DOI QR코드

DOI QR Code

A hierarchical property-based multi-level approach method for improves user access control in a cloud environment

클라우드 환경에서 사용자 접근제어를 향상시킨 계층적 속성 기반의 다단계 접근 방법

  • 정윤수 (목원대학교 정보통신융합공학부) ;
  • 김용태 (한남대학교 멀티미디어학부) ;
  • 박길철 (한남대학교 멀티미디어학부)
  • Received : 2017.08.30
  • Accepted : 2017.11.20
  • Published : 2017.11.28

Abstract

In recent years, cloud computing technology has been socially emerged that provides services remotely as various devices are used. However, there are increasing attempts by some users to provide cloud computing services with malicious intent. In this paper, we propose a property - based multi - level hierarchical approach to facilitate authentication access for users accessing servers in cloud environment. The proposed method improves the security efficiency as well as the server efficiency by hierarchically distributing a set of attribute values by replacing the order of the user 's attribute values in the form of bits according to a certain rule. In the performance evaluation, the proposed method shows that the accuracy of authentication according to the number of attributes is higher than that of the existing method by an average of 15.8% or more, and the authentication delay time of the server is decreased by 10.7% on average. As the number of attributes increases, the average overhead change is 8.5% lower than that of the conventional method.

최근 다양한 기기들이 사용되면서 원격으로 서비스를 제공받는 클라우드 컴퓨팅 기술이 사회적으로 대두되고 있다. 그러나, 몇몇 사용자들이 악의적인 목적을 가지고 클라우드 컴퓨팅 서비스를 제공받으려는 시도가 증가하고 있다. 본 논문에서는 클라우드 환경에서 서버에 접근하는 사용자의 인증 접근을 손쉽게 하기 위해서 속성 기반의 다단계 계층 접근 방법을 제안한다. 제안 방법은 사용자의 속성 값을 일정한 규칙에 따라 속성 값들을 계층적으로 분산 배치하여 서버의 효율성뿐만 아니라 안전성을 향상시켰다. 성능평가 결과, 제안방법은 기존 기법보다 속성수에 따른 인증 정확도가 평균 15.8% 이상 높게 나타났고, 사용자 수 증가에 따른 서버의 인증 지연 시간은 평균 10.7% 단축되었다. 사용자의 속성 수가 증가할수록 오버헤드 변화가 기존 기법보다 평균 8.5% 낮은 결과를 얻었다.

Keywords

References

  1. S. Haller, S. Karnouskos, and C. Schroth, "The Internet of Things in an Enterprise Context," in Future Internet - FIS 2008 Lecture Notes in Computer Science Vol. 5468, pp. 14-28, 2009.
  2. S. Raza, H. Shafagh, K. Hewage, R. Hummen, and T. Voigt, "Lithe: Lightweight Secure CoAP for the Internet of Things," in IEEE Sensors Journal, Vol. 13(10), 2013.
  3. R. Roman, J. Zhou, and J. Lopez, "On the Features and Challenges of Security and Privacy in Distributed Internet of Things," Computer Networks, Vol. 57, Elsevier, pp. 2266-2279, 2013. https://doi.org/10.1016/j.comnet.2012.12.018
  4. W. Trappe, R. Howard, and R. S. Moore, "Low-Energy Security: Limits and Opportunities in the Internet of Things," IEEE Security & Privacy, Vol. 13, No. 1, pp. 14-21, 2015. https://doi.org/10.1109/MSP.2015.7
  5. K. Jaffres-Runser, M. R. Schurgot, Q. Wang, C. Comaniciu, and J. M. Gorce, "A Cross-layer Framework for Multiobjective Performance Evaluation of Wireless Ad Hoc Networks," Ad Hoc Networks, Vol. 11, No. 8, pp. 2147-2171, 2013. https://doi.org/10.1016/j.adhoc.2013.04.006
  6. D. R. Raymond and S. F. midkiff, "Denial of service in wireless sensor Networks: Attakcs and Defenses", Pervasive Computing, Vol. 7, No. 1, pp. 74-81, 2008. https://doi.org/10.1109/MPRV.2008.6
  7. L. Eschenauer and V. D. Gligor, "A key-management scheme for distributed sensor networks", Proceedings of the 9th ACM conference on Computer and communications security, pp. 41-47, 2002.
  8. G. Gupta, M. Younis, "Performance Evaluation of Load-Balanced Clustering in Wireless Sensor Networks", Proceedings of the 10th International Conference on Telecommunications (ICT 2003), Vol. 2, pp. 1-7, 2003.
  9. M. Tatebayashi, N. Matsuzaki, and D. B. Newman, "Key distribution protocol for digital mobile communication systems", CRYPTO 1989: Advances in Cryptology - CRYPTO' 89 Proceedings, Vol. 435, pp. 324-334, 2001.
  10. C. Park, K. Kurosawa, T. Okamoto, and S. Tsujii, "On key distrubution and authentication in mobile radio networks", EUROCRYPT 1993: Advances in Cryptology - EUROCRYPT '93, Vol. 765, pp. 461-465, 2001.
  11. S. Basagni, K. Herrin, D. Bruschi, and E. Rosti, "Secure pebblenets," Proceedings of the 2nd ACM international symposium on Mobile ad hoc networking & computing, pp. 156-163, 2001.
  12. L. Echenauer and V. D. Gligor, "A Key-Management scheme for Distributed sensor networks", Proceedings of the 9th ACM conference on Computer and communications security, pp. 41-47, 2002.
  13. H. Chan, A. Perrig, and D. Song, "Random key predistribution schemes for Sensor networks", IProceedings of the 2003 IEEE Symposium on Security and Privacy, pp. 197-213, 2003.
  14. S. Zhu, S. Setia, and S. Jajodia, "A distributed group key managemet protocol for ad hoc networks", Unpublished manuscript, George Mason University, 2002.
  15. A. Khalili, J. Katz, and W. A. Arbaugh, "Toward Secure key Distribution in Truly Ad-Hoc Networks", Proceedings of the 2003 Symposium on Applications and the Internet Workshops(SAINT'03 Workshops), pp. 342-346, 2003.