• 디지털산업정보학회논문지
• /
• 제10권1호
• /
• pp.81-87
• /
• 2014

Password-based authentication using smart card provides two factor authentications, namely a successful login requires the client to have a valid smart card and a correct password. While it provides stronger security guarantees than only password authentication, it could also fail if both authentication factors are compromised ((1) the user's smart card was stolen and (2) the user's password was exposed). In this case, there is no way to prevent the adversary from impersonating the user. Now, the new technology of biometrics is becoming a popular method for designing a more secure authentication scheme. In terms of physiological and behavior human characteristics, biometric information is used as a form of authentication factor. Biometric information, such as fingerprints, faces, voice, irises, hand geometry, and palmprints can be used to verify their identities. In this article, we review the biometric-based authentication scheme by Cheng et al. and provide a security analysis on the scheme. Our analysis shows that Cheng et al.'s scheme does not guarantee any kind of authentication, either server-to-user authentication or user-to-server authentication. The contribution of the current work is to demonstrate these by mounting two attacks, a server impersonation attack and a user impersonation attack, on Cheng et al.'s scheme. In addition, we propose the enhanced authentication scheme that eliminates the security vulnerabilities of Cheng et al.'s scheme.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제6권12호
• /
• pp.3366-3383
• /
• 2012

Reliance on the Internet has introduced Voice over Internet Protocol (VoIP) to various security threats. A reliable security protocol and an authentication scheme are thus required to prevent the aforementioned threats. However, an authentication scheme often demands additional cost and effort. Accordingly, a security framework for known participants in VoIP communication is proposed in this paper. The framework is known as Randomness-Optimized Self-Securing (ROSS), which performs authentication automatically throughout the session by optimizing the uniqueness and randomness of the communication itself. Elliptic Curve Diffie-Hellman (ECDH) key exchange and Salsa20 stream cipher are utilized in the framework correspondingly to secure the key agreement and the communication with low computational cost. Human intelligence supports ROSS authentication process to ensure participant authenticity and communication regularity. The results show that with marginal overhead, the proposed framework is able to secure VoIP communication by performing reliable authentication.

• International Journal of Internet, Broadcasting and Communication
• /
• 제11권3호
• /
• pp.59-63
• /
• 2019

VoIP technology is a technology for exchanging voice or video data through IP network. Various protocols are used for this technique, in particular, RTP(Real-time Transport Protocol) protocol is used to exchange voice data. In recent years, with the development of communication technology, there has been an increasing tendency of services such as "Kakao Voice Talk" to exchange voice and video data through IP network. Most of these services provide a service with security guarantee by a user authentication process and an encryption process. However, RTP protocol does not require encryption when transmitting data. Therefore, there is an exposition risk in the voice data using RTP protocol. We will present the risk of the situation where packets are sniffed in VoIP(Voice over IP) communication using RTP protocol. To this end, we configured a VoIP telephone network, applied our own sniffing tool, and analyzed the sniffed packets to show the risk that users' data could be exposed unprotected.

• 대한임베디드공학회논문지
• /
• 제16권3호
• /
• pp.89-97
• /
• 2021

Voice interface can not only make daily life more convenient through artificial intelligence speakers but also improve the working environment of the factory. This paper presents a voice-assisted work management system that supports both speech and speaker recognition. This system is able to provide machine control and authorized worker authentication by voice at the same time. We applied two speech recognition methods, Google's Speech application programming interface (API) service, and DeepSpeech speech-to-text engine. For worker identification, the SincNet architecture for speaker recognition was adopted. We implemented a prototype of the work management system that provides voice control with 26 commands and identifies 100 workers by voice. Worker identification using our model was almost perfect, and the command recognition accuracy was 97.0% in Google API after post- processing and 92.0% in our DeepSpeech model.

• 한국정보통신학회:학술대회논문집
• /
• 한국정보통신학회 2018년도 춘계학술대회
• /
• pp.82-85
• /
• 2018

본 논문은 IP Camera 사용자 인증 시 인증 방법을 향상하는 목적에 있다. 기존 인증은 지식기반 인증 방식을 이용하기 때문에 공격자의 공격에 ID, PW가 노출되면 IP Camera는 공격자에게서 무방비상태가 된다. 공격자는 IP Camera에 접속하여 실시간 영상과 음성을 획득, 유포하여 2차 범죄로 악용될 수 있고 비밀시설의 설치된 경우 비밀누설의 우려가 있다. 이러한 취약점을 보완하기 위해 본 논문에서는 DUI(Device unique identifier)를 이용하여 Device를 식별, 등록하고 IP Camera에 Device를 종속시켜 허가되지 않는 Device의 접근을 막고 허가된 Device만 인증하는 DUI 인증을 제안한다.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제17권10호
• /
• pp.2844-2861
• /
• 2023

Internet is the most prevailing word being used nowadays. Over the years, people are becoming more dependent on the internet as it makes their job easier. This became a part of everyone's life as a means of communication in almost every area like financial transactions, education, and personal-health operations. A lot of data is being converted to digital and made online. Many researchers have proposed different authentication factors - biometric and/or non-biometric authentication factors - as the first line of defense to secure online data. Among all those factors, passwords and passphrases are being used by many users around the world. However, the usability of these factors is low. Also, the passwords are easily susceptible to brute force and dictionary attacks. This paper proposes the generation of a novel passcode from the hybrid authentication factor - sound. The proposed passcode is evaluated for its strength to resist brute-force and dictionary attacks using the Shannon entropy and Passcode (or password) entropy formulae. Also, the passcode is evaluated for its usability. The entropy value of the proposed is 658.2. This is higher than that of other authentication factors. Like, for a 6-digit pin - the entropy value was 13.2, 101.4 for Password with Passphrase combined with Keystroke dynamics and 193 for fingerprint, and 30 for voice biometrics. The proposed novel passcode is far much better than other authentication factors when compared with their corresponding strength and usability values.

• 정보보호학회논문지
• /
• 제20권5호
• /
• pp.133-138
• /
• 2010

본 논문은 얼굴과 음성 정보를 사용한 다중 바이오 인증에서, 특정 단계의 융합과 결정 단계의 융합을 동시에 수행하는 다단계 융합 방법을 제안한다. 얼굴과 음성 특징을 1차 융합한 얼굴 음성 융합특징에 대해 Support Vector Machines(SVM)을 생성한 후, 이 융합특징 SVM 인증기의 결정과 얼굴 SVM 인증기의 결정, 음성 SVM 인증기의 결정들을 다시 2차 융합하여 최종 인증 여부를 결정한다. XM2VTS 멀티모달 데이터베이스를 사용하여 특징 단계 융합, 결정 단계 융합, 다단계 융합 인증을 비교 실험한 결과, 제안한 다단계 융합에 의한 인증이 가장 우수한 성능을 보였다.

• 디지털산업정보학회논문지
• /
• 제7권3호
• /
• pp.85-95
• /
• 2011

Smart phones, greatly expanding in the recent mobile market, are equipped with various features compared to existing feature phones and provide the conveniences to in several ways. The camera, one of the features of a smartphone, creates the digital contents, such photos and videos, and plays a role for the media which transmits information, such as video calls and bar code reader. QR-Code recognition is also one of the camera features. It contains a variety of information in two-dimensional bar code type in matrix format, and makes it possible to obtain the information by using smart phones. This paper analyzes the method of QR-Code recognition, password method-the existing user-authentication technique, smart card, biometrics and voice recognition and so on and thenn designs a new user-authentication technique. The proposed user-authentication technique is the technique in which QR-Code, which can be simply granted is read by smart phones and transmitted to a server, for authentication. It has the advantages in view that it will simply the process of authentication and conteract the disadvantages, such as brute force attack, man-inthe-middle attack, and keyboard hacking, which may occur in other authentication techniques.

• 대한전자공학회:학술대회논문집
• /
• 대한전자공학회 2004년도 학술대회지
• /
• pp.759-763
• /
• 2004

While the needs for VoIPs(Voice over IP) encourage the commercial trials for VoIP services, there are many problems such as user authentication, blocking of illegal user and eavesdropping. In this paper, a management algorithm of registration of VoIP terminals is explained and security methods for tolling and data encryption module is designed and built up. The module structure will have the advantages of the entire development of secured gatekeeper without whole modification of gatekeeper. In order to secure the ordinary gatekeeper based on H.323 standard, user authentication and data encryption technologies are developed based on the H.235 standard and simply located over the plain H.323 stacks. The data structures for secured communications are implemented according to ASN.1 structures by H.235.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제11권8호
• /
• pp.4025-4042
• /
• 2017

Session initiation protocol (SIP) is a kind of powerful and common protocols applied for the voice over internet protocol. The security and efficiency are two urgent requirements and admired properties of SIP. Recently, Hamed et al. proposed an efficient authentication and key agreement scheme for SIP. However, we demonstrate that Hamed et al.'s scheme is vulnerable to de-synchronization attack and cannot provide anonymity for users. Furthermore, we propose an improved and efficient authentication and key agreement scheme by using elliptic curve cryptosystem. Besides, we prove that the proposed scheme is provably secure by using secure formal proof based on Burrows-Abadi-Needham logic. The comparison with the relevant schemes shows that our proposed scheme has lower computation costs and can provide stronger security.