• Title/Summary/Keyword: User authentication protocol

Search Result 341, Processing Time 0.026 seconds

Secure and Efficient Key Management Scheme for Wireless Mesh Network (무선 메쉬망에서의 안전하고 효율적인 키관리 스킴)

  • Salam, Md. Iftekhar;Singh, Madhusudan;Lee, Sang-Gon;Lee, Hoon-Jae
    • Proceedings of the Korea Information Processing Society Conference
    • /
    • 2011.04a
    • /
    • pp.844-847
    • /
    • 2011
  • Wireless mesh network (WMN) is a type of mobile ad-hoc network consists of wireless router, mobile clients and gateway which connects the network with the Internet. To provide security in the network it is required to encrypt the message sent among the communicating nodes in such way so that only legitimate user can retrieve the original data. Several security mechanisms have been proposed so far to enhance the security of WMN. However, there still exists a need for a comprehensive mechanism to prevent attacks in data communication. Considering the characteristic of mesh network, in this paper we proposed a public key cryptography based security architecture to establish a secure key agreement among communicating nodes in mesh network. The proposed security architecture consists of two major sections: client data protection and network data protection. Client data protection deals with the mutual authentication between the client and the access router and provide client to access router encryption for data confidentiality using standard IEEE 802.11i protocol. On the other hand, network data protection ensures encrypted routing and data transfer in the multi hop backbone network. For the network data protection, we used the pre-distributed public key to form a secure backbone infrastructure.

Design and Evaluation of DRM Model with Strong Security Based on Smart Card (스마트카드 기반의 강한 보안을 갖는 DRM 모델의 설계 및 평가)

  • Park, Jong-Yong;Kim, Young-Hak;Choe, Tae-Young
    • Journal of Digital Contents Society
    • /
    • v.12 no.2
    • /
    • pp.165-176
    • /
    • 2011
  • Recently, digital rights management (DRM) related researches are widely spreading with prosperity of IT industries. The DRM technology protects proprietor of copyright by preventing mischanneling and illegal copy. In this paper, we propose a new DRM model that has an enhanced and efficient protocol based on certificate using smart card. The proposed model overcomes weaknesses of WCDRM model and has following additional advantages: first, copy protection is enhanced by hiding user's specific information from attacker by storing the information within smart card; second, server load for contents encryption is reduced by making clear protocols among author, distributer, certificate authority, and users; third, offline user authentication is guaranteed by combining partial secret values in media players and smart card. Exposure of core information also is minimized by storing them in smart card. In addition, we show that the proposed system is more secure than WCDRM model by comparing various factors of anonymous attackers.

OAuth based Proxy Delegation Service (OAuth 기반의 대리 인증서 위임 서비스)

  • Heo, Daeyoung;Hwang, Suntae
    • Journal of Internet Computing and Services
    • /
    • v.13 no.6
    • /
    • pp.55-62
    • /
    • 2012
  • Grid web applications by standard Web technology are increasingly used to provide grid service to users as normal Web user interface and service. It is however difficult to integrate a grid security system such as Grid Security Infrastructure (GSI) into Web applications because the delegation way of standard Web security is not the same as the one of Grid security. This can be solved by allowing Web applications to get a Grid credential by using an online credential repository system such as MyProxy. In this paper, we investigate the problem that occurs when MyProxy, which assumes mutual trust between a user and Grid web application, is adapted for achieving security integration between Web and Grid, and we propose a new Grid proxy delegation service to delegate a Grid credential to the Web without assuming mutual trust. In the service, the X.509 proxy delegation process is added to OAuth protocol for credential exchange, and authentication can be done by an external service such as OpenID. So, users can login onto the Grid web application in a single sign-on manner, and are allowed to securely delegate and retrieve multiple credentials for one or more Virtual Organizations.

Securing Sensitive Data in Cloud Storage (클라우드 스토리지에서의 중요데이터 보호)

  • Lee, Shir-Ly;Lee, Hoon-Jae
    • Proceedings of the Korea Information Processing Society Conference
    • /
    • 2011.04a
    • /
    • pp.871-874
    • /
    • 2011
  • The fast emerging of network technology and the high demand of computing resources have prompted many organizations to outsource their storage and computing needs. Cloud based storage services such as Microsoft's Azure and Amazon's S3 allow customers to store and retrieve any amount of data, at anytime from anywhere via internet. The scalable and dynamic of the cloud storage services help their customer to reduce IT administration and maintenance costs. No doubt, cloud based storage services brought a lot of benefits to its customer by significantly reducing cost through optimization increased operating and economic efficiencies. However without appropriate security and privacy solution in place, it could become major issues to the organization. As data get produced, transferred and stored at off premise and multi tenant cloud based storage, it becomes vulnerable to unauthorized disclosure and unauthorized modification. An attacker able to change or modify data while data inflight or when data is stored on disk, so it is very important to secure data during its entire life-cycle. The traditional cryptography primitives for the purpose of data security protection cannot be directly adopted due to user's lose control of data under off premises cloud server. Secondly cloud based storage is not just a third party data warehouse, the data stored in cloud are frequently update by the users and lastly cloud computing is running in a simultaneous, cooperated and distributed manner. In our proposed mechanism we protect the integrity, authentication and confidentiality of cloud based data with the encrypt- then-upload concept. We modified and applied proxy re-encryption protocol in our proposed scheme. The whole process does not reveal the clear data to any third party including the cloud provider at any stage, this helps to make sure only the authorized user who own corresponding token able to access the data as well as preventing data from being shared without any permission from data owner. Besides, preventing the cloud storage providers from unauthorized access and making illegal authorization to access the data, our scheme also protect the data integrity by using hash function.

Distributed Certificate Authority under the GRID-Location Aided Routing Protocol (Ad hoc 네트워크에서 GRID-Location Aided Routing 프로토콜을 이용한 분산 CA 구성)

  • Lim, Ji-Hyung;Kang, Jeon-Il;Koh, Jae-Young;Han, Kwang-Taek;Nyang, Dae-Hun
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.15 no.6
    • /
    • pp.59-69
    • /
    • 2005
  • Ad hoc network is the network which can be considered without a pre-constructed infrastructure, and a mobile node can join the network freely. However, the participation of the mobile nodes to the ad hoc network brings up much burden of re-computation for new routes, because it leads to losing the connection frequently. And, also, it causes serious security problem to be broadcasted wrong information by the malicious user. Therefore, it needs authentication against the mobile nodes. To make that Possible, we have two methods: single CA and distributed CA. In the case of CA method, the wireless network can be collapsed owing to expose the CA, but still the distributed CA method is a little more safe than previous one because it needs attacks toward a lot of CAs to collapse the network We can consider Secret Share scheme as the method that constructs the distributed CA system, but it is weak when the network size is too large. In this paper, we suggest hierarchical structure for the authentication method to solve this problem, and we will show the results of simulation for this suggestion.

Model and Architecture of User-Defined Networks for Seamless Mobility Management in Diverse Wireless Environment (다양한 무선 환경에서 끊김 없는 이동성 관리를 위한 사용자 정의 네트워크 모델 및 구조)

  • Chun, Seung-Man;Nah, Jae-Wook;Lee, Seung-Mu;Choi, Jun-Hyuk;Park, Jong-Tae
    • Journal of the Institute of Electronics Engineers of Korea TC
    • /
    • v.48 no.11
    • /
    • pp.35-43
    • /
    • 2011
  • In this paper, we propose a novel architecture for seamless mobility management to provide users with seamless Internet connection when users roam between diverse wireless local area networks (WLANS) controlled by different management entities. There have been many researches in IETF, i.e., MIPv6, HMIPv6, and PMIPv6, to provide the mobility management. However, practically since wireless access points or access routers, which are managed by an individual manager or ISP managers, have different authentication scheme and the supported mobility management, the previous mobility management protocol developed by IETF can not guarantee the quality of service of application services as the mobile node performs the handover. To solve this drawback, we propose the mobility management scheme to provide QoS-guaranteed Internet services during the handover by configurating the wireless networks which is defined by users. More specifically, we present a model, the architecture and an algorithm for user-defined network (UDN) to provide the seamless Internet service. Finally, the performance of the proposed algorithm is evaluated by the network simulation tool.

Telemedicine Conference System for Realtime Transfer of Heart Sound (실시간 심음 전송을 위한 원격 의료상담시스템)

  • Lee, Byung-Mun;Cho, Won-Hee;Yoon, Young-Mi
    • The Journal of the Korea Contents Association
    • /
    • v.9 no.8
    • /
    • pp.158-165
    • /
    • 2009
  • Counselling between a patient and a doctor is crucial in telemedicine. In order for the doctor to examine the patient accurately, it needs an auscultation, at least. Currently, some video conference systems are implemented but it is hard to use them in the case of an cardiac disorder, because the patients suffering from cardiac disorder cannot be examined by a stethoscope over Internet. To solve this problem, the remote counselling service has to support real time transmission of the heart sound of the patient. In this paper, we present a remote counselling system with stethoscope. We also design and implement the system in order for health monitor to connect the patient with his attending physician for the environment of u-healthcare service. The proposed system supports a mobility for doctor and patient by exchanging IP addresses at an user authentication protocol. The system implemented by this paper can be used for cardiac patients in remote clinical setting in the future.

A Design of Permission Management System Based on Group Key in Hadoop Distributed File System (하둡 분산 파일 시스템에서 그룹키 기반 Permission Management 시스템 설계)

  • Kim, Hyungjoo;Kang, Jungho;You, Hanna;Jun, Moonseog
    • KIPS Transactions on Computer and Communication Systems
    • /
    • v.4 no.4
    • /
    • pp.141-146
    • /
    • 2015
  • Data have been increased enormously due to the development of IT technology such as recent smart equipments, social network services and streaming services. To meet these environments the technologies that can treat mass data have received attention, and the typical one is Hadoop. Hadoop is on the basis of open source, and it has been designed to be used at general purpose computers on the basis of Linux. To initial Hadoop nearly no security was introduced, but as the number of users increased data that need security increased and there appeared new version that introduced Kerberos and Token system in 2009. But in this method there was a problem that only one secret key can be used and access permission to blocks cannot be authenticated to each user, and there were weak points that replay attack and spoofing attack were possible. Hence, to supplement these weak points and to maintain efficiency a protocol on the basis of group key, in which users are authenticated in logical group and then this is reflected to token, is proposed in this paper. The result shows that it has solved the weak points and there is no big overhead in terms of efficiency.

A Cryptographic Model to Protect Private Information against Malicious Proxy in Jini (악의적 지니 프록시로부터 비밀 정보 보호를 위한 암호학적 모델)

  • Yang Jong-Phil;Rhee Kyung-Hyune
    • The KIPS Transactions:PartC
    • /
    • v.13C no.1 s.104
    • /
    • pp.27-34
    • /
    • 2006
  • In the near future, people will wish to access many kinds of heterogeneous networks to use their services anytime and anywhere. Owing to the heterogeneity of networks, there must be many kinds of protocols to guarantee secure services. The mobile device can depend in a middleware for accessing services in the heterogeneous networks and the middleware helps the mobile device to communicate with services without blowing concrete protocols. If a secure channel is necessary, the middleware may access a private key in the mobile device to perform a security protocol. In this paper, we focus on the security of a private key in the mobile device against malicious middlewares. To do so, we introduce two models for a user to protect his/her private key against malicious middlewares by generating authentication data(e.g., digital signatures) without keeping the private key in the mobile device.

A Framework of N-Screen Session Manager based N-Screen Service using Cloud Computing in Thin-Client Environment (씬클라이언트 환경에서 클라우드 컴퓨팅을 이용한 N-Screen 세션 관리 기반의 N-Screen 서비스 프레임워크)

  • Alsaffar, Aymen Abdullah;Song, Biao;Hassan, Mohammad Mehedi;Huh, Eui-Nam
    • Journal of Internet Computing and Services
    • /
    • v.13 no.2
    • /
    • pp.21-32
    • /
    • 2012
  • We develop architecture of a virtual aggregation gateway (VAG) which enables composite application streaming based on N-Screen-as-a-Service (NaaS) using cloud computing in thin-client environment. We also discuss the problem of server computing burden in large scale multi-client case for screens sharing with composite application streaming over the internet. In particular, we propose an efficient Framework of N-Screen Session Manager which manages all media signaling that are necessary to deliver demanded contents. Furthermore, it will provides user with playback multimedia contents method (TV Drama, Ads, and Dialog etc) which is not considered in other research papers. The objectives of proposing N-Screen Session Manager are to (1) manage session status of all communication sessions (2) manage handling of received request and replies (3) allow users to playback multimedia contents anytime with variety of devices for screen sharing and (4) allow users to transfer an ongoing communication session from one device to another. Furthermore, we discuss the major security issues that occur in Session Initiation Protocol as well as minimizing delay resulted from session initiations (playback or transfer session).