• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.11 no.10
• /
• pp.3935-3941
• /
• 2010

With the advent of high-speed communications networks, many authentication and access control systems are being introduced to combat network security issues like system hacking. But the fact is that the security systems for protecting information used in these networks are themselves weak. In response to the mounting demands of existing users, there is a clear need for a new authentication system that provides both safety and reliability. This research presents an authentication method with excellent access authorization (explicit and implicit authentication) and safety performance, demonstrated through its use in online networks.

• Journal of Multimedia Information System
• /
• v.1 no.1
• /
• pp.23-43
• /
• 2014

With the rapidity of the development on electronic technology, various mobile devices are produced to make human life more convenient. The user is always in constant search of middle with ease of deployment. Therefore, the development of infrastructure and application with ubiquitous nature gets a growing keen interest. Recently, the number of pervasive network services is expanding into ubiquitous computing environment. To get desired services, user presents personal details about this identity, location and private information. The information transmitted and the services provided in pervasive computing environments (PCEs) are exposed to eavesdropping and various attacks. Therefore, the need to protect this environment from illegal accesses has become extremely urgent. In this paper, we propose an anonymous authentication and access control scheme to secure the interaction between mobile users and services in PCEs. The proposed scheme integrates a biometric authentication in PKI model. The proposed authentication aims to secure access remote in PCE for guaranteeing reliability and availability. Our authentication concept can offer pervasive network service users convenience and security.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.28 no.8B
• /
• pp.730-737
• /
• 2003

In this paper, we present an efficient authentication proxy for IEEE 802.1x systems based on the port-based access control mechanism. An IEEE 802.1x system consists of PC supplicants, a bridge with authentication client functions, and an authentication server. For the network security and user authentication purposes, a supplicant who wants to access Internet should be authorized to access the bridge port using the Extended Authentication Protocol (EAP) over LAN. The frame of EAP over LAN is then relayed to the authentication server by the bridge. After several transactions between the supplicant and the server via the bridge, the supplicant may be either authorized or not. Noting that the transactions between the relaying bridge and the server will be increased as the number of supplicants grows in public networks, we propose a scheme for reducing the transactions by employing an authentication proxy function at the bridge. The proxy is allowed to cache the supplicant's user ID and password during his first transaction with the server. For the next authentication procedure of the same supplicant, the proxy function of the bridge handles the authentication transactions using its cache on behalf of the authentication server. Since the main authentication server handles only the first authentication transaction of each supplicant, the processing load of the server can be reduced. Also, the authentication transaction delay experienced by a supplicant can be decreased compared with the conventional 802.1x system.

• Journal of Korean Society of Industrial and Systems Engineering
• /
• v.34 no.4
• /
• pp.72-81
• /
• 2011

In this paper, we propose adaptive convergence security policies and management technologies to improve security assurance in the home networking environment. Many security issues may arise in the home networking environment. Examples of such security issues include the user privacy, the service security, the integrated networking security, the middleware security and the device failure. All these security issues, however, should be fulfilled in phase due to many difficulties including deployment cost and technical complexity. For instance, fundamental security requirements such as authentication, access control and prevention of crime and disaster should be addressed first. Then, supplementary security policies and diverse security management technologies should be fulfilled. In this paper, we classify these requirements into three categories, a service authentication, a user authentication and a device authentication, and propose security policies and management technologies for each requirement. Since the home gateway is responsible for interconnection of many home devices and external network access, a variety of context information could be collected from such devices.

• The Journal of Natural Sciences
• /
• v.8 no.1
• /
• pp.131-136
• /
• 1995

In this paper, We propose an efficient remote password authentication scheme that enables network users to access and open distributed network. Our authentication Scheme provides a pair of a center-supplied password and a user key for a network user. The center-supplied password is generated on the center, and the user key can be chosen by the network user. Each network user can access multiple centers through the open and distributed network by using single super smart card. The passwords generated by network centers are sent to the network users via secure channel, and put into their own supper smart card by themselves.

• Journal of Convergence Society for SMB
• /
• v.6 no.3
• /
• pp.29-35
• /
• 2016

This paper presents the design of a user authentication system (DCIAS) using the device constant information. Defined design a new password using the access device constant information to be used for user authentication during system access on the network, and design a new concept the user authentication system so that it can cope with the threat required from passive replay attacks to re-use the password obtained in other applications offer. In addition, by storing a password defined by the design of the encrypted random locations in the server and designed to neutralize the illegal access to the system through the network. Therefore proposed using the present system, even if access to the system through any of the network can not know whether any where the password is stored, and if all right even stored information is not easy to crack's encrypted to neutralize any replay attacks on the network to that has strong security features.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.8 no.1
• /
• pp.282-304
• /
• 2014

Each cloud service has numerous owners and tenants, so it is necessary to construct a privacy preserving identity management and access control mechanism for cloud computing. On one hand, cloud service providers (CSP) depend on tenant's identity information to enforce appropriate access control so that cloud resources are only accessed by the authorized tenants who are willing to pay. On the other hand, tenants wish to protect their personalized service access patterns, identity privacy information and accessing newfangled cloud services by on-demand ways within the scope of their permissions. There are many identity authentication and access control schemes to address these challenges to some degree, however, there are still some limitations. In this paper, we propose a new comprehensive approach, called Privacy pReserving Identity and Access Management scheme, referred to as PRIAM, which is able to satisfy all the desirable security requirements in cloud computing. The main contributions of the proposed PRIAM scheme are threefold. First, it leverages blind signature and hash chain to protect tenant's identity privacy and implement secure mutual authentication. Second, it employs the service-level agreements to provide flexible and on-demand access control for both tenants and cloud services. Third, it makes use of the BAN logic to formally verify the correctness of the proposed protocols. As a result, our proposed PRIAM scheme is suitable to cloud computing thanks to its simplicity, correctness, low overhead, and efficiency.

• Proceedings of the Korean Information Science Society Conference
• /
• 2001.10a
• /
• pp.754-756
• /
• 2001

모바일 통신에 대한 보안 문제가 모바일 시대로 가는 중요한 요소가 되었다. SyncML protocl [1] 역시 보안에 예외일 수는 없다. 이 논문은 다양한 인증 스키마를 적용할 수 있는 SyncML Authentication을 소개하고 현재 SyncML Specification 1.0에서 요구하는 Basic Authentication과 MD5 digest access authentication[3]의 구현 방안과 그 구현 사례를 제시한다.

• Smart Media Journal
• /
• v.10 no.3
• /
• pp.48-53
• /
• 2021

The authentication process is a key step that should be used to verify that a user is legitimate, and it should be used to verify that a user is a legitimate user and grant access only to that user. Recently, two-factor authentication and OTP schemes are used by most applications to add a layer of security to the login process and to address the vulnerability of using only one factor for authentication, but this method also allows access to user accounts without permission. This is a known security vulnerability. In this paper, we propose a Zero Knowledge Proofs (ZKP) personal information authentication scheme based on a Smart Contract of a block chain that authenticates users with minimal personal information exposure conditions. This has the advantage of providing many security technologies to the authentication process based on blockchain technology, and that personal information authentication can be performed more safely than the existing authentication method.

• Journal of Internet Computing and Services
• /
• v.23 no.3
• /
• pp.87-95
• /
• 2022

Recently, with the development of smart technology, in medical information platform, patient's biometric data is measured in real time and accumulated into database, and it is possible to determine the patient's emergency situations. Medical staff can easily access patient information after simple authentication using a mobile terminal. However, in accessing medical information using the mobile terminal, it is necessary to study authentication in consideration of the patient situations and mobile terminal. In this paper, we studied on medical information platforms based on big data processing and edge computing for supporting automatic authentication in emergency situations. The automatic authentication system that we had studied is an authentication system that simultaneously performs user authentication and mobile terminal authentication in emergency situations, and grants upper-level access rights to certified medical staff and mobile terminal. Big data processing and analysis techniques were applied to the proposed platform in order to determine emergency situations in consideration of patient conditions such as high blood pressure and diabetes. To quickly determine the patient's emergency situations, edge computing was placed in front of the medical information server so that the edge computing determine patient's situations instead of the medical information server. The medical information server derived emergency situation decision values using the input patient's information and accumulated biometric data, and transmit them to the edge computing to determine patient-customized emergency situation. In conclusion, the proposed medical information platform considers the patient's conditions and determine quick emergency situations through big data processing and edge computing, and enables rapid authentication in emergency situations through automatic authentication, and protects patient's information by granting access rights according to the patient situations and the role of the medical staff.