Abstract: As the Internet technology has developed rapidly, the
number of identities (IDs) managed by each individual person has
increased and various ID management technologies have been
developed to assist users. However, most of these technologies are
vulnerable to the existing hacking methods such as phishing attacks
and key-logging. If the administrator-s password is exposed, an
attacker can access the entire contents of the stolen user-s data files in
other devices. To solve these problems, we propose here a new ID
management scheme based on a Single Password Protocol. The paper
presents the details of the new scheme as well as a formal analysis of
the method using BAN Logic.
Abstract: In Public Wireless LANs(PWLANs), user anonymity
is an essential issue. Recently, Juang et al. proposed an anonymous
authentication and key exchange protocol using smart cards in
PWLANs. They claimed that their proposed scheme provided identity
privacy, mutual authentication, and half-forward secrecy. In this paper,
we point out that Juang et al.'s protocol is vulnerable to the
stolen-verifier attack and does not satisfy user anonymity.
Abstract: RFID (Radio Frequency IDentification) system has
been widely used in our life, such as transport systems, passports,
automotive, animal tracking, human implants, library, and so on.
However, the RFID authentication protocols between RF (Radio
Frequency) tags and the RF readers have been bring about various
privacy problems that anonymity of the tags, tracking, eavesdropping,
and so on. Many researchers have proposed the solution of the
problems. However, they still have the problem, such as location
privacy, mutual authentication. In this paper, we show the problems of
the previous protocols, and then we propose a more secure and
efficient RFID authentication protocol.
Abstract: The online office is one of web application. We can
easily use the online office through a web browser with internet
connected PC. The online office has the advantage of using
environment regardless of location or time. When users want to use the
online office, they access the online office server and use their content.
However, recently developed and launched online office has the
weakness of insufficient consideration. In this paper, we analyze the
security vulnerabilities of the online office. In addition, we propose
the evaluation criteria to make secure online office using Common
Criteria. This evaluation criteria can be used to establish trust between
the online office server and the user. The online office market will be
more active than before.
Abstract: Recently, with the appearance of smart cards, many
user authentication protocols using smart card have been proposed to
mitigate the vulnerabilities in user authentication process. In 2004,
Das et al. proposed a ID-based user authentication protocol that is
secure against ID-theft and replay attack using smart card. In 2009,
Wang et al. showed that Das et al.-s protocol is not secure to randomly
chosen password attack and impersonation attack, and proposed an
improved protocol. Their protocol provided mutual authentication and
efficient password management. In this paper, we analyze the security
weaknesses and point out the vulnerabilities of Wang et al.-s protocol.