• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.12 no.4
• /
• pp.1779-1798
• /
• 2018

Heterogeneous wireless sensor networks (HEWSN) is a kind of wireless sensor networks (WSN), each sensor may has different attributes, HEWSN has been widely used in many aspects. Due to sensors are deployed in unattended environments and its resource constrained feature, the design of security and efficiency balanced authentication scheme for HEWSN becomes a vital challenge. In this paper, we propose a secure and lightweight user authentication and key agreement scheme based on biometric for HEWSN. Firstly, fuzzy extractor is adopted to handle the user's biometric information. Secondly, we achieve mutual authentication and key agreement among three entities, which are user, gateway and cluster head in the four phases. Finally, formal security analysis shows that the proposed scheme defends against various security pitfalls. Additionally, comparison results with other surviving relevant schemes show that our scheme is more efficient in term of computational cost, communication cost and estimated time. Therefore, the proposed scheme is well suitable for practical application in HEWSN.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.14 no.3
• /
• pp.137-144
• /
• 2004

3GPP(3rd Generation Project Partnership)-WLAN(Wireless Local Area Network) interworking refers to the utilization of resources and access to services within the 3GPP system by the WLAN UE(User Equipment) and user respectively. The intent of 3GPP-WLAN Interworking is to extend 3GPP services and functionality to the WALN access environment. We propose an efficient mechanism for the setup of UE-initiated tunnels in 3GPP-WLAN interworking. The proposed mechanism is based on a secret key which is pre-distributed in the process of authentication and key agreement between UE and 3GPP AAA(Authentication, Authorization Accounting) server. Therefore it can avoid modular exponentiation and public key signature which need a large amount of computation in UE. Also the proposed scheme provides mutual authentication and session key establishment between UE and PDGW(Packet Data Gateway).

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.10 no.3
• /
• pp.181-196
• /
• 2014

Cloud computer technology currently provides diverse services based on a comprehensive environment ranging from hardware to solution, network and service. While the target of services has been extended from institutions and corporations to personal infrastructure and issues were made about security problems involved with protection of private information, measures on additional security demands for such service characteristics are insufficient. This paper proposes a multi-session authentication technique based on the characteristics of SaaS (Software as a Service) among cloud services. With no reliable authentication authority, the proposed technique reinforced communication sessions by performing key agreement protocol safe against key exposure and multi-channel session authentication, providing high efficiency of performance through key renewal using optimzied key table. Each formed sessions have resistance against deprivation of individual confirmation and service authority. Suggested confirmation technique that uses these features is expected to provide safe computing service in clouding environment.

• Journal of Korea Multimedia Society
• /
• v.21 no.4
• /
• pp.485-492
• /
• 2018

Recently, the numerous authentication and key distribution protocol for NFC payment environment have been proposed using public key cryptosystems. However, these protocol are vulnerable to quantum computing attack because quantum computing can solve factoring and discrete logarithm problem effectively using Grover and Shor's algorithm. For these reason, the secure authentication and key distribution have become a very important security issue in order to prevent quantum computing attacks. Therefore, to ensure user's payment information and privacy, we propose a secure quantum resistant authentication and key distribution protocol for NFC payment environments.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.15 no.5
• /
• pp.105-114
• /
• 2005

There are several goals or properties which authentication protocols may have; some of them are key freshness, far-end aliveness, key confirmation, etc. Most of them have extensively been discussed and studied so far in the literature. 'Responsibility' and 'credit', which were first raised by Abadi as additional goals, received quite an exceptional treatment; there were little response from researchers about these new goals. It is surprising to see that these two properties have slipped through any investigation, successfully achieving the positions as the goals for authentication protocols. In this paper, we investigate these two new properties and their relations to authentication protocols, and answers to the question: what brings us credit and responsibility.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.9 no.4
• /
• pp.433-438
• /
• 2014

The demanding in construction of the stand-alone networks and interconnection between convergence devices have led an increase in research on MANET and the application of MANET has been paid much attention as a Ubiquitous computing which is growing fast in the field of computer science. With performance both as hosts and routers, easy network configuration, and fast response, mobile nodes participating in MANET are suitable for Embedded computing but have vulnerable points, about lack of dynamic network topology due to mobility, network scalability, passive attacks, and active attacks which make it impossible to manage continuous security authentication service. In this study, proposes S-EKE authentication mechanism for a robust authentication based on MANET and through identify wireless environment security vulnerabilities, currently being used in OTP S/Key and DH-EKE analyzes.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.5
• /
• pp.1049-1062
• /
• 2019

The national accredited certificate is a user certificate issued based on the user's personal information, which has been identified in advance, and has become a universal authentication method used for most electronic financial transactions and user authentication. And it contributed a lot to the use of e-government and domestic service. However, due to the lack of web standards on how to use, it was inconvenient to install a separate plug-in, and efforts to improve it have been continued. In this paper, we attempt to solve the problem of certificate usage environment by presenting the certificate digital signature method using the extension of the FIDO2 (Fast Identity Online v2) client to authentication protocol (CTAP) specification.

• Review of KIISC
• /
• v.17 no.2
• /
• pp.9-23
• /
• 2007

The air interface supports a security layer which provides the key exchange protocol, authentication protocol, and encryption protocol. The authentication is performed on the encryption protocol packet. The authentication protocol header or trailer may contain the digital signature that is used to authenticate a portion of the authentication protocol packet that is authenticated. The encryption protocol may add a trailer to hide the actual length of the plaintext of padding to be used by the encryption algorithm. The encryption protocol header may contain variables such as the initialization vector (IV) to be used by the encryption protocol. It is our aim to firstly compute the session key created from the D H key exchange algorithm, and thereof the authenticating key and the encryption key being generated from the session key.

• Convergence Security Journal
• /
• v.4 no.3
• /
• pp.19-25
• /
• 2004

This research develops an algorithm using image synthesis for a server to authenticate users and implements it. The server creates cards with random dots for users and distribute them to users. The server also manages information of the cards distributed to users. When there is an authentication request from a user, the server creates a server card based on information of the user' s card in real time and send it to the user. Different server card is generated for each authentication. Thus, the server card plays a role of one-time password challenge. The user overlaps his/her card with the server card and read an image(eg. a number with four digits) made up from them and inputs the image to the system. This is the authentication process. Keeping security level high, this paper proposes a technique to generate the image clearly and implements it.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.11 no.3
• /
• pp.1742-1760
• /
• 2017

Recent evolution in the open access internet technology demands that the identifying information of a user must be protected. Authentication is a prerequisite to ensure the protection of user identification. To improve Qu et al.'s scheme for remote user authentication, a recent proposal has been published by Huang et al., which presents a key agreement protocol in combination with ECC. It has been claimed that Huang et al. proposal is more robust and provides improved security. However, in the light of our experiment, it has been observed that Huang et al.'s proposal is breakable in case of user impersonation. Moreover, this paper presents an improved scheme to overcome the limitations of Huang et al.'s scheme. Security of the proposed scheme is evaluated using the well-known random oracle model. In comparison with Huang et al.'s protocol, the proposed scheme is lightweight with improved security.