• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.14 no.5
• /
• pp.1171-1177
• /
• 2010

Recently RFID system is used in various fields such as distribution industry, medical industry and military service. The technology for protecting individual privacy is necessary to adapt RFID system in several applications. This paper proposes an authentication protocol which conducts mutual authentication between back-end database and tag using hash function. The proposed protocol satisfies various RFID security requirements : mutual authentication, anonymity, confidentiality, integrity, replay attack, location trace. This protocol reduces the time for authentication minimizing the number of hash operation in back-end database.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2003.05a
• /
• pp.637-640
• /
• 2003

Authentication between Server and Client is necessary in most of Internet Service because of increasing of using of Internet. Unix-based Server upgraded security of user authentication using "Shadow Password" instead of "crypt" function. But "Shadow Password" most use same authentication method about all services. But we individually can set user authentication method using PAM(Pluggable Authentication Module). This paper will propose user authentication system using Linux-PAM that use SMART CARD as authentication token.

• Journal of Korea Multimedia Society
• /
• v.20 no.3
• /
• pp.500-510
• /
• 2017

Recently Lee et al. proposed an improved symmetric key-based remote user authentication scheme to eliminate the security weaknesses of Kumari et al.'s scheme. They hence claimed that their scheme is secure to various well-known attacks. However, we found that Lee et al.'s scheme is still insecure against outsider attack, smart card stolen and off-line password guessing attack. To overcome these security vulnerabilities, we propose an enhanced authentication scheme with key-agreement which is based on the fuzzy-extractor. Furthermore, we prove that the proposed scheme is more secure, and that it serves to gratify all of the required security properties. Finally, we compare the performance and functionality of the proposed scheme with those of previous schemes.

• Journal of Information Processing Systems
• /
• v.14 no.6
• /
• pp.1431-1437
• /
• 2018

Securing objects in the Internet of Things (IoT) is essential. Authentication model is one candidate to secure an object, but it is only limited to handle a specific type of attack such as Sybil attack. The authentication model cannot handle other types of attack such as trust-based attacks. This paper proposed two-phase security protection for objects in IoT. The proposed method combined authentication and statistical models. The results showed that the proposed method could handle other attacks in addition to Sybil attacks, such as bad-mouthing attack, good-mouthing attack, and ballot stuffing attack.

• Journal of the Korea Convergence Society
• /
• v.8 no.2
• /
• pp.9-14
• /
• 2017

A fingerprint is unique to each person and can be represented as a digital form. As the fingerprint is the part of human body, fingerprint recognition is much more easy to use and secure rather than using password or resident card for user authentication. In addition, as the newly released smart phones have built-in camera and fingerprint sensors, the demand for biometric authentication is increasing rapidly. But, the drawback is that the fingerprint can be counterfeited easily and if it's exposed to the hacker, it cannot be reused. Thus, the original fingerprint template should be transformed for registration and authentication purposes. Existing transformation functions use passcode to transform the original template to the cancelable form. Additional module is needed to input the passcode, so it requires more cost and lowers the usability. In this paper, we propose biometric authentication scheme that is economic and easy to use. The proposed scheme is consisted of cancelable biometric template creation, registration and user authentication protocols, and can control several security levels by configuring the number of fingerprints and scan times. We also analyzed that our scheme is secure against the brute-force attack and the active attacks.

• International Journal of Computer Science & Network Security
• /
• v.21 no.11
• /
• pp.105-110
• /
• 2021

Contact between Vehicle-to-vehicle and vehicle-to-infrastructural is becoming increasingly popular in recent years due to their crucial role in the field of intelligent transportation. Vehicular Ad-hoc networks (VANETs) security and privacy are of the highest value since a transparent wireless communication tool allows an intruder to intercept, tamper, reply and erase messages in plain text. The security of a VANET based intelligent transport system may therefore be compromised. There is a strong likelihood. Securing and maintaining message exchange in VANETs is currently the focal point of several security testing teams, as it is reflected in the number of authentication schemes. However, these systems have not fulfilled all aspects of security and privacy criteria. This study is an attempt to provide a detailed history of VANETs and their components; different kinds of attacks and all protection and privacy criteria for VANETs. This paper contributed to the existing literature by systematically analyzes and compares existing authentication and confidentiality systems based on all security needs, the cost of information and communication as well as the level of resistance to different types of attacks. This paper may be used as a guide and reference for any new VANET protection and privacy technologies in the design and development.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.2
• /
• pp.201-212
• /
• 2017

As services using mobile devices increase, exposure of personal information, and secure threats increase. In this paper, we propose a location-based user authentication system used in mobile device for tightening security. Our authentication system is performed to authenticate two steps. The first authentication is location authentication to ensure that the user accesses an application in trustable space. This authentication method uses an Access Point's information. The second authentication is trustable space authentication to confirm the normal user. This method is carried out the authentication by using biometric information from the user.

• Journal of Digital Convergence
• /
• v.11 no.11
• /
• pp.775-781
• /
• 2013

N-screen is a Service that can be provide for One Service Multi Device. If the network is changed or if the device is changed after authentication the device fits seamlessly send footage. Security threats that occur here have a problem with user authentication. In this paper proposes available in a multi-device the authentication system. Homomorphic Encryption Algorithm of authentication scheme used. Among the authentication mechanism that already exists is a simple and lightweight authentication mechanism. In addition, N-screen service that uses multiple devices is simple authentication process of the device. Review the results of proposed authentication protocol, encryption algorithm to process a small storage capacity and is easy to work in low processor. And was suitable for use with multiple devices.

• Smart Media Journal
• /
• v.10 no.3
• /
• pp.48-53
• /
• 2021

The authentication process is a key step that should be used to verify that a user is legitimate, and it should be used to verify that a user is a legitimate user and grant access only to that user. Recently, two-factor authentication and OTP schemes are used by most applications to add a layer of security to the login process and to address the vulnerability of using only one factor for authentication, but this method also allows access to user accounts without permission. This is a known security vulnerability. In this paper, we propose a Zero Knowledge Proofs (ZKP) personal information authentication scheme based on a Smart Contract of a block chain that authenticates users with minimal personal information exposure conditions. This has the advantage of providing many security technologies to the authentication process based on blockchain technology, and that personal information authentication can be performed more safely than the existing authentication method.

• Convergence Security Journal
• /
• v.7 no.3
• /
• pp.101-107
• /
• 2007

In recent years, electronic financial services, such as internet banking, come into wide use since the personal computer and network technology have made reasonably good progress. The growth of electronic financial service contributes to promoting the business efficiency of financial institution and promoting the convenience of financial customer, while the security on electronic financial service is getting more important because it is not face-to-face financial service. Therefore, the financial sector had decided to introduce the OTP (One Time Password) in order to authenticate the identification of customer and has built the Integrated OTP Authentication Center for a customer being able to use only one OTP token in electronic financial transaction with several financial institution. In this paper, we introduce the business of Integrated OTP Authentication Center and present the security analysis on integrated OPT authentication service, which is the main function of Integrated OTP Authentication Center.