• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.2
• /
• pp.377-391
• /
• 2019

Recently, system studies using tokens and block chains for authentication, access control, etc in IoT environment have been going on at home and abroad. However, existing token-based systems are not suitable for IoT environments in terms of security, reliability, and scalability because they have centralized characteristics. In addition, the system using the block chain has to overload the IoT device because it has to repeatedly perform the calculation of the hash et to hold the block chain and store all the blocks. In this paper, we intend to manage the access rights through tokens for proper access control in the IoT. In addition, we apply the Tangle to configure the P2P distributed ledger network environment to solve the problem of the centralized structure and to manage the token. The authentication process and the access right grant process are performed to issue a token and share a transaction for issuing the token so that all the nodes can verify the validity of the token. And we intent to reduce the access control process by reducing the repeated authentication process and the access authorization process by reusing the already issued token.

• The Journal of Korea Institute of Information, Electronics, and Communication Technology
• /
• v.10 no.4
• /
• pp.340-349
• /
• 2017

This paper is proposed Hadoop security protocol to protect a reply attack and impersonation attack. The proposed hadoop security protocol is consists of user authentication module, public key based data node authentication module, name node authentication module, and data node authentication module. The user authentication module is issued the temporary access ID from TGS after verifing user's identification on Authentication Server. The public key based data node authentication module generates secret key between name node and data node, and generates OTKL(One-Time Key List) using Hash-chain. The name node authentication module verifies user's identification using user's temporary access ID, and issues DT(Delegation Token) and BAT(Block Access Token) to user. The data node authentication module sends the encrypted data block to user after verifing user's identification using OwerID of BAT. Therefore the proposed hadoop security protocol dose not only prepare the exposure of data node's secret key by using OTKL, timestamp, owerID but also detect the reply attack and impersonation attack. Also, it enhances the data access of data node, and enforces data security by sending the encrypted data.

• Journal of Internet of Things and Convergence
• /
• v.4 no.2
• /
• pp.13-20
• /
• 2018

In this paper, we propose an authentication system that combines 'Single-Sign-On' and 'Token-based authentication' based on 'Block Chain' technology. We provide 'access control' function and 'integrity' by combining block-chain technology with single-sign-on authentication method and provided stateless self-contained authentication function using Token based authentication method. It was able to enhance the security by performing the encryption based Token issuance and authentication process and provided convenience of authentication to Web Server. As a result, we can provide token-based SSO authentication service efficiently by providing a convenient way to improve the cumbersome authentication process.

• Smart Media Journal
• /
• v.10 no.1
• /
• pp.88-98
• /
• 2021

As blockchain technology has emerged as a security issue for IoT, technology which integrates block chain into IoT is being studied. In this paper is a research concerning token-based IoT service access control technology for data sharing, which propose a possessor focused data sharing technic by using the permissioned blockchain. To share IoT health data, a Hyperledger Fabric Network consisting of three organizations was designed to provide a way to share data by applying different access control policies centered on device owners for different services. In the proposed system, the device owner issues access control tokens with different security levels applied to the participants in the organization, and the token issue information is shared through the distributed ledger of the HFN. In IoT, it is possible to lightweight the access control processing of IoT devices by granting tokens to service requesters who request access to data. Furthmore, by sharing token issuance information among network participants using HFN, the integrity of the token is guaranteed and all network participants can trust the token. The device owners can trust that their data is being used within their authorized rights, and control the collection and use of data.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2002.05a
• /
• pp.498-501
• /
• 2002

In the process of Log-In to the system, clear User authentication is the beginning of the information protection service. In the open communication system of today, it is true that a password as security instrument and the inner mechanism of the system and cryptography algorithm for the support of this are also poor. For this reason, this dissertation had a final aim to design the user authentication system, which offer the accuracy and safety. It used RSA and CBC mode of DES as cryptography algorithm and used the Challenge-Response scheme at a authentication protocol and designed the User authentication system to which user access using one time password, output of token to guarantee the safety of the authentication protocol. Alto by using the Public key cryptography algorithm, it could embody the more safe User authentication system.

• Smart Media Journal
• /
• v.12 no.7
• /
• pp.27-42
• /
• 2023

The development of cloud services and IoT technology has radically changed the cloud environment, and has evolved into a new concept called fog computing and F2C (fog-to-cloud). However, as heterogeneous cloud/fog layers are integrated, problems of access control and security management for end users and edge devices may occur. In this paper, an F2C-based IoT smart health monitoring system architecture was designed to operate a medical information service that can quickly respond to medical emergencies. In addition, a role-based service access control technology was proposed to enhance the security of user's personal health information and sensor information during service interoperability. Through simulation, it was shown that role-based access control is achieved by sharing role registration and user role token issuance information through blockchain. End users can receive services from the device with the fastest response time, and by performing service access control according to roles, direct access to data can be minimized and security for personal information can be enhanced.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.5
• /
• pp.831-847
• /
• 2013

The various types of data are being created in large quantities resulting from the spread of social media and the mobile popularization. Many companies want to obtain valuable business information through the analysis of these large data. As a result, it is a trend to integrate the big data technologies into the company work. Especially, Hadoop is regarded as the most representative big data technology due to its terabytes of storage capacity, inexpensive construction cost, and fast data processing speed. However, the authentication token system of Hadoop Distributed File System(HDFS) for the user authentication is currently vulnerable to the replay attack and the datanode hacking attack. This can cause that the company secrets or the personal information of customers on HDFS are exposed. In this paper, we analyze the possible security threats to HDFS when tokens or datanodes are exposed to the attackers. Finally, we propose the secure authentication protocol in HDFS based on hash chain.

• Journal of Korea Multimedia Society
• /
• v.21 no.8
• /
• pp.897-908
• /
• 2018

In this paper, we propose a security framework for a cluster drones network using the MAVLink (Micro Air Vehicle Link) application protocol based on FANET (Flying Ad-hoc Network), which is composed of ad-hoc networks with multiple drones for IoT services such as remote sensing or disaster monitoring. Here, the drones belonging to the cluster construct a FANET network acting as WTRP (Wireless Token Ring Protocol) MAC protocol. Under this network environment, we propose an efficient algorithm applying the Lightweight Encryption Algorithm (LEA) to the CTR (Counter) operation mode of WPA2 (WiFi Protected Access 2) to encrypt the transmitted data through the MAVLink application. And we study how to apply LEA based on CBC (Cipher Block Chaining) operation mode used in WPA2 for message security tag generation. In addition, a modified Diffie-Hellman key exchange method is approached to generate a new key used for encryption and security tag generation. The proposed method and similar methods are compared and analyzed in terms of efficiency.