• IEIE Transactions on Smart Processing and Computing
• /
• v.2 no.3
• /
• pp.176-187
• /
• 2013

Message replay, malicious Access Point (AP) associations and Denial of Service (DoS) attacks are the major threats in Wireless LANs. These threats are possible due to a lack of proper authentication and insecure message communications between wireless devices. Current wireless authentication & key exchange (AKE) schemes and security protocols (WEP, WPA and IEEE 802.11i) are not sufficient against these threats. This paper presents a novel Secure WLAN Authentication Scheme (SWAS). The scheme introduces the delegation concept of mobile authentication in WLANs, and provides mutual authentication to all parties (Wireless Station, Access Point and Authentication Server). The messages involved in the process serve both authentication and key refreshing purposes. The scheme enhances the security by protecting the messages through cryptographic techniques and reduces the DoS impact. The results showed that cryptographic techniques do not result in extra latencies in authentication. The scheme also reduces the communication cost and network overhead.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.9 no.2
• /
• pp.25-36
• /
• 1999

In this paper we propose a one-time password mechanism that solves the problems of the S/KEY: the limitation of a usage and the need of storage for keys. because of using a cryptographic algorithm the proposed mechanism has no the limitation of a usage. Also because of producing the key for an authentication from a user's password it is easy to manage the authentication key and is possible to share the session key between a client and a server after the authentication process. In addition the proposed mechanism is easy to protect and manage the authentication information because of using a smart card and is adopted by the system that needs a noe-way authentication from a client to a server without the challenge of a server.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.17 no.1
• /
• pp.74-96
• /
• 2023

At present, the smart grid has become one of the indispensable infrastructures in people's lives. As a commonly used communication method, wireless communication is gradually, being widely used in smart grid systems due to its convenient deployment and wide range of serious challenges to security. For the insecurity of the schemes based on large integer factorization and discrete logarithm problem in the quantum environment, an identity-based key management scheme for smart grid over lattice is proposed. To assure the communication security, through constructing intra-cluster and inter-cluster multi-hop routing secure mechanism. The time parameter and identity information are introduced in the relying phase. Through using the symmetric cryptography algorithm to encrypt improve communication efficiency. Through output the authentication information with probability, the protocol makes the private key of the certification body no relation with the distribution of authentication information. Theoretic studies and figures show that the efficiency of keys can be authenticated, so the number of attacks, including masquerade, reply and message manipulation attacks can be resisted. The new scheme can not only increase the security, but also decrease the communication energy consumption.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2021.05a
• /
• pp.244-245
• /
• 2021

Recently, A fever test is essential in a crowded places over the world because of COVID-19. A fever test is also conducted for visitors through a thermometer or a thermal imaging camera In Korea leading world with K-quarantine. However, the current body heat measurement process is divided into the steps of body heat examination and entry register. Therefore, access control person must be deployed at the entrance. In addition, since the accessor directly measures body heat and records personal information, the reliability of the information is low and the risk of personal information leakage is high. Therefore, in this paper, we consider the non-face-to-face smart authentication fever detector and propose a smart authentication process to unify the process for dualized body heat measurement and access recording.

• The Journal of Society for e-Business Studies
• /
• v.17 no.4
• /
• pp.1-16
• /
• 2012

Shieh and Wang [10] recently proposed an efficient mutual authentication scheme that combined the cost-effectiveness of operations of Lee et al. [6]. scheme and the security and key agreement of Chen and Yeh scheme. Shieh and Wang [10] scheme, however, does not satisfy the security requirements against a third party (the man-in the middle, attacker) that have to be considered in remote user authentication scheme using password-based smart cards. Shieh and Wang weaknesses are the inappropriateness that it cannot verify the forged message in 3-way handshaking mutual authentication, and the vulnerability that the system (server) secret key can easily be exposed. This paper investigates the problems of Shieh and Wang scheme in the verification procedure of the forged messages intercepted by the eavesdrop. An enhanced two-way remote user authentication scheme is proposed that is safe and strong against multiple attacks by adding the ability to perform integrity check on the server and proposed scheme is not expose user password information and the system's confidential information.

• Journal of the Korea Society of Computer and Information
• /
• v.17 no.7
• /
• pp.107-115
• /
• 2012

Recently, Li and Hwang scheme proposed a biometrics-based remote user authentication scheme using smart card. It is asserted that this scheme has very excellent benefits by the operation cost efficiency based on the smart card, one-way function and biometrics using random numbers. But this scheme cannot provide the properly authentication, especially, it is analyzed as the vulnerable security scheme for Denial-of-Service(DoS) attacks by impersonate attacks. The attacker controls the insecure channel, they can easily fabricate messages to pass the user's or server's authentication, and the malicious attacker can impersonate the user to cheat the server and can impersonate the server to cheat the user without knowing any secret information. This paper proposes the strong improved scheme which can respond to multiple attacks by supplementing the function of integrity check from the server which applied variable authenticator and OSPA without exposing the user's password information. It is supplemented pregnable of disguise attack and mutual authentication of Li and Hwang scheme.

• Journal of Advanced Navigation Technology
• /
• v.17 no.6
• /
• pp.736-748
• /
• 2013

In this paper, we analyse the vulnerabilities of KL scheme which is an ID-based authentication scheme for AMI network, and propose two kinds of authentication schemes which satisfy forward secrecy as well as security requirements introduced in the previous works. In the first scheme, we use MDMS which is the supervising system located in an electrical company for a time-synchronizing server, in order to synchronize smart grid devices in home, and we process device authentication with a new secret value generated by OTP function every session. In the second scheme, we use a secret hash-chain mechanism for authentication process, so we can use a new secret value every session. The proposed two schemes have strong points and weak points respectively and those depend on the services area and its environment, so we can select one of them efficiently considering real aspects of AMI environment.

• Convergence Security Journal
• /
• v.22 no.1
• /
• pp.81-92
• /
• 2022

The rapidly growing IoT market is expanding not only in general households but also in smart homes and smart cities. Among the major protocols used in IoT, ZigBee accounts for more than 90% of the smart home's door lock market and is mainly used in miniaturized sensor devices, so the safety of the protocol is very important. However, the device using Zig Bee is not satisfied with the omnidirectional safety because it uses a fixed key during the authentication process that connects to the network, and it has not been resolved in the recently developed ZigBee 3.0. This paper proposes a design method that provides omnidirectional safety to the ZigBee authentication protocol and can be quickly applied to existing protocols. The proposed improved ZigBee authentication protocol analyzed and applied the recently developed OWE protocol to apply ECDH, which has low computational volume and provides omnidirectional safety in IoT. Based on this, it provides the safety of the ZigBee authentication protocol, and it is expected that it will be able to provide user convenience as it does not require a separate certificate or password input.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.2
• /
• pp.233-240
• /
• 2017

Fingerprint authentication identifies individuals based on user specific information. It is widely used as it is convenient, secure and has no risk of leakage, loss, or forgotten. However, the latent fingerprints remaining on the smart device's surface are vulnerable to smudge attacks. We analyze the usage patterns of individuals using smart device and propose methods to reconstruct damaged fingerprint images using fingerprint smudges. We examine the feasibility of smudge attacks with frequent usage situations by reconstructing fingerprint smudges collected from touch screens. Finally, we empirically verify the vulnerability of fingerprint authentication systems by showing high attack rates.

• Convergence Security Journal
• /
• v.5 no.2
• /
• pp.57-63
• /
• 2005

According to rapid development of computer and wired-wireless internet, information exchange of networking is growing. Also according as size of industry related e-commerce is bigger, it is Required the necessity of convenient user authentication system. So, the study of new authentication method to have a security and convenience is progressing systematically. Smart card of new authentication method overcome problem of established scheme. So it prospect that will be replaced One Card to have a high security and multi-function. In this papar, we suggest about the implementation of One Card System that the security of smart card and usable in all fields.