• Title/Summary/Keyword: Authentication server algorithm

Search Result 70, Processing Time 0.029 seconds

Design of an Advanced Kerbros P2P Authentication System to Share Digital Content (디지털 콘텐츠 공유를 위한 개선된 Kerberos P2P 인증시스템 설계)

  • Kim Jong-Woo;Han Seung-Jo
    • Journal of the Korea Institute of Information and Communication Engineering
    • /
    • v.8 no.7
    • /
    • pp.1516-1523
    • /
    • 2004
  • In the paper, an algorithm fitted to P2P system was proposed by improving Kerberos which is an algorithm for mutual authentication. To keep the role of Kerberos and minimize load to server, the proposed algorithm imposed the server role of ticket recognition to the opposite peer. Using this method, the number of sewers as ticket recognition server was averted and function of server for authentication was minimized so that server load was mininized. The proposed algorithm enables the server to play the minimum of the role and to perform strong mutual authentication, while imposeing on the peers the role of authentication. To make suitable to P2P system, trial number oriented authentication limit was given, not time-oriented authentication expiration time. In the paper, a new P2P system was designed using this algorithm.

The Development of a One-time Password Mechanism Improving on S/KEY (S/KEY를 개선한 일회용 패스워드 메커니즘 개발)

  • 박중길
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.9 no.2
    • /
    • pp.25-36
    • /
    • 1999
  • In this paper we propose a one-time password mechanism that solves the problems of the S/KEY: the limitation of a usage and the need of storage for keys. because of using a cryptographic algorithm the proposed mechanism has no the limitation of a usage. Also because of producing the key for an authentication from a user's password it is easy to manage the authentication key and is possible to share the session key between a client and a server after the authentication process. In addition the proposed mechanism is easy to protect and manage the authentication information because of using a smart card and is adopted by the system that needs a noe-way authentication from a client to a server without the challenge of a server.

A Study on Authentication using Image Synthesis (이미지 합성을 이용한 인증에 대한 연구)

  • Kim, Suhee;Park, Bongjoo
    • Convergence Security Journal
    • /
    • v.4 no.3
    • /
    • pp.19-25
    • /
    • 2004
  • This research develops an algorithm using image synthesis for a server to authenticate users and implements it. The server creates cards with random dots for users and distribute them to users. The server also manages information of the cards distributed to users. When there is an authentication request from a user, the server creates a server card based on information of the user' s card in real time and send it to the user. Different server card is generated for each authentication. Thus, the server card plays a role of one-time password challenge. The user overlaps his/her card with the server card and read an image(eg. a number with four digits) made up from them and inputs the image to the system. This is the authentication process. Keeping security level high, this paper proposes a technique to generate the image clearly and implements it.

  • PDF

Study on a Secure Authentication and Authorization Protocol based on Kerberos (커버로스 기반의 안전한 인증 및 허가 프로토콜 에 관한 연구)

  • 김은환;김명희;전문석
    • The Journal of Korean Institute of Communications and Information Sciences
    • /
    • v.29 no.5C
    • /
    • pp.737-749
    • /
    • 2004
  • Kerberos authenticates clients using symmetric-key cryptography, and supposed to Oust other systems of the realm in distributed network environment. But, authentication and authorization are essential elements for the security. In this paper, we design an efficient and secure authentication/authorization mechanism by introducing the public/private-key and installing the proxy privilege server to Kerberos. In the proposed mechanism, to make a system more secure, the value of the session key is changed everytime using MAC(message authentication code) algorithm with the long-term key for user-authentication and a random number exchanged through the public key. Also, we reduce the number of keys by simplifying authentication steps. Proxy privilege server certifies privilege request of client and issues a privilege attribute certificate. Application server executes privilege request of client which is included a privilege attribute certificate. Also, a privilege attribute certificate is used in delegation. We design an efficient and secure authentication/authorization algorithm with Kerberos.

Implementation of mutual Authentication Module using ECDSA for web-Camera system (ECDSA 인증모듈을 사용한 웹 카메라 서버용 영상처리 시스템 구현)

  • 차재원;박덕용;김영철
    • Proceedings of the IEEK Conference
    • /
    • 2003.07d
    • /
    • pp.1503-1506
    • /
    • 2003
  • In this paper, we propose a mutual Authentication module, using ECDSA(Elliptic Curve Digital Signature Algorithm) for web-Camera system. which. is based on three module. first is authentication module which is based on ECDSA algorithm. second is transfort module using stream socket. the last module is graphic module. This paper describes cipher algorithm which can be used restrict condition for the same secret service with wire internet. we made a authentication module using based client and server system.

  • PDF

A Performance Evaluation of EAP-TLS Authentication Model in the AAAv6 (AAAv6에서의 EAP-TLS 인증모델 성능평가)

  • Jeong, Yun-Su;Kim, Hyung-Do;Lee, Hae-Dong;Kim, Hyun-Gon;Lee, Sang-Ho
    • The KIPS Transactions:PartC
    • /
    • v.11C no.3
    • /
    • pp.309-318
    • /
    • 2004
  • AAAv6-based Diameter method is using in the user authentication to satisfy the users' increasing user authentication demand and to supply a safe communication between mobile node and server in the Mobile IP. therefore, In this paper, We design a model of server capacity based on EAP-TLS that in one of AAAv6 models with mobility among domains to get the optimized capacity index of the server for user authentication accomplishment. We elicitat the authentication capacity index for each server of which is accomplishing in user authentication using DSA/RSA algorithm and purpose the optimized condition for the AAAv6 capacity by the index.

A Study on Implementation and Design of Secure VOD System (Secure-VOD 시스템의 설계 및 구현에 관한 연구)

  • 한성민;유황빈
    • The Journal of Korean Institute of Communications and Information Sciences
    • /
    • v.25 no.4B
    • /
    • pp.700-707
    • /
    • 2000
  • In this paper, we address vulnerabilities of legacy VOD system and implement secure-VOD system to protect security holes of it. Our secure-VOD system provide user authentication using one-time password, message authentication and encryption/decryption for video server information. To improve security of existing fixed password system, our secure-VOD system use one-time password. Also, our secure-VOD system provides integrity for video server information by generating and verifying message authentication code using HMAC-HAS 160 algorithm. Finally, our secure-VOD system uses RC5 encryption algorithm to guarantee confidentiality for video server information.

  • PDF

Design of a effective Authorization Mechanism based on Kerberos (커버로스 기반의 효율적인 허가 메커니즘 설계)

  • Kim, Eun-Hwan;Jun, Moon-Seog
    • The KIPS Transactions:PartC
    • /
    • v.10C no.3
    • /
    • pp.287-294
    • /
    • 2003
  • Authentication and authorization are essential functions for the security of distributed network environment. Authorization is determining and to decide whether a user or process is permitted to perform a particular operation. In this paper, we design an authorization mechanism to make a system more effective with Kerberos for authentication mechanism. In the authorization mechanism, Kerberos server operates proxy privilege server. Proxy privilege server manages and permits right of users, servers and services with using proposed algorithm. Also, privilege attribute certificate issued by proxy privilege server is used in delegation. We designed secure kerberos with proposed functions for effective authorization at the same time authentication of Kerberos mechanism.

The Secure Hybrid Authentication message protocol (안전한 하이브리드 인증 메시지 프로토콜)

  • Yang, Hyung-Kyu;Choi, Jong-Ho
    • Journal of the Korea Society of Computer and Information
    • /
    • v.12 no.4
    • /
    • pp.77-85
    • /
    • 2007
  • Asecure channel provides protection against interception, while an authentication system is created to protect the client and the server from fabrication attacks. This paper proposes a hybrid authentication algorithm, which fixes the lapses problem encountered in the SSL authentication. Also, the Proposed hybrid authentication system has been created to protect the client and the server from modification and fabrication attacks. By using a modified three-way authentication there is no need for a timeserver. thus timestamps are not needed.

  • PDF

ECbA(Elliptic Curve based Authentication) System on the wireless network environment (무선 네트워크 환경에서의 ECbA(Elliptic Curve based Authentication)시스템 설계)

  • Jeong, Eun-Hee;Yang, Seung-Hae;Kim, Hak-Chun;Lee, Byung-Kwan
    • The Journal of Korea Institute of Information, Electronics, and Communication Technology
    • /
    • v.1 no.1
    • /
    • pp.67-74
    • /
    • 2008
  • As wireless network market is increasing rapidly, the biggest issue is to transfer safe data and to authenticate users. This paper proposes ECbA(Elliptic Curve based Authentication) which consists of the mutual authentication mechanism that users can ascertain the identity of an authentication server and the user authentication mechanism that an authentication server can make sure users' identity, by using Elliptic Curve algorithms. The proposed ECbA system diminishes the message quantity and the execution time by using the small elliptic curve algorithm with the small key length in authentication. In addition, as this paper reduces the authentication steps of existing EAP_TLS into 6 authentication steps, the communication cost and mutual authentication time can be saved. As this paper distributes new keys, whenever authenticating users by using key exchange mechanism, it provides safe encryption communication and prevents DoS attack by controlling the users authentication request by authentication server.

  • PDF