• Journal of Korea Society of Digital Industry and Information Management
• /
• v.6 no.3
• /
• pp.69-77
• /
• 2010

Authentication and key establishment are fundamental procedures to establish secure communications over public insecure network. A password-based scheme is common method to provide authentication. In 2008, Khan proposed an efficient password-based authentication scheme using smart cards to solve the problems inherent in Wu-Chieu's authentication scheme. As for security, Khan claimed that his scheme is secure and provides mutual authentication between legal users and a remote server. In this paper, we demonstrate Khan's scheme to be vulnerable to various attacks, i. e., password guessing attack, insider attack, reflection attack and forgery attack. Our study shows that Khan's scheme does not provide mutual authentication and is insecure for practical applications. This paper proposes an improved scheme to overcome these problems and to preserve user anonymity that is an issue in e-commerce applications.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.4
• /
• pp.617-627
• /
• 2013

Wireless communication technology such as NFC and RFID makes the data transfer between devices much easier. Instead of the irksome typing of passwords, users are able to simply authenticate themselves with their smart cards or smartphones. Relay attack, however, threatens the security of token-based, something-you-have authentication recently. It efficiently attacks the authentication system even if the system has secure channels, and moreover it is easy to deploy. Distance bounding or localization of two devices has been proposed to detect relay attacks. We describe the disadvantages and weakness of existing methods and propose a new way to detect relay attacks by recording a background noise.

• The Journal of Information Technology
• /
• v.2 no.2
• /
• pp.107-125
• /
• 1999

The growing popularity of Internet and the technology revolution of information communication has affected our financial system, and electronic banking has increased its scale and range since '90. Now this changes, deeply and fast, invade the our economical-social environments. Without having to go to a bank, customer and merchants will be able to perform freely complicated financial transactions by accessing online banking network and CD/ATM etc. Customer can use the various payment method - cash, credit card, smart cards, electronic money in real world and cyberspace, and manager the assets more efficiently. They increased their money liquidity yet. Banks need to expand the various baskets of transaction services and methods to satisfy their customer needs and create new participator, Government had to evaluate and forecast the trend of electronic banking, and establish a new rules and standards in the new electronic payment system.

• JSTS:Journal of Semiconductor Technology and Science
• /
• v.10 no.1
• /
• pp.1-10
• /
• 2010

This paper proposes a two-phase clocked adiabatic static CMOS logic (2PASCL) circuit that utilizes the principles of adiabatic switching and energy recovery. The low-power 2PASCL circuit uses two complementary split-level sinusoidal power supply clocks whose height is equal to $V_{dd}$. It can be directly derived from static CMOS circuits. By removing the diode from the charging path, higher output amplitude is achieved and the power consumption of the diode is eliminated. 2PASCL has switching activity that is lower than dynamic logic. We also design and simulate NOT, NAND, NOR, and XOR logic gates on the basis of the 2PASCL topology. From the simulation results, we find that 2PASCL 4-inverter chain logic can save up to 79% of dissipated energy as compared to that with a static CMOS logic at transition frequencies of 1 to 100 MHz. The results indicate that 2PASCL technology can be advantageously applied to low power digital devices operated at low frequencies, such as radio-frequency identifications (RFIDs), smart cards, and sensors.

• Journal of KIISE:Computing Practices and Letters
• /
• v.10 no.4
• /
• pp.319-327
• /
• 2004

This paper describes implementations and test results of Elliptic Curve Cryptography (ECC) and Elliptic Curve KCDSA(ECKCDSA) algorithms based on Java card. 163-Bit ECC guarantees as secure as 1024-Bit Rivest-Shamir-Adleman (RSA) public key algorithm, which has been frequently used until now. According to our test results, 163-bit ECC processing time is about five times fast compared with 1024-bit RSA and amount of resource usages of ECC is smaller than RSA. Therefore, ECC is more appropriate for use on secure devices such as smart cards and wireless devices with constrained computational power consumption and small memory resources.

• Journal of Korea Multimedia Society
• /
• v.22 no.4
• /
• pp.463-471
• /
• 2019

The growth of mobile technology particularly smartphone applications such as ticketing, access control, and making payments are on the increase. Elliptic Curve Cryptography (ECC)-based systems have also become widely available in the market offering various convenient services by bringing smartphones in proximity to ECC-enabled objects. When a system user attempts to establish a connection, the AIK sends hashes to a server that then verifies the values. ECC can be used with various operating systems in conjunction with other technologies such as biometric verification systems, smart cards, anti-virus programs, and firewalls. The use of Elliptic-curve cryptography ensures efficient verification and signing of security status verification reports which allows the system to take advantage of Trusted Computing Technologies. This paper proposes a device payment method based on ECC and Shuffling based on distributed key exchange. Our study focuses on the secure and efficient implementation of ECC in payment device. This novel approach is well secure against intruders and will prevent the unauthorized extraction of information from communication. It converts plaintext into ASCII value that leads to the point of curve, then after, it performs shuffling to encrypt and decrypt the data to generate secret shared key used by both sender and receiver.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.14 no.5
• /
• pp.23-36
• /
• 2004

This paper presents a password based authentication and key exchange protocol which can be used for both authenticating users and exchanging session keys for a subsequent secure communication over an untrusted network. Our idea is to increase a randomness of the password verification data, i.e., we split the password, and then amplify the split passwords in the high entropy-structured password verification data. And in order to prevent the verifier-compromised attack, we construct our system such that the password verification data is encrypted with the verifier's key and the private key of verifier used to encrypt it is stored in a secure place like a smart cards. Also we propose the distributed password authentication scheme utilizing many authentication servers in order to prevent the server-compromised attack occurred when only one server is used. Furthermore, the security analysis on the proposed protocol has been presented as a conclusion.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.17 no.1
• /
• pp.127-132
• /
• 2007

This paper proposed receding methods for a radix-${\gamma}$ representation of the secret scalar which are resistant to SPA. Unlike existing receding method, these receding methods are left-to-right so they can be interleaved with a left-to-right scalar multiplication, removing the need to store both the scalar and its receding. Hence, these left-to-right methods are suitable for implementing on memory limited devices such as smart cards and sensor nodes

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.17 no.5
• /
• pp.55-63
• /
• 2007

This paper has investigated the susceptibility of an FPGA implementation of a block cipher against side channel analysis attacks. We have performed DPA attacks and DEMA attacks (in the nea. and far field) on an FPGA implementation of ARIA which has been implemented into two architectures of S-box. Although the number of needed traces for a successful attack is increased when compared with existing results on smart cards, we have shown that ARIA without countermeasures is indeed very susceptible to side channel analysis attacks regardless of an architecture of S-box.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.13 no.3
• /
• pp.57-64
• /
• 2003

Recently, it has been shown that cryptographic devices such as smart cards are vulnerable to power attacks. In this paper, by mixing the randomization concept and the folding in half for secret scalar integer on ECCs, we propose an efficient and fast scalar multiplication algorithm to resist against simple power analysis(SPA) and differential power analysis(DPA) attacks. Our proposed algorithm as a countermeasure against SPA and DPA is estimated as a 33% speedup compared to the binary scalar multiplication.