• Convergence Security Journal
• /
• v.22 no.4
• /
• pp.179-188
• /
• 2022

Password authentication schemes (PAS) are the most common mechanisms used to ensure secure communication in open networks. Mathematical-based cryptographic authentication schemes such as factorization and discrete logarithms have been proposed and provided strong security features, but they have the disadvantage of high computational and message transmission costs required to construct passwords. Fairuz et al. therefore argued for an improved cryptographic authentication scheme based on two difficult fixed issues related to session key consent using the smart card scheme. However, in this paper, we have made clear through security analysis that Fairuz et al.'s protocol has security holes for Privileged Insider Attack, Lack of Perfect Forward Secrecy, Lack of User Anonymity, DoS Attack, Off-line Password Guessing Attack.

• The KIPS Transactions:PartC
• /
• v.14C no.2
• /
• pp.129-138
• /
• 2007

AAA(Aluthentieation, Authorization, Accounting) protocol is an information securitv technology that offer secure and reliable user Authentication, Authorization, Accounting function systematically in various services. protocol and wireless network work as well as win network. Currently IETF(Internet Engineering Task Force) AAA Working Group deal with about AAA protocol and studying with activity, But, recently it exposing much problems side to user's anonymity and privacv violation. Therefore, in this paper, AAAH(Home Authentication Server) authenticaters Mobile device, after that, use ticket that is issued from AAAH even if move to outside network and can be serviced offering authentication in outside network without approaching by AAAH, Also, we study mechanism that can offer user's privacy and anonymousness to when use service. Our mechanism is using Time Synchronization OTP and focusing authentication and authorization. Therefore, our mechanism is secure from third party attack and offer secure and effective authentication scheme. Also only right user can offer services by using ticket. can reduce signal and reduce delay of message exchanged, can offer persistent service and beighten security and efficiency.

• Journal of Internet Computing and Services
• /
• v.18 no.5
• /
• pp.23-30
• /
• 2017

For enjoying the convenience provided by location based services, the user needs to submit his or her location and query to the LBS server. So there is a probability that the untrusted LBS server may expose the user's id and location etc. To protect user's privacy so many approaches have been proposed in the literature. Recently, the approaches about using dummy are getting popular. However, there are a number of things to consider if we want to generate a dummy. For example, when generating a dummy, we have to take the obstacle and the distance between dummies into account so that we can improve the privacy level. Thus, in this paper we proposed an efficient dummy generation algorithm to achieve k-anonymity and protect user's privacy in LBS. Evaluation results show that the algorithm can significantly improve the privacy level when it was compared with others.

• Journal of Korea Multimedia Society
• /
• v.2 no.2
• /
• pp.145-154
• /
• 1999

We are very interested in electronic commerce today, and it will is more developed in the future. In electronic commerce, we can easily purchase a cheap goods like digital data using a micropayment system. Though small value is used in micropayment system, it is important because it has many application. The transaction cost of a micropayment system must be small. Many protocols for the micropayment system are studied, but it's not support user's anonymity. In this paper, we examines the existing micropayment system and proposes a new micropayment protocol that have a anonymity.

• Spatial Information Research
• /
• v.20 no.4
• /
• pp.93-101
• /
• 2012

Due to complexity of indoor space, the demand of Location Based Services (LBS) in indoor space is increasing as well as outdoor. However, it includes privacy problems of exposing personal location. Location K-anonymity technology is a method to solve the privacy problems with cloaking their locations by Anonymized Spatial Region(ASR). It guarantees K users within a region containing the location of a given user. However previous researches have dealt the problems based on Euclidean distance in outdoor space, and cannot be applied in indoor space where there are constraints of movement such as walls. For this reason, we propose in this paper a K-anonymity for cloaking indoor location in consideration of structures and representation of indoor space. The basic concept of our approach is to introduce a hierarchical structure as ASR for including K-1 users for cloaking their locations. We also proposed a cost model by K and attributes of hierarchical structure to analyze the performance of the method.

• The Journal of Society for e-Business Studies
• /
• v.18 no.3
• /
• pp.107-123
• /
• 2013

In a wireless sensor network environment, it is required to ensure anonymity by keeping sensor nodes' identifiers not being revealed and to support real-time authentication, lightweight authentication and synchronization. In particular, there exist possibilities of location information leakage by others, privacy interference and security vulnerability when it comes to wireless telecommunications. Anonymity has been an importance issue in wired and wireless network environment, so that it has been studied in wide range. The sensor nodes are interconnected among them based on wireless network. In terms of the sensor node, the researchers have been emphasizing on its calculating performance limit, storage device limit, and smaller power source. To improve of biometric-based D. He scheme, this study proposes a real-time authentication protocol using Unique Random Sequence Code(URSC) and variable identifier for enhancing network performance and retaining anonymity provision.

• Journal of Korea Multimedia Society
• /
• v.19 no.3
• /
• pp.585-594
• /
• 2016

Recently because of development of remote network technology, users are able to access the network freely without constraints of time and space. As users are getting more frequent to access the remote server in a computing environment, they are increasingly being exposed to various risk factors such as forward secrecy and server impersonation attack. Therefore, researches for remote user authentication scheme have been studying actively. This paper overcomes the weaknesses of many authentication schemes proposed recently. This paper suggests an improved authentication scheme that protects user's anonymity with preserving variable more safe and also provides forward secrecy.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.13 no.9
• /
• pp.4771-4787
• /
• 2019

Aimed at the disclosure risk of mobile terminal user's location privacy in location-based services, a location-privacy protection scheme based on similar trajectory substitution is proposed. On the basis of the anonymized identities of users and candidates who request LBS, this scheme adopts trajectory similarity function to select the candidate whose trajectory is the most similar to user's at certain time intervals, then the selected candidate substitutes user to send LBS request, so as to protect user's privacy like identity, query and trajectory. Security analyses prove that this scheme is able to guarantee such security features as anonymity, non-forgeability, resistance to continuous query tracing attack and wiretapping attack. And the results of simulation experiment demonstrate that this scheme remarkably improve the optimal candidate' trajectory similarity and selection efficiency.

• 제어로봇시스템학회:학술대회논문집
• /
• 2005.06a
• /
• pp.1586-1589
• /
• 2005

GUMF (Global User Management Framework) that is proposed in this research can be applied to next generation network such as BcN (Broadband convergence Network), it is QoS guaranteed security framework for user that can solve present Internet's security vulnerability. GUMF offers anonymity for user of service and use the user's real-name or ID for management of service and it is technology that can realize secure QoS. GUMF needs management framework, UMS (User Management System), VNC (Virtual Network Controller) etc. UMS consists of root UMS in country dimension and Local UMS in each site dimension. VNC is network security equipment including VPN, QoS and security functions etc., and it achieves the QoSS (Quality of Security Service) and CLS(Communication Level Switching) functions. GUMF can offer safety in bandwidth consumption attacks such as worm propagation and DoS/DDoS, IP spoofing attack, and current most attack such as abusing of private information because it can offer the different QoS guaranteed network according to user's grades. User's grades are divided by 4 levels from Level 0 to Level 3, and user's security service level is decided according to level of the private information. Level 3 users that offer bio-information can receive secure network service that privacy is guaranteed. Therefore, GUMF that is proposed in this research can offer profit model to ISP and NSP, and can be utilized by strategy for secure u-Korea realization.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.16 no.6
• /
• pp.157-161
• /
• 2006

GSM(Global System for Mobile communications) that is the most popular standard for mobile phones, has more than 70% users in the world and the number of users increase continuously. However GSM system has the problem that cannot normally authenticate a user by the exposure of IMSI that is able to uniquely authenticate MS? during the user authentication procedure. In this paper? we provide security enhancement and user privacy by adopting a temporary id and an encryption scheme. Moreover we provide fast user authentication via architecture modification of the conventional GSM user authentication protocol.