• 한국컴퓨터정보학회논문지
• /
• 제19권7호
• /
• pp.87-93
• /
• 2014

S/W 개발의 첫 번째 단계인 분석 단계에서는 식별 및 인증 요건 정의 원칙, 아이디 및 패스워드 관리 요건, 인증 프로세스 요건, 그리고 인증수단 요건 등에 관한 보안 요건들을 정의해야 한다. 식별은 어떤 시스템의 사용자나 시스템에서 실행 중인 애플리케이션을 특유하게 식별하는 기능을 말한다. 인증은 사용자나 애플리케이션이 진짜인지 가짜인지를 실제 예를 들어서 밝혀내는 기능을 말한다. 본 논문에서는 분석 단계의 이러한 식별 및 인증의 보안 요건을 제시한다. 첫째, 각자 가지고 있는 개별 ID는 유일하게 식별되어야 한다는 것이다. 둘째, 패스워드는 길이제한 및 표준 조합을 적용해야 하며, 주기적으로 변경해 줘야 한다는 것이다. 셋째, ID/PW 이외의 보다 강화된 인증 방식을 제공해야 하며, 인증 프로세스는 정의된 보안 요건을 만족해야 한다. 본 논문에서는 식별 및 인증단계의 보안 요건들을 실제 구현 방법을 들어 설명하고 있다.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제13권12호
• /
• pp.6175-6189
• /
• 2019

To slove the security and efficiency problem of anonymous authentication in vehicular ad-hoc network (VANET), we adopt the bilinear pairing theory to propose an identity-based batch anonymous authentication scheme for VANET. The tamper-proof device in the on-board unit and the trusted authority jointly realize the anonymity of vehicle identity and the signature of messages, which further enhances the security of this scheme, as well as reduces the overhead of trusted authority. Batch authentication can improve the efficiency of anonymous authentication for VANET. Security and efficiency analyses demonstrate that this scheme not only satisfies such security properties as anonymity, non-forgeability and non-repudiation, but also has advantage in time and space complexity. Simulation results show that this scheme can achieve good performance in real-time VANET communication.

• 한국컴퓨터정보학회논문지
• /
• 제22권9호
• /
• pp.65-71
• /
• 2017

This paper proposes a smart phone authentication method based on user's behavior and habit that is an authentication method against shoulder surfing attack and brute force attack. As smart phones evolve not only storage of personal data but also a key means of financial services, the importance of personal information security in smart phones is growing. When user authentication of smart phone, pattern authentication method is simple to use and memorize, but it is prone to leak and vulnerable to attack. Using the features of the smart phone pattern method of the user, the pressure applied when touching the touch pad with the finger, the size of the area touching the finger, and the time of completing the pattern are used as feature vectors and applied to user authentication security. First, a smart phone user models and stores three parameter values as prototypes for each section of the pattern. Then, when a new authentication request is made, the feature vector of the input pattern is obtained and compared with the stored model to decide whether to approve the access to the smart phone. The experimental results confirm that the proposed technique shows a robust authentication security using subjective data of smart phone user based on habits and behaviors.

• 한국산업정보학회논문지
• /
• 제7권5호
• /
• pp.29-38
• /
• 2002

본 논문에서는 IPv6, ATM 및 IP/ATM에서의 보호에 관하여 기술한다. IPv6에서는 보호서비스를 제공하기 위하여 인증 헤드와 ESP를 사용하고 있으며 이러한 인증 헤드와 ESP에서의 보호서비스 제공에 관하여 기술한다. ATM에서의 보호체계는 ATM포럼에서 지금까지 연구한 AIM보안 규격 내용을 보호서비스 측면에서 소개한다. 또한, IP/ATM의 특성을 고려하여 IF/ATM에 적합한 보호서비스와 보호기술들을 기술한다.

• 산업융합연구
• /
• 제20권11호
• /
• pp.191-196
• /
• 2022

핀테크 환경에서 스마트 폰을 이용한 금융거래가 활발하게 이루어지고 있다. 안전한 금융거래를 위해 사용자 인증 기술이 필수적이다. 기존 보안 키패드를 통한 PIN 인증은 입력 편리성이 좋지만, 보안성이 떨어지고 취약점이 존재한다. 생체인증 기법은 보안성이 안전하지만 오탐 및 미탐 인증 가능성이 있다. 이를 보완하기 위해 2-factor 인증을 사용한다. 본 논문에서는 생체인증 기법을 적용한 PIN 입력을 통해 편리성과 보안성을 높일 수 있는 1.5-factor 인증을 제안하고자 한다. 지문인증의 안정성과 2~4번의 PIN 입력을 통해 편리성을 제공하여 안전한 금융거래가 가능하다. 제안기법은 PIN 입력 시 생체인증을 동시에 수행하므로 PIN 입력할 때 터치하는 영역에 지문인식을 적용하는 방식이다. 보안이 요구되는 경우 높은 안전성이 요구되는 상황에서는 추가적인 PIN 입력을 통해 입력 편리성을 보장하면서 사용자 인증을 수행하여 안전한 금융거래가 가능하다.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제6권12호
• /
• pp.3366-3383
• /
• 2012

Reliance on the Internet has introduced Voice over Internet Protocol (VoIP) to various security threats. A reliable security protocol and an authentication scheme are thus required to prevent the aforementioned threats. However, an authentication scheme often demands additional cost and effort. Accordingly, a security framework for known participants in VoIP communication is proposed in this paper. The framework is known as Randomness-Optimized Self-Securing (ROSS), which performs authentication automatically throughout the session by optimizing the uniqueness and randomness of the communication itself. Elliptic Curve Diffie-Hellman (ECDH) key exchange and Salsa20 stream cipher are utilized in the framework correspondingly to secure the key agreement and the communication with low computational cost. Human intelligence supports ROSS authentication process to ensure participant authenticity and communication regularity. The results show that with marginal overhead, the proposed framework is able to secure VoIP communication by performing reliable authentication.

• ETRI Journal
• /
• 제32권5호
• /
• pp.704-712
• /
• 2010

Authentication is an important service in wireless sensor networks (WSNs) for an unattended environment. Recently, Das proposed a hash-based authentication protocol for WSNs, which provides more security against the masquerade, stolen-verifier, replay, and guessing attacks and avoids the threat which comes with having many logged-in users with the same login-id. In this paper, we point out one security weakness of Das' protocol in mutual authentication for WSN's preservation between users, gateway-node, and sensor nodes. To remedy the problem, this paper provides a secrecy improvement over Das' protocol to ensure that a legal user can exercise a WSN in an insecure environment. Furthermore, by presenting the comparisons of security, computation and communication costs, and performances with the related protocols, the proposed protocol is shown to be suitable for higher security WSNs.

• 디지털산업정보학회논문지
• /
• 제11권1호
• /
• pp.59-67
• /
• 2015

A novel authentication mechanism is biometric authentication where users are identified by their measurable human characteristics, such as fingerprint, voiceprint, and iris scan. The technology of biometrics is becoming a popular method for engineers to design a more secure user authentication scheme. In terms of physiological and behavioral human characteristics, biometrics is used as a form of identity access management and access control, and it services to identity individuals in groups that are under surveillance. In this article, we review the biometric-based authentication protocol by Althobati et al. and provide a security analysis on the scheme. Our analysis shows that Althobati et al.'s scheme does not guarantee server-to-user authentication. The contribution of the current work is to demonstrate this by mounting threat of data integrity and bypassing the gateway node on Althobati et al.'s scheme. In addition, we analysis the security vulnerabilities of Althobati et al.'s protocol.

• Journal of information and communication convergence engineering
• /
• 제7권3호
• /
• pp.335-339
• /
• 2009

RFID security and privacy issues have been intensively studied in the research field, the authentication between RFID reader and tag is the fundamental them. Most of the existing authentication protocols draw assumptions on classic primitives. Since tags have small capacities, the security mechanisms which are in use in computer networks and communication are not suitable. In this paper, we compare and analyze recent technical research on the problems of privacy and security. It consists of security mechanism, threats and performance evaluation, etc.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제13권2호
• /
• pp.978-1002
• /
• 2019

With the rapid development of the Internet of Things, the problem of privacy protection has been paid great attention. Recently, Nikooghadam et al. pointed out that Kumari et al.'s protocol can neither resist off-line guessing attack nor preserve user anonymity. Moreover, the authors also proposed an authentication supportive session initial protocol, claiming to resist various vulnerability attacks. Unfortunately, this paper proves that the authentication protocols of Kumari et al. and Nikooghadam et al. have neither the ability to preserve perfect forward secrecy nor the ability to resist key-compromise impersonation attack. In order to remedy such flaws in their protocols, we design a lightweight authentication protocol using elliptic curve cryptography. By way of informal security analysis, it is shown that the proposed protocol can both resist a variety of attacks and provide more security. Afterward, it is also proved that the protocol is resistant against active and passive attacks under Dolev-Yao model by means of Burrows-Abadi-Needham logic (BAN-Logic), and fulfills mutual authentication using Automated Validation of Internet Security Protocols and Applications (AVISPA) software. Subsequently, we compare the protocol with the related scheme in terms of computational complexity and security. The comparative analytics witness that the proposed protocol is more suitable for practical application scenarios.