• International Journal of Computer Science & Network Security
• /
• v.23 no.8
• /
• pp.63-76
• /
• 2023

Identity and access management in cloud computing is one of the leading significant issues that require various security countermeasures to preserve user privacy. An authentication mechanism is a leading solution to authenticate and verify the identities of cloud users while accessing cloud applications. Building a secured and flexible authentication mechanism in a cloud computing platform is challenging. Authentication techniques can be combined with other security techniques such as intrusion detection systems to maintain a verifiable layer of security. In this paper, we provide an interactive, flexible, and reliable multi-factor authentication mechanisms that are primarily based on a proposed Authentication Method Selector (AMS) technique. The basic idea of AMS is to rely on the user's previous authentication information and user behavior which can be embedded with additional authentication methods according to the organization's requirements. In AMS, the administrator has the ability to add the appropriate authentication method based on the requirements of the organization. Based on these requirements, the administrator will activate and initialize the authentication method that has been added to the authentication pool. An intrusion detection component has been added to apply the users' location and users' default web browser feature. The AMS and intrusion detection components provide a security enhancement to increase the accuracy and efficiency of cloud user identity verification.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.23 no.9
• /
• pp.1160-1172
• /
• 2019

Federated authentication is a user authentication and authorization infrastructure that spans multiple security domains. Many overseas Web applications have been adopting SAML-based federated authentication. However, in Korea, it is difficult to apply the authentication because of the high market share of a specific Web (application) server, which is hard to use open-source SAML software and the high adoption of Java-based standard framework which is not easy to integrate with SAML library. This paper proposes the SAML4J, which is developed in order to have Web applications easily and safely integrated with the Java-based framework. SAML4J has a developer-friendly advantage of using a session storage independent of the framework and processing Web SSO flows through simple API. We evaluate the functionality, performance, and security of the SAML4J to demonstrate the high feasibility of it.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.3
• /
• pp.525-536
• /
• 2012

This paper proposes methods of securing Smart Grid system against various types of cyber threats by separating AMI networks from the public network, the Internet, and providing an AMI specific authentication framework. Due to the fact that thousands and millions of AMI devices to be deployed would be directly or indirectly connected to the public network without any authentication procedures for access control, currently being developed AMI architectures could be widely exposed to considerable number of penetrating attacks. Furthermore, there have not been a sufficient number of researches on authentication frameworks with basis on the specific circumstances of AMI networking that should support varied authentication protocols among security associations and AMI linking devices. This work makes a proposal of isolating smart meters from HAN devices and the Internet and integrating network/application level authentication frameworks with an EAP-based authentication architecture. These approaches are beneficial to deploy AMI with security and efficiency.

• Journal of Digital Convergence
• /
• v.13 no.5
• /
• pp.219-226
• /
• 2015

OTP(One Time Password) is for user authentication of Internet banking and users should carry their security card or OTP generator to use OTP. If they lost their security card or OTP generator, there is at risk for OTP leak. This paper suggests a new User Authentication Framework using personal health information from diverse technology of u-Health. It will cover the problem of OTP loss and illegal reproduction A User Authentication Framework is worthy of use because it uses various combinations of user's physical condition which is inconstant. This protocol is also safe from leaking information due to encryption of reliable institutes. Users don't need to bring their OTP generator or card when they use bank, shopping mall, and game site where existing OTP is used.

• Journal of information and communication convergence engineering
• /
• v.7 no.1
• /
• pp.13-18
• /
• 2009

The robotics industry, that is the major industry of the future and one of the new growth power, is actively studied around ETRI, that is the leading under state-run research institute of the advanced technique of U.S. and Japanese and knowledge economy part. And positive and negative and academic circles, the research institute, and the industrial circles communally pursue the intelligent service robot enterprise of a network-based called URC. This network-based intelligent robot does the RUPI2.0 platform and URC environment by the base. Therefore, a stability need to be enhanced in the through this near future when the research for the preexistence vulnerability analysis and security request is needed than the commercialized network-based intelligent robot in order to implement the network-based intelligent robot. Thus, in this paper, we propose the efficient authentication Framework which is suitable for the URC environment.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.2
• /
• pp.315-327
• /
• 2017

Security threats such as unauthorized access and data tampering can occur during the virtual machine migration process. In particular, since virtual machine migration requires users to transfer important data and infrastructure information, it is relatively risky to other cloud services in case of security threats. For this reason, there is a need for dynamic authentication for virtual machine migration. Therefore, this paper proposes an OTP-based dynamic authentication framework to improve the vulnerabilities of the existing authentication mechanism for virtual machine migration. It consists of a virtual machine migration request module and an operation module. The request module includes an OTP-based user authentication process and a migration request process to a data center when a user requests a migration. The operation module includes a secure key exchange process between the data centers using SPEKE and a TOTP-based mutual authentication process between the data center and the physical server.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.9 no.8
• /
• pp.1768-1773
• /
• 2005

The IEEE 802.1x standard provides an architectural framework which can be used various authentication methods. But, IEEE 802.1x also has vulnerabilities about the DoS, the session hijacking and the Man in the Middle attack due to the absence of AP authentication. In this paper, we propose a WLAN secure system which can offer a robust secure communication and a user authentications with the IEEE 802.1x framework. The user authentication on the WLAN secure system accomplishes mutual authentications between authentication severs, clients and the AP using PKI and prevents an illegal user from intervening in communication to disguise oneself as a client, the AP or authentication servers. Also, we guarantee the safety of the communication by doing secure communication between clients and the AP by the Dynamic WEP key distribution.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.16 no.11
• /
• pp.8057-8063
• /
• 2015

It is expected that internet of things can be used for various fields such as smart home, smart building and smart city as the representative case of ICT that sensor, communication and interface technologies operate organically and the researches of the technologies regarding internet of things are being carried out in each countries worldwide. However, many problems rise against internet of things continuously in respect of security. Among them, the problem of privacy is the one that should be solved definitely regarding internet of things. If user data does not remain during the process of user authentication, such the privacy problem can be solved. In this paper, we propose the framework of user authentication based on OAuth that is suitable for the environment of internet of things that can solve privacy problem and analyze its security.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.15 no.2
• /
• pp.43-52
• /
• 2019

The recent technological developments of smart devices, multiple services are provided to enhance the users' quality of life including smart city, smart energy, smart car, smart healthcare, smart home, and so on. Academia and industries try to provide the users with convenient services upon seamless technological research and developments. Also, whenever and wherever a variety of services can be used without any limitation on the place and time upon connecting with different types of devices. However, security weaknesses due to integrations of multiple technological elements have been detected resulting in the leakage of user information, account hacking, and privacy leakage, threats to people's lives by device operation have been raised. In this paper, safer communication framework is suggested by device control and user authentication in the mobile network environment. After implementations of registration and authentication processes by users and devices, safe communication protocol is designed based on this. Also, renewal process is designed according to the safe control of the device. In the performance evaluation, safety was analyzed on the attack of protocol change weakness occurred in the existing system, service halt, data leakage, illegal operation control of message, and so on, which confirmed the enhanced speed approximately by 8% and 23% in the communication and verification parts, respectively, compared to the existing system.

• Journal of Internet Computing and Services
• /
• v.6 no.5
• /
• pp.27-43
• /
• 2005

EAP provides authentication for each entity based on IEEE Std 802.1x Wireless lAN and RADIUS/DIAMETER protocol, and it uses certificate, dual scheme(e.g., password and token) with the authentication method. The password-based authentication scheme for authenticated key exchange is the most widely-used user authentication method due to various advantages, such as human-memorable simplicity, convenience, mobility, A specific hardware device is also unnecessary, This paper discusses user authentication via public networks and proposes the Split Password-based Authenticated Key Exchange (SPAKE), which is ideal for both authenticating users and exchanging session keys when using a subsequent secure communication over untrusted network, And then we provides EAP authentication framework EAP-SPAKE by using it.