• Title/Summary/Keyword: password-based

Search Result 482, Processing Time 0.027 seconds

Vulnerability Analysis Method of Software-based Secure USB (소프트웨어 기반 보안 USB에 대한 취약성 분석 방법론)

  • Kim, Minho;Hwang, Hyunuk;Kim, Kibom;Chang, Taejoo;Kim, Minsu;Noh, Bongnam
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.22 no.6
    • /
    • pp.1345-1354
    • /
    • 2012
  • The modern society with the wide spread USB memory, witnesses the acceleration in the development of USB products that applied secure technology. Secure USB is protecting the data using the method as device-based access control, encryption of stored files, and etc. In terms of forensic analyst, to access the data is a lot of troubles. In this paper, we studied software-based data en/decryption technology and proposed for analysis mechanism to validation vulnerability that secured on removable storage media. We performed a vulnerability analysis for USB storage device that applied security mechanism. As a result, we found vulnerabilities that extracts a source file without a password.

D-PASS: A Study on User Authentication Method for Smart Devices (D-PASS: 스마트 기기 사용자 인증 기법 연구)

  • Jeoung, You-Sun;Choi, Dong-Min
    • The Journal of the Korea institute of electronic communication sciences
    • /
    • v.12 no.5
    • /
    • pp.915-922
    • /
    • 2017
  • The rapid increase in users of mobile smart devices has greatly expanded their range of activities. Compare to conventional mobile devices, smart devices have higher security requirements because they manage and use various kind of confidential information of the owners. However, the cation schemes provided by conventional smart devices are vulnerable to recent attacks such as shoulder surfing, recording, and smudge attacks, which are the social engineering attacks among the types of security attacks targeting the smart devices. In this paper, we propose a novel authentication method that is robust against social engineering attacks but sufficiently considering user's convenience. The proposed method is robust by using combination of a graphical authentication method and a text-based authentication method. Furthermore, our method is easier to memorize the password compare to the conventional graphical authentication methods.

A Study on User Authentication of Mobile Internet Environment Based on WPKI - (무선 인터넷 환경의 WPKI 기반 사용자 인증에 관한 연구)

  • Lee, Cheol-Seung;Park, Young-Ok;Lee, Ho-Young;Lee, Jeon
    • Proceedings of the Korean Institute of Information and Commucation Sciences Conference
    • /
    • 2003.05a
    • /
    • pp.560-563
    • /
    • 2003
  • In this paper describes for use Authentication with the WPKI and Kerberos protocol. this paper is the security structure that defined in a WAP forum and security and watches all kinds of password related technology related to the existing authentication system. It looks up weakness point on security with a problem on the design that uses wireless public key-based structure and transmission hierarchical security back of a WAP forum, and a server-client holds for user authentication of an application level all and all, and it provides one counterproposal. Therefore, We offer authentication way solution that connected X.509 with using WIM for complement an authentication protocol Kerberos and its disadvantages.

  • PDF

Security Enhancement to an Biometric Authentication Protocol for WSN Environment (WSN 환경에서 Biometric 정보를 이용한 안전한 사용자 인증 스킴의 설계)

  • Lee, Youngsook
    • Convergence Security Journal
    • /
    • v.16 no.6_2
    • /
    • pp.83-88
    • /
    • 2016
  • Over recent years there has been considerable growth in interest in the use of biometric systems for personal authentication. Biometrics is a field of technology which has been and is being used in the identification of individuals based on some physical attribute. By using biometrics, authentication is directly linked to the person, rather than their token or password. Biometric authentication is a type of system that relies on the unique biological characteristics of individuals to verify identity for secure access to electronic systems. In 2013, Althobati et al. proposed an efficient remote user authentication protocol using biometric information. However, we uncovered Althobati et al.'s protocol does not guarantee its main security goal of mutual authentication. We showed this by mounting threat of data integrity and bypassing the gateway node attack on Althobati et al.'s protocol. In this paper, we propose an improved scheme to overcome these security weaknesses by storing secret data in device. In addition, our proposed scheme should provide not only security, but also efficiency since sensors in WSN(Wireless Sensor Networks) operate with resource constraints such as limited power, computation, and storage space.

Design of Biometrics System Using ECG Lead III Signals (심전도 신호의 리드 III 파형을 이용한 바이오인식)

  • Min, Chul-Hong;Kim, Tae-Seon
    • Journal of the Institute of Electronics Engineers of Korea SC
    • /
    • v.48 no.6
    • /
    • pp.43-50
    • /
    • 2011
  • Currently, conventional security methods including IC card or password type method are quickly switched into biometric security systems in various applications and the electrocardiogram (ECG) has been considered as one of novel biometrics way. However, conventional ECG based biometrics used lead II signal which conventionally used for formulaic signal to heart disease diagnosis and it is not suitable for biometrics since it is rather difficult to find consistent features for heart disease patents. To overcome this problem, we developed new biometrics system using ECG lead III signals. For wave extraction, signal peak points are extracted through AAV algorithm. For feature selection, extracted waves are categorized into one of four wave types and total twenty two features including number of vertices, wave shapes, amplitude information and interval information are extracted based on their wave types. Experimental results for thirty-six people showed 100% specificity, 95.59% sensitivity and 99.17% of overall identification accuracy.

Finger-Knuckle Print Recognition Using Gradient Orientation Feature (그레이디언트 방향 특징을 이용한 손가락 관절문 인식)

  • Kim, Min-Ki
    • The Journal of the Korea Contents Association
    • /
    • v.12 no.12
    • /
    • pp.517-523
    • /
    • 2012
  • Biometrics is a study of identifying individual by using the features of human body. It has been studied for an alternative or complementary method for the classical method based on password, ID card, etc. In comparison with the fingerprint, iris, ear, palmprint, finger-knuckle print has been recently studied. This paper proposes an effective method for recognizing finger-knuckle print based on the feature of Gradient orientation. The main features of finger-knuckle print are the size and direction of winkles. In order to extract these features stably, we make a feature vector consisted of Gradient orientations after the preprocessing of enhancing non-uniform brightness and low contrast. Total 790 images acquired from 158 persons have been used at the experiment for evaluating the performance of the proposed method. The experimental results show the recognition rate of 99.69% and the relatively high decidability index of 1.882. These results demonstrate that the proposed method is effective in recognizing finger-knuckle print.

A Study on LMS Using Effective User Interface in Mobile Environment (모바일 환경에서 효과적인 사용자 인터페이스를 이용한 LMS에 관한 연구)

  • Kim, Si-Jung;Cho, Do-Eun
    • Journal of Advanced Navigation Technology
    • /
    • v.16 no.1
    • /
    • pp.76-81
    • /
    • 2012
  • With the spread of the various mobile devices, the studies on the learning management system based on the u-learning are actively proceeding. The u-learning-based learning management system is very convenient in that there are no restrictions on the various access devices as well as the access time and place. However, the judgments on the authentication for the user and whether learning is focused on are difficult. In this paper, the voice and user face capture interface rather than the common user event oriented interface was applied to the learning management system. When a user is accessing the learning management system, user's registered password is input and login as voice, and the user's learning attitude is judged through the response utterance of simple words during the process of learning through contents. As a result of evaluating the proposed learning management system, the user's learning achievement and concentration were improved, thus enabling the manager to monitor the user's abnormal learning attitude.

New Approach for Detecting Leakage of Internal Information; Using Emotional Recognition Technology

  • Lee, Ho-Jae;Park, Min-Woo;Eom, Jung-Ho;Chung, Tai-Myoung
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.9 no.11
    • /
    • pp.4662-4679
    • /
    • 2015
  • Currently, the leakage of internal information has emerged as one of the most significant security concerns in enterprise computing environments. Especially, damage due to internal information leakage by insiders is more serious than that by outsiders because insiders have considerable knowledge of the system's identification and password (ID&P/W), the security system, and the main location of sensitive data. Therefore, many security companies are developing internal data leakage prevention techniques such as data leakage protection (DLP), digital right management (DRM), and system access control, etc. However, these techniques cannot effectively block the leakage of internal information by insiders who have a legitimate access authorization. The security system does not easily detect cases which a legitimate insider changes, deletes, and leaks data stored on the server. Therefore, we focused on the insider as the detection target to address this security weakness. In other words, we switched the detection target from objects (internal information) to subjects (insiders). We concentrated on biometrics signals change when an insider conducts abnormal behavior. When insiders attempt to leak internal information, they appear to display abnormal emotional conditions due to tension, agitation, and anxiety, etc. These conditions can be detected by the changes of biometrics signals such as pulse, temperature, and skin conductivity, etc. We carried out experiments in two ways in order to verify the effectiveness of the emotional recognition technology based on biometrics signals. We analyzed the possibility of internal information leakage detection using an emotional recognition technology based on biometrics signals through experiments.

Analysis & defence of detection technology in network Attacker (네트워크 침입자탐지기법 분석과 대응)

  • Yun, Dong Sic
    • Convergence Security Journal
    • /
    • v.13 no.2
    • /
    • pp.155-163
    • /
    • 2013
  • Connection hijacking attack using the vulnerability of the TCP protocol to redirect TCP stream goes through your machine actively (Active Attack). The SKEY such as one-time password protection mechanisms that are provided by a ticket-based authentication system such as Kerberos or redirection, the attacker can bypass.Someone TCP connection if you have access on TCP packet sniffer or packet generator is very vulnerable. Sniffer to defend against attacks such as one-time passwords and token-based authentication and user identification scheme has been used. Active protection, but these methods does not sign or encrypt the data stream from sniffing passwords over insecure networks, they are still vulnerable from attacks. For many people, an active attack is very difficult and so I think the threat is low, but here to help break the illusion successful intrusion on the UNIX host, a very aggressive attack is presented. The tools available on the Internet that attempt to exploit this vulnerability, known as the recent theoretical measures is required. In this paper, we propose analysis techniques on a wireless network intruder detection.

Security Enhancement of Biometrics-based Remote User Authentication Scheme Using Smart Cards (스마트 카드를 이용한 생체인식 기반 원격 사용자 인증 스킴의 보안성 개선)

  • An, Young-Hwa;Joo, Young-Do
    • The Journal of the Institute of Internet, Broadcasting and Communication
    • /
    • v.12 no.1
    • /
    • pp.231-237
    • /
    • 2012
  • In 2011, Das proposed an effective biometrics-based remote user authentication scheme using smart cards that can provide strong authentication and mutual authentication, while eliminating the security drawbacks of Li-Hwang's scheme. In this paper, we have shown that Das's scheme is still insecure against several attacks and does not provide mutual authentication. Also, we proposed the enhanced scheme to overcome these security weaknesses, even if the secret information stored in the smart card is revealed. As a result of security analysis, the enhanced scheme is secure against user impersonation attack, server masquerading attack, off-line password guessing attack, and insider attack. And we can see that the enhanced scheme provides mutual authentication between the user and the server.