• Title/Summary/Keyword: User-based Security Management

Search Result 401, Processing Time 0.033 seconds

Security Analysis of a Biometric-Based User Authentication Scheme (Biometric 정보를 기반으로 하는 사용자 인증 스킴의 안전성 분석)

  • Lee, Young Sook
    • Journal of Korea Society of Digital Industry and Information Management
    • /
    • v.10 no.1
    • /
    • pp.81-87
    • /
    • 2014
  • Password-based authentication using smart card provides two factor authentications, namely a successful login requires the client to have a valid smart card and a correct password. While it provides stronger security guarantees than only password authentication, it could also fail if both authentication factors are compromised ((1) the user's smart card was stolen and (2) the user's password was exposed). In this case, there is no way to prevent the adversary from impersonating the user. Now, the new technology of biometrics is becoming a popular method for designing a more secure authentication scheme. In terms of physiological and behavior human characteristics, biometric information is used as a form of authentication factor. Biometric information, such as fingerprints, faces, voice, irises, hand geometry, and palmprints can be used to verify their identities. In this article, we review the biometric-based authentication scheme by Cheng et al. and provide a security analysis on the scheme. Our analysis shows that Cheng et al.'s scheme does not guarantee any kind of authentication, either server-to-user authentication or user-to-server authentication. The contribution of the current work is to demonstrate these by mounting two attacks, a server impersonation attack and a user impersonation attack, on Cheng et al.'s scheme. In addition, we propose the enhanced authentication scheme that eliminates the security vulnerabilities of Cheng et al.'s scheme.

An Implementation Method of Improved Document DRM for Preventing Information Leakage using RBAC Approach (RBAC을 이용한 정보유출 방지를 위한 보안성이 강화된 문서 DRM 구현)

  • Choi, Young Hyun;Eom, Jung Ho;Chung, Tai Myoung
    • Journal of Korea Society of Digital Industry and Information Management
    • /
    • v.7 no.4
    • /
    • pp.57-66
    • /
    • 2011
  • We implemented the document DRM applying role based access control(RBAC) mechanism for preventing the information leakage of a document which is transmitted in network environment. It must prevent to access document not related to user role and duty, and must allow operation to document for improving security, considering user role and security level according to a document importance. We improved the security of document DRM by adding to the access control module applying RBAC for satisfying security requirements. Though the user access document, our system allows operation authorizations to document by the user's role & security level and the security attribute of RBAC. Our system prevents indiscriminate access to the documents by user who is not associated with the role, and prevents damage the confidentiality and integrity.

Internet ID Management System based on ID Federation: e-IDMS (ID 연계 기반의 인터넷 ID Management System: e-IDMS)

  • Cho Yeong-Sub;Jin Seung-Hun;Moon Phil-Joo;Chung Kyo-Il
    • Journal of the Institute of Electronics Engineers of Korea TC
    • /
    • v.43 no.7 s.349
    • /
    • pp.104-114
    • /
    • 2006
  • In order to use an Internet service, it is a general procedure that user subscribes to the service and then registers her or his id(identifier). As Internet has been more widely used, however, user has more and more ids than ever before. In this environments, whenever user uses an Internet service, she or he must authenticate to the service provider, which makes her or him inconvenient. As user's data is scattered and unmanaged on various web sites, user privacy has been revealed more often. This paper specifies e-IDMS which ETRI has been developing to solve such problems. e-IDMS is an Internet ID(IDentity) management system based on ID Federation Mechanism e-IDMS provides ID Federation-based facilities such as composite authentication, Internet SSG, ID information management, privacy protection and interactive query. e-IDMS is used in establishing integrated ill management system for public institutions.

Design and Evaluation of Secure Framework for User Management in Personal Cloud Environments (퍼스널 클라우드 환경에서 사용자 관리를 위한 보안 프레임워크의 설계 및 평가)

  • Jin, Byungwook;Kim, Jonghwa;Cha, Siho;Jun, Moonseog
    • Journal of Korea Society of Digital Industry and Information Management
    • /
    • v.12 no.1
    • /
    • pp.81-87
    • /
    • 2016
  • Cloud computing technologies are utilized and merged in various domains. Cloud computing technology-based personal cloud service technologies provide mobility and free access by using user centered storages and smart devices such like smart phones and table PCs. Therefore, we should overcome limits on the storage by solving the capacity problems of devices to provide security services in the personal cloud environments It can be addressable to provide the convenience of various security technologies. However, there are some security threats inherited from existing cloud environments and the possibilities of information leakage when devices are lost or stolen. Therefore, we designed a framework for providing secure cloud services by adding objects, such as user authorization, access tokens, set permissions by key generation, and key management assignments, for user management in personal cloud environments. We analyzed the stability of the proposed framework in terms of irreverent use and abuse, access to insiders, and data loss or leakage. And we evaluated the proposed framework in terms of the security with access control requirements in personal cloud environments.

Design and Implement of Authentication System for Secure User Management for Secure on Medical ICT Convergence Environment (의료 ICT융합 환경에서 안전한 사용자 관리를 위한 인증시스템 설계 및 구현: 중소형 의료기관을 중심으로)

  • Kim, Yanghoon;Choi, Yean Jung
    • Convergence Security Journal
    • /
    • v.19 no.3
    • /
    • pp.29-36
    • /
    • 2019
  • The convergence of traditional industry and ICT is a combination of security threats and vulnerabilities in ICT and specific industry-specific problems of existing industries, and new security threats and vulnerabilities are emerging. In particular, in the medical ICT convergence industry, various problems regarding user authentication are derived from the medical information system, which is being used for abuse and security weaknesses. According, this study designed and implemented a user authentication system for secure user management in medical ICT convergence environment. Specifically, we design and implement measures to solve the abuse and security weaknesses of ID sharing and to solve the inconvenience of individual ID / PW authentication by performing user authentication using personalized devices based on medical information systems.

Concept of the Cloud Type Virtual Policy Based Network Management Scheme for the Whole Internet

  • Kazuya, Odagiri;Shogo, Shimizu;Naohiro, Ishii
    • International Journal of Computer Science & Network Security
    • /
    • v.23 no.1
    • /
    • pp.71-77
    • /
    • 2023
  • In the current Internet system, there are many problems using anonymity of the network communication such as personal information leaks and crimes using the Internet system. This is why TCP/IP protocol used in Internet system does not have the user identification information on the communication data, and it is difficult to supervise the user performing the above acts immediately. As a study for solving the above problem, there is the study of Policy Based Network Management (PBNM). This is the scheme for managing a whole Local Area Network (LAN) through communication control for every user. In this PBNM, two types of schemes exist. As one scheme, we have studied theoretically about the Destination Addressing Control System (DACS) Scheme with affinity with existing internet. By applying this DACS Scheme to Internet system management, we will realize the policy-based Internet system management. In this paper, to realize it, concept of the Internet PBNM Scheme is proposed as the final step.

An Implementation of NEIS′DB Security Using RBAC based on PMI (PMI기반의 RBAC를 이용한 NEIS의 DB 보안 구현)

  • Ryoo Du-Gyu;Moon Bong-Keun;Jun Moon-Seog
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.14 no.6
    • /
    • pp.31-45
    • /
    • 2004
  • Public Key Infrastructure(PKI) provides a strong authentication. Privilege Management Infrastructure(PMI) as a new technology can provide user's attribute information. The main function of PMI is to give more specified authority and role to user. To authenticate net and role, we have used digital signature. Role Based Access Control(RBAC) is implemented by digital signature. RBAC provides some flexibility for security management. NEIS(National Education Information System) can not always provide satisfied quality of security management. The main idea of the proposed RNEIS(Roll Based NEIS) is that user's role is stored in AC, access control decisions are driven by authentication policy and role. Security manager enables user to refer to the role stored in user's AC, admits access control and suggests DB encryption by digital signature.

Basic System Design in the PBNM Scheme for Multiple Domains as Cyber Physical System Using Data Science and AI

  • Kazuya Odagiri;Shogo Shimizu;Naohiro Ishii
    • International Journal of Computer Science & Network Security
    • /
    • v.23 no.11
    • /
    • pp.1-7
    • /
    • 2023
  • In the current Internet system, there are many problems using anonymity of the network communication such as personal information leaks and crimes using the Internet system. This is why TCP/IP protocol used in Internet system does not have the user identification information on the communication data, and it is difficult to supervise the user performing the above acts immediately. As a study for solving the above problem, there is the study of Policy Based Network Management (PBNM). This is the scheme for managing a whole Local Area Network (LAN) through communication control for every user. In this PBNM, two types of schemes exist. As one scheme, we have studied theoretically about the Destination Addressing Control System (DACS) Scheme with affinity with existing internet. By applying this DACS Scheme to Internet system management, we will realize the policy-based Internet system management. In this paper, basic system design for PBNM scheme for multi-domain management utilizing data science and AI is proposed.

Experiment in the PBNM Scheme for Multiple Domains as Cyber Physical System Using Data Science and AI

  • Kazuya Odagiri;Shogo Shimizu;Naohiro Ishii
    • International Journal of Computer Science & Network Security
    • /
    • v.24 no.8
    • /
    • pp.54-60
    • /
    • 2024
  • In the current Internet system, there are many problems using anonymity of the network communication such as personal information leaks and crimes using the Internet system. This is why TCP/IP protocol used in Internet system does not have the user identification information on the communication data, and it is difficult to supervise the user performing the above acts immediately. As a study for solving the above problem, there is the study of Policy Based Network Management (PBNM). This is the scheme for managing a whole Local Area Network (LAN) through communication control for every user. In this PBNM, two types of schemes exist. As one scheme, we have studied theoretically about the Destination Addressing Control System (DACS) Scheme with affinity with existing internet. By applying this DACS Scheme to Internet system management, we will realize the policy-based Internet system management. In this paper, basic system design for PBNM scheme for multi-domain management utilizing data science and AI is showed with experiment in feasibility.

Security Analysis to an Biometric Authentication Protocol for Wireless Sensor Networks (WSN 환경에서 Biometric 정보를 이용한 사용자 인증 스킴의 안전성 분석)

  • Lee, Youngsook
    • Journal of Korea Society of Digital Industry and Information Management
    • /
    • v.11 no.1
    • /
    • pp.59-67
    • /
    • 2015
  • A novel authentication mechanism is biometric authentication where users are identified by their measurable human characteristics, such as fingerprint, voiceprint, and iris scan. The technology of biometrics is becoming a popular method for engineers to design a more secure user authentication scheme. In terms of physiological and behavioral human characteristics, biometrics is used as a form of identity access management and access control, and it services to identity individuals in groups that are under surveillance. In this article, we review the biometric-based authentication protocol by Althobati et al. and provide a security analysis on the scheme. Our analysis shows that Althobati et al.'s scheme does not guarantee server-to-user authentication. The contribution of the current work is to demonstrate this by mounting threat of data integrity and bypassing the gateway node on Althobati et al.'s scheme. In addition, we analysis the security vulnerabilities of Althobati et al.'s protocol.