• Journal of Internet Computing and Services
• /
• v.17 no.3
• /
• pp.1-10
• /
• 2016

Information and network technology become the rapid development, so various online services supplied by multimedia systems are provided through the Internet. Because of intrinsic open characteristic on Internet, network systems need to provide the data protection and the secure authentication. So various researchers including Das, An, and Li&Hwang proposed the biometric-based user authentication scheme but they has some security weakness. To solve their problem, Li et al. proposed new scheme using fuzzy extraction, but it is weak on off-line password attack, authentication without biometrics, denial-of-service and insider attack. So, we proposed security enhanced user authentication scheme with key agreement to address the security problem of authentication schemes.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.6
• /
• pp.1509-1522
• /
• 2018

The purpose of this study is to support flexible authentication functions in various services using various types of user information. Rather than requiring the same level of authentication for all services, the goal is to identify the level of authentication at the time of user authentication and to increase convenience and efficiency by dynamically granting authority. In this paper, we propose POSCAL (Protocol of Service Control by Authentication Level) protocol which can control service access based on various local authentication information. To verify the function of the authentication framework, we developed the electronic wallet service based on the POSCAL authentication framework and evaluated the implementation function based on the use case scenario. The proposed protocol satisfies user and message authentication, confidentiality of authentication information, integrity of authentication history, non - repudiation of authorization, and access control by service according to security level.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2018.05a
• /
• pp.119-121
• /
• 2018

IWhile the investment on virtual currency is incresing, it is needed to check the authentication and security on virtual currency exchange. Therefore, this research is to examine the elements of authentication and security on virtual currency exchange.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.13 no.3
• /
• pp.45-55
• /
• 2003

Wireless LAM has the advantage of extension, flexibility and easiness of installation and maintenance. However, due to the characteristics of wireless media, it is vulnerable to security attacks. PKI(Public Key Infrastructure) is estimated to be a good solution offering security function to wireless LAM including global roaming. It offers high security functions as authentication confidentiality and digital signature while it generates big overheads such as CRL search and certificate verification. The overheads can not be avoided during the initial authentication. However, when we consider the case of handoff, it can be minimized through the fast handoff. In this paper, we design a fast handoff authentication mechanism based on PKI in the wireless LAM and analyze the performance of the scheme.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.15 no.4
• /
• pp.43-53
• /
• 2015

Password-based authentication schemes for server-client system are convenient to use, but vulnerable to dictionary attack or brute-force attack. To solve this vulnerability, Cryptographic secret key is used for security, but difficult to memorize. So, for the first time, Das proposed a biometric-based authentication scheme to solve various problems but it has various vulnerabilities. Afterwards, Jiping et al. improved Das's scheme, but some vulnerabilities remain. In this paper, we analyze the cryptanalysis of Jiping et al.'s authentication scheme and then propose improved biometric based user authentication scheme to resolve the analyzed problem. Moreover, we conduct a security analysis for the proposed scheme and make a comparison between the proposed scheme and other biometric based user authentications.

• Journal of the Korea Society of Computer and Information
• /
• v.21 no.4
• /
• pp.31-38
• /
• 2016

The interface between servers and clients and system management in the cloud computing environment is different from the existing computing environment. The technology for information protection. Management and user authentication has become an important issue. For providing a more convenient service to users, SSO technology is applied to this cloud computing service. In the SSO service environment, system access using a single key facilitates access to several servers at the same time. This SSO authentication service technology is vulnerable to security of several systems, once the key is exposed. In this paper, we propose a technology to solve problems, which might be caused by single key authentication in SSO-based cloud computing access. This is a distributed agent authentication technology using a multiple SSO agent to reinforce user authentication using a single key in the SSO service environment. For user authentication reinforcement, phased access is applied and trackable log information is used when there is a security problem in system to provide a safe cloud computing service.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.13 no.6
• /
• pp.107-112
• /
• 2003

Handover in IEEE 802.11 requires repeated authentication and key exchange procedures, which are an obstacle to seamless services of wireless LAM. We propose a fast authentication and key exchange mechanism using IEEE 802.11f. Especially, by proposing a modified version of the 4-way handshake of IEEE 802.11i, we solve the perfect forward secrecy problem that arises when the pre-authentication is adopted. The scheme can be implemented only using the Context Block of IEEE 802.11f and the 4-way handshake of IEEE 802.11i without involving authentications server's interaction or non-standard behavior between access points. Our scheme is applicable to devices not supporting the us-authentication of IEEE 802.11i and also, it can substitute the pre-authentication when the pre-authentication is failed.

• Journal of the Korea Society of Computer and Information
• /
• v.22 no.4
• /
• pp.75-82
• /
• 2017

While the internet has evolved in terms of information sharing and efficiency, it is still prone to security attacks and remains vulnerable even when equipped with a security mechanism. Repeated patching against hacks involves excessive wear of system equipment and high costs. Methods of improving network security include the introduction of security equipment and network partitions, but they have not been fully effective. A fundamental solution is the Operation Content Network (OCN), which enables the strengthening of authentication. In this paper, Instead of following the existing TCP/IP system, OCN establishes an immunity-based security system through content-centric communications. Data transmission occurs over a Content Centric Network (CCN), which is provided with a protocol verified by the CCNx group. Areas protected by OCN rely only on CCN for communication without using any IP. As such, it defends the system against unknown attacks, including zero-day attacks.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.2
• /
• pp.343-351
• /
• 2017

With ICT technology develops, IoT environment is attracting attention. However, IoT devices have various CPU performance as much as various purpose of use. Some IoT devices use the cpu that doesn't support public key cryptogrphy or crypto acceleration. In this paper, we study Blockchain-based IoT Device Authentication Scheme that provides authentication, integirity and non-repudation through analysis of Lamport Hash-chain, Lamport Signature, Blockchain and existing Authentication protocols. The proposed scheme requires only simple hash operation in IoT devices and it can operate in low performance IoT device, thus ensuring secure authentication in IoT environment.

• Convergence Security Journal
• /
• v.11 no.1
• /
• pp.33-38
• /
• 2011

Current IEEE 802.11 standard is very vulnerable that between the AP and STA authentication and security mechanisms is widely known. Therefore, IEEE has proposed security architecture RSN (Robust Security Network) for 802.11. RSN is used the access control, authentication, and key management based on the IEEE 802.1X standard. In this paper, IEEE 802.1X or 802.11 a combination of several models proposed for the vulnerability, and session hijacking or MiM (Man-in the-Middle) attacks to respond, the authentication mechanism Was designed to the access control between the STA and the AP.