Open Science Research Excellence

Dongho Won

Publications

5

Publications

5
1166
Security Weaknesses of Dynamic ID-based Remote User Authentication Protocol
Abstract:
Recently, with the appearance of smart cards, many user authentication protocols using smart card have been proposed to mitigate the vulnerabilities in user authentication process. In 2004, Das et al. proposed a ID-based user authentication protocol that is secure against ID-theft and replay attack using smart card. In 2009, Wang et al. showed that Das et al.-s protocol is not secure to randomly chosen password attack and impersonation attack, and proposed an improved protocol. Their protocol provided mutual authentication and efficient password management. In this paper, we analyze the security weaknesses and point out the vulnerabilities of Wang et al.-s protocol.
Keywords:
Message Alteration Attack, Impersonation Attack
4
7231
Security Analysis on the Online Office and Proposal of the Evaluation Criteria
Abstract:
The online office is one of web application. We can easily use the online office through a web browser with internet connected PC. The online office has the advantage of using environment regardless of location or time. When users want to use the online office, they access the online office server and use their content. However, recently developed and launched online office has the weakness of insufficient consideration. In this paper, we analyze the security vulnerabilities of the online office. In addition, we propose the evaluation criteria to make secure online office using Common Criteria. This evaluation criteria can be used to establish trust between the online office server and the user. The online office market will be more active than before.
Keywords:
Online Office, Vulnerabilities, CommonCriteria(CC)
3
7261
Security Analysis on Anonymous Mutual Authentication Protocol for RFID Tag without Back-End Database and its Improvement
Abstract:
RFID (Radio Frequency IDentification) system has been widely used in our life, such as transport systems, passports, automotive, animal tracking, human implants, library, and so on. However, the RFID authentication protocols between RF (Radio Frequency) tags and the RF readers have been bring about various privacy problems that anonymity of the tags, tracking, eavesdropping, and so on. Many researchers have proposed the solution of the problems. However, they still have the problem, such as location privacy, mutual authentication. In this paper, we show the problems of the previous protocols, and then we propose a more secure and efficient RFID authentication protocol.
Keywords:
RFID, mutual authentication, serverless, anonymity.
2
9852
Cryptanalysis of Two-Factor Authenticated Key Exchange Protocol in Public Wireless LANs
Abstract:
In Public Wireless LANs(PWLANs), user anonymity is an essential issue. Recently, Juang et al. proposed an anonymous authentication and key exchange protocol using smart cards in PWLANs. They claimed that their proposed scheme provided identity privacy, mutual authentication, and half-forward secrecy. In this paper, we point out that Juang et al.'s protocol is vulnerable to the stolen-verifier attack and does not satisfy user anonymity.
Keywords:
PWLANs, user privacy, smart card, authentication,key exchange
1
14412
New Identity Management Scheme and its Formal Analysis
Abstract:
As the Internet technology has developed rapidly, the number of identities (IDs) managed by each individual person has increased and various ID management technologies have been developed to assist users. However, most of these technologies are vulnerable to the existing hacking methods such as phishing attacks and key-logging. If the administrator-s password is exposed, an attacker can access the entire contents of the stolen user-s data files in other devices. To solve these problems, we propose here a new ID management scheme based on a Single Password Protocol. The paper presents the details of the new scheme as well as a formal analysis of the method using BAN Logic.
Keywords:
Anti-phishing, BAN Logic, ID management.