• Convergence Security Journal
• /
• v.22 no.4
• /
• pp.179-188
• /
• 2022

Password authentication schemes (PAS) are the most common mechanisms used to ensure secure communication in open networks. Mathematical-based cryptographic authentication schemes such as factorization and discrete logarithms have been proposed and provided strong security features, but they have the disadvantage of high computational and message transmission costs required to construct passwords. Fairuz et al. therefore argued for an improved cryptographic authentication scheme based on two difficult fixed issues related to session key consent using the smart card scheme. However, in this paper, we have made clear through security analysis that Fairuz et al.'s protocol has security holes for Privileged Insider Attack, Lack of Perfect Forward Secrecy, Lack of User Anonymity, DoS Attack, Off-line Password Guessing Attack.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.39B no.4
• /
• pp.207-215
• /
• 2014

Password based authentication systems are most widely used for user convenience in web services. However such authentication systems are known to be vulnerable to various attacks such as password guessing attack, dictionary attack and key logging attack. Besides, many of the web systems just provide user authentication in a one-way fashion such that web clients cannot verify the authenticity of the web server to which they set access and give passwords. Therefore, it is too difficult to protect against DNS spoofing, phishing and pharming attacks. To cope with the security threats, web system adopts several enhanced schemes utilizing one time password (OTP) or long and strong passwords including special characters. However there are still practical issues. Users are required to buy OTP devices and strong passwords are less convenient to use. Above all, one-way authentication schemes generate several vulnerabilities. To solve the problems, we propose a multi-channel, multi-factor authentication scheme by utilizing QR-Code. The proposed scheme supports both user and server authentications mutually, thereby protecting against attacks such as phishing and pharming attacks. Also, the proposed scheme makes use of a portable smart device as a OTP generator so that the system is convenient and secure against traditional password attacks.

• The Journal of Society for e-Business Studies
• /
• v.18 no.2
• /
• pp.81-93
• /
• 2013

Remote user authentication is a method, in which remote server verifies the legitimacy of a user over an common communication channel. Currently, smart card based remote user authentication schemes have been widely adopted due to their low computational cost and convenient portability for the mutual authentication. 2009 years, Wang et al.'s proposed a dynamic ID-based remote user authentication schemes using smart cards. They presented that their scheme preserves anonymity of user, has the feature of storing password chosen by the server, and protected from several attacks. However, in this paper, I point out that Wang et al.'s scheme has practical vulnerability. I found that their scheme does not provide anonymity of a user during authentication. In addition, the user does not have the right to choose a password. And his scheme is vulnerable to limited replay attacks. In particular, the parameter y to be delivered to the user is ambiguous. To overcome these security faults, I propose an enhanced authentication scheme, which covers all the identified weakness of Wang et al.'s scheme and an efficient user authentication scheme that preserve perfect anonymity to both the outsider and remote server.

• Convergence Security Journal
• /
• v.23 no.4
• /
• pp.43-52
• /
• 2023

Many businesses and organizations use smartcard-based user authentication for remote access. In the meantime, through various studies, dynamic ID-based remote user authentication protocols for distributed multi-server environments have been proposed to protect the connection between users and servers. Among them, Qiu et al. proposed an efficient smart card-based remote user authentication system that provides mutual authentication and key agreement, user anonymity, and resistance to various types of attacks. Later, Andola et al. found various vulnerabilities in the authentication scheme proposed by Qiu et al., and overcame the flaws in their authentication scheme, and whenever the user wants to log in to the server, the user ID is dynamically changed before logging in. An improved authentication protocol is proposed. In this paper, by analyzing the operation process and vulnerabilities of the protocol proposed by Andola et al., it was revealed that the protocol proposed by Andola et al. was vulnerable to offline smart card attack, dos attack, lack of perfect forward secrecy, and session key attack.

• Proceedings of the Korea Contents Association Conference
• /
• 2004.11a
• /
• pp.220-227
• /
• 2004

In this paper, we made out blocking probability analysis for a new authentication structure for reducing the certificate acquisition time which is one of the factors that should be improved in a conventional wireless PKI. A conventional key exchange method simply performs the key exchange setup step based on discrete algebraic subjects. But the mutual-authentication procedure of wireless PKI for reducing authentication time uses an elliptical curve for a key exchange setup step. Besides, we proposed advanced handover method and blocking probability analysis for wireless PKI.

• Journal of the Korea Society of Computer and Information
• /
• v.12 no.6
• /
• pp.193-200
• /
• 2007

There is an advantage that RFID system is better than previous bar code system in storage ability and noncontact property. But, everyone can easily receive the transmitting information by using RF signal. So, there is a problem that system security and personal privacy are threatened. In this paper, I propose RFID system that is secure against attacks like eavesdropping, replay, spoofing and location tracking and can efficiently provide mutual authentication services between reader and tag. The proposed RFID system can be used in various sections of ubiquitous computing environment.

• The Transactions of the Korea Information Processing Society
• /
• v.3 no.5
• /
• pp.1170-1178
• /
• 1996

In this paper, an authentication scheme for network users using smart card is proposed. The network center generates key information and distributes the generated key to the network users safely. It also carries out the verification of the network users to prevent in-proper use caused by stolen of cards. In addition to that the net-work users can change their password in anytime they want. Therefor, we provide more secure and efficient mutual authentication methods.

• Journal of Korea Society of Industrial Information Systems
• /
• v.6 no.1
• /
• pp.56-60
• /
• 2001

An authentication protocol for wireless mobile communication systems is proposed. The protocol employs the keyed hash function to provide mutual authentication and session key distribution. This makes the low computation power of mobile stations. To provide the security architecture with minimal assumption about the security of intermediate transport networks, this protocol has no assumptions about the security of the intermediate, fixed networks.

• Management & Information Systems Review
• /
• v.6
• /
• pp.1-19
• /
• 2001

Partial transactions which use computer networks are formed in the cyberspace due to rapid progress of communication and computer technology. Electronic business transactions have security problems according to the special quality of opening networks, while it can be approached easily by anyone without being tied to time and places through Internets. To revitalize the electronic business transactions, security technology which can establish its security and trust is the prior task and both safe information communication and better information security service offer are essential factors. The method to exchange information through Internets must be made after confirming one another's exact connection in the mutual identity certification to prevent a lot of threat which can occur in the use of password techniques. To satisfy these electronic business transactions, we intend to increase understanding of authentication algorithm provided with authentication function of messages and users as well to plan safety and trust of business information and contents in the electronic business transactions.

• Journal of the Korea Society of Computer and Information
• /
• v.24 no.7
• /
• pp.87-91
• /
• 2019

In the IoT(Internet of Things) environment, various devices are utilized and applied for different sites. But attackers can access easy to IoT systems, and try to operate DDoS(Distributed Denial-of-Service) attacks. In this paper, Sensor nodes, Cluster heads, and Gateways operates lightweight mutual authentication each others. Since authenticated sensor nodes and cluster heads only send transactions to Gateways, proposed techniques prevent DDoS attacks. In addition, the blockchain system contains secure keys to decrypt data from sensor nodes. Therefore, attackers can not decrypt the data even if the data is eavesdropped.