A Strong Biometric-based Remote User Authentication Scheme for Telecare Medicine Information Systems with Session Key Agreement

Younghwa An 한국인터넷방송통신학회 2016 International Journal of Internet, Broadcasting an Vol.8 No.3

Recently, many biometrics-based user authentication schemes for telecare medicine information systems (TMIS) have been proposed to improve the security problems in user authentication system. In 2014, Mishra et al. proposed an improvement of Awasthi-Srivastava’s biometric based authentication for TMIS which is secure against the various attacks and provide mutual authentication, efficient password change. In this paper, we discuss the security of Mishra et al.’s authentication scheme, and we have shown that Mishra et al.’s authentication scheme is still insecure against the various attacks. Also, we proposed the improved scheme to remove these security problems of Mishra et al.’s authentication scheme, even if the secret information stored in the smart card is revealed. As a result, we can see that the improved biometric based authentication scheme is secure against the insider attack, the password guessing attack, the user impersonation attack, the server masquerading attack and provides mutual authentication between the user and the telecare system.

Security Analysis of a Biometric-Based User Authentication Scheme

이영숙 (사)디지털산업정보학회 2014 디지털산업정보학회논문지 Vol.10 No.1

Password-based authentication using smart card provides two factor authentications,namely a successful login requires the client to have a valid smart card and a correctpassword. While it provides stronger security guarantees than only password authentication,it could also fail if both authentication factors are compromised ((1) the user’s smart cardwas stolen and (2) the user’s password was exposed). In this case, there is no way toprevent the adversary from impersonating the user. Now, the new technology of biometricsis becoming a popular method for designing a more secure authentication scheme. In termsof physiological and behavior human characteristics, biometric information is used as a formof authentication factor. Biometric information, such as fingerprints, faces, voice, irises, handgeometry, and palmprints can be used to verify their identities. In this article, we review thebiometric-based authentication scheme by Cheng et al. and provide a security analysis on thescheme. Our analysis shows that Cheng et al.’s scheme does not guarantee any kind ofauthentication, either server-to-user authentication or user-to-server authentication. Thecontribution of the current work is to demonstrate these by mounting two attacks, a serverimpersonation attack and a user impersonation attack, on Cheng et al.’s scheme. In addition,we propose the enhanced authentication scheme that eliminates the security vulnerabilities ofCheng et al.’s scheme.

The Design of Robust Authentication Mechanism using User’s Biometrics Signals

Jung ho Eom 보안공학연구지원센터 2014 International Journal of Security and Its Applicat Vol.8 No.6

In this research, we proposed robust authentication mechanism using user’s biometrics signals for complementing traditional authentication’s weak points. Nowadays, authentication system are developed using biometric. Biometrics are a unique, measurable a trait of a human being for verifying his/her identity. The types of biometric used in authentication system are iris, fingerprint, vein pattern, hand geometry etc. A biometric system provides an automated method of identifying a human being based on his/her biometric characteristics. But there are some security problems. Some biometrics can be copied by a malicious user with scanners. All biometrics characteristics extracted from a user are not possible to maintain a steady normal condition. So, we tried to apply user’s biometrics signals to authentication system as 3rd authentication factor. A biometrics signal is a pattern recognition that uniquely identifies human being based on his/her physiological traits. A biometrics signals should be impossible to masquerade or manipulate. This attribute is used as 3rd authentication phase. Proposed authentication mechanism is composed of 3 layered authentications; ID&P/W, PIN number or biometrics, and biometrics signals.

Security Enhancement to an Biometric Authentication Protocol for WSN Environment

이영숙 한국융합보안학회 2016 융합보안 논문지 Vol.16 No.6_2

바이오메트릭 정보를 이용한 인증방식은 사용자의 신체정보를 이용하여 신원을 확인 하고 시스템의 접근을 허가한 다. 요즘 들어, 패스워드나 보안토큰을 단독으로 이용하는 방식보다는 하나이상의 고유한 신체적, 행동적 형질에 기반 하여 개인의 생체 정보인 지문, 홍채 얼굴, 정맥 등을 활용하는 방식이 점차 증가하고 있는 추세이다. 2013년 Althobati 등이 WSN(Wireless Sensor Networks) 환경에 적합한 바이오메트릭 정보를 이용한 사용한 사용자 인증 스킴을 제안하 였다. 그러나 그들이 제안 프로토콜은 데이터 무결성에 대한 위협과 바이패싱 게이트웨이 공격에 취약하여 상호인증을 달성할 수 없었다. 본 논문은 이전에 제안된 논문의 취약점을 개선하여 WSN 환경에 적합한 안전한 프로토콜을 제안하였다. Over recent years there has been considerable growth in interest in the use of biometric systems for personal authentication. Biometrics is a field of technology which has been and is being used in the identification of individuals based on some physical attribute. By using biometrics, authentication is directly linked to the person, rather than their token or password. Biometric authentication is a type of system that relies on the unique biological characteristics of individuals to verify identity for secure access to electronic systems. In 2013, Althobati et al. proposed an efficient remote user authentication protocol using biometric information. However, we uncovered Althobati et al.’s protocol does not guarantee its main security goal of mutual authentication. We showed this by mounting threat of data integrity and bypassing the gateway node attack on Althobati et al.’s protocol. In this paper, we propose an improved scheme to overcome these security weaknesses by storing secret data in device. In addition, our proposed scheme should provide not only security, but also efficiency since sensors in WSN(Wireless Sensor Networks) operate with resource constraints such as limited power, computation, and storage space.

Development of high-reliability multi-bio authentication system for strong security authentication

Yejin Kim,Saebom Lee,Hacı Ismail Aslan,Chang Choi,Pankoo Kim 한국차세대컴퓨팅학회 2021 한국차세대컴퓨팅학회 학술대회 Vol.2021 No.11

Recently, with the development of IT technology, interest in technology using bio-signals is increasing, and biometric authentication technology using a part of the human body or behavioral characteristics are widely used in communication, automobile, security, medical care, corporate marketing, and public fields. However, as the importance of security increases, the awareness of security is being reevaluated, and there are security problems against the vulnerability of attacks on information transmitted in all transactions and forgery and falsification of existing biometric authentication. Accordingly, recently, research on a method for authenticating a user using two or more different authentication factors has been actively conducted. In this study, we propose to develop a multi-bio authentication system that guarantees increased convenience and high reliability through the development of a security-strong system with bio-signal-based next-generation bio-authentication.

메타버스 환경에서 홍채인식와 안구 주위 생체인식을 결합한 지속적 인증 기법 분석

정재열,노건태 사단법인 한국융합기술연구학회 2023 아시아태평양융합연구교류논문지 Vol.9 No.10

코로나19 이후에 비대면 서비스가 증가함에 따라 메타버스에 대한 관심이 증가하고 있으며, VR 기기를 이용하여 메타버스에 접속하는 기술들이 개발되고 있다. 이에 메타버스의 보안에 대한 중요성이 대두되고 있으며 메타버스에서는 인증 한 번으로 서비스를 계속 이용하기 때문에 사용자 인증이 중요한 보안 이슈 중 하나이다. 홍채 인증은 인증에 가장 적합한 방법으로 사용자의 홍채의 특징을 바탕으로 데이터를 판단하고 홍채의 조그만 변화도 큰 차이를 만들며 VR 기기에 홍채 카메라를 탑재하면 홍채 이미지를 얻기 쉽다. 따라서 인증을 한 번만 할 경우에 홍채를 이용한 인증이 적합하다. 하지만 보안을 위해서 지속적으로 인증을 하기 위해서는 홍채 인증만으로는 부족하다. 왜냐하면 지속적 인증을 위해 홍채 이미지를 주기적으로 생성하는 데 눈을 항상 올바르게 뜨고 있기 어렵기 때문이다. 홍채 이미지 생성할 때 노이즈가 포함될 확률이 높으며 그러면 인증의 정확도가 떨어지게 된다. 이때 안구 주위 인증이 필요하다. 안구 주위 인증은 원거리에서 획득이 가능하기 때문에 인식 대상자의 협력에 대한 제약이 적고, 헬멧, 마스크 등으로 얼굴의 일부 영역이 가려진 상태에서도 획득이 가능한 장점이 있다. 따라서 본 논문에서는 홍채와 안구 주위 정보를 이용한 지속적인 다중 생체인증 기법을 제안하였다. 그리고 관련 연구들의 실험 결과를 통해서 제안하는 기법의 활용 가능성을 보여주었다. With the increase in untactable services due to COVID-19, interest in the metaverse is growing, leading to the development of technologies to access it through VR devices. Accordingly, the importance of the security of metaverse is rising, and user authentication is one of the most important security concerns because metaverse continues to use the service with only one authentication. Iris authentication is the most suitable method for authentication because data is measured based on the unique characteristics of the user's iris. Small changes in the iris result in significant differentiation, and if an iris camera is attached to a VR device, obtaining an iris image becomes effortless. Therefore, when authentication needs to be performed only once, iris authentication is appropriate. However, iris authentication alone is insufficient for continuous security authentication. This is because it is difficult to keep your eyes open at all times to periodically generate iris images for continuous authentication. There is a high probability that noise is present when generating an iris image, which can affect the accuracy of authentication. At this time, periocular certification is required. Certification around the eye can be obtained from a long distance, with few restrictions on the cooperation of recognition subjects, even when some areas of the face are covered by helmets and masks. Therefore, this paper proposes a technique for continuous authentication using multiple biometrics, including iris and periocular biometric information. And the potential for utilization is shown through the experimental results from related studies.

HV-KEM을 이용한 생체 정보 기반 인증 프로토콜

서민혜(Minhye Seo),황정연(Jung Yeon Hwang),김수형(Soo-hyung Kim),박종환(Jong Hwan Park) 한국정보보호학회 2016 정보보호학회논문지 Vol.26 No.1

생체 정보를 이용한 사용자 인증은 사용자가 어떠한 정보도 소유하거나 기억할 필요가 없으므로 사용자 측면에서 매우 편리하다. 그러나 생체 정보는 한번 노출되면 영구적으로 사용할 수 없기 때문에 인증 수행 시 생체 정보의 프라이버시 보호가 필수적이다. 또한 생체 정보는 본질적으로 노이즈가 있기 때문에 인증 수행 시 적절한 오차 범위이내에서 이를 처리할 수 있어야 한다. 최근 퍼지 추출기(fuzzy extractor)를 이용한 생체 정보 기반 인증 프로토콜에 대한 연구가 활발히 진행되고 있으나, 사용자가 헬퍼 데이터(helper data)를 추가적으로 기억해야 하는 문제점이 존재한다. 본 논문에서는 함수 암호 중 하나인 HV-KEM(Hidden Vector Key Encapsulation Mechanism)을 이용하여 사용자가 어떠한 정보도 소유하거나 기억할 필요 없는 생체 정보 기반 인증 프로토콜을 제안한다. 또한, 인증 프로토콜 설계를 위한 HV-KEM의 보안 요구사항을 정립하고 제안하는 인증 프로토콜을 정확성/안전성/효율성 측면에서 분석한다. Biometric authentication is considered as being an efficient authentication method, since a user is not required to possess or memorize any other information other than biometrics. However, since biometric information is sensitive and could be permanently unavailable in case of revealing that information just once, it is essential to preserve privacy of biometrics. In addition, since noise is inherent in the user of biometric recognition technologies, the biometric authentication needs to handle the noise. Recently, biometric authentication protocols using fuzzy extractor have been actively researched, but the fuzzy extractor-based authentication has a problem that a user should memorize an additional information, called helper data, to deal with their noisy biometric information. In this paper, we propose a novel biometric authentication protocol using Hidden Vector Key Encapsulation Mechanism(HV-KEM) which is one of functional encryption schemes. A primary advantage of our protocol is that a user does not need to possess or memorize any additional information. We propose security requirements of HV-KEM necessary for constructing biometric authentication protocols, and analyze our proposed protocol in terms of correctness, security, and efficiency.

FIDO 환경에서 다중 생체정보를 이용한 인증 방법

채철주,조한진,정현미 한국디지털정책학회 2018 디지털융복합연구 Vol.16 No.1

Biometric information does not need to be stored separately, and there is no risk of loss and no theft. For this reason, it has been attracting attention as an alternative authentication means for existing authentication means such as passwords and authorized certificates. However, there may be a privacy problem due to leakage of personal information stored in the server. To overcome these weaknesses, FIDO solved the problem of leakage of personal information on the server by using biometric information stored on the user device and authenticating. In this paper, we propose a multiple biometric authentication method that can be used in FIDO environment. In order to utilize multiple biometric information, fingerprints and EEG signals can be generated and used in FIDO system. The proposed method can solve the problem due to limitations of existing 2-factor authentication system by authentication using multiple biometric information. 생체정보는 저장, 암기, 손실 우려가 없고 도용이 불가능하다는 점에서 패스워드, PKI 등 기존 인증 방법의 대체 수단으로 주목받고 있지만, 개인정보 유출로 인한 프라이버시 침해가 발생한다. 이러한 취약점을 극복하고자 FIDO에서는 생체정보를 사용자 디바이스에 보존하여 인증하는 방식을 사용하여 서버에서의 개인정보 유출 문제를 해결하였다. 본 논문에서는 국내·외에서 활발히 연구되고 있는 FIDO 환경에서 사용할 수 있는 다중 생체정보 인증 방법을 제안한다. 다중 생체정보를 이용하기 위해 지문과 뇌전도 신호를 뇌지문 정보를 생성하여 이를 FIDO 시스템에서 사용할 수 있는 방법을 제안한다. 제안 방법은 현재 기존 2-Factor 인증 체계의 한계로 인한 문제점을 다중 생체정보를 이용한 인증으로 해결할 수 있다.

A Strong Biometric-based Remote User Authentication Scheme for Telecare Medicine Information Systems with Session Key Agreement

An, Younghwa The Institute of Internet 2016 International Journal of Internet, Broadcasting an Vol.8 No.3

Recently, many biometrics-based user authentication schemes for telecare medicine information systems (TMIS) have been proposed to improve the security problems in user authentication system. In 2014, Mishra et al. proposed an improvement of Awasthi-Srivastava's biometric based authentication for TMIS which is secure against the various attacks and provide mutual authentication, efficient password change. In this paper, we discuss the security of Mishra et al.'s authentication scheme, and we have shown that Mishra et al.'s authentication scheme is still insecure against the various attacks. Also, we proposed the improved scheme to remove these security problems of Mishra et al.'s authentication scheme, even if the secret information stored in the smart card is revealed. As a result, we can see that the improved biometric based authentication scheme is secure against the insider attack, the password guessing attack, the user impersonation attack, the server masquerading attack and provides mutual authentication between the user and the telecare system.

A Strong Biometric-based Remote User Authentication Scheme for Telecare Medicine Information Systems with Session Key Agreement

안영화 한국인터넷방송통신학회 2016 International Journal of Internet, Broadcasting an Vol.8 No.3

Recently, many biometrics-based user authentication schemes for telecare medicine information systems (TMIS) have been proposed to improve the security problems in user authentication system. In 2014, Mishra et al. proposed an improvement of Awasthi-Srivastava’s biometric based authentication for TMIS which is secure against the various attacks and provide mutual authentication, efficient password change. In this paper, we discuss the security of Mishra et al.’s authentication scheme, and we have shown that Mishra et al.’s authentication scheme is still insecure against the various attacks. Also, we proposed the improved scheme to remove these security problems of Mishra et al.’s authentication scheme, even if the secret information stored in the smart card is revealed. As a result, we can see that the improved biometric based authentication scheme is secure against the insider attack, the password guessing attack, the user impersonation attack, the server masquerading attack and provides mutual authentication between the user and the telecare system.