• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.21 no.4
• /
• pp.11-26
• /
• 2011

The existing anonymous authentication schemes based on group signatures for protecting privacy do not provide anonymous authorization which is required in the practical environments. In this paper, we propose an anonymous authentication and authorization scheme that enables a service provider both to authenticate anonymously its users and to provide different service according to their authorization. In the proposed scheme, a user's real identity, anonymity and authorization are managed distinctly through the separation of group manager's capabilities and an authorization authority. It is also possible for the proposed scheme to apply various access control models.

• International Journal of Contents
• /
• v.6 no.3
• /
• pp.15-18
• /
• 2010

Grid system is based on the Grid Security Infrastructure (GSI). GSI uses user's proxy to guarantee availability among multi-trust domains. Since grid system has been developed focusing on availability, GSI provides authentication and authorization performed by systems, but there are lacks of privacy consideration. For this reason, some researchers decide to use their own cluster system and do not want to use public grid systems. In this paper, we introduce a new privacy enhanced security mechanism for grid systems. With this mechanism, user can participate in resource allocation and authorization to user's contents more actively. This mechanism does not need to change previous middleware and minimize the computational overheads.

• Journal of the Institute of Electronics Engineers of Korea CI
• /
• v.42 no.4 s.304
• /
• pp.25-32
• /
• 2005

The spread of mobile devices, PDAs and sensors has enabled the construction of ubiquitous computing environments, transforming regular physical spaces into 'Smart space' augmented with intelligence and enhanced with services. However, the deployment of this computing paradigm in real-life is disturbed by poor security, particularly, the lack of proper authentication and authorization techniques. Also, it is very important not only to find security measures but also to preserve user privacy in ubiquitous computing environments. In this Paper, we propose efficient user authentication and authorization model with anonymity for the privacy-preserving for ubiquitous computing environments. Our model is suitable for distributed environments with the computational constrained devices by using MAC-based anonymous certificate and security association token instead of using Public key encryption technique. And our Proposed Protocol is better than Kerberos system in sense of cryptographic computation processing.

• The KIPS Transactions:PartC
• /
• v.14C no.2
• /
• pp.129-138
• /
• 2007

AAA(Aluthentieation, Authorization, Accounting) protocol is an information securitv technology that offer secure and reliable user Authentication, Authorization, Accounting function systematically in various services. protocol and wireless network work as well as win network. Currently IETF(Internet Engineering Task Force) AAA Working Group deal with about AAA protocol and studying with activity, But, recently it exposing much problems side to user's anonymity and privacv violation. Therefore, in this paper, AAAH(Home Authentication Server) authenticaters Mobile device, after that, use ticket that is issued from AAAH even if move to outside network and can be serviced offering authentication in outside network without approaching by AAAH, Also, we study mechanism that can offer user's privacy and anonymousness to when use service. Our mechanism is using Time Synchronization OTP and focusing authentication and authorization. Therefore, our mechanism is secure from third party attack and offer secure and effective authentication scheme. Also only right user can offer services by using ticket. can reduce signal and reduce delay of message exchanged, can offer persistent service and beighten security and efficiency.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.21 no.5
• /
• pp.181-195
• /
• 2011

There's a controversy about an invasion of privacy which includes a leakage of private information and linking of user's behavior on internet. Although many solutions for this problem are proposed, we think anonymous authentication, authorization, and payment mechanism is the best solution for this problem. In this paper, we propose an effective anonymity-based method that achieves not only authentication but also authorization. Our proposed method uses anonymous qualification certificate and group signature method as an underlying primitive, and combines anonymous authentication and qualification information. An eligible user is legitimately issued a group member key pair through key issuing process and issued some qualification certificates anonymously, and then, he can take the safe and convenience web service which supplies anonymous authentication and authorization. The qualification certificate can be expanded according to application environment and it can be used as payment token.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.33 no.3C
• /
• pp.293-298
• /
• 2008

Recently, with the development of mobile techniques and the consideration to conveniency of using, the research on Mobile RFID Reader technique is getting more and more attentions. Until now, all security authentication algorithms of RFID are algorithms about range between Tag and Reader. The range between Reader and backend DB is composed by wired networks, so it's supposed to be secure range. But it must be taken account of the problem of information security and privacy in wireless range during the design of Mobile RFID Reader. In this paper we design an blind signature scheme based on weil-paring finite group's ECC encryption scheme, and by using this blind signature we propose the anonymous authorization scheme to Mobile RFID Reader's users.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2014.11a
• /
• pp.516-519
• /
• 2014

Cloud computing is an up-and-coming paradigm shift transforming computing models from a technology to a utility. However, security concerns related to privacy, confidentiality and trust are among the issues that threaten the wide deployment of cloud computing. With the advancement of ubiquitous mobile-based clients, the ubiquity of the model suggests a higher integration in our day to day life and this leads to a rise in security issues. To strengthen the access control of cloud resources, most organizations are acquiring Identity Management Systems (IDM). This paper presents one of the most popular IDM systems, specifically OAuth, working in the scope of Mobile Cloud Computing which has many weaknesses in its protocol flow. OAuth is a Delegated Authorization protocol, and not an Authentication protocol and this is where the problem lies. This could lead to very poor security decisions around authentication when the basic OAuth flow is adhered to. OAuth provides an access token to a client, so that it can access a protected resource, based on the permission of the resource owner. Many researchers have opted to implement OpenlD alongside OAuth so as to solve this problem. But OpenlD similarly has several security flows. This paper presents scenarios of how insecure implementations of OAuth can be abused maliciously. We incorporate an authentication protocol to verify the identities before authorization is carried out.

• Journal of information and communication convergence engineering
• /
• v.9 no.5
• /
• pp.562-566
• /
• 2011

As telecommunication technologies in telemedicine services are developed, the expeditious development of wireless and mobile networks has stimulated wide applications of mobile electronic healthcare systems. However, security is an essential system requirement since many patients have privacy concerns when it comes to releasing their personal information over the open wireless channels. Due to the invisible feature of mobile signals, hackers have easier access to hospital networks than wired network systems. This may result in several security incidents unless security protocols are well prepared. In this paper, we analyzed authentication and authorization procedures for healthcare system architecture to apply secure M-health systems in the hospital environment. From the analyses, we estimate optimal requirements as a countermeasure to its vulnerabilities.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• v.9 no.1
• /
• pp.872-875
• /
• 2005

Portable Internet extended from wireless LAN has a large cell size, similar to a wireless mobile communication, and can provides the seamless service which offers middle-low speed mobility. IEEE 802.16e, the international standard of Portable Internet, uses PKMv2(Privacy Key Management) protocol for authorization and key exchange between a MSS(Mobile Subscriber Station) and a BS(Base Station). This paper first reviews and studies overall security architecture of TTA HPi standard and IEEE 802.16e which supports mobility based on WMAN(Wireless Metropolitan Area Network) standard(IEEE 802.16)

• Journal of the Korea Society of Computer and Information
• /
• v.11 no.1 s.39
• /
• pp.177-184
• /
• 2006

The sensors in a ubiquitous network are limited because of the low power and ultra light weight, so many studies have revolved around the sensor. This study improves the process of the registration and authorization and suggests a way to minimize discloser of privacy by using an alias. We introduce RA(Relay Agent) for the restrict function of sensor node, and improve anonymity for private information of each sensor node by assigning alias from SM(Service Manager) in procedure of registration and authentication. The privacy of sensor node is secure in procedure of registration, authentication, and communication between nodes. We could improve the level of security with the only partial increment of computation power of RA and SM without an increase in the amount of sensor nodes.