• Title/Summary/Keyword: User Authorization

Search Result 122, Processing Time 0.023 seconds

The Extended Authentication Protocol using E-mail Authentication in OAuth 2.0 Protocol for Secure Granting of User Access (OAuth 2.0 프로토콜에서 E-mail을 이용한 사용자 권한 인증)

  • Chae, Cheol-Joo;Choi, Kwang-Nam;Choi, Kiseok;Yae, Yong-Hee;Shin, YounJu
    • Journal of Internet Computing and Services
    • /
    • v.16 no.1
    • /
    • pp.21-28
    • /
    • 2015
  • Currently there are wide variety of web services and applications available for users. Such services restrict access to only authorized users, and therefore its users often need to go through the inconvenience of getting an authentication from each service every time. To resolve of such inconvenience, a third party application with OAuth(Open Authorization) protocol that can provide restricted access to different web services has appeared. OAuth protocol provides applicable and flexible services to its users, but is exposed to reply attack, phishing attack, impersonation attack. Therefore we propose method that after authentication Access Token can be issued by using the E-mail authentication. In proposed method, regular user authentication success rate is high when value is 5 minutes. However, in the case of the attacker, the probability which can be gotten certificated is not more than the user contrast 0.3% within 5 minutes.

Development of Win32 API Message Authorization System for Windows based Application Provision Service (윈도우 기반 응용프로그램 제공 서비스를 위한 Win32 API 메시지 인가 시스템의 개발)

  • Kim, Young-Ho;Jung, Mi-Na;Won, Yong-Gwan
    • The KIPS Transactions:PartC
    • /
    • v.11C no.1
    • /
    • pp.47-54
    • /
    • 2004
  • The growth of computer resource and network speed has increased requests for the use of remotely located computer systems by connecting through computer networks. This phenomenon has hoisted research activities for application service provision that uses server-based remote computing paradigm. The server-based remote computing paradigm has been developed as the ASP (Application Service Provision) model, which provides remote users through application sharing protocol to application programs. Security requirement such as confidentiality, availability, integrity should be satisfied to provide ASP service using centralized computing system. Existing Telnet or FTP service for a remote computing systems have satisfied security requirement by a simple access control to files and/or data. But windows-based centralized computing system is vulnerable to confidentiality, availability, integrity where many users use the same application program installed in the same computer. In other words, the computing system needs detailed security level for each user different from others, such that only authorized user or group of users can run some specific functional commands for the program. In this paper, we propose windows based centralized computing system that sets security policies for each user for the use of instructions of the application programs, and performs access control to the instructions based on the security policies. The system monitors all user messages which are executed through graphical user interface by the users connecting to the system. Ail Instructions, i.e. messages, for the application program are now passed to authorization process that decides if an Instruction is delivered to the application program based on the pre-defined security polices. This system can be used as security clearance for each user for the shared computing resource as well as shared application programs.

A Study of improving user authentication procedures for enhanced safety of personal authorization methods (본인확인서비스의 안전성 강화를 위한 본인인증 수단 및 절차 개선 방안 연구)

  • Chio, Jung-Suk;Kim, Jong-Bae
    • Proceedings of the Korea Information Processing Society Conference
    • /
    • 2015.10a
    • /
    • pp.668-671
    • /
    • 2015
  • 본인확인이란 적법하고 합당한 절차에 따라 합의된 사용자임을 증명하고 인증하는 과정을 의미한다. 본 연구에서는 본인확인서비스에서 본인임을 인증하는 다양한 수단들의 특징에서 살펴보고 대표적인 본인확인수단인 아이핀과 휴대폰 서비스의 인증절차 개선 방안을 제안한다. 제안한 방안을 통해 안전성이 강화된 본인확인서비스 제공과 이용이 가능할 것이다.

Design and Evaluation of Secure Framework for User Management in Personal Cloud Environments (퍼스널 클라우드 환경에서 사용자 관리를 위한 보안 프레임워크의 설계 및 평가)

  • Jin, Byungwook;Kim, Jonghwa;Cha, Siho;Jun, Moonseog
    • Journal of Korea Society of Digital Industry and Information Management
    • /
    • v.12 no.1
    • /
    • pp.81-87
    • /
    • 2016
  • Cloud computing technologies are utilized and merged in various domains. Cloud computing technology-based personal cloud service technologies provide mobility and free access by using user centered storages and smart devices such like smart phones and table PCs. Therefore, we should overcome limits on the storage by solving the capacity problems of devices to provide security services in the personal cloud environments It can be addressable to provide the convenience of various security technologies. However, there are some security threats inherited from existing cloud environments and the possibilities of information leakage when devices are lost or stolen. Therefore, we designed a framework for providing secure cloud services by adding objects, such as user authorization, access tokens, set permissions by key generation, and key management assignments, for user management in personal cloud environments. We analyzed the stability of the proposed framework in terms of irreverent use and abuse, access to insiders, and data loss or leakage. And we evaluated the proposed framework in terms of the security with access control requirements in personal cloud environments.

Mobile RFID Service QoS, Security Model (모바일 RFID 서비스를 위한 QoS 및 보안 모델)

  • Kim Mar-Ie;Lee Yong-Jun
    • The Journal of Korean Institute of Communications and Information Sciences
    • /
    • v.31 no.5C
    • /
    • pp.562-567
    • /
    • 2006
  • This paper extends Diameter AAA Protocol to provide secure communication channels between Mobile RFID Service Components and distinct service based on user's QoS level authorization. This paper supposes 900MHz, which is the target RF for Mobile RFID Forum and supposes RFID phone, which equitted with RFID reader. By using extended Diameter AAA server, user is authenticated, authorized and provided dynamic security associations between Mobile RFID Service components. The types of security associations are as followings:between RFID tag and RFID reader, between RFID reader(phone) and MobileRFID Service Agent, between phone and OIS, between phone and OTS and between phone and Accounting/Financial server.

Mobility Management Scheme based on User Mobility QoS and Security-Effective Network in Heterogeneous Mobile Networks (이종의 모바일 네트워크에서 사용자 이동성 QoS와 보안효과적인 네트워크 기반의 이동성관리 기법)

  • Lee, Hyeungwoo;Jeong, Jongpil
    • The Journal of the Institute of Internet, Broadcasting and Communication
    • /
    • v.15 no.2
    • /
    • pp.87-97
    • /
    • 2015
  • To support the efficient mobility MIPv6v, FMIPv6, HMIPv6 and host-based mobility management protocols have been developed. AAAC (Authentication, Authorization, Accounting and Charging) system is applied in this paper analyzed the the existing IPv6 PMIPv6, FPMIPv6 network security effective and IPv6 MMP (Mobile Management Protocol) Features and performance analysis is performed. And IPv6 MMP seamless transfer performance in terms of packet loss probability, will be analyzed. That can be efficiently used as a method for the integration of QoS and mobility so that you can manage and control the resources presented QoSB usage. Results of evaluation results showed a better overall fast handover structure of mobility management techniques. PMIPv6 and FPMIPv6 in many respects the most efficient structure that can be specifically, a fast handover of the structure of the network-based mobility management scheme showed the best results.

The OAuth 2.0 Web Authorization Protocol for the Internet Addiction Bioinformatics (IABio) Database

  • Choi, Jeongseok;Kim, Jaekwon;Lee, Dong Kyun;Jang, Kwang Soo;Kim, Dai-Jin;Choi, In Young
    • Genomics & Informatics
    • /
    • v.14 no.1
    • /
    • pp.20-28
    • /
    • 2016
  • Internet addiction (IA) has become a widespread and problematic phenomenon as smart devices pervade society. Moreover, internet gaming disorder leads to increases in social expenditures for both individuals and nations alike. Although the prevention and treatment of IA are getting more important, the diagnosis of IA remains problematic. Understanding the neurobiological mechanism of behavioral addictions is essential for the development of specific and effective treatments. Although there are many databases related to other addictions, a database for IA has not been developed yet. In addition, bioinformatics databases, especially genetic databases, require a high level of security and should be designed based on medical information standards. In this respect, our study proposes the OAuth standard protocol for database access authorization. The proposed IA Bioinformatics (IABio) database system is based on internet user authentication, which is a guideline for medical information standards, and uses OAuth 2.0 for access control technology. This study designed and developed the system requirements and configuration. The OAuth 2.0 protocol is expected to establish the security of personal medical information and be applied to genomic research on IA.

A Performance Evaluation of EAP-TLS Authentication Model in the AAAv6 (AAAv6에서의 EAP-TLS 인증모델 성능평가)

  • Jeong, Yun-Su;Kim, Hyung-Do;Lee, Hae-Dong;Kim, Hyun-Gon;Lee, Sang-Ho
    • The KIPS Transactions:PartC
    • /
    • v.11C no.3
    • /
    • pp.309-318
    • /
    • 2004
  • AAAv6-based Diameter method is using in the user authentication to satisfy the users' increasing user authentication demand and to supply a safe communication between mobile node and server in the Mobile IP. therefore, In this paper, We design a model of server capacity based on EAP-TLS that in one of AAAv6 models with mobility among domains to get the optimized capacity index of the server for user authentication accomplishment. We elicitat the authentication capacity index for each server of which is accomplishing in user authentication using DSA/RSA algorithm and purpose the optimized condition for the AAAv6 capacity by the index.

Access-Authorizing and Privacy-Preserving Auditing with Group Dynamic for Shared Cloud Data

  • Shen, Wenting;Yu, Jia;Yang, Guangyang;Zhang, Yue;Fu, Zhangjie;Hao, Rong
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.10 no.7
    • /
    • pp.3319-3338
    • /
    • 2016
  • Cloud storage is becoming more and more popular because of its elasticity and pay-as-you-go storage service manner. In some cloud storage scenarios, the data that are stored in the cloud may be shared by a group of users. To verify the integrity of cloud data in this kind of applications, many auditing schemes for shared cloud data have been proposed. However, all of these schemes do not consider the access authorization problem for users, which makes the revoked users still able to access the shared cloud data belonging to the group. In order to deal with this problem, we propose a novel public auditing scheme for shared cloud data in this paper. Different from previous work, in our scheme, the user in a group cannot any longer access the shared cloud data belonging to this group once this user is revoked. In addition, we propose a new random masking technique to make our scheme preserve both data privacy and identity privacy. Furthermore, our scheme supports to enroll a new user in a group and revoke an old user from a group. We analyze the security of the proposed scheme and justify its performance by concrete implementations.