• Journal of the Korea Society of Computer and Information
• /
• v.26 no.10
• /
• pp.101-108
• /
• 2021

In this paper, we analyze Shin's proposed dynamic ID-based user authentication scheme for TMIS(Telecare Medicine Information System), and Shin's authentication scheme is vulnerable to smart card loss attacks, allowing attackers to acquire user IDs, which enables user impersonation attack. In 2019, Shin's proposed authentication scheme attempted to generate a strong random number using ECC, claiming that it is safe to lose a smart card because it is impossible to calculate random number r'i due to the difficulty of the ECC algorithm without knowing random number ri. However, after analyzing Shin's authentication scheme in this paper, the use of transmission messages and smart cards makes it easy to calculate random numbers r'i, which also enables attackers to generate session keys. In addition, Shin's authentication scheme were analyzed to have significantly greater overhead than other authentication scheme, including vulnerabilities to safety analysis, the lack of a way to pass the server's ID to users, and the lack of biometric characteristics with slightly different templates.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.7 no.11
• /
• pp.2941-2956
• /
• 2013

In this paper, we propose an effective fragile image watermarking scheme for tampering detection and content recovery. Cover image is divided into a series of non-overlapping blocks and a block mapping relationship is constructed by the secret key. Several DCT coefficients with direct current and lower frequencies of the MSBs for each block are used to generate the reference bits, and different coefficients are assigned with different bit numbers for representation according to their importance. To enhance recovery performance, authentication bits are generated by the MSBs and the reference bits, respectively. After LSB substitution hiding, the embedded watermark bits in each block consist of the information of itself and its mapping blocks. On the receiver side, all blocks with tampered MSBs can be detected and recovered using the valid extracted reference bits. Experimental results demonstrate the effectiveness of the proposed scheme.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.10 no.4
• /
• pp.1864-1876
• /
• 2016

Card-Not-Present (CNP) transactions taking place remotely over the Internet are becoming more prevalent. Cardholder authentication should be provided to prevent the CNP fraud resulting from the theft of stored credit card numbers. To address the security problems associated with CNP transactions, the use of a virtual card number derived from the transaction details for the payment has been proposed, instead of the real card number. Since all of the virtual card number schemes proposed so far are based on a password shared between the cardholder and card issuer, transaction disputes due to the malicious behavior of one of the parties involved in the transaction cannot be resolved. In this paper, a new virtual card number scheme is proposed, which is associated with the cardholder's public key for signature verification. It provides strong cardholder authentication and non-repudiation of the transaction without deploying a public-key infrastructure, so that the transaction dispute can be easily resolved. The proposed scheme is analyzed in terms of its security and usability, and compared with the previously proposed schemes.

• The Journal of the Korea Contents Association
• /
• v.15 no.11
• /
• pp.501-508
• /
• 2015

Most web sites, information systems use the ID/Password technique to identify and authenticate users. But ID/Password technique is vulnerable to security. The user must remember the ID/Password and, the password should include alphabets, numbers, and special characters, not to be predicted easily. User also needs to change your password periodically. In this paper, we propose the user authentication method that the user authentication information stored in the external storage to authenticate a user. If another person knows the ID/Password, he can't log in a system without the external storage. Whenever a user logs in a system, authentication information is generated, and is stored in the external storage. Therefore, the proposed user authentication method is the traditional ID/Password security technique, but it enhances security and, increases user convenience.

• Journal of Advanced Navigation Technology
• /
• v.13 no.6
• /
• pp.876-883
• /
• 2009

In 2008, Kim-Jun proposed RFID Mutual Authentication Protocol based on One-Time Random Numbers which are strong in Eavesdropping Attack, Spoofing attack and Replay attack. However, In 2009, Yoon-Yoo proved that it was weak in Replay attack and proposed a protocol which can prevent Replay attack. But Yoon-Yoo's protocol has problems that efficiency on communication and Brute-force attack. This paper shows weak points of Yoon-Yoo's protocol and proposes an RFID mutual authentication protocol with security and performance improvements.

• Journal of Digital Convergence
• /
• v.10 no.4
• /
• pp.229-233
• /
• 2012

A RFID system is a technology for detecting information on an object through wireless communication between a tag on the object and a reader, and its applications are being expanded to various areas. Because of its wireless communication, however, there are many vulnerabilities in security. Until now, many studies have been executed in order to solve problems related to the security and stability of RFID. In order to resolve vulnerabilities in existing security methods for privacy protection, this study proposed an authentication protocol that uses hash values received from tags and random numbers. When the proposed protocol was implemented, it was safe from various types of attacks between tag and reader and between reader and DB. Furthermore, compared to recently proposed protocols, it could implement a RFID system with enhanced security and less computation in tags.

• Journal of the Korea Society of Computer and Information
• /
• v.20 no.1
• /
• pp.119-125
• /
• 2015

In this paper, we propose a user friendly password input method for mobile devices which is secure against SSA. The proposed method is a numeric password input method such as a conventional PIN method. One of the buttons, numbers and colors, so as to display the two pieces of information to double. The user can select one of the colors or numbers within one button to type in the password. Because an attacker does not know whether the user has entered any color and number, the proposed technique is safe from the SSA. Also to be secure for smudge attacks and password guessing attacks through random changes in the number and color information.

• International Journal of Internet, Broadcasting and Communication
• /
• v.15 no.4
• /
• pp.1-8
• /
• 2023

This paper analyzes the trends of identification proofing services(PIPSs) to identify and authenticate users online and proposes a method to improve PIPS based on alternative means of resident registration numbers in Korea. Digital identity proofing services play an important role in modern society, but there are some problems. Since they handle sensitive personal information, there is a risk of information leakage, hacking, or inappropriate access. Additionally, online service providers may incur additional costs by applying different PIPSs, which results in online service users bearing the costs. In particular, in these days of globalization, different PIPSs are being used in various countries, which can cause difficulties in international activities due to lack of global consistency. Overseas online PIPSs include expansion of biometric authentication, increase in mobile identity proofing, and distributed identity proofing using blockchain. This paper analyzes the trend of PIPSs that prove themselves when identifying users of online services in non-face-to-face overseas situations, and proposes improvements by comparing them with alternative means of Korean resident registration numbers. Through the proposed method, it will be possible to strengthen the safety of Korea's PIPS and expand the provision of more reliable identification services.

• Journal of the Korea Society of Computer and Information
• /
• v.17 no.7
• /
• pp.107-115
• /
• 2012

Recently, Li and Hwang scheme proposed a biometrics-based remote user authentication scheme using smart card. It is asserted that this scheme has very excellent benefits by the operation cost efficiency based on the smart card, one-way function and biometrics using random numbers. But this scheme cannot provide the properly authentication, especially, it is analyzed as the vulnerable security scheme for Denial-of-Service(DoS) attacks by impersonate attacks. The attacker controls the insecure channel, they can easily fabricate messages to pass the user's or server's authentication, and the malicious attacker can impersonate the user to cheat the server and can impersonate the server to cheat the user without knowing any secret information. This paper proposes the strong improved scheme which can respond to multiple attacks by supplementing the function of integrity check from the server which applied variable authenticator and OSPA without exposing the user's password information. It is supplemented pregnable of disguise attack and mutual authentication of Li and Hwang scheme.

• International journal of advanced smart convergence
• /
• v.13 no.2
• /
• pp.35-43
• /
• 2024

In this paper, we propose two 127-bit LFSR (Linear Feedback Shift Register)-based OTP (One-Time Password) generators. One is a 9-digit decimal OTP generator with thirty taps, while the other is a 12-digit OTP generator with forty taps. The 9-digit OTP generator includes only the positions of Fibonacci numbers to enhance randomness, whereas the 12-digit OTP generator includes the positions of prime numbers and odd numbers. Both proposed OTP generators are implemented on an Arduino module, and randomness evaluations indicate that the generators perform well across six criteria and are straightforward to implement with Arduino.