Hyungkyu Yang

Security Analysis of a Secure Dynamic ID based Remote User Authentication Scheme for Multi-server Environment

Recently, user authentication schemes using smart cards for multi-server environment have been proposed for practical applications. In 2009, Liao-Wang proposed a secure dynamic ID based remote user authentication scheme for multi-server environment that can withstand the various possible attacks and provide user anonymity. In this paper, we analyze the security of Liao-Wang`s scheme, and we show that Liao-Wang`s scheme is still insecure against the forgery attack, the password guessing attack, the session key attack, and the insider attack. In addition, Liao-Wang`s scheme does not provide user anonymity between the user and the server.

A Study of Security Weaknesses of QR Codes and Its Countermeasures

Recently, due to widespread use of smartphones, the number of applications of the QR code is increased rapidly. QR codes, a kind of 2-dimensional barcode, is used to encode information such as simple URLs or namecards, especially for corporates` advertisement. Users can get some information easily by taking picture of the target QR code, however, fake or altered QR codes can cause serious problems, e.g., URL hijacking or infringement of private information because no one can identify the buried information in the QR code by his naked eye. In this paper, I summarize threats to the QR code and present how to tackle these threats.

A method for deciding quantization steps in QIM watermarking schemes

In this paper, we propose a method for enlarging quantization steps of a QIM watermarking scheme which determines the perceptual quality and robustness of the watermarked images. In general, increasing the quantization steps leads to good robustness but poor perceptual quality of watermarked images and vice versa. However, if we choose the quantization steps considering the expected quantization results as well as the original images, we can increase both robustness and perceptual quality of the watermarked images.

Improvement of Biometrics and Smart Cards-based Authentication Scheme for Multi-Server Environments

In multi-server environments, remote user authentication is an extremely important issue because it provides authorization while users access their data and services. Moreover, the remote user authentication scheme for multi-server environment has resolved the problem of users needing to manage their different identities and passwords. For this reason, many user authentication schemes for multi-server environments have been proposed in recent years. In 2015, Lu et al. improved Mishra et al.s scheme, and claimed that their scheme is a more secure and practical remote user authentication for multi-server environments. However, we found that Lu et al.s scheme is actually insecure and incorrect. In this paper, we demonstrate that their scheme is vulnerable to outsider attack, user forgery attack. We then propose a new biometrics and smart card-based authentication scheme. Finally, we show that our proposed scheme is more secure and supports security properties.

Efficient RFID authentication protocol for minimizing RFID tag computation

RFID systems have become vital technology for realizing ubiquitous computing environments. However, features of RFID systems present potential security and privacy problems. In an effort to resolve these problems, many kinds of security and privacy enhancement technologies have been researched. However, solutions produced to date still have flaws and are not sufficiently effective for real RFID systems such as the EPCglobal network™. Therefore, in this paper, to make RFID systems more secure and efficient, improved technology based on password, is proposed. The proposed technology combines an encryption algorithm with a password-derived key, and can be applied to low-cost RFID systems for enhancing the security and privacy of these systems.

User Authentication Scheme based on Security-enhanced Biometric Information for C/S System

Password-based authentication schemes for server-client system are convenient to use, but vulnerable to dictionary attack or brute-force attack. To solve this vulnerability, Cryptographic secret key is used for security, but difficult to memorize. So, for the first time, Das proposed a biometric-based authentication scheme to solve various problems but it has various vulnerabilities. Afterwards, Jiping et al. improved Das`s scheme, but some vulnerabilities remain. In this paper, we analyze the cryptanalysis of Jiping et al.`s authentication scheme and then propose improved biometric based user authentication scheme to resolve the analyzed problem. Moreover, we conduct a security analysis for the proposed scheme and make a comparison between the proposed scheme and other biometric based user authentications.

Cryptanalysis of Enhanced Biometric-Based Authentication Scheme for Telecare Medicine Information Systems Using Elliptic Curve Cryptosystem

To achieve the security and privacy, many remote user authentication schemes based on cryptography for telecare medicine information systems have been proposed. Recently, Lu et al. proposed an enhanced biometric-based authentication scheme for telecare medicine information system using elliptic curve cryptosystem. They found that Arshad et al.’s scheme was vulnerable to off-line password guessing attack and user impersonation attack, and claimed that their scheme was more secure against various attacks. However, we demonstrate that their scheme is still insecure and vulnerable to outsider attack, user impersonation attack, server impersonation attack and smart card stolen attack in this paper.

Practical and provably-secure multicasting over high-delay networks

This paper considers the problem of authenticated key exchange in a dynamic group in which members join and leave the group in an arbitrary fashion. A group key exchange scheme for such a dynamic group is designed to minimize the cost of the rekeying operations associated with group updates. Although a number of schemes have attempted for many years to address this problem, all provably-secure schemes are inadequate in dealing with a dynamic group where group members are spread across a wide area network; their communication overhead for group rekeying is significant in terms of the number of communication rounds or the number of messages, both of which are recognized as the dominant factors that severely slow down group key exchange over a wide area network. In this paper, we propose an efficient key exchange scheme for this scenario and prove its security against an active adversary under the factoring assumption. The proposed scheme requires only a constant number of rounds while achieving low message complexity.

The efficient signature in the smart card system

In this paper, we propose a new kind of efficient signature scheme that is the dual scheme of undeniable signatures. Also we construct a practical protocol that implements it using smart card. The new technique proposed in this paper achieves the following objectives: only the nominee can verify the nominator (signer)s signature and if necessary, only nominee can prove to the third party that the signature is issued to him (her) and is valid. Contrary to the undeniable signature scheme, nominative signatures are confirmed via a protocol between the nominee and the third party, so the cooperation of the nominee is necessary. That is, not a signer (nominator) but verifier (nominee) can control the abuse of signatures. Undeniable signature cannot be verified without the cooperation of the signer, so the signer controls the abuse of signatures.

Improvement on a Biometric-Based Key Agreement and Authentication Scheme for the Multi-server Environments

With the rapid spiraling network users expansion and the enlargement of communication technologies, the multi-server environment has been the most common environment for widely deployed applications. Wang et al. recently have shown that Mishra et al.’s biohasing-based authentication scheme for multi-server was insecure, and then presented a fuzzy-extractor-based authentication protocol for key-agreement and multi-server. They continued to assert that their protocol was more secure and efficient. After a prudent analysis, however, their enhanced scheme still remains vulnerabilities against well-known attacks. In this paper, the weaknesses of Wang et al.’s protocol such as the outsider and user impersonation attacks are demonstrated, followed by the proposal of a new fuzzy-extractor and smart card-based protocol, also for key agreement and multi-server environment. Lastly, the authors shows that the new key-agreement protocol is more secure using random oracle method and Automated Validation of Internet Security Protocols and Applications (AVISPA) tool, and that it serves to gratify all of the required security properties.