• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.4 no.2
• /
• pp.154-173
• /
• 2010

Database outsourcing is unavoidable in the near future. In the scenario of data stream outsourcing, the data owner continuously publishes the latest data and associated authentication information through a service provider. Clients may register queries to the service provider and verify the result's correctness, utilizing the additional authentication information. Research on On-line Stream Analytics (OLSA) is motivated by extending the data cube technology for higher multi-level abstraction on the low-level-abstracted data streams. Existing work on OLSA fails to consider the issue of database outsourcing, while previous work on stream authentication does not support OLSA. To close this gap and solve the problem of OLSA query authentication while outsourcing data streams, we propose MDAHRB and MDAHB, two multi-dimensional authentication approaches. They are based on the general data model for OLSA, the stream cube. First, we improve the data structure of the H-tree, which is used to store the stream cube. Then, we design and implement two authentication schemes based on the improved H-trees, the HRB- and HB-trees, in accordance with the main stream query authentication framework for database outsourcing. Along with a cost models analysis, consistent with state-of-the-art cost metrics, an experimental evaluation is performed on a real data set. It exhibits that both MDAHRB and MDAHB are feasible for authenticating OLSA queries, while MDAHRB is more scalable.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.6 no.1
• /
• pp.131-146
• /
• 2012

As one of the four basic technologies of IOT (Internet of Things), M2M technology whose advance could influence on the technology of Internet of Things has a rapid development. Mobile Payment is one of the most widespread applications in M2M. Due to applying wireless network in Mobile Payment, the security issues based on wireless network have to be solved. The technologies applied in solutions generally include two sorts, encryption mechanism and authentication mechanism, the focus in this paper is the authentication mechanism of Mobile Payment. In this paper, we consider that there are four vital things in the authentication mechanism of Mobile Payment: two-way authentication, re-authentication, roaming authentication and inside authentication. Two-way authentication is to make the mobile device and the center system trust each other, and two-way authentication is the foundation of the other three. Re-authentication is to re-establish the active communication after the mobile subscriber changes his point of attachment to the network. Inside authentication is to prevent the attacker from obtaining the privacy via attacking the mobile device if the attacker captures the mobile device. Roaming authentication is to prove the mobile subscriber's legitimate identity to the foreign agency when he roams into a foreign place, and roaming authentication can be regarded as the integration of the above three. After making a simulation of our proposed authentication mechanism and analyzing the existed schemes, we summarize that the authentication mechanism based on the mentioned above in this paper and the encryption mechanism establish the integrate security framework of Mobile Payment together. This makes the parties of Mobile Payment apply the services which Mobile Payment provides credibly.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2007.10a
• /
• pp.729-732
• /
• 2007

In this paper, we described about the home device authentication framework, certificate issuing process and home device authentication method. since the home device authentication scheme of the public key infrastructure would be more needed as the number of home device can participate in the home network increased, we described about the home device authentication system of the public key infrastructure. Moreover, we described about the construction method of CA adminstration interface for convenient CA administration.

• Journal of Digital Convergence
• /
• v.11 no.11
• /
• pp.435-441
• /
• 2013

This paper review about kerberos security authentication scheme and policy for big data service. It analyzed problem for security technology based on Hadoop framework in big data service environment. Also when it consider applying problem of kerberos security authentication system, it analyzed deployment policy in center of main contents, which is occurred in commercial business. About the related applied Kerberos policy in US, it is researched about application such as cross platform interoperability support, automated Kerberos set up, integration issue, OPT authentication, SSO, ID, and so on.

• The Journal of Society for e-Business Studies
• /
• v.24 no.2
• /
• pp.217-228
• /
• 2019

In the 4th Industrial Revolution, the Internet of Things emerged and various services and convenience improved. As the frequency of use increases, security threats such as leakage of personal information coexist and the importance of security are increasing. In this paper, we analyze the security threats of the Internet of things and propose a model for enhancing security through user authentication using Fast IDentity Online (FIDO). As a result, we propose to implement strong user authentication by introducing second authentication through FIDO.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.9 no.6
• /
• pp.1323-1332
• /
• 2005

EAP (Extensible authentication protocol) is a sort of general framework for authentication rather than a specific authentication protocol. An important consequence of this is that EAP can accommodate a variety of authentication/key-establishment protocols for different internet access networks possibly integrated to a common IP core network This paper tries a comparative analysis of several specific authentication/key establishment protocols for EAP, and suggest a strategic viewpoint toward the question: which one to un. In addition, we tried to make things clear about an intellectual property right issue with regard to some password-based protocols.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.5
• /
• pp.1033-1047
• /
• 2017

Traditional explicit authentication, which requires awareness of the user's authentication process, is a burden on the user, which is one of main reasons why users tend not to employ authentication. In this paper, we try to reduce such cost by employing implicit authentication methods, such as biometrics and location based authentication methods. We define the 4-level security assurance model, where each level is mapped to an explicit authentication method. We implement our model as an Android application, where the implicit authentication methods are touch-stroke dynamics-based, face recognition based, and the location based authentication. From user experiment, we could show that the authentication cost is reduced by 14.9% compared to password authentication-only case and by 21.7% compared to the case where 6-digit PIN authentication is solely used.

• Journal of information and communication convergence engineering
• /
• v.8 no.2
• /
• pp.129-135
• /
• 2010

Wireless sensor networks (WSNs) are an emerging technology and offers economically viable monitoring solution to many challenging applications. However, deploying new technology in hostile environment, without considering security in mind has often proved to be unreasonably unsecured. Apparently, security techniques face many critical challenges in WSNs like data security and secrecy due to its hostile deployment nature. In order to resolve security in WSNs, we propose a novel and efficient secure framework called TriSec: a secure data framework for wireless sensor networks to attain high level of security. TriSec provides data confidentiality, authentication and data integrity to sensor networks. TriSec supports node-to-node encryption using PingPong-128 stream cipher based-privacy. A new PingPong-MAC (PP-MAC) is incorporated with PingPong stream cipher to make TriSec framework more secure. PingPong-128 is fast keystream generation and it is very suitable for sensor network environment. We have implemented the proposed scheme on wireless sensor platform and our result shows their feasibility.

• The Journal of the Korea Contents Association
• /
• v.5 no.4
• /
• pp.160-168
• /
• 2005

Today, home networking security shows the complicated and various characteristics of requirements for consideration because of the variety of information appliances and share of resources among them. Therefore, security framework to satisfy with security functions is arranged ,regardless of the variety of communication medium and protocols. Thus, we construct security framework for mobile host(or user) to securely control devices in home-network through the variety of suggested mechanism, with security mechanism to be available for future home networking model, and verified the performance of our model.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.2
• /
• pp.373-381
• /
• 2017

Currently, various types of user authentication methods based on public certificates are used in domestic financial transactions. Such an authorized certificate method has a problem that a different security module must be installed every time a user connects an individual financial company to a web server. Also, the financial company relying on this authentication method has a problem that a new security module should be additionally installed for each financial institution whenever a next generation authentication method such as biometric authentication is newly introduced. In order to solve these problems, we propose an integrated authentication system that handles user authentication on behalf of each financial institution in financial transactions, and proposes an integrated authentication protocol that handles secure user authentication between user and financial company web server. The new authentication protocol is a modified version of OAuth2.0 that increases security and efficiency. It is characterized by performing a challenge-response protocol with a pre-shared secret key between the authentication server and the financial company web server. This gives users a convenient and secure Single Sign-On (SSO) effect.