• Title/Summary/Keyword: password-based

Search Result 482, Processing Time 0.027 seconds

Advanced WLAN Authentication Mechanism using One-time Session Key based on the Vulnerability Analysis in Nespot Wireless Lan System (Nespot 무선랜 사용자 인증 취약점 분석 및 일회용 세션키 기반 무선랜 인증 기법)

  • Lee, Hyung-Woo
    • Journal of Korea Multimedia Society
    • /
    • v.11 no.8
    • /
    • pp.1101-1110
    • /
    • 2008
  • Nespot provides a convenient wireless internet connection service. The existing IEEE 802.1X EAP-MD5 authentication mechanism can be achieved based on ID/password information for a wireless connection. The Nespot system offers an advanced accounting and authorization procedure for providing wireless user authentication mechanism. However, many problems were found on the existing Nespot EAP-MD5 mechanism such as a ill value exposure, a leakage of personal information on wireless authentication procedure and a weakness on Nespot mutual authentication mechanism. Therefore, we analyzed the limitation of the existing IEEE 802.1X EAP-MD5 certification system, and suggested a one-time session key based authentication mechanism. And then we offered a simplified encryption function on the Nespot certification process for providing secure mutual authentication process.

  • PDF

Certified Key Management in Multi K-FIDO Device Environment (복수 K-FIDO 기기 환경에서의 인증키 관리)

  • Lee, Byoungcheon
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.27 no.2
    • /
    • pp.293-303
    • /
    • 2017
  • FIDO(Fast IDentity Online) technology is expanding very rapidly which can replace traditional password-based authentication with biometrics technology[1,7]. FIDO provides convenient authentication with biometrics technology and secure key management with smart card technology, but it does not provide user identification, thus traditional user identification technology should be used before a FIDO device is registered to a FIDO server. K-FIDO[3] is an approach to implement FIDO and certificate-based authentication technology into a single device that user can utilize certificate-based authentication in initial registration of FIDO device to FIDO server. It is expected that very shortly users will own and use multiple K-FIDO devices. If we consider the traditional approach of copying single certificate to multiple devices or issuing independent certificate to each device, there will be many complex problems. In this paper we propose more secure and convenient key management technology in multiple K-FIDO device scenario using self-extended certification[4].

Feasibility of Using Similar Electrocardiography Measured around the Ears to Develop a Personal Authentication System (귀 주변에서 측정한 유사 심전도 기반 개인 인증 시스템 개발 가능성)

  • Choi, Ga-Young;Park, Jong-Yoon;Kim, Da-Yeong;Kim, Yeonu;Lim, Ji-Heon;Hwang, Han-Jeong
    • Journal of Biomedical Engineering Research
    • /
    • v.41 no.1
    • /
    • pp.42-47
    • /
    • 2020
  • A personal authentication system based on biosignals has received increasing attention due to its relatively high security as compared to traditional authentication systems based on a key and password. Electrocardiography (ECG) measured from the chest or wrist is one of the widely used biosignals to develop a personal authentication system. In this study, we investigated the feasibility of using similar ECG measured behind the ears to develop a personal authentication system. To this end, similar ECGs were measured from thirty subjects using a pair of three electrodes attached behind each of the ears during resting state during which the standard Lead-I ECG was also simultaneously measured from both wrists as baseline ECG. The three ECG components, Q, R, and S, were extracted for each subject as classification features, and authentication accuracy was estimated using support vector machine (SVM) based on a 5×5-fold cross-validation. The mean authentication accuracies of Lead I-ECG and similar ECG were 90.41 ± 8.26% and 81.15 ± 7.54%, respectively. Considering a chance level of 3.33% (=1/30), the mean authentication performance of similar ECG could demonstrate the feasibility of using similar ECG measured behind the ears on the development of a personal authentication system.

A Design of MILENAGE Algorithm-based Mutual Authentication Protocol for The Protection of Initial Identifier in LTE (LTE 환경에서 초기 식별자를 보호하기 위한 MILENAGE 알고리즘 기반의 상호인증)

  • Yoo, Jae-hoe;Kim, Hyung-uk;Jung, Yong-hoon
    • Journal of Venture Innovation
    • /
    • v.2 no.1
    • /
    • pp.13-21
    • /
    • 2019
  • In LTE environment, which is 4th generation mobile communication systems, there is concern about private information exposure by transmitting initial identifier in plain text. This paper suggest mutual authentication protocol, which uses one-time password utilizing challenge-response and AES-based Milenage key generation algorithm, as solution for safe initial identification communication, preventing unique identification information leaking. Milenage key generation algorithm has been used in LTE Security protocol for generating Cipher key, Integrity key, Message Authentication Code. Performance analysis evaluates the suitability of LTE Security protocol and LTE network by comparing LTE Security protocol with proposed protocol about algorithm operation count and Latency.Thus, this paper figures out initial identification communication's weak points of currently used LTE security protocol and complements in accordance with traditional protocol. So, it can be applied for traditional LTE communication on account of providing additional confidentiality to initial identifier.

Study on a Real Time Based Suspicious Transaction Detection and Analysis Model to Prevent Illegal Money Transfer Through E-Banking Channels (전자금융 불법이체사고 방지를 위한 실시간 이상거래탐지 및 분석 대응 모델 연구)

  • Yoo, Si-wan
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.26 no.6
    • /
    • pp.1513-1526
    • /
    • 2016
  • Since finance companies started e-banking services, those services have been diversified and use of them has continued to increase. Finance companies are implementing financial security policy for safe e-banking services, but e-Banking incidents are continuing to increase and becoming more intelligent. Along with the rise of internet banks and boosting Fintech industry, financial supervisory institutes are not only promoting user convenience through improving e-banking regulations such as enforcing Non-face-to-face real name verification policy and abrogating mandatory use of public key certificate or OTP(One time Password) for e-banking transactions, but also recommending the prevention of illegal money transfer incidents through upgrading FDS(Fraud Detection System). In this study, we assessed a blacklist based auto detection method suitable for overall situations for finance company, a real-time based suspicious transaction detection method linking with blacklist statistics model by each security level, and an alternative FDS model responding to typical transaction patterns of which information were collected from previous e-Banking incidents.

Cryptanalysis and Improvement of RSA-based Authentication Scheme for Telecare Medical Information Systems

  • Kim, Keewon
    • Journal of the Korea Society of Computer and Information
    • /
    • v.25 no.2
    • /
    • pp.93-103
    • /
    • 2020
  • The telecare medical information system (TMIS) supports convenient and rapid health-care services. A secure and efficient authentication and key agreement scheme for TMIS provides safeguarding electronic patient records (EPRs) and helps health care workers and medical personnel to rapidly making correct clinical decisions. Giri et al. proposed an RSA-based remote user authentication scheme using smart cards for TMIS and claimed that their scheme could resist various malicious attacks. In this paper, we point out that their scheme is still vulnerable to lost smart card attacks and replay attacks and propose an improved scheme to prevent the shortcomings. As compared with the previous authentication schemes for TMIS, the proposed scheme is more secure and practical.

A Study on Secure and Improved Single Sign-On Authentication System against Replay Attack (재전송 공격에 안전하고 개선된 Single Sign-On 인증 시스템에 관한 연구)

  • Kim, Hyun-Jin;Lee, Im-Yeong
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.24 no.5
    • /
    • pp.769-780
    • /
    • 2014
  • In general, internet users need to remember several IDs and passwords when they use diverse web sites. From an effective management perspective, SSO system was suggested to reduce user inconvenience. Kerberos authentication, which uses centralized system management, is a typical example of a broker-based SSO authentication model. However, further research is required, because the existing Kerberos authentication system has security vulnerability problems of password and replay attacks. In SSO authentication systems, a major security vulnerability is the replay attack. When user credentials are seized by attackers, an authorized session can be obtained through a replay attack. In this paper, an improved SSO authentication model based on the broker-based model and a secure lightweight SSO mechanism against credential replay attack is proposed.

Security Analysis and Improvements of a Biometrics-based User Authentication Scheme Using Smart Cards (스마트 카드를 이용한 생체인식 기반 사용자 인증 스킴의 안전성 분석 및 개선)

  • An, Young-Hwa
    • Journal of the Korea Society of Computer and Information
    • /
    • v.17 no.2
    • /
    • pp.159-166
    • /
    • 2012
  • Many biometrics-based user authentication schemes using smart cards have been proposed to improve the security weaknesses in user authentication system. In 2010, Chang et al. proposed an improved biometrics-based user authentication scheme without concurrency system which can withstand forgery attack, off-line password guessing attack, replay attack, etc. In this paper, we analyze the security weaknesses of Chang et al.'s scheme and we have shown that Chang et al.'s scheme is still insecure against man-in-the-middle attack, off-line biometrics guessing attack, and does not provide mutual authentication between the user and the server. And we proposed the improved scheme to overcome these security weaknesses, even if the secret information stored in the smart card is revealed. As a result, the proposed scheme is secure for the user authentication attack, the server masquerading attack, the man-in-the-middle attack, and the off-line biometrics guessing attack, does provide the mutual authentication between the user and the remote server. And, in terms of computational complexities, the proposed scheme is more effective than Chang et al.'s scheme.

Blockchain-based Personal Information Authentication Method using Zero Knowledge Proofs (영지식을 활용한 블록체인 기반 개인정보 인증 기법)

  • Lee, Kwang Kyu
    • Smart Media Journal
    • /
    • v.10 no.3
    • /
    • pp.48-53
    • /
    • 2021
  • The authentication process is a key step that should be used to verify that a user is legitimate, and it should be used to verify that a user is a legitimate user and grant access only to that user. Recently, two-factor authentication and OTP schemes are used by most applications to add a layer of security to the login process and to address the vulnerability of using only one factor for authentication, but this method also allows access to user accounts without permission. This is a known security vulnerability. In this paper, we propose a Zero Knowledge Proofs (ZKP) personal information authentication scheme based on a Smart Contract of a block chain that authenticates users with minimal personal information exposure conditions. This has the advantage of providing many security technologies to the authentication process based on blockchain technology, and that personal information authentication can be performed more safely than the existing authentication method.

A Study on Key Protection Method based on WhiteBox Cipher in Block Chain Environment (블록체인 환경에서 화이트박스 암호기반 키 보호 기법에 관한 연구)

  • Choi, Do-Hyeon;Hong, Chan-Ki
    • Journal of Convergence for Information Technology
    • /
    • v.9 no.10
    • /
    • pp.9-15
    • /
    • 2019
  • Recently, in the field of next-generation e-commerce and finance, interest in blockchain-based technologies such as Bitcoin and Ethereum is great. Although the security of blockchain technology is known to be secure, hacking incidents / accidents related to cryptocurrencies are being issued. The main causes were vulnerabilities in the external environment, such as taking over login sessions on cryptocurrency wallets, exposing private keys due to malware infection, and using simple passwords. However, private key management recommends general methods such as utilizing a dedicated application or local backup and physical archiving through document printing. In this paper, we propose a white box password-based private key protection scheme. As a result of safety and performance analysis, we strengthened the security against vulnerability of private key exposure and proved the processing efficiency of existing protocol.