• Journal of Korea Multimedia Society
• /
• v.19 no.1
• /
• pp.41-50
• /
• 2016

Moblie device based financial services are vulnerable to social engineering attacks because of the display screen of mobile devices. In other words, in the case of shoulder surfing, attackers can easily look over a user's shoulder and expose his/her password. To resolve this problem, a colour-based secure keyboard solution has been proposed. However, it is inconvenient for genuine users to verify their password using this method. Furthermore, password colours can be exposed because of fixed keyboard colours. Therefore, we propose a secure mobile authentication method to provide advanced functionality and strong privacy. Our authentication method is robust to social engineering attacks, especially keylogger and shoulder surfing attacks. According to the evaluation results, our method offers increased security and improved usability compared with existing methods.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.18 no.4
• /
• pp.187-194
• /
• 2008

This paper proposes an effective countermeasure to an intrinsic hardware vulnerability of the keyboard controller that causes sniffing problem on the password authentication system based on the keyboard input string. Through the vulnerability, some possible attacker is able to snoop whole the password string input from the keyboard even when any of the existing keyboard protection software is running. However, it will be impossible for attackers to gather the exact password strings if the proposed policy is applied to the authentication system though they can sniff the keyboard hardware protocol. It is expected that people can use secure Internet commerce after implementing and applying the proposed policy to the real environment.

• Journal of the Korea Society of Computer and Information
• /
• v.20 no.1
• /
• pp.143-151
• /
• 2015

Biometric technology has been proposed as a new means to replace conventional PIN or password because it is hard to be lost and has the low possibility of illegal use. However, unlike a PIN, password, and personal information there is no way to modify the exposure if it is exposed and used illegally. Therefore, the existing single modality with single biometrics is critical when it expose. However in this paper, we use a multi-modality and multi-biometrics to authenticate between users and TTP or between users and financial institutions. Thereby, we propose a more reliable method and compared this paper with existed methods about security and performance in this paper.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.18 no.2
• /
• pp.21-31
• /
• 2008

Ubiquitous environment is constructed by development of an IT technology, offer environment of many service changed to mobile environment. Also, existed service offered at fixed position like home or company, but according to development of mobile device. user require service as moving. Wibro can offer as user moving using mobile device. As requirement should be included authentication, in case of authentication between UICC and AAA authentication server is offered in Wibro, service is available. However, when UICC requires initial authentication to AAA authentication server, identification information of UICC expose as plaintext, so privacy infringement of mobile device occurs. Therefore, identification information of terminal generate randomly using OTP(One-Time Password) that generated in mobile terminal, and we proposed mechanism of privacy protection. Also, we proposed mechanism that offer secure service to user as offer authentication from OTP framework, and offer OTP combination authentication detailedly.

• The Journal of Society for e-Business Studies
• /
• v.17 no.4
• /
• pp.1-16
• /
• 2012

Shieh and Wang [10] recently proposed an efficient mutual authentication scheme that combined the cost-effectiveness of operations of Lee et al. [6]. scheme and the security and key agreement of Chen and Yeh scheme. Shieh and Wang [10] scheme, however, does not satisfy the security requirements against a third party (the man-in the middle, attacker) that have to be considered in remote user authentication scheme using password-based smart cards. Shieh and Wang weaknesses are the inappropriateness that it cannot verify the forged message in 3-way handshaking mutual authentication, and the vulnerability that the system (server) secret key can easily be exposed. This paper investigates the problems of Shieh and Wang scheme in the verification procedure of the forged messages intercepted by the eavesdrop. An enhanced two-way remote user authentication scheme is proposed that is safe and strong against multiple attacks by adding the ability to perform integrity check on the server and proposed scheme is not expose user password information and the system's confidential information.

• Journal of the Institute of Convergence Signal Processing
• /
• v.21 no.4
• /
• pp.202-208
• /
• 2020

Recently, the importance of non-face-to-face has been emphasized due to COVID-19, and the use of sharing spaces is also expanding. The use of uncontact check-in technology for access control of sharing spaces reduces waiting time and optimizes workers' efficiency, resulting in operational cost savings. In this paper, we propose a sharing space access management system based on a mobile key and RCU (Room Control Unit), access to the facility using a mobile key, and monitor the facility using an RCU. Proposal system is for shared accommodation, rental field (residence, sale-selling hotel), shared office, etc. when there is a one-time visitor on a specific day and time, the corresponding password is delivered to the mobile platform to expose and key the existing password. It is supported by a field-adaptive system that can reduce discomfort such as delivery. In order to test the operation of the proposed integrated system, tests were conducted according to scenarios to understand the overall status of the user's reservation, check-in, and check-out, and a 100% success rate was derived for each item by setting performance indicators to prove test reliability.

• The KIPS Transactions:PartC
• /
• v.10C no.6
• /
• pp.747-754
• /
• 2003

Thia paper suggests a milti user-authentication system comprises that DNA biometric informatiom, owner's RFID(Radio Frequency Identification) smartcard of hardware token, and PKI digital signqture of software. This system improved items proposed in [1] as follows : this mechanism provides one RFID smartcard instead of two user-authentication smartcard(the biometric registered seal card and the DNA personal ID card), and solbers user information exposure as RFID of low proce when the card is lost. In addition, this can be perfect multi user-autentication system to enable identification even in cases such as identical twins, the DNA collected from the blood of patient who has undergone a medical procedure involving blood replacement and the DNA of the blood donor, mutation in the DNA base of cancer cells and other cells. Therefore, the proposed system is applied to terminal log-on with RFID smart card that stores accurate digital DNA biometric information instead of present biometric user-authentication system with the card is lost, which doesn't expose any personal DNA information. The security of PKI digital signature private key can be improved because secure pseudo random number generator can generate infinite one-time pseudo randon number corresponding to a user ID to keep private key of PKI digital signature securely whenever authenticated users access a system. Un addition, this user-authentication system can be used in credit card, resident card, passport, etc. acceletating the use of biometric RFID smart' card. The security of proposed system is shown by statistical anaysis.