a common method of identifying and authenticating a user who wishes to log on to a secure system. Password-based authentication techniques, however, do not provide strong security and recognized as being an poor form of protection. It is not all the responsibility of the user to control password and to protect its confidentiality. In this paper, confirm an appropriate response time and I propose a new and improved method of implementing two factor authentication using SMS via receiving apparatus(mobile and email).

• Proceedings of the Korea Information Processing Society Conference
• /
• 2001.04b
• /
• pp.1177-1180
• /
• 2001

전화를 통해 인터넷 정보를 들을 수 있는 보이스 포탈(Voice Portal) 서비스가 인기를 얻고 있다. Voice Portal 서비스란 알고자 하는 정보를 Speech Recognition System에 음성으로 명령하면 전화를 통해 음성으로 원하는 정보를 듣는 서비스이다. Authentication의 절차를 수행하는 SMS (Short Message Service) 서버 Module, PSTN과 Database 서버사이의 Interface를 제공하는 CTI (Computer Telephony Integration) Module, CTI 서버와 WWW (World Wide Web) 사이의 Voice XML Module, 정보를 검색하기 위한 Searching Module들이 필요하다. 본 논문은 Speech Recognition technology를 기반으로 한 CTI Module 설계를 구현하였다. 또한 인정 방식으로 Random한 일회용 password를 기반으로 한 SMS Authentication을 택하므로 더욱 더 안정된 서비스 제공을 목적으로 하였다.

• International Journal of Contents
• /
• v.2 no.4
• /
• pp.12-18
• /
• 2006

The number of wireless public network user is increasing rapidly. Security problem for user authentication has been increased on existing wireless network such as IEEE802.11 based Wireless LAN. As a solution, IEEE802.1x (EAP-MD5, EAP-TLS, EAP-TTLS), X.509, protocol or security system was suggested as a new disposal plan on this problem. In this study, we overview main problem on existing EAP-MD5 authentication mechanism on Wireless LAN and propose a SMS(Short Message Service) based secure authentication and accounting mechanism for providing security enhanced wireless network transactions.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.4
• /
• pp.843-853
• /
• 2017

In the case of electronic payment, the obligation to use the certificate-based authentication was abolished. As Fin-tech service providers gain autonomy, various authentication methods are provided. SMS, ARS, PIN, Text-passwords, Fingerprints are popular authentication methods in the mobile Fin-tech services. In this study evaluate the usability and security of authentication methods in a unified mobile environment. We evaluate the usability through SUS and interview. Also we evaluate the security level of authentication methods through NIST guideline. At the result of the usability evaluation, Fingerprint authentication method had been determined as the highest usability, also Fingerprint authentication method had been determined as the safest authentication method by obtaining Security Level 4.

• Journal of information and communication convergence engineering
• /
• v.9 no.2
• /
• pp.187-192
• /
• 2011

Traditional voice traffic over mobile communication has been changed into data and media contents traffic, which makes traffic amount increases and speedy data transfer required. In the near future ubiquitous mobile terminal environment will be common so that security issues will arise due to many heterogeneous equipments and connections. In this paper, many previous methods used for terminal authentication are examined. And we propose new system model which uses our novel user authentication protocol based on strong one-time password (OTP) and short message service (SMS). We verify our system model and protocol by implementation.

• Journal of Convergence Society for SMB
• /
• v.5 no.3
• /
• pp.9-13
• /
• 2015

With the advance of ICT, the necessity of user authentication to verify the identity of an opponent online not face to face is increasing. The authentication, the basis of the security, is used in various fields. Because ID-based authentication has weaknesses in terms of stability and losses, two or more than two authentication tools are used in the place in which the security is important. Recently, biometric authentication rather than ID, OTP, SMS authentication has been an issue in terms of credibility and efficiency. As the fields applied to current biometric recognition technologies are increasing, the application of the biometric recognition is being used in various fields such as mobile payment system, intelligent CCTV, immigration inspection, and access control. As the biometric recognition, finger print, iris, retina, vein, and face recognition have been studied actively. This study is to inspect the current state of domestic and foreign standardization including understanding of the face recognition and the trend of technology.

• Proceedings of the Korean Information Science Society Conference
• /
• 2004.10a
• /
• pp.433-435
• /
• 2004

인터넷을 통한 자동화된 업무를 위하여, 공공 컴퓨터들에 대한 의존도가 높아지고 있다. 그러나 오늘날 웹 메일이나 옥션, 인터넷 뱅킹 흑은 휴대폰 결제 등을 위한 원격 서비스들은 사용자의 신원을 증명하기 위해 반드시 사용자의 아이디와 패스워드 또는 주민등록번호를 요구한다. 하지만 안전하지 못한 채널로 전송되는 사용자의 패스워드는 공격자에 의해서 도청되어, 재사용 될 가능성이 매우 높다. 본 논문에서는 위와 같이 보안이 취약한 환경에서 안전한 사용자 인증이 성공적으로 이루어 질 수 있는 새로운 시스템을 제안하고자 한다. 제안 시스템은 현대의 일반 사용자들이 항상 소지하는 휴대폰의 SMS(Simple Message Service)와 일회용 패스워드(OTP : One Time Password)를 기반으로 한다.

• The KIPS Transactions:PartC
• /
• v.10C no.5
• /
• pp.585-594
• /
• 2003

Java card is one of promising smart card platform with java technology. Java card defines necessary packages and classes for Embedded device that have small memory such as smart card Jana card is compatible with EMV that is Industry specification standard and ISO-7816 that is international standard. However, Java card is not offers user authentication protocol. In this paper, We design and implement an user authentication protocol applicable wireless devices based on Java Card using standard 3GPP Specification (SMS), Java Card Specification (APDU), Cryptography and so on. Our Java Card user authentication techniques can possibly be applied to the area of M-Commerce, Wireless Security, E-Payment System, Mobile Internet, Global Position Service, Ubiquitous Computing and so on.