Journal of the Korea Convergence Society (한국융합학회논문지)

Korea Convergence Society (한국융합학회)
권호 표지
DOI QR코드

DOI QR Code

User Authentication of a Smart City Management System

스마트시티 매니지먼트 시스템에서의 사용자인증보안관리

  • Hwang, Eui-Dong (School of Electrical and Computer Engineering, University of Seoul) ;
  • Lee, Yong-Woo (School of Electrical and Computer Engineering, University of Seoul)
  • 황의동 (서울시립대학교 전자전기컴퓨터공학과) ;
  • 이용우 (서울시립대학교 전자전기컴퓨터공학과)
  • Received : 2018.10.04
  • Accepted : 2019.01.20
  • Published : 2019.01.28
Download PDF
⟨ Previous Next ⟩

Abstract

In this paper, we introduce the UTOPIA Smart City Security Management System which manages a user authentication for smart cities. Because the smart city management system should take care of huge number of users and services, and various kinds of resources and facilities, and they should be carefully controlled, we need a specially designed security management system. UTOPIA is a smart city system based on ICT(Information and Communication Technology), and it has a three tier structure of UTOPIA portal system, UTOPIA processing system and UTOPIA infrastructure system. The UTOPIA processing system uses the smart city middleware named SmartUM. The UTOPIA Smart City Security Management System is implemented in the application security layer, which is the top layer of the SmartUM middleware, and the infrastructure security layer, which is the lowest layer. The UTOPIA Smart City security management system is built on the premise that it supports all existing user authentication technologies. This paper introduces the application security layer and describes the authentication management in the application security layer.

본 논문에서는 스마트시티에 대한 사용자 인증을 통합하여 수행하는 UTOPIA 스마트시티 보안 관리 시스템을 소개한다. 스마트시티 관리 시스템은 엄청난 수의 사용자와 서비스를 관리해야하며 하나하나 개별적으로 신중하게 관리해야하므로, 특별히 고안된 보안 관리가 필요하다. UTOPIA는 ICT 기반의 스마트시티 시스템으로서 UTOPIA 포탈 시스템과, UTOPIA 프로세싱 시스템, UTOPIA 인프라 시스템의 삼 단계 구조를 가지고 있다. UTOPIA 프로세싱 시스템은 SmartUM이라고 명명된 스마트시티 미들웨어를 기반으로 한다. UTOPIA 스마트시티 보안관리 시스템은 SmartUM 미들웨어의 최상층 계층인 어플리케이션 보안 계층과 최하위계층인 인프라 보안 계층에 구현되어져 있다. UTOPIA 스마트시티 보안관리 시스템은 현존하는 모든 사용자 인증 기술을 지원한다는 원칙하에 제작되었다. 본 논문에서는 어플리케이션 보안 계층을 소개하고, 어플리케이션 보안 계층에서의 인증관리에 대하여 설명한다.

Keywords

OHHGBW_2019_v10n1_53_f0001.png 이미지

Fig. 1. The architecture of UTOPIA

OHHGBW_2019_v10n1_53_f0002.png 이미지

Fig. 2. The unified authentication management in UTOPIA

OHHGBW_2019_v10n1_53_f0003.png 이미지

Fig. 3. The unified authentication process in UTOPIA

OHHGBW_2019_v10n1_53_f0004.png 이미지

Fig. 4. The SSO based unified user authentication in UTOPIA

Table 1. User authentication technologies supported by UTOPIA

OHHGBW_2019_v10n1_53_t0001.png 이미지

References

  1. Ministry of Land, Infrastructure and Transport, Act on Smart City Creation and Industry Promotion, etc. This Decree enter into force on Sept. 22, 2017. Law No.14718.
  2. ISO/IEC JTC1. (2014). Smart Cities Report.
  3. H. S. Jung, C. S. Jeong, Y. W. LEE, & P. D. Hong. (2009). An Intelligent Ubiquitous Middleware for U-city: SmartUM, Journal of Information Science and Engineering, 25(2), 375-388. DOI: 10.1688/JISE.2009.25.2.3
  4. A. Armando, R. Carbone, L. Compagna, J. Cuellar, & L. Tobarra. (2008). Formal Analysis of SAML 2.0 Web Browser Single Sign-On: Breaking the SAML-based Single Sign-On for Google Apps, the 6th ACM workshop on Formal methods in security engineering. DOI : 10.1145/1456396.1456397
  5. European Union. (2018). The Marketplace of the European Innovation Partnership on Smart Cities and Communities. https://eu-smartcities.eu/.
  6. S. K.. Yoon & H. S. Jang. (2011). Design of Information Security in Ubiquitous City, Journal of Information and Security, 11(4), 37-42. ISSN: 1598-7329
  7. Y. S. Kim & S. C. Park. (2008). Analysis and Protection Method of Security Threat Factor in u-City Management Center, Proc. Korean Society For Internet Information, 9(1), 129-132. ISSN: 1738-9593
  8. C. J. Chae, S. K. Han & H. J. Cho. (2016). Security Vulnerability and Countermeasures in Smart Farm, Journal of digital convergence, 14(11), 313-318, DOI: 10.14400/JDC.2016.14.11.313
  9. J. N. Kim. (2016). Implementation of Domain Separation-based Security Platform for Smart Device, Journal of digital convergence, 14(12), 471-476. DOI: 10.14400/JDC.2016.14.12.471
  10. S. J. Kim & D. E. Cho. (2012). A Study on Secure Home Network in Environment Smart Grid, Journal of digital convergence, 10(1), 463-469. DOI: G704-002010.2012.10.1.001
  11. J. Hoh and C. Y. Jung. (2017). Convergence-based Smart Factory Security Threats and Response Trends. Journal of the Korea Convergence Society, 8(11), 29-35, DOI: 10.15207/JKCS.2017.8.11.029
  12. S. W. Lee, J. J. N. Kim. (2017). Service-oriented protocol security framework in ICT converged industrial environment. Journal of the Korea Convergence Society, 8(12), 15-22. DOI: 10.15207/JKCS.2017.8.12.015
  13. K. H. Lee. (2010). Analysis of Threats Factor in IT Convergence Security. Journal of the Korea Convergence Society, 1(1), 2233-4890. ISSN: 2233-4890
  14. S. H. Lee, D. H. Shim & D. W. Lee. (2016). Actual Cases of Internet of Thing on Smart City Industry. Journal of Convergence for Information Technology, 6(4). 65-70. DOI: 10.22156/CS4SMB.2016.6.4.065
  15. S. W. Rho & Y. W. Lee. (2010). U-city Portal For Smart Ubiquitous Middleware, 2010 The 12th International Conference Advanced Communication Technology (ICACT), 609-613. ISBN: 978-1-4244-5427-3
  16. S. W. Rho, C. H. Yun & Y. W. Lee. (2011). Provision of U-city web services using cloud computing, 13th International Conference on Advanced Communication Technology (ICACT), 1545-1549. ISBN: 978-89-5519-154-7
  17. P. Beynon-Davies. (2010). Personal identity management as a socio-technical network, Technology analysis & strategic management, 22(4), 463-478. DOI: 10.1080/09537321003714527
  18. G. Bick, M. C. Jacobson & R. Abratt. (2003). The Corporate Identity Management Process Revisited, Journal Of Marketing Management, 19(7-8), 835-856. DOI: 10.1080/0267257X.2003.9728239
  19. Trusted Computing Group website. (2011). http://www.trustedcomputinggroup.org.
  20. H. S. Kim & C. S. Park. (2010). Cloud Computing and Personal Authentication Service, Information & Communications Magazine, 20(2), 11-92. ISSN: 1598-3978
  21. A. Litan. (2009). Where String Authentication Fails and What You Can About It, Gartner Research.
  22. Y. Oh, T. Obi, J. S. Lee, H. Suzuki, & N. Ohyama. (2010). Empirical analysis of internet identity misuse: case study of south Korean real name system, the 6th ACM workshop on Digital identity management (DIM'10), 27-34. DOI: 10.1145/1866855.1866863
  23. S. K. Un, N. S. Jho, Y. H. Kim & D. S. Choi. (2009). Cloud Computing Security Technology, Electrical Communication Trend Analysis, 24(4), 79-88. p-ISSN: 1225-6455