• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2004.05b
• /
• pp.733-738
• /
• 2004

In a distributed network system, Kerberos certification mechanism is operated by a user in local area on the premise reliability of Kerberos server in another area. But it has a demerit. If security information of certification server between Kerberos servers is released, Kerberos server can not guarantee the reliability. To solve this problem, the proposed mechanism prevents password speculating attack by increasing the random of password certifier through use of distributed password in stead of certification center and certification which was presented by existing Kerberos mechanism. Besides, it used password based certification method which uses secret distributed technique

• Journal of Digital Convergence
• /
• v.11 no.11
• /
• pp.435-441
• /
• 2013

This paper review about kerberos security authentication scheme and policy for big data service. It analyzed problem for security technology based on Hadoop framework in big data service environment. Also when it consider applying problem of kerberos security authentication system, it analyzed deployment policy in center of main contents, which is occurred in commercial business. About the related applied Kerberos policy in US, it is researched about application such as cross platform interoperability support, automated Kerberos set up, integration issue, OPT authentication, SSO, ID, and so on.

• The KIPS Transactions:PartC
• /
• v.10C no.3
• /
• pp.287-294
• /
• 2003

Authentication and authorization are essential functions for the security of distributed network environment. Authorization is determining and to decide whether a user or process is permitted to perform a particular operation. In this paper, we design an authorization mechanism to make a system more effective with Kerberos for authentication mechanism. In the authorization mechanism, Kerberos server operates proxy privilege server. Proxy privilege server manages and permits right of users, servers and services with using proposed algorithm. Also, privilege attribute certificate issued by proxy privilege server is used in delegation. We designed secure kerberos with proposed functions for effective authorization at the same time authentication of Kerberos mechanism.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.29 no.5C
• /
• pp.737-749
• /
• 2004

Kerberos authenticates clients using symmetric-key cryptography, and supposed to Oust other systems of the realm in distributed network environment. But, authentication and authorization are essential elements for the security. In this paper, we design an efficient and secure authentication/authorization mechanism by introducing the public/private-key and installing the proxy privilege server to Kerberos. In the proposed mechanism, to make a system more secure, the value of the session key is changed everytime using MAC(message authentication code) algorithm with the long-term key for user-authentication and a random number exchanged through the public key. Also, we reduce the number of keys by simplifying authentication steps. Proxy privilege server certifies privilege request of client and issues a privilege attribute certificate. Application server executes privilege request of client which is included a privilege attribute certificate. Also, a privilege attribute certificate is used in delegation. We design an efficient and secure authentication/authorization algorithm with Kerberos.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.12 no.4
• /
• pp.67-76
• /
• 2002

Kerberos is designed to provide strong authentication between client and application servers which are working in distributed network environment by using symmetric-key cryptography, and supposed to trust other systems of the realm. In this paper, we design an efficient and strong authentication mechanism by introducing the public/private-key to Kerberos. In the mechanism to make a system more secure, the value of the session key is changed everytime using MAC(message authentication code) algorithm with the long-term key for user-authentication and a random number exchanged through the public key. Also, we employ a mutual authentication method, which is used on challenge-response mechanism based on digital signatures, to improve trust between realms, and present a way of reducing the number of keys by simplifying authentication steps.

• Journal of the Korean Society of Food Science and Nutrition
• /
• v.45 no.1
• /
• pp.68-75
• /
• 2016

This study was conducted to provide information regarding changes in antioxidant activity in response to conching temperatures, conching times, and cacao mass content (CMC) in dark chocolate. The radical scavenging activities and functional components of cacao nibs were highest for raw cacao nib (R0) under all conditions. Moreover, antioxidant activities and functional compounds increased during roasting for 25 min. As the conching temperature increased, the radical scavenging activities and functional components increased. Quantitative analysis of major catechin-derived compounds by HPLC revealed that R0 had the highest value for other roasted cacao nibs in all aspects (P<0.05). The content of procyanidin B2, catechin, and epicatechin increased during roasting for 25 min. Finally, evaluation of couvertures revealed that procyanidin B1 content increased as conching time increased to 48 h, except for 70% CMC and conched at $60^{\circ}C$ (HH) and 70% CMC and conched at $50^{\circ}C$. Overall, HH48 contained the richest catechin-derived components.

• Proceedings of the Korean Information Science Society Conference
• /
• 2008.06d
• /
• pp.62-65
• /
• 2008

Mobile IPv6에서 단말이 이동을 하게 되면 경로 최적화를 위한 바인딩 업데이트를 하게 된다. 안전한 바인딩 업데이트를 위해 RFC 3775에서 Return Routability가 제안 되었다. 그러나 Return Routability는 MN과 HA 사이에는 IPSec으로 Secure Path를 보장 받지만, MN과 CN 사이에는 바인딩 업데이트 과정에 공격자가 개입할 경우 다양한 공격에 노출될 수 있다. 이에 본 논문에서는CN도 MN과 같이 HA와 Secure Channel을 보유한 이동 단말일 경우, 각 HA 사이에 커버로스 서버를 이용한 키 분배를 통해 바인딩 업데이트 메시지가 전달되는 전 구간에 걸쳐 안전한 경로를 확보하는 아키텍쳐를 제안한다.

• Proceedings of the Korean Institute of Communication Sciences Conference
• /
• 2004.11a
• /
• pp.321-321
• /
• 2004

• Proceedings of the Korean Information Science Society Conference
• /
• 2012.06c
• /
• pp.233-235
• /
• 2012

하둡 프레임워크는 현재 오픈소스 기반의 클라우드 인프라의 사실상 표준이다. 최초 하둡은 보안요소를 고려하지 않고 설계 되었지만 현재는 강력한 인증프로토콜인 커버로스를 사용하는 등의 보안 기능이 추가되었다. 하둡 보안은 꽤 안전해 보이지만, 클라우드 컴퓨팅의 범용적인 사용의 가장 중요한 요소는 보안인 것을 감안해보면 클라우드 제공자는 기존보다 더욱 강력한 보안 레벨을 고객에게 보장하여야 한다. 본 논문에서는 하둡 보안의 한계점을 제시하고 하드웨어 보안칩 TPM(Trusted Platform Module)을 이용한 해결방안을 제시한다.

• KIPS Transactions on Computer and Communication Systems
• /
• v.4 no.4
• /
• pp.141-146
• /
• 2015

Data have been increased enormously due to the development of IT technology such as recent smart equipments, social network services and streaming services. To meet these environments the technologies that can treat mass data have received attention, and the typical one is Hadoop. Hadoop is on the basis of open source, and it has been designed to be used at general purpose computers on the basis of Linux. To initial Hadoop nearly no security was introduced, but as the number of users increased data that need security increased and there appeared new version that introduced Kerberos and Token system in 2009. But in this method there was a problem that only one secret key can be used and access permission to blocks cannot be authenticated to each user, and there were weak points that replay attack and spoofing attack were possible. Hence, to supplement these weak points and to maintain efficiency a protocol on the basis of group key, in which users are authenticated in logical group and then this is reflected to token, is proposed in this paper. The result shows that it has solved the weak points and there is no big overhead in terms of efficiency.