• Journal of the Institute of Electronics Engineers of Korea TC
• /
• v.48 no.2
• /
• pp.105-115
• /
• 2011

User authentication service is an absolutely necessary condition while securely implementing an IT service system. It allows for valid users to securely log-in the system and even to access valid resources from database. For efficiently and securely authenticating users, smart-card has been used as a popular tool because of its convenience and popularity. Furthermore the smart-card can maintain its own power for computation and storage, which makes it easier to be used in all types of authenticating environment that usually needs temporary storage and additional computation for authenticating users and server. First, in 1981, Lamport has designed an authentication service protocol based on user's smart-card. However it has been criticized in aspects of efficiency and security because it uses hash chains and the revealment of server's secret values are not considered. Over the years, many smart-card based authentication service protocol have been designed. Very recently, Xu, Zhu, Feng have suggested a provable and secure smart-card based authentication protocol. In this paper, first, we define all types of attacks in the smart-card based authentication service. According to the defined attacks, however, the protocol by Xu, Zhu, Feng is weak against an attack that an attacker with secret values of server is able to impersonate a valid user without knowing password and secret values of user. An efficient and secure countermeasure is suggested, then the security is analyzed.

• ETRI Journal
• /
• v.28 no.3
• /
• pp.320-328
• /
• 2006

Using biometrics to verify a person's identity has several advantages over the present practice of personal identification numbers (PINs) and passwords. To gain maximum security in a verification system using biometrics, the computation of the verification as well as the storing of the biometric pattern has to take place in a smart card. However, there is an open issue of integrating biometrics into a smart card because of its limited resources (processing power and memory space). In this paper, we propose a speaker verification algorithm using a support vector machine (SVM) with a very few features, and implemented it on a 32-bit smart card. The proposed algorithm can reduce the required memory space by a factor of more than 100 and can be executed in real-time. Also, we propose a hardware design for the algorithm on a field-programmable gate array (FPGA)-based platform. Based on the experimental results, our SVM solution can provide superior performance over typical speaker verification solutions. Furthermore, our FPGA-based solution can achieve a speed-up of 50 times over a software-based solution.

• Journal of the Korea Society of Computer and Information
• /
• v.13 no.6
• /
• pp.195-201
• /
• 2008

We proposed that is suitable network environment and wire/wireless communication network, easy of implementation, security level preservation, scalable & reconfigurable to TCP/IP protocol architecture to implement suitable smart card MS-Serpent cryptographic algorithm for smart card by hardware base chip level that software base is not implement. Implemented MT-Serpent cryptosystem have 4,032 in gate counter and 406.2Mbps@2.44MHz in throughput. Implemented MS-Serpent cryptographic algorithm strengthens security vulnerability of TCP/IP protocol to do to rescue characteristic of smart card and though several kind of services are available and keep security about many user in wire/wireless environment, there is important purpose.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.10 no.1
• /
• pp.81-87
• /
• 2014

Password-based authentication using smart card provides two factor authentications, namely a successful login requires the client to have a valid smart card and a correct password. While it provides stronger security guarantees than only password authentication, it could also fail if both authentication factors are compromised ((1) the user's smart card was stolen and (2) the user's password was exposed). In this case, there is no way to prevent the adversary from impersonating the user. Now, the new technology of biometrics is becoming a popular method for designing a more secure authentication scheme. In terms of physiological and behavior human characteristics, biometric information is used as a form of authentication factor. Biometric information, such as fingerprints, faces, voice, irises, hand geometry, and palmprints can be used to verify their identities. In this article, we review the biometric-based authentication scheme by Cheng et al. and provide a security analysis on the scheme. Our analysis shows that Cheng et al.'s scheme does not guarantee any kind of authentication, either server-to-user authentication or user-to-server authentication. The contribution of the current work is to demonstrate these by mounting two attacks, a server impersonation attack and a user impersonation attack, on Cheng et al.'s scheme. In addition, we propose the enhanced authentication scheme that eliminates the security vulnerabilities of Cheng et al.'s scheme.

• Proceedings of the KIEE Conference
• /
• 2003.07b
• /
• pp.1270-1272
• /
• 2003

Smart card system is being used in many countries to improve access to their transportation systems. Especially for subway system that typically see high volumes of passengers at specific times of the days, it's critical to find a ray to collect fares without unnecessarily delaying passengers. The card consists of antenna, modulation and demodulation block, power supply module and memory. The antenna receives the power and data signal from reader. The FRAM is used as the inner memory. And it is a non-volatile memory and complements the problems, that is high consumption and low data processing speed, of using conventional EEPROM in the passive smart cart. In this paper, we analyze and design the RF passive smart card to apply to the fare collection for the subway gate system.

• The Journal of The Korea Institute of Intelligent Transport Systems
• /
• v.17 no.6
• /
• pp.14-24
• /
• 2018

Pedestrian movement of passengers using smart card within stations can be divided into three types of activities - straight ride and alight, line transfer, and station transfer. Straight ride and alight is transfer activity for which the card terminal and embarking line are identical. In this case, straight ride occurs at the origin station and straight alight occurs at the destination station. Line transfer refers to activity in which the subway line embarked on by the passenger is different from that which is disembarked. Succinctly, line transfer is transfer at a middle station, rather than at origin or destination stations. Station transfer occurs when the card terminal line and embarking line are different. It appears when station transfer happens at the origin station as starting transfer, and at the destination station as destination transfer. In the case of Metropolitan smart card data, origin and destination station card terminal line number data is recorded, but subway line data does not exist. Consequently, transportation card data, as it exists, cannot adequately be used to analyze pedestrian movement as a whole in subway stations. This research uses the smart card data, with its constraints, to propose an analysis model for passenger pedestrian movement within subway stations. To achieve this, a path selection model is constructed, which links origin and destination stations, and then applied for analysis. Finally, a case study of the metropolitan subway is undertaken and pedestrian volume analyzed.

• Communications of the Korean Institute of Information Scientists and Engineers
• /
• v.19 no.8
• /
• pp.33-43
• /
• 2001

• Journal of Information Technology Services
• /
• v.19 no.2
• /
• pp.125-138
• /
• 2020

Currently, subway crowding is estimated by observing a specific point at specific hours once or twice every 1 or 2 years. Given the extensive subway network in Seoul Metropolitan Area covering 588 stations, 11 lines and 80 transfer stations as of 2017, implementing crowding mitigation policy may have its limitations due to data uncertainty. A proposal has recently been made to effectively use smart card data, which generates big data on the overall subway traffic related to an estimated 8 million passengers per day. To mitigate subway crowding, this study proposes two viable options based on data related to smart card used in Seoul Metropolitan Area. One is to create a subway passenger pattern model to accurately estimate subway crowding, while the other is to prove effectiveness of early bird policy to distribute subway demand that is concentrated at certain stations and certain time. A subway passenger pattern model was created to estimate the passenger routes based on subway terminal ID at the entrance and exit and data by hours. To that end, we propose assigning passengers at the routes similar to the shortest routes based on an assumption that passengers choose the fastest routes. In the model, passenger flow is simulated every minute, and subway crowding level by station and line at every hour is analyzed while station usage pattern is identified by depending on passenger paths. For early bird policy, highly crowded stations will be categorized based on congestion level extracted from subway passenger pattern model and viability of a policy which transfers certain traveling demands to early commuting hours in those stations will be reviewed. In particular, review will be conducted on the impact of policy implemented at certain stations on other stations and lines from subway network as a whole. Lastly, we proposed that smart card based subway passenger pattern model established through this study used in decision making process to ensure effective implementation of public transport policy.

• Journal of the Korean Society for Railway
• /
• v.20 no.5
• /
• pp.692-702
• /
• 2017

Recently, there has been a growing interest in using smart card data. However, there are restrictions on the utilization of data in many areas outside the Seoul metropolitan area because the data does not contain alighting information. This paper presents a methodology for estimating alighting stops of smart card data. Estimation results were verified by smart card data from Seoul and Gwangju. The estimation rates were 78.2% and 81.6% in Seoul and Gwangju, respectively. The matching accuracy was 54.2% and 33.4%, respectively. However, if up to two stops of error are allowed, the accuracy values were 93.6% and 94.0%, respectively. We also discussed changes in estimation results due to adjusting the allowable walking distance, which is a key parameter of trip chaining methods. As the allowable walking distance increases, the estimation rate increases, while the accuracy decreases, and it is found that the estimation results change by around 500m.

• KIPS Transactions on Computer and Communication Systems
• /
• v.2 no.11
• /
• pp.503-510
• /
• 2013

Recently, the rapid development of network technology has enabled people to use various services on the internet. However, the existing password-based user authentication system used in the internet environment requires a password table, which is a potential security threat as it could be leaked by an insider. To solve this issue, remote user authentication methods that do not require a user password table have been proposed. Regarding remote user authentication using a smart card in particular, various methods have been suggested to reduce expenses and to improve stability and efficiency, but the possibility of impersonation attacks and password-guessing attacks using information saved in a user's smart card still exist. Therefore, this study proposes a remote user authentication method that can safeguard against impersonation attacks and password guessing attacks, by analyzing weak points of conventional methods and creating a smart card's ID and password that are based on the user's ID and password.