• Title/Summary/Keyword: AAA server

Search Result 38, Processing Time 0.027 seconds

A User Authentication Method between Domains Using Privilege Certificates (권한인증서를 이용한 도메인간의 사용자 인증방안)

  • Gi, Jun-Woong;Kim, Ji-Hong;Kim, Chang-Kyu
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.18 no.6A
    • /
    • pp.75-83
    • /
    • 2008
  • In this paper, we design a user authentication method between domains when mobile node moves in AAA server based MIPv6 environment. Several papers proposed the user authentication method executing at AAA server in home domain via AAA server in visiting domain. In this paper we proposed the user authentication method using privilege certificates between domains.

A Hierarchical Authentication for Proxy Mobile IPv6 Networks (프록시 모바일 네트워크를 위한 계층적 인증 기법)

  • Kim, KyungJoon;Baek, JaeJong;Song, JooSeok
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.24 no.1
    • /
    • pp.165-170
    • /
    • 2014
  • In this paper, a hierarchical authentication protocol is proposed to minimize authentication delay in proxy mobile IPv6 networks. The authentication function of the AAA server is distributed to the LMAs and the MAGs. If the LMAs or the MAGs have authentication information of the MNs, they authenticate the MN on behalf of the AAA servers. Therefore, the authentication delay is reduced. The AAA server is vulnerable to denial-of-service attack. If the AAA server is down, MNs cannot access the proxy mobile IPv6 network until they are authenticated. The proposed scheme reduces the load on the AAA server by distributing the authentication function to the LMAs and the MAGs.

A Study on PIN-based Authentication and ID Registration by Transfer in AAA System (AAA시스템에서의 이동에 따른 PIN 기반의 인증 및 ID 등록에 관한 연구)

  • Kang Seo-Il;Lee Im-Yeong
    • The KIPS Transactions:PartC
    • /
    • v.13C no.3 s.106
    • /
    • pp.359-368
    • /
    • 2006
  • AAA(Authentication, Authorization, Accounting) is the service that offers authentication, authorization, and accounting method, and every terminal that accesses the network requires this AAA service. The authentication process of a mobile terminal is as follows: a mobile phone accesses an authentication server in a home network via the authentication service in an external network, which receives the authentication result. And, for the home authentication server to offer secure service, a unique key is distributed for the secure communication between the external agent and the user, the external agent and the home authentication server, and the user and the home authentication server. This paper discusses and proposes the key distribution for secure communication among external authentication servers when a mobile terminal travels to an external network. As the proposed method does not require the home authentication server to reissue another authentication when a user travels to other external networks, it reduces the overload in the home authentication server. It can also distribute a PIN-driven key.

The design of AAA server for Wireless LAN with 802.1x

  • Ham, Young-Hwan;Chung, Byung-Ho
    • Proceedings of the IEEK Conference
    • /
    • 2002.07c
    • /
    • pp.1944-1947
    • /
    • 2002
  • The importance of security in WLAN(Wireless LAN) service is very critical, so IEEE organization has made the IEEE 802.1x standard. The IEEE 802.1x standard uses the EAP as authentication protocol which requires AAA(Authentication, authorization, and Accounting) server for authentication & accounting. for the reliable and scalable AAA service, the Diameter protocol has more advanced characteristics than existing radius protocol. So the Diameter protocol can be used for WLAN service provider who has large scale WLAN system and a large number of subscriber. This paper proposes the design of Diameter AAA server for the authentication and accounting of WLAN system which is adopting IEEE 802.1x standard.

  • PDF

An Efficient Hierarchical Authentication Scheme through Brokers in Mobile IPv6 Networks (브로커를 통한 모바일 IPv6 네트워크의 효율적인 계층적 인증기법)

  • Jung, Ha-Gwon;Jeong, Jong-Pil
    • Journal of Internet Computing and Services
    • /
    • v.12 no.4
    • /
    • pp.15-26
    • /
    • 2011
  • As quick and secure mobility service is becoming a critical issue in the ubiquitous environment. Internet Engineering Task Force (IETF) has done a lot of meaningful work in order to cope with the critical issues, which is a key technology of guaranteeing the legally and safely using of network resources, they has proposed Hierarchical Mobile IPv6 (HMIPv6) to complement for such problems as handover latency and signaling overhead in existing MIPv6. Most of the current research about HMIPv6 focuses on how to optimize the interactive processes between the HMIPv6 and AAA (Authentication, Authorization, Accounting) protocol. This paper describes a cost-effective hierarchical authentication scheme, which makes its focus on minimizing the authentication latency in AAA processing. In this scheme, a hierarchical AAA architecture is proposed, in which the AAA servers are deployed on the Mobility Anchor Point (MAP), the Root AAA server manages several Leaf AAA servers and the Brokers on behalf of the AAA server in home domain. The simulation results shows that the proposed scheme reduces the handoff and authentication latency evidently compared to the previous traditional authentication combination modeling.

Efficient mutual authentication and key distribution protocol for cdma2000 packet data service (cdma2000 패킷 데이터 서비스를 위한 효율적인 상호 인증과 키 분배 프로토콜)

  • 신상욱;류희수
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.13 no.2
    • /
    • pp.107-114
    • /
    • 2003
  • In this paper, we propose an efficient mutual authentication and key distribution protocol for cdma2000 packet data service which uses Mobile U access method with DIAMETER AAA(Authentication, Authorization and Accounting) infrastructure. The proposed scheme provides an efficient mutual authentication between MN(Mobile Node) and AAAH(home AAA server), and a secure session-key distribution among Mobile If entities. The proposed protocol improves the efficiency of DIAMETER AAA and satisfies the security requirements for authentication and key distribution protocol. Also, the key distributed by the proposed scheme can be used to generate keys for packet data security over 1xEV-DO wireless interface, in order to avoid a session hijacking attack for 1xEV-DO packet data service.

A Study on Cooperation between Kerberos system and Credit-Control Server

  • Choi, Bae-Young;Lim, Hyung-Jin;Chung, Tai-Myoung
    • Proceedings of the Korea Society of Information Technology Applications Conference
    • /
    • 2005.11a
    • /
    • pp.281-284
    • /
    • 2005
  • Kerberos is system that offer authorization in internet and authentication service. Can speak that put each server between client and user in distributed environment and is security system of symmetry height encryption base that offer authentication base mutually. Kerberos authentication is based entirely on the knowledge of passwords that are stored on the Kerberos Server. A user proves her identity to the Kerberos Server by demonstrating Knowledge of the key. The fact that the Kerberos Server has access to the user's decrypted password is a rwsult of the fact that Kerberos does not use public key cryptogrphy. It is a serious disadvantage of the Kerbercs System. The Server must be physically secure to prevent an attacker from stealing the Kerberos Server and learning all of the user passwords. Kerberos was designend so that the server can be stateless. The Kerberos Server simply answers requests from users and issues tickets. This study focused on designing a SIP procy for interworking with AAA server with respect to user authentication and Kerberos System. Kerberos is security system of encryption base that offer certification function mutually between client application element and server application element in distributed network environment. Kerberos provides service necessary to control whether is going to approve also so that certain client may access to certain server. This paper does Credit-Control Server's function in AAA system of Diameter base so that can include Accounting information that is connected to Rating inside certification information message in Rating process with Kerberos system.

  • PDF

Efficient mutual authentication and key distribution protocol for cdma2000 packet data service (cdma2000 패킷 데이터 서비스를 위한 효율적인 상호 인증과 키 분배 프로토콜)

  • 신상욱;류희수
    • Proceedings of the Korea Institutes of Information Security and Cryptology Conference
    • /
    • 2002.11a
    • /
    • pp.59-63
    • /
    • 2002
  • 본 논문에서는 DIA.METER AAA(Authentication, Authorization and Accounting) 하부 구조를 가지고 Mobile IP 액세스 기법을 사용하는 cdma2000 패킷 데이터 서비스에서 MN(mobile node)와 AAAH(home AAA server)간의 상호 인증과 Mobile IP 개체들간에 안전한 세션키 분배를 위한 방법을 제안한다. 제안된 프로토콜은 DIAMETER AAA 하부 구조론 가정하며 DIAMETER AAA의 비효율성을 개선하고, 인증과 키 분배 프로토콜의 시큐리티 요구 사항들을 모두 만족한다.

  • PDF

Design of a Secure and Fast Handoff Method for Mobile If with AAA Infrastructure (AAA 기반 Mobile IP 환경에서 안전하고 빠른 핸드오프 기법 설계)

  • 김현곤
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.14 no.1
    • /
    • pp.79-89
    • /
    • 2004
  • Mobile IP Low Latency Handoffs allow greater support for real-time services on a Mobile W network by minimizing the period of time when a mobile node is unable to send or receive IP packets due to the delay in the Mobile IP Registration process. However, on Mobile IP network with AAA servers that are capable of performing Authentication, Authorization, and Accounting(AAA) services, every Registration has to be traversed to the home network to achieve new session keys, that are distributed by home AAA server, for a new Mobile IP session. This communication delay is the time taken to re-authenticate the mobile node and to traverse between foreign and home network even if the mobile node has been previously authorized to old foreign agent. In order to reduce these extra time overheads, we present a method that performs Low Latency Handoffs without requiring funker involvement by home AAA server. The method re-uses the previously assigned session keys. To provide confidentiality and integrity of session keys in the phase of key exchange between agents, it uses a key sharing method by gateway foreign agent that Performs a ousted thirty party. The Proposed method allows the mobile node to perform Low Latency Handoffs with fast as well as secure operation

Mutual Authentication Scheme of Mobile Routers Using Temporary Certificate in MANEMO (MANEMO 환경에서 임시 인증서를 이용한 이동 라우터 간 상호인증 기법)

  • Roh, Hyo-Sun;Jung, Sou-Hwan
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.18 no.3
    • /
    • pp.97-107
    • /
    • 2008
  • This paper proposes a mutual authentication scheme for mobile router in MANEMO. The NEMO used AAA server in order to authenticate mobile router in nested mobile network. So, this scheme has some problem that increases authentication message overhead and authentication time. The proposed scheme uses temporary certificate that signed by an access router's private key. The temporary certificate authenticates a mobile router when the mobile router entered a MANET domain. The proposed scheme reduces authentication message overhead and authentication time than the scheme to use AAA server when authenticating the mobile router.