• Journal of the Korea Society of Computer and Information
• /
• v.26 no.9
• /
• pp.89-96
• /
• 2021

In this paper, we analyzed that the user authentication scheme for TMIS(Telecare Medicine Information System) proposed by Al-Saggaf et al. In 2019, Al-Saggaf et al. proposed authentication scheme using biometric information, Al-Saggaf et al. claimed that their authentication scheme provides high security against various attacks along with very low computational cost. However in this paper after analyzing Al-Saggaf et al's authentication scheme, the Al-Saggaf et al's one are missing random number s from the DB to calculate the identity of the user from the server, and there is a design error in the authentication scheme due to the lack of delivery method. Al-Saggaf et al also claimed that their authentication scheme were safe against a variety of attacks, but were vulnerable to password guessing attack using login request messages and smart cards, session key exposure and insider attack. An attacker could also use a password to decrypt the stored user's biometric information by encrypting the DB with a password. Exposure of biometric information is a very serious breach of the user's privacy, which could allow an attacker to succeed in the user impersonation. Furthermore, Al-Saggaf et al's authentication schemes are vulnerable to identity guessing attack, which, unlike what they claimed, do not provide significant user anonymity in TMIS.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.16 no.5
• /
• pp.59-66
• /
• 2006

A Certification Authority issues X.509 public key certificates to bind a public key to a subject. The subject is specified through one or more subject names in the 'subject' or 'subjectAltName' fields of a certificate. In reality, however, there are individuals that have the same or similar names. This ambiguity can be resolved by including a 'permanent identifier' in all certificates issued to the same subject, which is unique across multiple CAs. But, a person's unique identifier is regarded as a sensitive personal data. Such an identifier cannot simply be included as part of the subject field, since its disclosure may lead to misuse. We present a new method for secure and accurate user authentication through the PEPSI included in the standard certificate extension of a X.509 certificate. The PEPSI can be served not only for user authentication but also for the user anonymity without divulging personal information.

• Journal of the Korea Society of Computer and Information
• /
• v.28 no.7
• /
• pp.67-75
• /
• 2023

In this paper, we analyze the problem of the user authentication scheme that provides dynamic ID in a multi-server environment proposed by Andola et al. and propose an improved authentication one to solve this problem. As a result of analyzing the authentication scheme of Andrea et al. in this paper, it is not safe for smart card loss attack, and this attack allows users to guess passwords, and eventually, the attacker was able to generate session key. This paper proposed an improved authentication scheme to solve these problems, and as a result of safety analysis, it was safe from various attacks such as smart card loss attack, password guess attack, and user impersonation attack. Also the improved authentication scheme not only provides a secure dynamic ID, but is also effective in terms of the computational complexity of the hash function. In addition, the improved authentication scheme does not significantly increase the amount of transmission, so it can be said to be an efficient authentication scheme in terms of transmission cost.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.6 no.10
• /
• pp.2692-2707
• /
• 2012

A separable identity-based ring signature scheme has been constructed as a fundamental cryptographic primitive for protecting user privacy. Using the separability property, ring members can be selected from arbitrary domains, thereby, giving a signer a wide range of ways to control privacy. In this paper we propose a generic method to construct efficient identity-based ring signature schemes with various levels of separability. We first describe a method to efficiently construct an identity-based ring signature scheme for a single domain, in which a signer can select ring identities by choosing from identities defined only for the domain. Next, we present a generic method for linking ring signatures constructed for a single domain. Using this method, an identity-based ring signature scheme with a compact structure, supporting multiple arbitrary domains can be designed. We show that our method outperforms the best known schemes in terms of signature size and computational costs, and that the security model based on the separability of identity-based ring signatures, presented in this paper, is highly refined and effective by demonstrating the security of all of the proposed schemes, using a model with random oracles.

• Journal of Information Processing Systems
• /
• v.13 no.3
• /
• pp.559-572
• /
• 2017

Cyberbullying has been an emerging issue in recent years where research has revealed that users generally spend an increasing amount of time in social networks and forums to keep connected with each other. However, issue arises when cyberbullies are able to reach their victims through these social media platforms. There are different types of cyberbullying and like traditional bullying; it causes victims to feel overly selfconscious, increases their tendency to self-harm and generally affects their mental state negatively. Such situations occur due to security issues such as user anonymity and the lack of content restrictions in some social networks or web forums. In this paper, we highlight the existing solutions, which are Intrusion Prevention System and Intrusion Detection System from a number of researchers. However, even with such solutions, cyberbullying acts still occurs at an alarming rate. As such, we proposed an alternative solution that aims to prevent cyberbullying activities at a younger age, e.g., young children. The application would provide an alternative method to preventing cyberbullying activities among the younger generations in the future.

• Proceedings of the Korea Association of Information Systems Conference
• /
• 1997.10a
• /
• pp.165-181
• /
• 1997

경영환경과 조직의 분사화의 정도가 증가함에 따라서 의사결정지원시스템 (Decision Support System)에 있어서도 분산화 된 시스템의 요구가 증가되고 있다. 이러한 관점에서 본 연구는 분산화 된 환경인 네트웍을 기반으로 하는 의사결정지원시스템을 대상 으로 사용자간의 정보공유와 사용자의 참여의 효과적인 관리를 위한 기능적 설계를 제시한 다. 정보의 공유는 의사결정지원시스템과 그룹의사결정지원시스템을 차별화 하는 가장 큰 특징이다. 이러한 정보의 공유는 과업을 수행하는 그룹단위(WorkGroup)로 이루어지는 것이 바람직하며, 그룹의 구성원들간의 의사소통과 정보를 저장하는 자료저장소(Data Warehouse)와 서버(Server)의 구축, 보다 사용하기 쉬운 그래픽 사용자 인터페이스 (Graphic User Interface)를 포함하는 전자우편(Electronic Mail), 의사결정에 참여한 사용자 에게 의사결정결과에 대한 구체적인 피드백(Feedback)을 제공할 수 있는 시스템의 구축과 같은 방법을 통해서 보다 효과적인 관리가 이루어질 수 있게 된다. 사용자의 관리는 의사결 정지원시스템이 효과를 결정하는데 중요한 요소의 하나로써 보다 많은 참여는 그륩시너지효 과(Group Synergy Effect)를 가능하게 한다. 또한 완전한 익명성(Anonymity)의 확보는 기존 의 물리적인 제한을 가진 의사결정실 GDSS의 불완전한 익명성을 충분히 대체할 수 있을 것이다. 의사결정과정의 지원에 있어서도 사용자에게 회의의 기록을 자동적으로 제공하는 것과 병행하여 회의 중에 자신이 기록해야 할 사항을 추가적으로 기록할 수 있는 모듈 (Module)을 제공하는 것이 보다 효과적일 것이다. 물론 이러한 모듈은 앞서 언급한 정보의 공유의 관점에서 본다면 참여자 자신의 피드백에 도움을 주며, 또한 유사한 수준의 다른 참 여자에게 있어서 문제에 대한 인식을 다른 사용자와의 비교를 통하여 일정수준으로 동질화 시킬 수 있게 된다.

• Journal of Digital Contents Society
• /
• v.4 no.1
• /
• pp.1-10
• /
• 2003

This research focuses on the system design of a service method for a customized electronic card on the internet. It develops the system which covers from the input stage of the credit information including a credit card number, a debit card number, and a bank account number, through the process of decision for issuing the customized electronic card and for the payment of business transaction, to the payment stage. Users are allowed to make their own customized card depending on their situations by choosing a limit of balance, a number of usage, expiration date, recharge, and, anonymity of electronic card on the internet. These characteristics enhances convenience and security of card users. In addition, user's financial damage can be minimized when a credit card is lost by any reason.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.10 no.7
• /
• pp.3371-3396
• /
• 2016

Authentication protocols for multi-server architectures have gained momentum in recent times due to advancements in computing technologies and associated constraints. Lu et al. recently proposed a biometrics and smartcards-based authentication scheme for multi-server environment. The careful analysis of this paper demonstrates Lu et al.'s protocol is susceptible to user impersonation attacks and comprises insufficient data. In addition, this paper proposes an improved authentication with key-agreement protocol for multi-server architecture based on biometrics and smartcards. The formal security of the proposed protocol is verified using the widely accepted AVISPA (Automated Validation of Internet Security Protocols and Applications) tool to ensure that our protocol can withstand active and passive attacks. The formal and informal security analysis, and performance analysis sections determines that our protocol is robust and efficient compared to Lu et al.'s protocol and existing similar protocols.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.11 no.2
• /
• pp.924-944
• /
• 2017

Telecare Medical Information System (TMIS) helps the patients to gain the health monitoring information at home and access medical services over the mobile Internet. In 2015, Das et al proposed a secure and robust user AKA scheme for hierarchical multi-medical server environment in TMIS, referred to as DAKA protocol, and claimed that their protocol is against all possible attacks. In this paper, we first analyze and show DAKA protocol is vulnerable to internal attacks, impersonation attacks and stolen smart card attack. Furthermore, DAKA protocol also cannot provide confidentiality. We then propose a lightweight pseudonym AKA protocol for multi-medical server architecture in TMIS (short for PAKA). Our PAKA protocol not only keeps good security features declared by DAKA protocol, but also truly provides patient's anonymity by using pseudonym to protect sensitive information from illegal interception. Besides, our PAKA protocol can realize authentication and key agreement with energy-saving, extremely low computation cost, communication cost and fewer storage resources in smart card, medical servers and physical servers. What's more, the PAKA protocol is proved secure against known possible attacks by using Burrows-Abadi-Needham (BAN) logic. As a result, these features make PAKA protocol is very suitable for computation-limited mobile device.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.8 no.5
• /
• pp.1817-1827
• /
• 2014

As a new type of wireless network, Ad hoc network does not depend on any pre-founded infrastructure, and it has no centralized control unit. The computation and transmission capability of each node are limited. In this paper, a self-updating one-time password mutual authentication protocol for Ad hoc network is proposed. The most significant feature is that a hash chain can update by itself smoothly and securely through capturing the secure bit of the tip. The updating process does not need any additional protocol or re-initialization process and can be continued indefinitely to give rise to an infinite length hash chain, that is, the times of authentication is unlimited without reconstructing a new hash chain. Besides, two random variable are added into the messages interacted during the mutual authentication, enabling the protocol to resist man-in-the-middle attack. Also, the user's identity information is introduced into the seed of hash chain, so the scheme achieves anonymity and traceability at the same time.