• Proceedings of the KAIS Fall Conference
• /
• 2010.05a
• /
• pp.235-237
• /
• 2010

u-City의 핵심 요소인 통합관리센터는 u-City 내의 모든 서비스를 처리하도록 설계되었으며, 도시를 통제하는 중요한 기능을 수행해야 하므로 인증 및 보안을 처리하기 위한 기술이 요구되며 이러한 기술은 통합관리센터에 필수적으로 구현되어야 한다. 본 논문에서는 u-City 인증을 위한 통합관리센터를 나타내고, 이에 대한 응용사례를 보여준다.

• Journal of KIISE:Information Networking
• /
• v.32 no.5
• /
• pp.551-560
• /
• 2005

To reduce the amount of the signaling messages occurred in movement, HMIPv6 has been introduced as the hierarchical mobility management architecture tor MIPv6 by regarding the locality of movements. When approaching the visited link, the authentication procedure should be done successfully prior to any motility support message exchanges. The AAA(Authentication, Authorization and Account) authentication service is applied gradually to the wireless LAN and Cellular networks. However, It may bring about the service latency for the sessions of requiring the real-time processing due to not providing the optimized signaling in local and frequent movements. In this paper, we propose the authentication architecture with 'delegation' scheme to reduce the amount of signaling message and latency to resume for local movements by integrating it with HMIPv6 architecture. We provide the integrated authentication model and analyze the performance and effectivity of our proposal and finally offer the analysis materials comparing to the exiting authentication scheme. It cuts down the cost to $33.6\%$ at average measurement.

• Journal of the Korea Computer Industry Society
• /
• v.2 no.6
• /
• pp.845-852
• /
• 2001

Electronic commerce and application service is to universal on the internet, and a large quantity information transmitted on the network, It's needs procedure to access only permit objects for the integrity of information. In order to provide regional services is authentication for control resource and client identification. In particular, public key system is to implement in distributed environment, it is able to insurance users convenience and integrity at the same time. In this paper designed mechanism of cross certification between realms in PKI based on X.509 associated with DNS (Domain Name System) that is presented.

• Annual Conference of KIPS
• /
• 2010.11a
• /
• pp.1162-1164
• /
• 2010

인터넷의 발달은 다양한 인터넷 서비스들을 등장시켰고, 클라우드 컴퓨팅이란 용어가 처음 생겨난 이후 클라우드 컴퓨팅은 차기 비즈니스의 핵심 기술로 주목을 받고 있다. 그 후 클라우드 컴퓨팅을 기반으로 모바일 기술을 결합한 모바일 클라우드 서비스가 등장을 했다. 또한 최근 '모바일화', '개인화', '개방화'의 IT 산업 트렌트에 맞춰 다양한 신규 서비스들이 제공되고 있으며 앞으로도 확대될 전망이다. 사용자의 민감한 정보가 많이 다루어지는 모바일 클라우드의 특성상 보안적인 측면이 많이 고려되어야 하지만 무선 인터넷 환경의 인증 과정은 유선에 비하여 취약점이 존재하고 있다. 그래서 모바일 클라우드 환경에 적합한 인증 프로토콜을 개발하기 위해 현재 사용되고 있는 무선인터넷 프로토콜의 인증 취약점을 분석하고자 한다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.21 no.6
• /
• pp.133-140
• /
• 2011

Password-based authentication is the protocol that two entities share a password in advance and use the password as the basic of authentication. Password authentication schemes are divided into weak-password and strong-password authentication scheme. SPAS protocol, one of the strong-password authentication scheme, was proposed for secure against DoS attack. However it has vulnerability of the replay attack. In this paper, we analyze the vulnerability to the replay attack in SPAS protocol. Then we also propose an Improved-Strong Password Authentication Scheme (I-SPAS) with secure against the replay attack.

• Annual Conference of KIPS
• /
• 2005.11a
• /
• pp.905-908
• /
• 2005

다양해진 응용서비스들만큼이나 다양해진 사용자 인증 메커니즘들이 등장하였다. 이들은 강한 인증 기능을 제공하기 위해 종종 여러 메커니즘들이 혼합되어 사용되기도 한다. 각기 다른 인증메커니즘들은 각각의 특성에 따라 다른 신뢰수준을 갖기 때문에 여러 인증방식들 간의 신뢰수준을 비교할 수 있는 지표가 필요하다. 본 논문은 사용자인증 수단의 신뢰도를 가늠하기 위해 인증신뢰지수를 적용하는 방안과 다중사용자인증시스템에서 인증신뢰지수를 계산하는 알고리즘에 대해 제안한다.

• Review of KIISC
• /
• v.10 no.4
• /
• pp.23-32
• /
• 2000

본 논문에서는 전자서명법 제20조에서 명문화된 시점확인서비스(타임스탬프)에 대한 동향을 분석하였다. 현재 타임스탬프 서비스는 IETF PKIX에서 1997년 처음 인터넷 드래프트가 발표된 이후 RFC로 표준화가 추진 중이며 ISO/IEC JTC1/SC27에서도 표준화가 추진 중이다. 공개키기반구조의 필수적 요소로서 전자서명 인증 서비스와 함께 구현이 필요한 타임스탬프 서비스에 대한 표준화 동향 및 타임스탬프 서비스 프로토콜에 대한 분석과 국외 서비스 업체의 서비스 제공 현황을 분석하여 타임스탬프 응용 서비스 개발에 활용할 수 있도록 작성하였다.

• Journal of Korea Multimedia Society
• /
• v.3 no.6
• /
• pp.617-624
• /
• 2000

We introduce the concept of a Identity Escrow Scheme, an application of key escrow ideas to solve the problem of authentication. In the Identity Escrow Scheme, the User escrows a own real identity to the Issuer and receives a Authentication Information. In authentication step, between the User to the Service Provider, the User only gives a Authentication Information to the Service Provider. Therefore, the Service Provider don't know a real identity of user's. However, when the User does unlawful actions, the Lawful Agent is called by the Service Provider, and his anonymity is revoked by cooperation of the Issuer and the Lawful Agent. We propose new Identity Escrow Schemes and analyze these.

• The KIPS Transactions:PartC
• /
• v.19C no.1
• /
• pp.29-38
• /
• 2012

Due to rapid spread of smart phones and SNS(Social Network Service), using of Internet applications has increased and taking up bandwidth more than 3G network's capacity recently. This caused reduction of speed and service quality, and occurred strong needs that backbone network company to increasing investment costs. Also a great rise of mobile network users causing identity management problems on mobile service provider through mobile network. This paper proposes advanced IDM3G[1] - to solve user ID management and security problems on mobile internet application services over 3G network and more - authentication management protocol. $I^2DM$ protocol breakup loads which made by existing IDM3G protocol's mutual authentication via mobile operator, via sending some parts to internet application service provider, enhancing mobile and ID management of service provider and network load and process load from information handling and numbers of transmitting packets, to suggest more optimized protocol against further demanding of 3G mobile network.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.8 no.7
• /
• pp.1493-1500
• /
• 2004

Today's Commercial security server system which provide secrecy, integrity and availability may still be vulnerable to denial-of-service attacks. Authentication system whith use a public key cryptography and process RSA encryption is relatively slow and the slowness has become a major security threat specifically in service flooding attacks caused by authentication requests. The service flooding attacks render the server incapable of providing its service to legitimitive clients. Therefore the importance of implementing systems that prevent denial of service attacks and provide service to legitimitive users cannot be overemphasized. In this paper, we propose a puzzle protocol which applies to authentication model. our gradually strengthening authentication model improves the availability and continuity of services and prevent denial of service attacks and we implement flooding of service tolerance system to verify the efficiency of our model. This system is expected to be ensure in the promotion of reliability.