• Convergence Security Journal
• /
• v.16 no.6_2
• /
• pp.83-88
• /
• 2016

Over recent years there has been considerable growth in interest in the use of biometric systems for personal authentication. Biometrics is a field of technology which has been and is being used in the identification of individuals based on some physical attribute. By using biometrics, authentication is directly linked to the person, rather than their token or password. Biometric authentication is a type of system that relies on the unique biological characteristics of individuals to verify identity for secure access to electronic systems. In 2013, Althobati et al. proposed an efficient remote user authentication protocol using biometric information. However, we uncovered Althobati et al.'s protocol does not guarantee its main security goal of mutual authentication. We showed this by mounting threat of data integrity and bypassing the gateway node attack on Althobati et al.'s protocol. In this paper, we propose an improved scheme to overcome these security weaknesses by storing secret data in device. In addition, our proposed scheme should provide not only security, but also efficiency since sensors in WSN(Wireless Sensor Networks) operate with resource constraints such as limited power, computation, and storage space.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.12 no.10
• /
• pp.4612-4617
• /
• 2011

Hsiang-Shin proposed a user authentication scheme which was created by improving Yoon's scheme. Afterwards, An showed the failure to meet security requirements which are considered in user authentication using password-based smart card in Hsiang-Shih-suggested scheme. In other words, it was found that an attacker can steal a user's card, and detect a user's password by temporarily accessing it and extracting the information stored in it. However, An-proposed scheme also showed its vulnerability to password-guessing attack and forgery/impersonation attack, etc. and thus, this paper proposed the improved user authentication scheme. The proposed authentication scheme can thwart the password-guessing attack completely and this paper proposed scheme also includes an efficient mutual authentication method that can make it possible for users and authentication server to certify the other party.

• Journal of the Institute of Convergence Signal Processing
• /
• v.14 no.1
• /
• pp.21-26
• /
• 2013

The objective of this study was to develop a system for handwriting recognition in three dimensions (3D) to authenticate users. While previous studies have used a stylus pen for two-dimensional input on a tablet, this study uses the Wii Remote controller because it can capture 3D human motion and could therefore be more effective means of recognition. The information obtained from a Wii Remote controller included x and y coordinates, acceleration (x, y, z), angular velocity (pitch, yaw, roll), twelve input buttons, and time. The proposed system calculates distances using six features extracted after preprocessing the data. In an experiment where 15 subjects wrote "AIZU" 10 times, we obtained a 94.8% identification rate using a combination of writing velocity, the peak value of pitch, and the peak value of yaw. This suggests that this system holds promise for handwriting-based authentication in the future.

• Journal of information and communication convergence engineering
• /
• v.9 no.4
• /
• pp.431-434
• /
• 2011

Password-based user-authentication schemes have been widely used when users access a server to avail internet services. Multiserver password-authentication schemes enable remote users to obtain service from multiple servers without separately registering with each server. In 2008, Jia-Lun Tsai proposed an improved and efficient password-authenticated key agreement scheme for a multiserver architecture based on Chang-Lee's scheme proposed in 2004. However, we found that Tsai's scheme does not provide forward secrecy and is weak to insider impersonation and denial of service attacks. In this article, we describe the drawbacks of Tsai's scheme and provide a countermeasure to satisfy the forward secrecy property.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.16 no.4
• /
• pp.67-74
• /
• 2020

As the information age develops, Online education and Non-face-to-face work are becoming common. Telecommuting such as tele-education and video conferencing through the application of information technology is also becoming common due to the COVID-19. Unexpected information leakage can occur online when the company conducts work remotely or holds meetings. A system to authenticate users is needed to reduce information leakage. In this study, there are various ways to authenticate remote access users. By applying burn authentication using a biometric system, a method to identify users is proposed. The method used in the study was studied the main component analysis method, which recognizes several characteristics in facial recognition and processes interrelationships. It proposed a method that can be easily utilized without additional devices by utilizing a camera connected to a computer by authenticating the user using the shape and characteristics of the face by using the PCA method.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.32 no.11A
• /
• pp.1128-1137
• /
• 2007

Recently, according to being advanced internet, mobile communication technique, Telematics environment which users in vehicle can use internet service in LAN(Local Area Network) via mobile device has being realized. In this paper, we propose the remote user authentication protocol to solve these issues. Additionally, we use biometrics(fingerprint) for our user authentication protocol cause it can provide to avoid critical weakness that can be lost, stolen, or forgotten and to make authentication easily. In our user authentication protocol, to protect the biometric we use session key which is generated from master key distributed in our key distribution protocol. In particular, we propose secure protocol between APs considering weakness of security in mobile environment. Based on implementation of our proposed protocol, we conform that our proposed protocols are secure from various attack methods and provide real-time authentication.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.33 no.12C
• /
• pp.1021-1028
• /
• 2008

In a network environment, when a user requests a server's service, a remote user authentication system using smart cards is a very practical solution to validate the eligibility of a user and provide secure communication. In these authentication schemes, due to fast progress of networks and information technology, most of provided services are in multi-server environments. However, there are no studies in multi-server authentication schemes using smart cards providing mutual anonymity so far. In this paper, we propose a novel user authentication scheme using smart cards providing mutual authentication and mutual anonymity for multi-server environments. Our proposed scheme achieves the low-computation requirement for smart cards and a user can use permitted various services in eligible servers by only one registration. Also, this scheme guarantees perfect mutual anonymity of participants.

• Journal of Internet Computing and Services
• /
• v.14 no.4
• /
• pp.43-51
• /
• 2013

User authentication and access control are two important components in high security applications. Recently, Chen and Yeh proposed a method to integrate both of them seamlessly. However, Chen-Yeh's scheme is vulnerable to a stolen verifier attack, since it maintains a smart card identifier table in a remote server. Therefore, this paper modifies Chen-Yeh's scheme and propose a new integrated authentication and access control scheme that is resilient to the stolen verifier attack while inheriting all the merits of Chen-Yeh's scheme. Security analysis shows that the proposed scheme withstands well-known security attacks and exhibits many good features.

• Convergence Security Journal
• /
• v.20 no.4
• /
• pp.209-215
• /
• 2020

The environment of the Internet provides an efficient communication of the things which are connected. While internet and online service provide us many valuable benefits, online services offered and accessed remotely through internet also exposes us to many different types of security threats. Most security threats were just related to information leakage and the loss of authentication on client-server environment. In 2016, Ahmed et al. proposed an efficient lightweight remote user authentication protocol. However, Kang et al. show that it's scheme still unstable and inefficient. It cannot resist offline identity guessing attack and cannot provide session key confirmation property. Moreover, there is some risk of biometric information's recognition error. In this paper, we propose an improved scheme to overcome these security weaknesses by storing secret data in device. In addition, our proposed scheme should provide not only security, but also efficiency since we only use hash function and XOR operation.

• The Journal of Korea Institute of Information, Electronics, and Communication Technology
• /
• v.4 no.3
• /
• pp.182-188
• /
• 2011

Recently Yoon et al. proposed the remote user authentication scheme using smart cards. But their scheme has not satisfied security requirements which should be considered in the user authentication scheme using the password based smart card. In this paper, we prove that Yoon et al.'s scheme is vulnerable to a password guessing attack in case that the attacker steals the user's smart card and extracts the information from the smart card. Accordingly, this paper proposes the improved user authentication scheme based on the hash functin and random nonce that can withstand various possible attacks including a password guessing attack. The result of comparative analysis demonstrates that the proposed scheme is more secure and efficient than Yoon et al.'s scheme, with a trivial trade-off to require just a few more exclusive-OR operations.