• Title/Summary/Keyword: Source Authentication

Search Result 68, Processing Time 0.028 seconds

A study on the FIDO authentication system using OpenSource (OpenSource를 이용한 FIDO 인증 시스템에 관한 연구)

  • Lee, Hyun-Jo;Cho, Han-Jin;Kim, Yong-Ki;Chae, Cheol-Joo
    • Journal of the Korea Convergence Society
    • /
    • v.11 no.5
    • /
    • pp.19-25
    • /
    • 2020
  • As the number of mobile device users increases, research on various user authentication methods has been actively conducted to protect sensitive personal information. Knowledge-based techniques have the disadvantage that security is deteriorated due to easy exposure of authentication means, and proprietary-based techniques have a problem of increasing construction cost and low user convenience to use the service. In order to solve this problem, a FIDO authentication system, which is a user authentication method using a smart device, has been proposed. Since the FIDO authentication system performs authentication based on the biometric information of the user, the risk of the authentication means being leaked is low, and since the authentication information is stored in the user's smart device, the user information due to server hacking is solved. Through this, it is possible to select and utilize user authentication technology suitable for the security level of the service. In this paper, we introduce the FIDO authentication system, explain the main parts required for FIDO UAF client-server development, and show examples of implementation using UAF open source provided by ebay.

PNC(Pipeline Network Coding)-Based Message and Node Authentication in Wireless Networks (무선 네트워크에서 파이프라인 네트워크 코딩 기반 메시지 및 노드 인증)

  • Ahn, Myeong-Gi;Cho, Young-Jong;Kang, Kyungran
    • The Journal of Korean Institute of Communications and Information Sciences
    • /
    • v.42 no.5
    • /
    • pp.999-1008
    • /
    • 2017
  • In this paper, we propose a pipeline network coding (PNC) scheme for efficient data transmission in wireless networks, a data authentication scheme for verifying the integrity of data, and a node authentication scheme for a virtual source. PNC is a technique that improves the overall network performance by relaying data such that the relay node performing network coding transmits to the sender instead. However, network coding is vulnerable to a pollution attack, which is an attack by a malicious attacker to inject modified data into the network. To prevent this, hash-based message authentication code (HMAC) is used. For this purpose, in order to generate a tag used for data authentication, a key must be distributed to the nodes performing authentication. We applied a hash chain to minimize the overhead of key distribution. A null vector is used as the authentication scheme for the virtual source. Finally, we analyze the safety and complexity of the proposed scheme and show he performance through simulation.

Authentication Mechanism for Efficient Multicast Service (효율적인 멀티캐스트 서비스를 위한 인증 기법)

  • Jung Yumi;Par Jung-Min;Chae Kijoon;Lee Sang-Ho;Nah Jaehoon
    • The KIPS Transactions:PartC
    • /
    • v.11C no.6 s.95
    • /
    • pp.765-772
    • /
    • 2004
  • Multicast communication is simultaneous transmission of data to multiple receivers and saves considerably sender resources and network bandwidth. It has high risk to attack using group address and inherent complexity of routing packets to a large group of receivers. It is therefore critical to provide source authentication, allowing a receiver to ensure that received data is authentic. In this paper, we propose the multiple chain authentication scheme for secure and efficient multicast stream. To evaluate the performance of our scheme, we compare our technique with two other previously proposed schemes using simulation results. Our scheme provides non-repudiation of origin, low overhead by amortizing the signature operation over multiple packets, and high packet loss resistance.

Efficient Source Authentication Protocol for IPTV Based on Hash Tree Scheme (해쉬 트리 기반의 효율적인 IPTV 소스 인증 프로토콜)

  • Shin, Ki-Eun;Choi, Hyoung-Kee
    • The KIPS Transactions:PartC
    • /
    • v.16C no.1
    • /
    • pp.21-26
    • /
    • 2009
  • Presently, the demand for IPTV, to satisfy a variety of goals, is exploding. IPTV is coming into the spotlight as a killer application in upcoming IP convergence networks such as triple play which is the delivery of voice, internet, and video service to a subscriber. IPTV utilizes CAS, which controls the subscriber access to content for a profit. Although the current CAS scheme provides access control via subscriber authentication, there is no authentication scheme for the content transmitted from service providers. Thus, there is a vulnerability of security, through which an adversary can forge content between the service provider and subscribers and distribute malicious content to subscribers. In this paper, based on a hash tree scheme, we proposed efficient and strong source authentication protocols which remove the vulnerability of the current IPTV system. We also evaluate our protocol from a view of IPTV requirements.

One time password key exchange Authentication technique based on MANET (MANET 기반 원타임 패스워드 키교환 인증기법)

  • Lee, Cheol-Seung;Lee, Joon
    • Journal of the Korea Institute of Information and Communication Engineering
    • /
    • v.11 no.7
    • /
    • pp.1367-1372
    • /
    • 2007
  • This paper suggests One-time Password key exchange authentication technique for a strong authentication based on MANET and through identify wireless environment security vulnerabilities, analyzes current authentication techniques. The suggested authentication technique consists of 3 steps: Routing, Registration, and Running. The Routing step sets a safe route using AODV protocol. The Registration and Running step apply the One-time password S/key and the DH-EKE based on the password, for source node authentication. In setting the Session key for safe packet transmission and data encryption, the suggested authentication technique encrypts message as H(pwd) verifiers, performs key exchange and utilizes One time password for the password possession verification and the efficiency enhancement. EKE sets end to end session key using the DH-EKE in which it expounds the identifier to hash function with the modula exponent. A safe session key exchange is possible through encryption of the H(pwd) verifier. The suggested authentication technique requires exponentiation and is applicable in the wireless network environment because it transmits data at a time for key sharing, which proves it is a strong and reliable authentication technique based on the complete MANET.

A PERFORMANCE IMPROVEMENT OF ANEL SCHEME THROUGH MESSAGE MAPPING AND ELLIPTIC CURVE CRYPTOGRAPHY

  • Benyamina Ahmed;Benyamina Zakarya
    • International Journal of Computer Science & Network Security
    • /
    • v.23 no.3
    • /
    • pp.169-176
    • /
    • 2023
  • The vehicular ad hoc network (VANET) is currently an important approach to improve personal safety and driving comfort. ANEL is a MAC-based authentication scheme that offers all the advantages of MAC-based authentication schemes and overcomes all their limitations at the same time. In addition, the given scheme, ANEL, can achieve the security objectives such as authentication, privacy preservation, non-repudiation, etc. In addition, our scheme provides effective bio-password login, system key update, bio-password update, and other security services. Additionally, in the proposed scheme, the Trusted Authority (TA) can disclose the source driver and vehicle of each malicious message. The heavy traffic congestion increases the number of messages transmitted, some of which need to be secretly transmitted between vehicles. Therefore, ANEL requires lightweight mechanisms to overcome security challenges. To ensure security in our ANEL scheme we can use cryptographic techniques such as elliptic curve technique, session key technique, shared key technique and message authentication code technique. This article proposes a new efficient and light authentication scheme (ANEL) which consists in the protection of texts transmitted between vehicles in order not to allow a third party to know the context of the information. A detail of the mapping from text passing to elliptic curve cryptography (ECC) to the inverse mapping operation is covered in detail. Finally, an example of application of the proposed steps with an illustration

A Multistage Authentication Strategy for Reliable N-to-N Communication in CGSR based Mobile Ad Hoc Networks (CGSR 기반의 이동 애드 흑 네트워크에서 신뢰성 있는 통신을 위한 노드간 인증 기법)

  • Lee Hyewon K.;Mun Youngsong
    • Journal of KIISE:Information Networking
    • /
    • v.32 no.6
    • /
    • pp.659-667
    • /
    • 2005
  • A Mobile Ad Hoc Network(MANET) is a multi hop wireless network with no prepared base stations or centralized administrations, where flocks of peer systems gather and compose a network. Each node operates as a normal end system in public networks. In addition to it, a MANET node is required to work as a router to forward traffic from a source or intermediate node to others. Each node operates as a normal end system in public networks, and further a MANET node work as a router to forward traffic from a source or intermediate node to the next node via routing path. Applications of MANET are extensively wide, such as battle field or any unwired place; however, these are exposed to critical problems related to network management, node's capability, and security because of frequent and dynamic changes in network topology, absence of centralized controls, restricted usage on network resources, and vulnerability oi mobile nodes which results from the special MANET's character, shared wireless media. These problems induce MANET to be weak from security attacks from eavesdropping to DoS. To guarantee secure authentication is the main part of security service In MANET because networks without secure authentication are exposed to exterior attacks. In this paper, a multistage authentication strategy based on CGSR is proposed to guarantee that only genuine and veritable nodes participate in communications. The proposed authentication model is composed of key manager, cluster head and common nodes. The cluster head is elected from secure nodes, and key manager is elected from cluster heads. The cluster head will verify other common nodes within its cluster range in MANET. Especially, ID of each node is used on communication, which allows digital signature and blocks non repudiation. For performance evaluation, attacks against node authentication are analyzed. Based on security parameters, strategies to resolve these attacks are drawn up.

Ad-hoc Security Authentication Technique based on Verifier (검증자 기반 Ad-hoc 보안 인증기법)

  • Lee, Cheol-Seung;Hong, Seong-Pyo;Lee, Ho-Young;Lee, Joon
    • Proceedings of the Korean Institute of Information and Commucation Sciences Conference
    • /
    • 2007.10a
    • /
    • pp.713-716
    • /
    • 2007
  • This paper suggests One-time Password key exchange authentication technique for a strong authentication based on Ad-hoc Networks and through identify wireless environment security vulnerabilities, analyzes current authentication techniques. The suggested authentication technique consists of 3 steps: Routing, Registration, and Running. The Routing step sets a safe route using AODV protocol. The Registration and Running step apply the One-time password S/key and the DH-EKE based on the password, for source node authentication. In setting the Session key for safe packet transmission and data encryption, the suggested authentication technique encrypts message as H(pwd) verifiers, performs key exchange and utilizes One time password for the password possession verification and the efficiency enhancement. EKE sets end to end session key using the DH-EKE in which it expounds the identifier to hash function with the modula exponent. A safe session key exchange is possible through encryption of the H(pwd) verifier.

  • PDF

Survey on the Authentication and Key Management of 802.11s

  • Lam, Jun Huy;Lee, Sang-Gon;Tan, Whye Kit
    • Proceedings of the Korea Multimedia Society Conference
    • /
    • 2012.05a
    • /
    • pp.89-92
    • /
    • 2012
  • Wireless Mesh Network expanded the capability of the conventional wireless networking by allowing the nodes to operate in proactive mode, reactive mode or the combination of both, the hybrid mode in the multi-hopping nature. By doing so, the links between the nodes become much more robust and reliable because of the number of paths to reach a destination node from a source node can be more than 1 and do not need to rely on the access point (AP) alone to relay the messages. As there may be many possible ways to form an end-to-end link between 2 nodes, the routing security becomes another main concern of the 802.11s protocol. Besides its reliance on the 802.11i for the security measures, 802.11s also includes some new features such as the Mesh Temporal Key (MTK) and the Simultaneous Authentication of Equals (SAE). The authentication and key management (AKM) process of 802.11s were observed in this paper.

  • PDF

An Efficient Identity-Based Deniable Authenticated Encryption Scheme

  • Wu, Weifeng;Li, Fagen
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.9 no.5
    • /
    • pp.1904-1919
    • /
    • 2015
  • Deniable authentication protocol allows a sender to deny his/her involvement after the protocol run and a receiver can identify the true source of a given message. Meanwhile, the receiver has no ability to convince any third party of the fact that the message was sent by the specific sender. However, most of the proposed protocols didn't achieve confidentiality of the transmitted message. But, in some special application scenarios such as e-mail system, electronic voting and Internet negotiations, not only the property of deniable authentication but also message confidentiality are needed. To settle this problem, in this paper, we present a non-interactive identity-based deniable authenticated encryption (IBDAE) scheme using pairings. We give the security model and formal proof of the presented IBDAE scheme in the random oracle model under bilinear Diffie-Hellman (BDH) assumption.