한국정보과학회논문지:컴퓨팅의 실제 및 레터 (Journal of KIISE:Computing Practices and Letters)

한국정보과학회 (Korean Institute of Information Scientists and Engineers)
권호 표지

분산 컴퓨팅 환경을 위한 통합 인증 시스템

Single Sign-On for Distributed Computing Environment

  • 정연식 (성공회대학교 컴퓨터정보공학부) ;
  • 김인겸 (성결대학교 정보통신공학부)
  • 발행 : 2003.08.01
PDF 다운로드
⟨ 이전 논문 다음 논문 ⟩

초록

본 논문에서는 공개키 기반구조에 기반한 통합 인증 시스템을 설계, 구현하였다. 통합 인증 시스템에서는 사용자가 하나의 패스워드를 이용해서 분산 컴퓨팅 환경하의 모든 응용 서버에 접속할 수 있으며, 사용자가 입력한 패스워드가 네트워크를 통해서 전송되지 않으므로 패스워드 도철 및 재사용 공격으로부터 안전하다 제안한 시스템은 전자서명과 암호학적 인증 프로토콜을 이용하여 구현되었으며, 안정적인 시스템 설계를 위하여 메시지 시퀀스 차트와 상태 천이 다이어그램을 이용하였다.

In this paper, a single sign-on system has been designed and implemented. The purpose of the proposed system is that a user logs in once using a single password and gets authenticated access to all the servers that he is authorized to use without sending any passwords over the network. The proposed system involves the use of digital signature and cryptographic authentication protocols. For its implementation, a public-key infrastructure is also designed and implemented. To view the behavior of the proposed system, message sequence charts and state transition diagrams have been

키워드

참고문헌

  1. H. P. Konigs, 'Cryptographic identification methods for smart cards in the process of standardization,' IEEE Communications Magazine, vol. 29, no. 6, pp. 42 48, Jun. 1991 https://doi.org/10.1109/35.79401
  2. L. Huovinen, 'Modern encryption methods in user authentication,' in Proceedings of Helsinki Uni versity of Technology, Seminar on Network Security: Security of Corporate Networks, Chap. 4, 1997
  3. J. Hursti, 'Single sign-on,' in Proceedings of Helsinki University of Technology, Seminar on Network Security: Security of Corporate Net works, Chap. 2, 1997
  4. T. Tervo, 'Single sign on solutions in a mixed computing environment,' in Proceedings of Helsinki University of Technology, Seminar on Network Security: Authorization and Access Control in Open Network Environment, Chap. 7, 1998
  5. B. C. Neuman and T. Ts'o, 'Kerberos: an authentication service for computer networks,' IEEE Communications Magazine, vol. 32, no. 9, pp. 33 38, Sep., 1994 https://doi.org/10.1109/35.312841
  6. Netscape Communications Corporation, Single Sign-On Deployment Guide: Security, Netscape Communications Corporation, 1997
  7. S. Chokhani, 'Toward a national public key infrastructure,' IEEE Communications Magazine, vol. 32, no. 9, pp. 70 74, Sep. 1994 https://doi.org/10.1109/35.312846
  8. E. Rudolph, P. Graubmann, and J. Grabowski, 'Tutorial on message sequence charts,' Computer Networks and ISDN Systems, vol. 28, no. 12, pp. 16291641, Dec. 1996 https://doi.org/10.1016/0169-7552(95)00122-0
  9. W. Yeong, T. A. Howes, and S. Kille, Lightweight Directory Access Protocol, RFC 1777, Mar. 1995
  10. OpenLDAP, http://www.openldap.org.
  11. R. L. Rivest, A. Shamir, and L. M. Adleman, 'A method for obtaining digital signature and public key cryptosystems,' Communications of the ACM, vol. 21, no. 2, pp. 120-126, 1978 https://doi.org/10.1145/359340.359342
  12. RSA Laboratories, PKCS #1: RSA Cryptography Standard, RSA Laboratories, Sept. 1998, Version 2.0
  13. RSA Laboratories, PKCS #5: Password-Based Cryptography Standard, RSA Laboratories, Mar. 1999, Version 2.0
  14. RSA Laboratories, PKCS #8: Private-Key Information Syntax Standard, RSA Laboratories, Nov. 1993, Version 1.2
  15. RSA Laboratories, PKCS #10: Certification Request Syntax Standard, RSA Laboratories, May 2000, Version 1.7
  16. RSA Laboratories, PKCS #7: Cryptographic Message Syntax Standard, RSA Laboratories, Nov. 1993, Version 1.5
  17. D. Hogrefe, 'Validation of SDL systems,' Computer Networks and ISDN Systems, vol. 28, no. 12, pp. 1659-1667, Dec. 1996 https://doi.org/10.1016/0169-7552(95)00124-7