• Convergence Security Journal
• /
• v.19 no.3
• /
• pp.29-36
• /
• 2019

The convergence of traditional industry and ICT is a combination of security threats and vulnerabilities in ICT and specific industry-specific problems of existing industries, and new security threats and vulnerabilities are emerging. In particular, in the medical ICT convergence industry, various problems regarding user authentication are derived from the medical information system, which is being used for abuse and security weaknesses. According, this study designed and implemented a user authentication system for secure user management in medical ICT convergence environment. Specifically, we design and implement measures to solve the abuse and security weaknesses of ID sharing and to solve the inconvenience of individual ID / PW authentication by performing user authentication using personalized devices based on medical information systems.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.7 no.1
• /
• pp.119-131
• /
• 2013

With the explosive growth of computer networks, many remote service providing servers and multi-server network architecture are provided and it is extremely inconvenient for users to remember numerous different identities and passwords. Therefore, it is important to provide a mechanism for a remote user to use single identity and password to access multi-server network architecture without repetitive registration and various multi-server authentication schemes have been proposed in recent years. Recently, Tsaur et al. proposed an efficient and secure smart card based user authentication and key agreement scheme for multi-server environments. They claimed that their scheme satisfies all of the requirements needed for achieving secure password authentication in multi-server environments and gives the formal proof on the execution of the proposed authenticated key agreement scheme. However, we find that Tsaur et al.'s scheme is still vulnerable to impersonation attack and many logged-in users' attack. We propose an extended scheme that not only removes the aforementioned weaknesses on their scheme but also achieves user anonymity for hiding login user's real identity. Compared with other previous related schemes, our proposed scheme keeps the efficiency and security and is more suitable for the practical applications.

• Journal of KIISE:Computing Practices and Letters
• /
• v.9 no.2
• /
• pp.191-204
• /
• 2003

In the home gateway environment, several characteristics for the user authentication mechanism should be reflected separately from the existing distributed service environment. First, the platform of a home gateway is a component based system that its services are installed dynamically. Second, the convenience that user can use several services by authentication of once should be offered. Finally, the system resources of a home gateway are restricted. However, a user authentication mechanism that reflected these characteristics is not shown at the user admin service specification of the OSGi service platform.(OSGi is the representative standardization organization of hone gateway.) Also, there is no existing authentication protocol that satisfies these qualities at the same time. In this paper, we propose a new user authentication mechanism considering those characteristics for the home gateway environment. We also design and implement an independent authentication service bundle based on the OSGi service platform so that it can perform user authentication operations for each bundle service. We supplement and extend the Kerberos Protocol that can apply.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.12 no.10
• /
• pp.4612-4617
• /
• 2011

Hsiang-Shin proposed a user authentication scheme which was created by improving Yoon's scheme. Afterwards, An showed the failure to meet security requirements which are considered in user authentication using password-based smart card in Hsiang-Shih-suggested scheme. In other words, it was found that an attacker can steal a user's card, and detect a user's password by temporarily accessing it and extracting the information stored in it. However, An-proposed scheme also showed its vulnerability to password-guessing attack and forgery/impersonation attack, etc. and thus, this paper proposed the improved user authentication scheme. The proposed authentication scheme can thwart the password-guessing attack completely and this paper proposed scheme also includes an efficient mutual authentication method that can make it possible for users and authentication server to certify the other party.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.6
• /
• pp.1419-1429
• /
• 2017

Recently, environment based authentication technique had proposed reinforced authentication, which generating statistical model per user after user login history classifies into account takeover or legitimate login. But reinforced authentication is likely to be attacked if user was not attacked in past. To improve this problem in this paper, we propose unconsciousness authentication technique that generates 2-Class user model, which trains user's environmental information and others' one using machine learning algorithms. To evaluate performance of proposed technique, we performed evasion attacks: non-knowledge attacker that does not know any information about user, and sophisticated attacker that only knows one information about user. Experimental results against non-knowledge attacker show that precision and recall of Class 0 were measured as 1.0 and 0.998 respectively, and experimental results against sophisticated attacker show that precision and recall of Class 0 were measured as 0.948 and 0.998 respectively.

• KIPS Transactions on Computer and Communication Systems
• /
• v.2 no.12
• /
• pp.517-524
• /
• 2013

Although password-based authentication as known as knowledge-based authentication was commonly used but intrinsic problems such as dictionary attack remain unsolved. For that the study on possession-based authentication was required. User remote authentication using smartcard is proceeding actively since Lee et al. proposed user remote authentication using knowledge-based information(password) and possession-base information(smartcard) in 2002. in 2009, Xu et al. proposed a new protocol preserving user anonymity and Shin et al. proposed enhanced scheme with analysis of its vulnerabilities on user anonymity and masquerading attack in 2012. In this paper, we analyze Shin et al. scheme on forward secrecy and insider attack and present novel user authentication based on elliptic curve cryptosystem which is secure against forward secrecy, insider attack, user anonymity and masquerading attack.

• The Journal of the Korea Contents Association
• /
• v.20 no.9
• /
• pp.389-396
• /
• 2020

E-authentication is one of the key functions for electronic transactions with the identification function made through the information systems. With the abolition of the mandatory use of public certificates, various private e-authentication services have emerged, and are developing to provide various additional services in addition to e-authentication. In this study, we explored the factors that affect user satisfaction with e-authentication services, compared the relative influence among the factors that we explored, and produced implications that could contribute to strengthening the competitiveness of e-authentication services. Based on the characteristics of e-authentication service, we searched and found four factors such as availability, convenience, added functionality and security. After that, we established and analyzed our research model to analyze the causal relationship between these four factors and user satisfaction. The analysis results showed that availability, convenience and security had significant effects on user satisfaction, but added functionality had no significant impact. In addition, compared to availability and convenience, security had a very strong impact on user satisfaction. This study suggests that e-authentication service providers should make efforts to make users aware of the usefulness of additional services while enhancing security.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.7 no.3
• /
• pp.85-95
• /
• 2011

Smart phones, greatly expanding in the recent mobile market, are equipped with various features compared to existing feature phones and provide the conveniences to in several ways. The camera, one of the features of a smartphone, creates the digital contents, such photos and videos, and plays a role for the media which transmits information, such as video calls and bar code reader. QR-Code recognition is also one of the camera features. It contains a variety of information in two-dimensional bar code type in matrix format, and makes it possible to obtain the information by using smart phones. This paper analyzes the method of QR-Code recognition, password method-the existing user-authentication technique, smart card, biometrics and voice recognition and so on and thenn designs a new user-authentication technique. The proposed user-authentication technique is the technique in which QR-Code, which can be simply granted is read by smart phones and transmitted to a server, for authentication. It has the advantages in view that it will simply the process of authentication and conteract the disadvantages, such as brute force attack, man-inthe-middle attack, and keyboard hacking, which may occur in other authentication techniques.

• Journal of the Korea Society of Computer and Information
• /
• v.19 no.10
• /
• pp.99-106
• /
• 2014

In this paper, we analyze weaknesses of the biometrics-based user authentication scheme proposed by An. The result of analysis An's authentication scheme by the login success scenario proposed in this paper, if the attacker successes to get user's random number, he/she can pass user authentication phase of the legal server. Also the biometrics guessing scenario proposed in this paper shows the legal user's the biometric information is revealed in lost smart card. Since An's authentication scheme submit user ID and biometrics in plain text to the server, it is very vulnerable to inner attack and it is not provide the user anonymity to the server as well as the one to the third by user ID in plain text. Besides An's authentication scheme is contextual error too, due to this, it has weakness and so on that it did not check the validity of the smart card holder.

• Proceedings of the IEEK Conference
• /
• 2004.08c
• /
• pp.519-523
• /
• 2004

In this paper we challenge the user Authentication using KerberosV5 authentication protocol in WPKI environment. This paper is the security structure that defined in a WAP forum and security and watches all kinds of password related technology related to the existing authentication system. It looks up weakness point on security with a problem on the design that uses wireless public key based structure and transmission hierarchical security back of a WAP forum, and a server client holds for user authentication of an application layer all and all, and it provides one counterproposal. Therefore, We offer authentication way solution that connected X.509 V3 with using WIM for complement an authentication protocol KerberosV5 and its disadvantages.