• Journal of the Korea Society of Computer and Information
• /
• v.14 no.3
• /
• pp.133-138
• /
• 2009

Recently Lin et al. proposed the remote user authentication scheme using smart cards. But the proposed scheme has not been satisfied security requirements considering in the user authentication scheme using the password based smart card. In this paper, we showed that he can get the user's password using the off-line password guessing attack on the scheme when the adversary steals the user's smart card and extracts the information in the smart card. Also, we proposed the seven security requirements for evaluating remote user authentication schemes using smart card. As a result of analysis, in Lin et al's scheme we have found the deficiencies of security requirements. So we suggest the improved scheme, the mutual authentication scheme that does not store the user's password verifier in server and can authenticate each other at the same time between the user and server.

• Journal of the Korea Convergence Society
• /
• v.11 no.5
• /
• pp.19-25
• /
• 2020

As the number of mobile device users increases, research on various user authentication methods has been actively conducted to protect sensitive personal information. Knowledge-based techniques have the disadvantage that security is deteriorated due to easy exposure of authentication means, and proprietary-based techniques have a problem of increasing construction cost and low user convenience to use the service. In order to solve this problem, a FIDO authentication system, which is a user authentication method using a smart device, has been proposed. Since the FIDO authentication system performs authentication based on the biometric information of the user, the risk of the authentication means being leaked is low, and since the authentication information is stored in the user's smart device, the user information due to server hacking is solved. Through this, it is possible to select and utilize user authentication technology suitable for the security level of the service. In this paper, we introduce the FIDO authentication system, explain the main parts required for FIDO UAF client-server development, and show examples of implementation using UAF open source provided by ebay.

• The KIPS Transactions:PartC
• /
• v.12C no.5 s.101
• /
• pp.757-764
• /
• 2005

With the increasing service Qualify and security in the Mobile Internet Diameter technology based on the AAAv6 is being used in the user authentication. But there are some Problems on the authentication Procedures of the Diameter in which the security falls down from a loaming service or Internet transmission course. We combine it with the cipher algorithm like EAP-MD5 and accomplish a user authentication processing. If we want to supply the user authentication with the mobility among domains by AAAv6-based Diameter, we need the efficient capacity allocation among AAA attendent, AAAv, AhAb, AAAh, HA servers in the AAAv6. Therefore in this paper, we propose to make the authentication capacity index to carry out user authentication ability by analyzing an EAP-MD5S server capacity model of AAAv6 authentication models for users with mobility among domains, and to find the optimized condition for the AAAv6 capacity by the index.

• The Journal of the Korea Contents Association
• /
• v.18 no.9
• /
• pp.141-148
• /
• 2018

Currently, the user authentication technology used by users to access multiple applications within an organization is being applied with ID/PW-based SSO technology. These user authentication methods have the fundamental disadvantages of ID/PW and SSO. This means that security vulnerabilities in ID/PW can lead to periodic changes in PWs and limits on the number of incorrect PW inputs, and SSO adds high cost of the SSO server, which centrally stores the authentication information, etc. There is also a fundamental vulnerability that allows others to freely use other people's applications when they leave the portal application screen with SSO. In this paper, we proposed an app-based 2-channel authentication scheme to fundamentally eliminate problems with existing ID/PW-based SSO user authentication technologies. To this end, it distributed centralized user authentication information that is stored on SSO server to each individual's smartphone. In addition, when users access a particular application, they are required to be authenticated through their own smartphone apps.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.11 no.3
• /
• pp.1742-1760
• /
• 2017

Recent evolution in the open access internet technology demands that the identifying information of a user must be protected. Authentication is a prerequisite to ensure the protection of user identification. To improve Qu et al.'s scheme for remote user authentication, a recent proposal has been published by Huang et al., which presents a key agreement protocol in combination with ECC. It has been claimed that Huang et al. proposal is more robust and provides improved security. However, in the light of our experiment, it has been observed that Huang et al.'s proposal is breakable in case of user impersonation. Moreover, this paper presents an improved scheme to overcome the limitations of Huang et al.'s scheme. Security of the proposed scheme is evaluated using the well-known random oracle model. In comparison with Huang et al.'s protocol, the proposed scheme is lightweight with improved security.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.9 no.12
• /
• pp.4987-5014
• /
• 2015

The bilinear pairing, also known as Weil pairing or Tate pairing, is widely used in cryptography and its properties help to construct cryptographic schemes for different applications in which the security of the transmitted data is a major concern. In remote login authentication schemes, there are two major requirements: i) proving the identity of a user and the server for legitimacy without exposing their private keys and ii) freedom for a user to choose and change his password (private key) efficiently. Most of the existing methods based on the bilinear property have some security breaches due to the lack of features and the design issues. In this paper, we develop a new scheme using the bilinear property of an elliptic point and the biometric characteristics. Our method provides many features along with three major goals. a) Checking the correctness of the password before sending the authentication message, which prevents the wastage of communication cost; b) Efficient password change phase in which the user is asked to give a new password after checking the correctness of the current password without involving the server; c) User anonymity - enforcing the suitability of our scheme for applications in which a user does not want to disclose his identity. We use BAN logic to ensure the mutual authentication and session key agreement properties. The paper provides informal security analysis to illustrate that our scheme resists all the security attacks. Furthermore, we use the AVISPA tool for formal security verification of our scheme.

• Journal of Korea Society of Industrial Information Systems
• /
• v.16 no.1
• /
• pp.9-19
• /
• 2011

Secure and efficient authentication schemes over insecure networks have been a very important issue with the rapid development of networking technologies. Wang et al. proposed a remote user authentication scheme using smart cards. However, recently, Chen et al. pointed out that their scheme is vulnerable to the impersonation attack and the parallel session attack, and they proposed an enhanced authentication scheme. Chen et al. claimed that their scheme is secure against the various attacks. However, we have found that their scheme cannot resist the parallel attack and the stolen smart card attack. Therefore, in this paper, we show the security flaws in Chen et al.'s scheme and propose an improved remote user authentication scheme using tamper-resistant smart cards to solve the problem of Chen et al.'s scheme. We also analyze our scheme in terms of security and performance.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.31 no.11C
• /
• pp.1023-1029
• /
• 2006

In this Paper, we present a novel authentication and key exchange(AKE) protocol for inter-NSP(provider) roaming in IEEE 802.16e networks. The proposed protocol allows performing both user and device authentication jointly by using two different authentication credentials and Provides user anonymity and session key establishment. Also, this protocol requires only two round number message exchange between foreign network and home network.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.10 no.3
• /
• pp.1289-1310
• /
• 2016

Dynamic ID-based authentication solves the ID-theft problem by changing the ID in each session instead of using a fixed ID while performing authenticated key exchanges between communicating parties. User anonymity is expected to be maintained and the exchanged key kept secret even if one of the long-term keys is compromised in the future. However, in the conventional dynamic ID-based authentication scheme, if the server's long-term key is compromised, user anonymity can be broken or the identities of the users can be traced. In addition, these schemes are vulnerable to replay attacks, in which any adversary who captures the authentication message can retransmit it, and eventually cause the legitimate user to be denied service. This paper proposes a novel dynamic ID-based authentication scheme that preserves forward anonymity as well as forward secrecy and obviates replay attacks.

• International Journal of Computer Science & Network Security
• /
• v.21 no.11
• /
• pp.321-327
• /
• 2021

Mobile devices have recently developed to be an integral part of humans' daily lives because they meet business and personal needs. It is challenging to design a feasible and effective user authentication method for mobile devices because security issues and data privacy threats have significantly increased. Biometric approaches are more effective than traditional authentication methods. Therefore, this paper aims to analyze the existing biometric user authentication methods on mobile platforms, particularly those that use face recognition, to demonstrate the methods' feasibility and challenges. Next, this paper evaluates the methods according to seven characteristics: universality, uniqueness, permanence, collectability, performance, acceptability, and circumvention. Last, this paper suggests that solely using the method of biometric authentication is not enough to identify whether users are authentic based on biometric traits.