• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2012.10a
• /
• pp.791-792
• /
• 2012

RFID security protocol is widely discussed as an important issue, while the mutual authentication with the security agreement is mostly discussed enthusiastically. In this paper we improve HB family to achieve the property of mutual authentication, so that the user privacy can be protected. The future direction is to adapt the protocol for cloud computing.

• Journal of the Institute of Electronics Engineers of Korea TC
• /
• v.43 no.2 s.344
• /
• pp.22-26
• /
• 2006

Symmetric cryptographic algorithm is incongruent in network environment by absence of authencation in spite of advantage of easy etc. on data processing and implementation of high speed. Therefore, proposed merging style authentication algorithm that use MAC and MDC so that symmetric cryptographic algorithm can achieve authentication. Proposed algorithm made security can wide of secure communication channel as to achieve authentication to cryptographic algerian itself not that act independently of symmetric cryptographic algorithm.

• Convergence Security Journal
• /
• v.21 no.1
• /
• pp.55-62
• /
• 2021

Recently, the use of sensor devices is gradually increasing. As various sensor device emerge and the related technologies advance, there has been a dramatic increase in the interest in heterogeneous wireless sensor networks (WSNs). While sensor device provide us many valuable benefits, automatically and remotely supported services offered and accessed remotely through WSNs also exposes us to many different types of security threats. Most security threats were just related to information leakage and the loss of authentication among the involved parties: users, sensors and gateways. An user authentication protocol for wireless sensor networks is designed to restrict access to the sensor data only to user. In 2019, Chen et al. proposed an efficient user authentication protocol. However, Ryu et al. show that it's scheme still unstable and inefficient. It cannot resist offline password guessing attack and session key attack. In this paper, we propose an improved protocol to overcome these security weaknesses by storing secret data in device. In addition, security properties like session-key security, perfect forward secrecy, known-key security and resistance against offline password attacks are implied by our protocol.

• The Journal of the Korea Contents Association
• /
• v.19 no.7
• /
• pp.421-426
• /
• 2019

Nowadays, various type of technologies are used for user authentication, such as knowledge based(ID/PW, etc.) authentication, biometric based(Iris/fingerprint/vein recognition) authentication, ownership based(OTP, security card, etc.) authentication. ID/PW authentication technology, a knowledge based authentication, despite the advantages of low in implementation and maintenance costs and being familiar to users, there are disadvantages of vulnerable to hacking attacks, Other authentication methods solve the vulnerability in ID/PW authentication technology, but they have high initial investment cost and maintenance cost and troublesome problem of reissuance. In this paper, we proposed to improve security and convenience over existing ID/PW based authentication technology, and to secure user authentication without restriction on the devices used for authentication.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.16 no.6
• /
• pp.33-42
• /
• 2016

Recently, the investment and study competition regarding machine running is accelerating mainly with Google, Amazon, Microsoft and other leading companies in the field of artificial intelligence. The security weakness of virtualization technology security structure have been a serious issue continuously. Also, in most cases, the internal data security depend on the virtualization security technology of platform provider. This is because the existing software, hardware security technology is hard to access to the field of virtualization and the efficiency of data analysis and processing in security function is relatively low. This thesis have applied user significant information to machine learning algorithm, created security authentication vector able to learn to provide with a method which the security authentication can be conducted in the field of virtualization. As the result of performance analysis, the interior transmission efficiency of authentication vector in virtualization environment, high efficiency of operation method, and safety regarding the major formation parameter were demonstrated.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.11 no.6
• /
• pp.303-310
• /
• 2011

Recently, many user authentication schemes using smart cards have been proposed to improve the security weaknesses in user authentication process. In 2009, Wang et al. proposed a more effective and secure dynamic ID-based remote user authentication scheme to improve the security weakness of Das et al.'s scheme, and asserted that the improved scheme is secure against independent of password in authentication phase and provides mutual authentication between the user and the remote server. However, in this paper, we analyze the security of Wang et al. scheme and demonstrate that Wang et al.'s scheme is vulnerable to the man-in-the-middle attack and the off-line password guessing attack. In addition, we show that Wang et al. scheme also fails to provide mutual authentication. Accordingly, we propose an improved scheme to overcome these security weakness even if the secrete information stored in the smart card is revealed. Our proposed scheme can withstand the user impersonation attack, the server masquerading attack and off-line password guessing attack. Furthermore, this improved scheme provides the mutual authentication and is more effective than Wang et al.'s scheme in term of the computational complexities.

• Journal of the Korea Society of Computer and Information
• /
• v.17 no.2
• /
• pp.159-166
• /
• 2012

Many biometrics-based user authentication schemes using smart cards have been proposed to improve the security weaknesses in user authentication system. In 2010, Chang et al. proposed an improved biometrics-based user authentication scheme without concurrency system which can withstand forgery attack, off-line password guessing attack, replay attack, etc. In this paper, we analyze the security weaknesses of Chang et al.'s scheme and we have shown that Chang et al.'s scheme is still insecure against man-in-the-middle attack, off-line biometrics guessing attack, and does not provide mutual authentication between the user and the server. And we proposed the improved scheme to overcome these security weaknesses, even if the secret information stored in the smart card is revealed. As a result, the proposed scheme is secure for the user authentication attack, the server masquerading attack, the man-in-the-middle attack, and the off-line biometrics guessing attack, does provide the mutual authentication between the user and the remote server. And, in terms of computational complexities, the proposed scheme is more effective than Chang et al.'s scheme.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.22 no.5
• /
• pp.325-333
• /
• 2021

With the rapidly changing era of the fourth industrial revolution, the utilization of IT technology is increasing. In addition, the demand for security authentication is increasing as shared services or IoT technologies are being developed as new business models. Security authentication is becoming increasingly important for all intelligent devices such as self-driving cars. However, most location-based security authentication technologies are being developed mainly with technologies that utilize server proximity or satellite location tracking, which limits the scope of their physical use. Location-based security authentication technology has recently been developed as a complementary replacement technology. In this study, we introduce location-based security authentication technology using cell broadcasting technology, which has a wider range of applications and is more convenient and business-friendly than existing location-based security authentication technologies. We also introduced application cases and business models related to this. In addition to the current status of technology development, we analyzed current changes in business models being employed. Based on our analysis results, this study draws the implication that technology diversification is necessary to improve the performance of innovative technologies. It is meaningful that it has found and studied advanced technologies other than existing location authentication methods and systems.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.5
• /
• pp.1113-1118
• /
• 2018

Fingerprint authentication is the most popular biometric in smart devices. However it has vulnerability to fake fingerprints. This paper shows that it is possible to pass fingerprint authentication of smartphone by creating counterfeit fingerprint without approval of legitimate users. As a technical countermeasure to prevent such a smudge-based attack, there has been proposed an under-screen Touch ID with a slide bar, which is a method of removing the fingerprint trail by dragging the UI to the side after fingerprint authentication on the touch screen. In this paper, we analyze how the proposed attack method and mitigation are perceived by actual user through 61 user survey.

• Journal of Internet Computing and Services
• /
• v.5 no.1
• /
• pp.99-111
• /
• 2004

Two general security measures in computing networks are secure data transmission and user authentication, These problems are still critical in the wireless LAN environments. Thus security becomes most significant issue in personal network environments and ubiquitous networks based on wireless LANs. We purpose a new authentication system for these kind of environments, and coined it UPMA(Ubiquitous Personal Mutual Authen-tication) model. UPMA supports authenticating configurations which provides personal verification for each system. It guarantees secure communications through the session key setup, and provides mutual authentication by verifying each user and his/her station. UPMA solves security problems in ubiquitous networks without accessing authentication server, Instead it performs mutual authentication between terminals or between systems. It is a global authentication system which enables global roaming service through the Internet or other public networks, It can be used to guarantee safe and convenient access to a company Intranet or to a home network.