• Title/Summary/Keyword: remote authentication

Search Result 205, Processing Time 0.02 seconds

A Study on the User Authentication Scheme with Forward Secrecy (순방향 비밀성을 제공하는 사용자 인증 스킴에 관한 연구)

  • An, Young-Hwa
    • Journal of the Korea Society of Computer and Information
    • /
    • v.16 no.2
    • /
    • pp.183-191
    • /
    • 2011
  • Recently Wang-Li proposed the remote user authentication scheme using smart cards. But the proposed scheme has not been satisfied security requirements considering in the user authentication scheme using the password based smart card. In this paper, we described the Wang-Li and Yoon et al.'s authentication scheme simply, and we prove that the Wang-Li's scheme is vulnerable to a password guessing attack and impersonation attack in case that the attacker steals the user's smart card and extracts the information in the smart card. Accordingly, we propose the improved user authentication scheme based on the hash function and generalized ElGamal signature scheme that can withstand many possible attacks including a password guessing attack, impersonation attack and replay attack, and that can offer the function of forward secrecy. The result of comparative analysis, the our proposed scheme is much more secure and efficient than the Wang-Li and Yoon et al.'s scheme.

Mobile Payment System Design with Transaction Certificate Mode (거래 인증 모드를 사용한 이동 결제 시스템 설계)

  • Sung, Soon-Hwa;Ryou, Jae-Cheol
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.24 no.5
    • /
    • pp.931-939
    • /
    • 2014
  • The Web or Mobile channel of previous Web access authentication system for a payment only provides the authentication of remote users, and does not provide the authentication between a user and a bank/financial institution. Therefore, this paper proposes the Transaction Certificate Mode(TCM) for a payment which can preserve the mutual authentication between a user and a bank/financial institution for Web-based payment systems. The proposed system has designed for wireless network instead of Secure Electronic Transaction (SET) designed for wired electronic transaction. In addition, this system with TCM is able to support an account-based transaction for wireless networks instead of a disadvantage of SET such as a card-based transaction for wired networks. Therefore, customers can check their balances without logging on their bank's web site again due to mutual authentication between a customer and his bank/financial institution.

Securing communication between EMS and remote devices in a Microgrid (마이크로그리드 환경에서 EMS와 원격 장치간 통신 보안)

  • Kim, Mi-sun;Park, Kyung-Woo;Kim, Jong-Man;Seo, Jae-Hyun
    • Smart Media Journal
    • /
    • v.7 no.4
    • /
    • pp.52-60
    • /
    • 2018
  • Energy Management System(EMS) of Microgrid(MG) collects and analyzes data from devices in the microgrid to provide information to operators, users and other systems. In the middle of the process, it is required to securely provide information through both wired and wireless communication networks. In this paper, we design and implement a module that provides encryption and decryption, key management, key distribution, and message authentication functions, thus enabling the development of a system which is safe from the exposure and modulation of data potentially occurrable during data transmission between RTU(Remote Terminal Unit) and EMS. Our method can increase the efficiency of connection and key management for RTU by connecting a virtual device(VD) to RTU.

Cybersecurity Threats and Countermeasures of the Smart Home Ecosystem

  • Darem, Abdulbasit;Alhashmi, Asma A.;Jemal, H.A.
    • International Journal of Computer Science & Network Security
    • /
    • v.22 no.3
    • /
    • pp.303-311
    • /
    • 2022
  • The tremendous growth of the Internet of things is unbelievable. Many IoT devices have emerged on the market over the last decade. This has made our everyday life easier inside our homes. The technology used at home has changed significantly over the past several decades, leading to what is known today as the smart home. However, this growth has also brought new challenges to our home security and privacy. With the smart home becoming more mainstream, cybersecurity issues have become a fundamental concern. The smart home is an environment where heterogeneous devices and appliances are interconnected through the Internet of Things (IoT) to provide smart services to residents. These services include home climate control, energy management, video on demand, music on-demand, remote healthcare, remote control, and other similar services in a ubiquitous manner. Smart home devices can be controlled via the Internet using smartphones. However, connecting smart home appliances to wireless networks and the Internet makes individuals vulnerable to malicious attacks. Remote access within the same environment or over the Internet requires an effective access control mechanism. This paper intends to shed light on how smart home devices are working as well as the type of security and privacy threats of the smart home. It also illustrated the types of authentication methods that can be used with smart home devices. In addition, a comparison of Smart home IoT-based security protocols was presented along with a security countermeasure that can be used in a smart home environment. Finally, a few open problems were mentioned as future research directions for researchers.

A Secure Telemedicine System for Smart Healthcare Service (스마트 헬스케어 서비스를 위한 홍채인식기반의 원격의료시스템)

  • Cho, Young-bok;Woo, Sung-Hee;Lee, Sang-Ho;Kim, Min-Kang
    • Journal of the Korea Institute of Information and Communication Engineering
    • /
    • v.21 no.1
    • /
    • pp.205-214
    • /
    • 2017
  • In this paper, we proposed an iris-based authentication for smart healthcare service in secure telemedicine system. The medical and healthcare information's are very important data in telemedicine system from privacy information. thus, the proposed system provides a secure and convenient authentication method than the traditional ID/PW authentication method to a telemedicine system for age-related chronic diseases. When considering the peculiarities of the use of age-related chronic diseases convenience and healthcare environments, the proposed approach is difficult to secure than traditional ID/PW authentication method with the appropriate means to easily change when stolen or lost to others. In addition, the telemedicine system for the smart healthcare services is one of the types of privacy sensitive medical and health data. it is very important security needs in telemedicine system. Thus we protocol are offer high confidentiality and integrity than existing ID/PW method.

Improvements of the Hsiang-Shih's remote user authentication scheme using the smart cards (스마트카드를 이용한 Hsiang-Shih의 원격 사용자 인증 스킴의 개선에 관한 연구)

  • An, Young-Hwa
    • Journal of the Korea Society of Computer and Information
    • /
    • v.15 no.2
    • /
    • pp.119-125
    • /
    • 2010
  • Recently Hsiang-Shih proposed the user authentication scheme to improve Yoon et al's scheme. But the proposed scheme has not been satisfied security requirements considering in the user authentication scheme using the password based smart card. In this paper, we proved that Hsiang-Shih's scheme is vulnerable to the off-line password guessing attack. In other words, the attacker can get the user's password using the off-line password guessing attack on the scheme when the attacker steals the user's smart card and extracts the information in the smart card. Also, the improved scheme based on the hash function and random number was introduced, thus preventing the attacks, such as password guessing attack, forgery attack and impersonation attack etc. And we suggested the effective mutual authentication scheme that can authenticate each other at the same time between the user and server.

Security Improvements on the Remote User Authentication Scheme Using Smart Cards (스마트카드를 사용한 원격 사용자 인증 스킴의 시큐리티 개선에 관한 연구)

  • Seo, Jeong-Man;An, Young-Hwa
    • Journal of the Korea Society of Computer and Information
    • /
    • v.15 no.3
    • /
    • pp.91-97
    • /
    • 2010
  • Recently Hu-Niu-Yang proposed the user authentication scheme to improve Liu et al's scheme. But the Hu-Niu-Yang's scheme has not been satisfied security requirements considering in the user authentication scheme using the password based smart card. In this paper, we proved that Hu-Niu-Yang's scheme is vulnerable to the off-line password guessing attack in case that the attacker steals the user's smart card and extracts the information in the smart card. Also, the improved user authentication scheme solving the security vulnerability was introduced, thus preventing the attacks, such as password guessing attack, forgery attack impersonation attack, and replay attack. For preventing those attacks, the our proposed scheme need more hash functions and exclusive-OR operations than Hu-Niu-Yang's scheme.

Mutual Authentication and Secure Session Termination Scheme in iATA Protocol

  • Ong, Ivy;Lee, Shirly;Lee, Hoon-Jae;Lim, Hyo-Taek
    • Journal of information and communication convergence engineering
    • /
    • v.8 no.4
    • /
    • pp.437-442
    • /
    • 2010
  • Ubiquitous mobile computing is becoming easier and more attractive in this ambient technological Internet world. However, some portable devices such as Personal Digital Assistant (PDAs) and smart phones are still encountering inherent constraints of limited storages and computing resources. To alleviate this problem, we develop a cost-effective protocol, iATA to transfer ATA commands and data over TCP/IP network between mobile appliances and stationary servers. It provides mobile users a virtual storage platform which is physically resided at remote home or office. As communications are made through insecure Internet connections, security risks of adopting this service become a concern. There are many reported cases in the history where attackers masquerade as legitimate users, illegally access to network-based applications or systems by breaking through the poor authentication gates. In this paper, we propose a mutual authentication and secure session termination scheme as the first and last defense steps to combat identity thief and fraud threat in particular for iATA services. Random validation factors, large prime numbers, current timestamps, one-way hash functions and one-time session key are deployed accordingly in the scheme. Moreover, we employ the concept of hard factorization problem (HFP) in the termination phase to against fraud termination requests. Theoretical security analysis discussed in later section indicates the scheme supports mutual authentication and is robust against several attacks such as verifiers' impersonation, replay attack, denial-of-services (DoS) attack and so on.

Cryptanalysis and Improvement of RSA-based Authentication Scheme for Telecare Medical Information Systems

  • Kim, Keewon
    • Journal of the Korea Society of Computer and Information
    • /
    • v.25 no.2
    • /
    • pp.93-103
    • /
    • 2020
  • The telecare medical information system (TMIS) supports convenient and rapid health-care services. A secure and efficient authentication and key agreement scheme for TMIS provides safeguarding electronic patient records (EPRs) and helps health care workers and medical personnel to rapidly making correct clinical decisions. Giri et al. proposed an RSA-based remote user authentication scheme using smart cards for TMIS and claimed that their scheme could resist various malicious attacks. In this paper, we point out that their scheme is still vulnerable to lost smart card attacks and replay attacks and propose an improved scheme to prevent the shortcomings. As compared with the previous authentication schemes for TMIS, the proposed scheme is more secure and practical.

An Improved User Authentication Scheme Based on Random Nonce (랜덤 Nonce 기반 사용자 인증 스킴의 안전성 개선에 관한 연구)

  • Joo, Young-Do;An, Young-Hwa
    • Journal of Korea Society of Industrial Information Systems
    • /
    • v.15 no.3
    • /
    • pp.33-40
    • /
    • 2010
  • Recently Yoon et al. proposed the remote user authentication scheme using smart cards. But their scheme has not satisfied security requirements which should be considered in the user authentication scheme using the password based smart card. In this paper, we prove that Yoon et al.'s scheme is vulnerable to a password guessing attack in case that the attacker steals the user's smart card and extracts the information from the smart card. Accordingly, we propose the improved user authentication scheme based on the hash function and random nonce that can withstand various possible attacks including a password guessing attack. The result of comparative analysis demonstrates that the our proposed scheme is much more secure and efficient than the Yoon et al.'s scheme, with a trivial trade-off to require just a few more exclusive-OR operations.