• Title/Summary/Keyword: password-based

Search Result 482, Processing Time 0.021 seconds

A Study of Authentication Scheme using Biometric-Based Effectiveness Analysis in Mobile Devices (모바일 장치에서 신체정보기반의 효용성 분석을 이용한 인증기법에 관한 연구)

  • Lee, Keun-Ho
    • Journal of Digital Convergence
    • /
    • v.11 no.11
    • /
    • pp.795-801
    • /
    • 2013
  • As the life which existed only offline has changed into a life part of which is led online, it is an important problem to identify whether an online user is legitimate one or not. Biometric authentication technology was developed to identify the user more correctly either online or in offline daily life. Biometric authentication is a technology where a person is identified by his or her unique characteristics, and is highlighted as a next-generation authentication technology replacing password. There are various kinds of traits unique to each individual, and biometric authentication technologies drawing on such traits use various devices and algorithms. Firstly, this paper classified such various biometric authentication technologies, and analyzed the effects of them when they are applied on smartphone, smartwatch and M2M of the different devices platforms. Secondly, it suggested the effectiveness-based AIB(Authentication for Integrated Biometrics) authentication technique, a comprehensive authentication technique, which can be used in different devices platforms. We have successfully included the establishment scheme of the effectiveness authentication using biometrics.

OpenID Based User Authentication Scheme for Multi-clouds Environment (멀티 클라우드 환경을 위한 OpenID 기반의 사용자 인증 기법)

  • Wi, Yukyeong;Kwak, Jin
    • Journal of Digital Convergence
    • /
    • v.11 no.7
    • /
    • pp.215-223
    • /
    • 2013
  • As cloud computing is activated, a variety of cloud services are being distributed. However, to use each different cloud service, you must perform a individual user authentication process to service. Therefore, not only the procedure is cumbersome but also due to repeated authentication process performance, it can cause password exposure or database overload that needs to have user's authentication information each cloud server. Moreover, there is high probability of security problem that being occurred by phishing attacks that result from different authentication schemes and input scheme for each service. Thus, when you want to use a variety of cloud service, we proposed OpenID based user authentication scheme that can be applied to a multi-cloud environment by the trusted user's verify ID provider.

A Side Channel Attack with Vibration Signal on Card Terminal (진동 신호를 이용한 카드 단말기 부채널 공격)

  • Jang, Soohee;Ha, Youngmok;Yoon, Jiwon
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.24 no.6
    • /
    • pp.1045-1053
    • /
    • 2014
  • In this paper, we assume that the information leakage through side-channel signal may occur from the card payment terminal and newly introduce a real application attack model. The attack model is a side channel attack based on vibration signals, which are detected by a small sensor attached on card terminal by attacker. This study is similar to some other studies regarding side channel attack. However, this paper is different in that it is based on the non-language model. Because the financial transaction information such as a card number, password, mobile phone number and etc cannot have a constant pattern. In addition, there was no study about card terminal. Therefore, this new study is meaningful. We collected vibration signals on card terminal with a small wireless sensor and analyzed signal data with statistical signal processing techniques using spectrum of frequency domain and principal component analysis and pattern recognition algorithms. Finally, we evaluated the performances by using real data from the sensor.

Design Errors and Cryptanalysis of Shin's Robust Authentication Scheme based Dynamic ID for TMIS

  • Park, Mi-Og
    • Journal of the Korea Society of Computer and Information
    • /
    • v.26 no.10
    • /
    • pp.101-108
    • /
    • 2021
  • In this paper, we analyze Shin's proposed dynamic ID-based user authentication scheme for TMIS(Telecare Medicine Information System), and Shin's authentication scheme is vulnerable to smart card loss attacks, allowing attackers to acquire user IDs, which enables user impersonation attack. In 2019, Shin's proposed authentication scheme attempted to generate a strong random number using ECC, claiming that it is safe to lose a smart card because it is impossible to calculate random number r'i due to the difficulty of the ECC algorithm without knowing random number ri. However, after analyzing Shin's authentication scheme in this paper, the use of transmission messages and smart cards makes it easy to calculate random numbers r'i, which also enables attackers to generate session keys. In addition, Shin's authentication scheme were analyzed to have significantly greater overhead than other authentication scheme, including vulnerabilities to safety analysis, the lack of a way to pass the server's ID to users, and the lack of biometric characteristics with slightly different templates.

Implementation of the Educational Game for Learning the Lecturers Information using the Digital Game-based Learning Methodology (디지털 게임 기반 학습 방법을 이용한 강사 소개 교육용 게임의 구현)

  • Wahyutama, Aria Bisma;Gusdya, Wanda;Hwang, Mintae
    • Journal of the Korea Institute of Information and Communication Engineering
    • /
    • v.25 no.9
    • /
    • pp.1190-1198
    • /
    • 2021
  • In this paper, we present the results of implementing an interactive lecturer introduction game that allows new students or freshmen to learn about their lecturer's information using a Digital Game-based Learning (DGBL) methodology. This game provides information such as the lecturer's name, photo, the courses that they teach in the form of a quiz game, with Unity and PHP used as the development environment. Communication between the game, Content Management System (CMS), and the database is by using the REST API, which enables the administrator to manage the content of the game such as score and number of questions for each level, user's password, and performance threshold, as well as the lecturer's information itself. Since the developed interactive game uses an integrated CMS, the content can be updated dynamically according to the situation, therefore, it can be easily applied to other departments, as well as other various educational games.

A Preference of Smartphone Locking Algorithms Using Delphi and AHP (Aanalytic Hierarchy Process) (델파이와 계층분석기법을 이용한 스마트폰 잠금 알고리즘 선호도 분석)

  • Nam, Soo-Tai;Shin, Seong-Yoon;Jin, Chan-Yong
    • Journal of the Korea Institute of Information and Communication Engineering
    • /
    • v.23 no.10
    • /
    • pp.1228-1233
    • /
    • 2019
  • Recently, a variety of algorithms using encryption technology have been adopted as methods of unlocking smartphone. It is advancing toward the direction to solve the unlocking problem through human biometrics technology, which has already succeeded in commercializing. These include finger print recognition, face recognition, and iris recognition. In this study, the evaluation items are five algorithms, including finger print recognition, face recognition, iris recognition, pattern recognition, and password input method. Based on the algorithms adopted, the AHP (analytic hierarchy process) technique was used to calculate the preferred priorities for smartphone users. Finger print recognition ( .400) was the top priority for smartphone users. Next, pattern recognition ( .237) was placed in the second priority for smartphone users. Therefore, based on the results of the analysis, the limitations of the study and theoretical implications are suggested.

Analysis on Vulnerability of Secure USB Flash Drive and Development Protection Profile based on Common Criteria Version 3.1 (보안 USB 플래시 드라이브의 취약점 분석과 CC v3.1 기반의 보호프로파일 개발)

  • Jeong, Han-Jae;Choi, Youn-Sung;Jeon, Woong-Ryul;Yang, Fei;Won, Dong-Ho;Kim, Seung-Joo
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.17 no.6
    • /
    • pp.99-119
    • /
    • 2007
  • The USB flash drive is common used for portable storage. That is able to store large data and transfer data quickly and carry simply. But when you lose your USB flash drive without any security function in use, all stored data will be exposed. So the new USB flash drive supported security function was invented to compensate for the problem. In this paper, we analyze vulnerability of 6 control access program for secure USB flash drives. And we show that exposed password on communication between secure USB flash drive and PC. Also we show the vulnerability of misapplication for initialization. Further we develop a protection profile for secure USB flash drive based on the common criteria version 3.1. Finally, we examine possible threat of 6 secure USB flash drives and supports of security objectives which derived from protection profile.

STM-GOMS Model: A Security Model for Authentication Schemes in Mobile Smart Device Environments (STM-GOMS 모델: 모바일 스마트 기기 환경의 인증 기법을 위한 안전성 분석 모델)

  • Shin, Sooyeon;Kwon, Taekyoung
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.22 no.6
    • /
    • pp.1243-1252
    • /
    • 2012
  • Due to the widespread use of smart devices, threats of direct observation attacks such as shoulder surfing and recording attacks, by which user secrets can be stolen at user interfaces, are increasing greatly. Although formal security models are necessary to evaluate the possibility of and security against those attacks, such a model does not exist. In this paper, based on the previous work in which a HCI cognitive model was firstly utilized for analyzing security, we propose STM-GOMS model as an improvement of GOMS-based model with regard to memory limitations. We then apply STM-GOMS model for analyzing usability and security of a password entry scheme commonly used in smart devices and show the scheme is vulnerable to the shoulder-surfing attack. We finally conduct user experiments to show the results that support the validity of STM-GOMS modeling and analysis.

An OpenAPI based Security Framework for Privacy Protection in Social Network Service Environment (소셜 네트워크 서비스 환경에서 개인정보보호를 위한 OpenAPI기반 보안 프레임워크)

  • Yoon, Yongseok;Kim, Kangseok;Shon, Taeshik
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.22 no.6
    • /
    • pp.1293-1300
    • /
    • 2012
  • With the rapid evolution of mobile devices and the development of wireless networks, users of mobile social network service on smartphone have been increasing. Also the security of personal information as a result of real-time communication and information-sharing are becoming a serious social issue. In this paper, a framework that can be linked with a social network services platform is designed using OpenAPI. In addition, we propose an authentication and detection mechanism to enhance the level of personal information security. The authentication scheme is based on an user ID and password, while the detection scheme analyzes user-designated input patterns to verify in advance whether personal information protection guidelines are met, enhancing the level of personal information security in a social network service environment. The effectiveness and validity of this study were confirmed through performance evaluations at the end.

Distributed Identity Authentication System based on DID Technology (DID 기술에 기반 한 분산 신원 인증 시스템)

  • Chai Ting;Seung-Soon Shin;Sung-Hwa Han
    • Convergence Security Journal
    • /
    • v.23 no.4
    • /
    • pp.17-22
    • /
    • 2023
  • Traditional authentication systems typically involve users entering their username and password into a centralized identity management system. To address the inconvenience of such authentication methods, a decentralized identity authentication system based on Distributed Identifiers(DID) is proposed, utilizing decentralized identity technology. The proposed system employs QR code scanning for login, enhancing security through the use of blockchain technology to ensure the uniqueness and safety of user identities during the login process. This system utilizes DIDs and integrates the InterPlanetary File System(IPFS) to securely manage organizational members' identity information while keeping it private. Using the distributed identity authentication system proposed in this study, it is possible to effectively manage the security and personal identity of organization members. To improve the usability of the system proposed in this study, research is needed to expand it into a solution.