Browse > Article
http://dx.doi.org/10.6109/jkiice.2015.19.9.2056

Multi-session authentication scheme for secure authentication and session management of cloud services environment  

Choi, Do-hyeon (Computer Science, Soongsil University)
Park, Jung-oh (Information & Communication Engineering, Dongyang Mirae University)
Publication Information
Journal of the Korea Institute of Information and Communication Engineering / v.19, no.9, 2015 , pp. 2056-2063 More about this Journal
Abstract
Recently, as the service scale of cloud service is expanded, an anxiety due to concerns on new vulnerabilities and security related incidents and accidents are also increasing. This paper proposes a certification scheme for multiple session management of security sessions which are generated after the user authentication. The proposed session multiplexing scheme enables the independent management of security sessions in the level of virtualization (hypervisor) within the service provider. As a result of performance analysis, providing a strong safety due to session multiplexing and mutual authentication, and the superiority of performance was proven by comparing it with the existing mutual authentication encryption algorithms.
Keywords
Cloud Service; Web Authentication; Web Service; Virtualization; Hypervisor; Mutual authentication;
Citations & Related Records
Times Cited By KSCI : 2  (Citation Analysis)
연도 인용수 순위
1 Bodo Moller, Thai Duong, Krzysztof Kotowicz. (2013, September). This POODLE Bites: Exploiting The SSL 3.0 Fallback[Online]. Available: https://www.openssl.org/~bodo/ssl-poodle.pdf
2 National Vulnerability Database (2015, January). Vulnerability Summary for CVE-2015-0204[Online]. Available: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0204.
3 National Vulnerability Database. (2014, April). Vulnerability Summary for CVE-2014-0160[Online]. Available: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0160.
4 KISA, “I-PIN 2.0 introducing Guide”, Korea Internet & Security Agency, 2010.
5 GCMA, “Security Server Deployment Guide (ver 5.1)”, Korea Goverment Cerification Management Authority, 2012.
6 FSI, “Electronic banking authentication technology Research Reports”, Financial Security Institute, 2011.
7 MOPAS, “Personal information protection statutes and guidelines notice Explanation”, Ministry of Government Administration and Home Affairs, 2011.
8 KISA, “Website vulnerability diagnosis and removal guide for information systems development and administrator”, Korea Internet & Security Agency, 2013.
9 KISIA, “Changes in the IT ecosystem, according to a spreading cloud services and Countermeasure”, Korea IT Service Industry Association, 2012.
10 Sin-Youngsang, “Hypervisor-based virtualization security technology trends in cloud environments”, Korea Internet & Security Agency, 2014.
11 Jung-Hyeonjun, “Trends and major issues of the virtualization technology”, Korea Information Society Development Institute, 2013.
12 Gina Stevens. (2015, June). Data Security Breach Notification Laws. University of Maryland Francis King Carey School of Laws[Online]. Available: http://www.ncsl.org/research/telecommunications-and-information-technology/security-breach-notification-laws.aspx
13 Korea Ministry of Goverment Legislation. (2012, August). Promotion of Information and Communications Network Utilization and Information Protection Act[Online]. Available: http://www.law.go.kr/lsInfoP.do?lsiSeq=123210&efYd=20120818#0000.
14 AD Meniya, HB Jethva, "Single-Sign-On (SSO) across open cloud computing federation", International Journal of Engineering Research and Applications, No. 2, pp. 891- 895, 2012.
15 Choi-Dohyeon, et al, “A Design of Security Structure in Bare Metal Hypervisor for Virtualized Internal Enviroment of Cloud Service”, The Journal of Korean Institute of Communications and Information Sciences, Vol. 38, No. 7, pp. 526-534, 2013.   DOI
16 Son-Seungwoo, “Legal Issues on Cloud Computing Service & SaaS”, Korea Association For Informedia Law, Vol. 14, No. 2, 2010.
17 Jung-SungJae, Bae-YuMi, "Trend analysis of Threats and Technologies for Cloud Security", Journal of Security Engineering Vol.10, No2, 2013.
18 AD Meniya, HB Jethva, “Single-Sign-On (SSO) across open cloud computing federation”, International Journal of Engineering Research and Applications 2, pp. 891-895, 2012.
19 Internet Crime Complaint Center (IC3), “2013 Internet Crime Report”, 2013.
20 KISA, “Cyber Security Issue 09 Trend”, Korea Internet & Security Agency, 2014.
21 KISA, “Web standards-based certification services Introduction and implementation of technical Guide”, Korea Internet & Security Agency, 2014.
22 KISA. (2015, March). OpenSSL a multi Vulnerabilities Security Update Advisory[Online]. Available: https://www.krcert.or.kr/kor/data/secNoticeView.jsp?p_bulletin_writing_sequence=22627