• Proceedings of the Korea Information Processing Society Conference
• /
• 2015.04a
• /
• pp.618-621
• /
• 2015

본 논문은 스프링 프레임워크를 이용한 클라우드 환경에서의 부실예측 지원시스템을 제안한다. 제안된 시스템은 자동화된 통합인증 및 접근제어 시스템으로서 각기 독립된 모듈에서 처리된 데이터를 기초로 거래관리 모듈로 통합하여 부실예측을 평가하고 지원시스템의 데이터의 기법을 다른 모듈과 공유함으로써 자산의 부실채권을 이용한 회수를 관리하여 효율성을 높인다. 제안하는 시스템은 고객과 기업의 전략경영 등의 기능을 강화하여 업무투명성, 비용절감, 고객 접근성이 기존시스템보다 효율적으로 사용될 것으로 기대된다. 또한 프레임워크를 적용함에 따라 소프트웨어의 재사용성을 최대화할 수 있으며, 개발된 표준 API를 적용함으로써 개발비용 및 기간의 단축시킬 수 있으며, 각 컨테이너(공통모듈 플러그인) 형태로 프레임워크를 설계함으로써 기능의 추가가 쉽고, 재사용이 가능하며, 사용자가 요구하는 웹 환경을 구축함으로써 정부에서 제시하는 표준 프레임워크와 호환성을 제공한다.

• KIPS Transactions on Computer and Communication Systems
• /
• v.6 no.8
• /
• pp.329-342
• /
• 2017

Recently, interest and investment in the Internet of Things (IoT) have increased significantly, and security issues are constantly being raised. As a solution, the IETF ACE Working Group is establishing the ACE framework standard, which is a new security framework for various constrained IoT environments based on the existing OAuth 2.0. However, additional work is required to apply the ACE framework, which proposes a new lightweight security system, to the existing Internet environment, and this additional cost is a factor that hinders the application of OAuth 2.0 to the IOT environment. Therefore, we propose an IoT authentication framework based on OAuth 2.0's existing development motivation, and implement a proposal framework based on CoAPthon and analyze its performance.

• Journal of Internet Computing and Services
• /
• v.10 no.3
• /
• pp.51-60
• /
• 2009

This paper proposes a reliable 2-mode authentication framework for probabilistic key pre-distribution in Wireless Sensor Network (WSN) that guarantees the safe defense against different kinds of attacks: Hello flood attacks, Wormhole attacks, Sinkhole attack, location deployment attacks, and Man in the middle attack. The mechanism storing the trust neighbor IDs reduces the dependence on the cluster head and as the result; it saves the power energy for the authentication process as well as provides peer-to-peer communication.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.23 no.9
• /
• pp.1160-1172
• /
• 2019

Federated authentication is a user authentication and authorization infrastructure that spans multiple security domains. Many overseas Web applications have been adopting SAML-based federated authentication. However, in Korea, it is difficult to apply the authentication because of the high market share of a specific Web (application) server, which is hard to use open-source SAML software and the high adoption of Java-based standard framework which is not easy to integrate with SAML library. This paper proposes the SAML4J, which is developed in order to have Web applications easily and safely integrated with the Java-based framework. SAML4J has a developer-friendly advantage of using a session storage independent of the framework and processing Web SSO flows through simple API. We evaluate the functionality, performance, and security of the SAML4J to demonstrate the high feasibility of it.

• Journal of Digital Convergence
• /
• v.14 no.7
• /
• pp.373-383
• /
• 2016

With mobile-epoch and emerging of Fin-tech, Bio-recognition technology utilizing bio-information in secure method has spread. Specially, In order to change convenient payment services and transportation cards, the combination of biometrics and mobile services are being expanded. The basic concept of authentication such as access control, IA&A, OpenID, OAuth 1.0a, SSO, and Biometrics techniques are investigated, and the protocol stack for security API platform, FIDO, SCIM, OAuth 2.0, JSON Identity Suite, Keystone of OpenStack, Cloud-based SSO, and AIM Agent are described detailed in aspect of application of AIM. The authentication technology in domestic and foreign will accelerate technology development and research of standardization centered in the federated FIDO Universal Authentication Framework(UAF) and Universal 2 Factor Framework(U2F). To accommodate the changing needs of the social computing paradigm recently in this paper, the trends of various authentication technology, and design and function of AIM framework was defined.

• Review of KIISC
• /
• v.18 no.4
• /
• pp.61-65
• /
• 2008

최근 인터넷에 의한 전자 상거래, 전자 정부 등 정보통신 인프라가 널리 보급되고, 이를 통한 서비스가 보편화됨에 따라 패스워드나 PIN을 대신할 수 있는 바이오인식 기술에 대한 관심이 증대되고 있다. 하지만, 개방형 네트워크 환경에서 바이오 인식 기술은 바이오 정보의 유출/오용등 기존 시스템에서와 다른 문제들을 내포하고 있다. 특히, 바이오인식 정보는 비밀 번호나 PIN과 같이 사용자가 임의로 변경할 수 없으므로 외부로 유출된다면 심각한 문제가 발생할 수 있다. 본고에 서는 네트워크를 통해 전송되는 바이오인식 정보를 안전하게 보호하고, 전송 도중 유출된 템플릿을 이용한 재사용 공격을 막기 위한 한 방법으로써 One-time 템플릿에 기반한 바이오 인증 서비스 프레임워크 표준에 관해 소개 한다.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.10 no.1
• /
• pp.136-141
• /
• 2006

The IEEE 802.1x can be using various user authentication mechanisms: One-Time Password, Certificate-Based TLS, Challenge/Response and Keberos through EAP(Extended Authentication Protocol). But, IEEE 802.1x also has vulnerabilities about the DoS, the session hijacking and the Man in the Middle attack due to the absence of AP authentication. In this paper, we propose a WLAN secure system which can offer a safety secure communication and a user authentications by intensified the vulnerability of spoofing and DoS attacks. The suppose system offers a safe secure communication because it offers sending message of integrity service and also it prevents DoS attack at authentication initial phase.

• Journal of the Korea Society of Computer and Information
• /
• v.14 no.12
• /
• pp.1-8
• /
• 2009

Grid services offer SSO(single sign-on) mechanism using GSI(grid security infrastructure) based on X.509. However. portal applications in web environment use ID and password model for single sign-on. Grid portals means a system which provides grid services by integrating portlet contents on single web interface. In existing research such as GAMA and PURSE, SSO for a whole grid portal is figured out in the way that user is authenticated by ID and password in front and call grid service via GSI at back-end. Other types of web applications outside of portlet framework cannot unfortunately access grid service in SSO way in the existing researches, because the SSO mechanism is developed for portlet framework only. In this paper, we suggest a SSO mechanism based on ID and password model, which forwards authentication information and a GSI token for grid access among portlets and grid-enabled web applications. This mechanism is applied to MGrid for SSO, which consists of applications of java web start, applet, servlet, and etc. as also as portlets.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2023.11a
• /
• pp.100-102
• /
• 2023

최근 오픈 사이언스 문화가 확산됨에 따라 오픈 데이터, 오픈 소스 소프트웨어와 같은 공개된 리소스들을 효율적으로 공유 및 활용하기 위한 방법이 주목을 받고 있다. 본 논문에서는 연구 소프트웨어의 재현성을 향상시키기 위한 국가연구데이터커먼즈(KRDC)를 소개하고 다중 KRDC 클러스터 간 워크플로우 연계 방안을 제안한다. 국가연구데이터커먼즈는 연구 소프트웨어와 분석 환경인 인프라를 결합하여 함께 제공하는 서비스로, 멀티 노드 쿠버네티스(kubernetes) 클러스터를 기반으로 동작한다. 따라서, 서로 다른 KRDC 프레임워크에 존재하는 리소스들을 하나의 워크플로우로 연계하는 것은 복잡한 사용자 인증/인가 문제, 보안 상의 문제를 고려하여야 한다. 본 논문에서는 프록시(proxy) 앱을 사용하는 워크플로우 연계 기능을 제안하고, 이를 지원하기 위한 통합 인증, 인가 체계와 연계 방안을 구현한다. 제안하는 방법을 두 개의 KRDC 프레임워크를 대상으로 적용하여 제안 워크플로우 연계 방법의 유효함을 확인한다. 본 논문에서 제안하는 워크플로우 연계 방법과 시나리오는 실제 멀티 클러스터 연계 방안을 구현한 사례로, KRDC 프레임워크 뿐만 아니라 다양한 쿠버네티스 기반 리소스 연계에 활용할 수 있는 우수한 결과로 사료된다.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.15 no.4
• /
• pp.153-159
• /
• 2015

With information technology and health care, efficient health data management provides various health services. Health data from hospitals patients and healthy persons use stacked up enables to trace health condition and to manage health effectively and to reduce healthcare cost. In this paper, we design and implement a framework for relaying health data from various hospitals to cloud storage for manage health condition. For efficient authentication of the framework with cloud storage, OAuth2 protocal is adopted. The proposed health data relay framework can be used for developing various health services with the stacked data in the cloud storage.