• The KIPS Transactions:PartC
• /
• v.12C no.7 s.103
• /
• pp.959-964
• /
• 2005

Recently, Kim et al. proposed ID-based authentication schemes using smartcards and fingerprints. However, Scott showed that they were vulnerable to the passive eavesdropping attack. Thereby, this paper proposes an enhanced ID-based authentication scheme to solve the problems in Kin et al. scheme. Especially, the proposed scheme solves the ID repairability problem commonly shared in the previous ID based Cryptosystems. The proposed ID-based authentication scheme supports the advantages in the previous ID-based authentication scheme and solves the problems in them effectively.

• The KIPS Transactions:PartC
• /
• v.11C no.5
• /
• pp.585-594
• /
• 2004

When several service providers want to work together with only one master key, they need to properly distribute the key to participants who come in for the co-work business and then securely manage the distributed keys. This paper describes the system that can efficiently and securely manage the master key on the basis of the secret sharing scheme that can reconstruct original secret information as the necessity of reconstructing original secret arises. The proposed system can distribute secret information to several groups and also redistribute the secret to subgroup in proportion to the participant's security level using smart card-based (t, t)-(k, n)-threshold secret scheme for securely keeping secret information and authentication of participant's identification.

• Journal of Korea Multimedia Society
• /
• v.14 no.8
• /
• pp.1029-1040
• /
• 2011

Electronic identity (e-ID) card based on smartcard is a representative identity credential for on-line and off-line personal identification. The e-ID card can store the personal identity information securely, so that the information can be accessed fast, automated identity verification and used to determine the cardholder's authorization to access protected resources. Due to such features of an e-ID card, the number of government organizations and corporate enterprises that consider using e-ID card for identity management is increasing. In this paper, we present an authentication framework for access control system using e-ID cards by discussing the threat environment and security requirement against e-ID card. Specifically, to accomplish our purpose, we consider the Personal Identity Verification system as our target model.

• Journal of the Korea Society of Computer and Information
• /
• v.15 no.12
• /
• pp.109-116
• /
• 2010

Due to the increasing interest and demands of user privacy, remote user authentication schemes using smart card has been researched in active. Recently, a lot of suggestion have been made in order to provide user's anonymity and trace a malicious user. In 2008, Kim et al. proposed a traceable anonymity authentication scheme. In 2009, Choi et al. pointed out that Kim's protocol was insecure against outsider attacker and proposed an improved scheme. But Kim's and Choi's schemes fail to provide the user's anonymity or compute some values in the protocol. In this paper, we analyse those problems and suggest two improved schemes to resolve those problems.

• Journal of Korea Society of Industrial Information Systems
• /
• v.10 no.2
• /
• pp.59-66
• /
• 2005

Recently, Ku and Chen(Ku-Chen) showed some problems in the password based remote user authentication scheme using smartcards proposed by Chien et al. and proposed an improvement from it. This paper shows some weaknesses in the Ku-Chen's scheme, especially the replay attacks, and proposes two authentication protocols to solve the problems in it. First of all, an authentication protocol using synchronized timestamps is proposed to solve the problem in the Ku-Chen's protocol. Then, a nonce-based authentication protocol is proposed to solve the inherent problems in the synchronized timestamp-based authentication protocols. The proposed authentication protocols support the advantages in the previous password-based authentication protocols and solve the problems in them effectively.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.19 no.5
• /
• pp.195-200
• /
• 2009

CRT-based RSA algorithm, which was implemented on smartcard, microcontroller and so on, leakages secret primes p and q by fault attacks using laser injection, EM radiation, ion beam injection, voltage glitch injection and so on. Among the many fault injection methods, voltage glitch can be injected to target device without any modification, so more practical. In this paper, we made an experiment on the fault injection attack using abnormal source voltage. As a result, CRT-RSA's secret prime p and q are disclosed by fault attack with voltage glitch injection which was introduced by several previous papers, and also succeed the fault attack with source voltage blocking for proper period.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.13 no.3
• /
• pp.35-43
• /
• 2003

The randomization of scalar multiplication in ECC is one of the fundamental concepts in defense methods against side-channel attacks. This paper proposes a countermeasure against simple and differential power analysis attacks through randomizing the transformed m-ary method based on a random m-ary receding algorithm. The proposed method requires an additional computational load compared to the standard m-ary method, yet the power consumption is independent of the secret key. Accordingly, since computational tracks using random window width can resist against SPA and DPA, the proposed countermeasure can improve the security for smart cards.

• Convergence Security Journal
• /
• v.20 no.4
• /
• pp.209-215
• /
• 2020

The environment of the Internet provides an efficient communication of the things which are connected. While internet and online service provide us many valuable benefits, online services offered and accessed remotely through internet also exposes us to many different types of security threats. Most security threats were just related to information leakage and the loss of authentication on client-server environment. In 2016, Ahmed et al. proposed an efficient lightweight remote user authentication protocol. However, Kang et al. show that it's scheme still unstable and inefficient. It cannot resist offline identity guessing attack and cannot provide session key confirmation property. Moreover, there is some risk of biometric information's recognition error. In this paper, we propose an improved scheme to overcome these security weaknesses by storing secret data in device. In addition, our proposed scheme should provide not only security, but also efficiency since we only use hash function and XOR operation.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.10 no.10
• /
• pp.2750-2759
• /
• 2009

In this paper, we analyze vulnerabilities in a remote authentication protocol using smartcards which was proposed by Bindu et al. and propose an improved scheme. The proposed scheme can prevent from restricted replay attack and denial of service attack by replacing time stamp with random number. In addition, this protocol can guarantee user anonymity by transmitting encrypted user's ID using AES cipher algorithm. The computational load in our protocol is decreased by removing heavy exponentiation operations and user efficiency is enhanced due to addition of password change phase in which a user can freely change his password. Furthermore, we really implement the proposed authentication protocol using a STM smartcard and authentication server. Then we prove the correctness and effectiveness of the proposed remote authentication system.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.31 no.1C
• /
• pp.87-92
• /
• 2006

An $AB^2$ modular operation is an efficient basic operation for the public key cryptosystems and various systolic architectures for $AB^2$ modular operation have been proposed. However, these architectures have a shortcoming for cryptographic applications due to their high area complexity. Accordingly, this paper presents an partitioned $AB^2$ systolic modular multiplier over GF($2^m$). A dependency graph from the MSB $AB^2$ modular multiplication algorithm is partitioned into 1/3 to get an partitioned $AB^2$ systolic multiplier. The multiplier reduces the area complexity about 2/3 compared with the previous multiplier. The multiplier could be used as a basic building block to implement the modular exponentiation for the public key cryptosystems based on smartcard which has a restricted hardware requirements.