• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.12 no.6
• /
• pp.91-98
• /
• 2012

Password-based authentication schemes have been widely adopted in order to protect resources from unauthorized access. In 2008, Liu et al. proposed a new mutual authentication scheme using smart cards which can withstand the forged attack. In this paper, author has proven that Liu et al.'s scheme is still vulnerable to the various attacks by analyzing the security of their scheme. This paper introduces an enhanced scheme to overcome these security weakness and to provide mutual authentication between the user and the server, even if the secrete information stored in the smart card is revealed by an attacker. The comparative result from the security analysis demonstrates that the proposed scheme is more secure against the possible attacks than Liu et al.'s scheme.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.39C no.11
• /
• pp.994-999
• /
• 2014

Nowadays we use biometrics such as face, fingerprint or palm print for registration and authentication with smart phone. When use camera function of smart phone, normally they overlay a specific image on camera preview as guideline and induce user to take picture uniformly. In this paper, use palm print for authentication factor with smart phone, we propose a new guideline and show the result about user experiment in terms of authentication success ratio.

• Journal of the Korea Society of Computer and Information
• /
• v.26 no.10
• /
• pp.101-108
• /
• 2021

In this paper, we analyze Shin's proposed dynamic ID-based user authentication scheme for TMIS(Telecare Medicine Information System), and Shin's authentication scheme is vulnerable to smart card loss attacks, allowing attackers to acquire user IDs, which enables user impersonation attack. In 2019, Shin's proposed authentication scheme attempted to generate a strong random number using ECC, claiming that it is safe to lose a smart card because it is impossible to calculate random number r'i due to the difficulty of the ECC algorithm without knowing random number ri. However, after analyzing Shin's authentication scheme in this paper, the use of transmission messages and smart cards makes it easy to calculate random numbers r'i, which also enables attackers to generate session keys. In addition, Shin's authentication scheme were analyzed to have significantly greater overhead than other authentication scheme, including vulnerabilities to safety analysis, the lack of a way to pass the server's ID to users, and the lack of biometric characteristics with slightly different templates.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.3
• /
• pp.525-536
• /
• 2012

This paper proposes methods of securing Smart Grid system against various types of cyber threats by separating AMI networks from the public network, the Internet, and providing an AMI specific authentication framework. Due to the fact that thousands and millions of AMI devices to be deployed would be directly or indirectly connected to the public network without any authentication procedures for access control, currently being developed AMI architectures could be widely exposed to considerable number of penetrating attacks. Furthermore, there have not been a sufficient number of researches on authentication frameworks with basis on the specific circumstances of AMI networking that should support varied authentication protocols among security associations and AMI linking devices. This work makes a proposal of isolating smart meters from HAN devices and the Internet and integrating network/application level authentication frameworks with an EAP-based authentication architecture. These approaches are beneficial to deploy AMI with security and efficiency.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.27 no.1
• /
• pp.97-102
• /
• 2023

IoT is being used in a lot of industry domain such as smart home, smart ocean, smart energy, and smart farm, as well as legacy information services. For a server, an IoT device using the same protocol is a trusted object. Therefore, a malicious attacker can use an unauthorized IoT device to access IoT-based information services and access unauthorized important information, and then modify or extract it to the outside. In this study, to improve these problems, we propose an IoT device authentication system used in IoT-based information service. The IoT device authentication system proposed in this study applies identifier-based authentication such as MAC address. If the IoT device authentication function proposed in this study is used, only the authenticated IoT device can access the server. Since this study applies a method of terminating the session of an unauthorized IoT device, additional research on the access deny method, which is a more secure authentication method, is needed.

• Journal of Practical Engineering Education
• /
• v.16 no.3_spc
• /
• pp.327-332
• /
• 2024

The spread of smart phones provides users with a variety of services, making their lives more convenient. In particular, financial transactions can be easily made online after user authentication using a smart phone. Users easily access the service by authenticating using a PIN, but this makes them vulnerable to social engineering attacks such as spying or recording. We aim to increase security against social engineering attacks by applying the authentication method including imaginary numbers when entering a password at the door lock to smart phones. Door locks perform PIN authentication within the terminal, but in smart phones, PIN authentication is handled by the server, so there is a problem in transmitting PIN information safely. Through the proposed technique, multiple PINs containing imaginary numbers are generated and transmitted as processed values such as hash values, thereby ensuring the stability of transmission and enabling safe user authentication through a technique that allows the PIN to be entered without exposure.

• The Transactions of The Korean Institute of Electrical Engineers
• /
• v.60 no.2
• /
• pp.416-422
• /
• 2011

Smart grid is the next generation intelligent power grid that combines the existing electric power infrastructure and information infrastructure. It can optimize the energy efficiency in both directions, suppliers and power consumers to exchange information in real time. In smart grid environments, with existing network security threats due to the smart grid characteristics, there are additional security threats. In this paper, we propose a security mechanism that provides mutual authentication and key agreement between a remote user and the device. The proposed mechanism has some advantages that provides secure mutual authentication and key agreement and secure against a replay attack and impersonation attacks.

• Journal of Digital Convergence
• /
• v.10 no.5
• /
• pp.215-222
• /
• 2012

A smart phone has functions of both telephone and computer. The wide spread use of smart phones has sharply increased the demand for mobile commerce. The smart phone based mobile services are available anytime, anywhere. In commercial transactions, a digital signature scheme is used to make legally binding signature to prove both integrity of commercial document and verification of the signer. Smart phones are more risky compared with personal computers on the problems of how to protect privacy information. It's also easy to let proxy user to authenticate instead of the smart phone owner. In existing password or token based schemes, the ID is not physically bound to the owner. Thus, those schemes can not solve the problem of proxy authentication. To utilize the smart phone as the platform of mobile commerce, a study on the new type of authentication scheme is needed where the scheme should provide protocol to get legally binding signature and not to authenticate proxy user. In this paper, we create the mobile ID by using both the USIM and voice template of the smart phone owner. We also design and implement the user authentication scheme based on the mobile ID.

• International Journal of Internet, Broadcasting and Communication
• /
• v.8 no.1
• /
• pp.7-18
• /
• 2016

Several authentication methods have been developed to make use of tokens in the mobile networks and smart payment systems. Token used in smart payment system is genearated in place of Primary Account Number. The use of token in each payment transaction is advantageous because the token authentication prevents enemy from intercepting credit card number over the network. Existing token authentication methods work together with the cryptogram, which is computed using the shared key that is provisioned by the token service provider. Long lifetime and repeated use of shared key cause potential brawback related to its vulnerability against the brute-force attack. This paper proposes a per-transaction shared key mechanism, where the per-transaction key is agreed between the mobile device and token service provider for each smart payment transaction. From server viewpoint, per-transaction key list is easy to handle because the per-transaction key has short lifetime below a couple of seconds and the server does not need to maintain the state for the mobile device. We analyze the optimum size of the per-transaction shared key which satisfy the requirements for transaction latency and security strength for secure payment transactions.

• Journal of KIISE:Computer Systems and Theory
• /
• v.36 no.4
• /
• pp.304-310
• /
• 2009

Due to widely use of internet, a lot of users frequently access into remote server in distributed computing environment. However, transmitting the information using vulnerable channel without authentication security system can be exposed to replay attack, offline password attack, and impersonation attack. According to this possibility, there is research about authentication protocol to prevent these hostile attacks using smart card. In this paper, we analyze vulnerability of user authentication system based on password and propose modified user authentication system.