한국정보통신학회논문지 (Journal of the Korea Institute of Information and Communication Engineering)

  • 제19권9호
  • /
  • Pages.2056-2063
  • /
  • 2015
  • /
  • 2234-4772(pISSN)
  • /
  • 2288-4165(eISSN)
한국정보통신학회 (The Korea Institute of Information and Commucation Engineering)
권호 표지
DOI QR코드

DOI QR Code

클라우드 서비스 환경의 안전한 인증과 보안세션 관리를 위한 다중세션 인증 기법

Multi-session authentication scheme for secure authentication and session management of cloud services environment

  • Choi, Do-hyeon (Computer Science, Soongsil University) ;
  • Park, Jung-oh (Information & Communication Engineering, Dongyang Mirae University)
  • 투고 : 2015.07.27
  • 심사 : 2015.09.07
  • 발행 : 2015.08.20
PDF 다운로드
⟨ 이전 논문 다음 논문 ⟩

초록

최근 클라우드 서비스는 서비스 규모가 확대됨에 따라 신규 취약성과 보안 관련 사건·사고에 대한 우려로 인한 불안감도 함께 증가하고 있다. 본 논문은 사용자 인증 이후 생성되는 보안세션의 다중 세션관리를 위한 인증 기법을 제안한다. 제안하는 기법의 세션다중화는 서비스 제공자 내부의 가상화(하이퍼바이저) 수준에서 보안세션의 독립적 관리를 가능하게 한다. 성능분석결과 상호인증과 세션 다중화로 인한 강력한 안전성을 제공하고, 기존 상호인증 암호화 알고리즘을 비교하여 성능의 우수성을 입증하였다.

Recently, as the service scale of cloud service is expanded, an anxiety due to concerns on new vulnerabilities and security related incidents and accidents are also increasing. This paper proposes a certification scheme for multiple session management of security sessions which are generated after the user authentication. The proposed session multiplexing scheme enables the independent management of security sessions in the level of virtualization (hypervisor) within the service provider. As a result of performance analysis, providing a strong safety due to session multiplexing and mutual authentication, and the superiority of performance was proven by comparing it with the existing mutual authentication encryption algorithms.

키워드

참고문헌

  1. AD Meniya, HB Jethva, "Single-Sign-On (SSO) across open cloud computing federation", International Journal of Engineering Research and Applications, No. 2, pp. 891- 895, 2012.
  2. Choi-Dohyeon, et al, “A Design of Security Structure in Bare Metal Hypervisor for Virtualized Internal Enviroment of Cloud Service”, The Journal of Korean Institute of Communications and Information Sciences, Vol. 38, No. 7, pp. 526-534, 2013. https://doi.org/10.7840/kics.2013.38B.7.526
  3. Son-Seungwoo, “Legal Issues on Cloud Computing Service & SaaS”, Korea Association For Informedia Law, Vol. 14, No. 2, 2010.
  4. Jung-SungJae, Bae-YuMi, "Trend analysis of Threats and Technologies for Cloud Security", Journal of Security Engineering Vol.10, No2, 2013.
  5. AD Meniya, HB Jethva, “Single-Sign-On (SSO) across open cloud computing federation”, International Journal of Engineering Research and Applications 2, pp. 891-895, 2012.
  6. Internet Crime Complaint Center (IC3), “2013 Internet Crime Report”, 2013.
  7. KISA, “Cyber Security Issue 09 Trend”, Korea Internet & Security Agency, 2014.
  8. KISA, “Web standards-based certification services Introduction and implementation of technical Guide”, Korea Internet & Security Agency, 2014.
  9. KISA, “I-PIN 2.0 introducing Guide”, Korea Internet & Security Agency, 2010.
  10. GCMA, “Security Server Deployment Guide (ver 5.1)”, Korea Goverment Cerification Management Authority, 2012.
  11. FSI, “Electronic banking authentication technology Research Reports”, Financial Security Institute, 2011.
  12. MOPAS, “Personal information protection statutes and guidelines notice Explanation”, Ministry of Government Administration and Home Affairs, 2011.
  13. KISA, “Website vulnerability diagnosis and removal guide for information systems development and administrator”, Korea Internet & Security Agency, 2013.
  14. KISIA, “Changes in the IT ecosystem, according to a spreading cloud services and Countermeasure”, Korea IT Service Industry Association, 2012.
  15. Sin-Youngsang, “Hypervisor-based virtualization security technology trends in cloud environments”, Korea Internet & Security Agency, 2014.
  16. Jung-Hyeonjun, “Trends and major issues of the virtualization technology”, Korea Information Society Development Institute, 2013.
  17. Gina Stevens. (2015, June). Data Security Breach Notification Laws. University of Maryland Francis King Carey School of Laws[Online]. Available: http://www.ncsl.org/research/telecommunications-and-information-technology/security-breach-notification-laws.aspx
  18. Korea Ministry of Goverment Legislation. (2012, August). Promotion of Information and Communications Network Utilization and Information Protection Act[Online]. Available: http://www.law.go.kr/lsInfoP.do?lsiSeq=123210&efYd=20120818#0000.
  19. KISA. (2015, March). OpenSSL a multi Vulnerabilities Security Update Advisory[Online]. Available: https://www.krcert.or.kr/kor/data/secNoticeView.jsp?p_bulletin_writing_sequence=22627
  20. Bodo Moller, Thai Duong, Krzysztof Kotowicz. (2013, September). This POODLE Bites: Exploiting The SSL 3.0 Fallback[Online]. Available: https://www.openssl.org/~bodo/ssl-poodle.pdf
  21. National Vulnerability Database (2015, January). Vulnerability Summary for CVE-2015-0204[Online]. Available: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0204.
  22. National Vulnerability Database. (2014, April). Vulnerability Summary for CVE-2014-0160[Online]. Available: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0160.

피인용 문헌

  1. 클라우드 환경을 위한 효율적인 권한 기반 키 설립 프로토콜 vol.28, pp.5, 2015, https://doi.org/10.13089/jkiisc.2018.28.5.1035