• International Journal of Computer Science & Network Security
• /
• 제23권8호
• /
• pp.63-76
• /
• 2023

Identity and access management in cloud computing is one of the leading significant issues that require various security countermeasures to preserve user privacy. An authentication mechanism is a leading solution to authenticate and verify the identities of cloud users while accessing cloud applications. Building a secured and flexible authentication mechanism in a cloud computing platform is challenging. Authentication techniques can be combined with other security techniques such as intrusion detection systems to maintain a verifiable layer of security. In this paper, we provide an interactive, flexible, and reliable multi-factor authentication mechanisms that are primarily based on a proposed Authentication Method Selector (AMS) technique. The basic idea of AMS is to rely on the user's previous authentication information and user behavior which can be embedded with additional authentication methods according to the organization's requirements. In AMS, the administrator has the ability to add the appropriate authentication method based on the requirements of the organization. Based on these requirements, the administrator will activate and initialize the authentication method that has been added to the authentication pool. An intrusion detection component has been added to apply the users' location and users' default web browser feature. The AMS and intrusion detection components provide a security enhancement to increase the accuracy and efficiency of cloud user identity verification.

• Journal of information and communication convergence engineering
• /
• 제8권4호
• /
• pp.427-432
• /
• 2010

The fast-emerging of cloud computing technology today has sufficiently benefited its wide range of users from individuals to large organizations. It carries an attractive characteristic by renting myriad virtual storages, computing resources and platform for users to manipulate their data or utilize the processing resources conveniently over Internet without the need to know the exact underlying infrastructure which is resided remotely at cloud servers. However due to the loss of direct control over the systems/applications, users are concerned about the risks of cloud services if it is truly secured. In the literature, there are cases where attackers masquerade as cloud users, illegally access to their accounts, by stealing the static login password or breaking the poor authentication gate. In this paper, we propose a two-factor authentication framework to enforce cloud services' authentication process, which are Public Key Infrastructure (PKI) authentication and mobile out-of-band (OOB) authentication. We discuss the framework's security analysis in later session and conclude that it is robust to phishing and replay attacks, prohibiting fraud users from accessing to the cloud services.

• 한국컴퓨터정보학회논문지
• /
• 제22권8호
• /
• pp.55-61
• /
• 2017

Cloud computing is cost-effective in terms of system configuration and maintenance and does not require special IT skills for management. Also, cloud computing provides an access control setting where SSO is adopted to secure user convenience and availability. As the SSO user authentication structure of cloud computing is exposed to quite a few external security threats in wire/wireless network integrated service environment, researchers explore technologies drawing on distributed SSO agents. Yet, although the cloud computing access control using the distributed SSO agents enhances security, it impacts on the availability of services. That is, if any single agent responsible for providing the authentication information fails to offer normal services, the cloud computing services become unavailable. To rectify the environment compromising the availability of cloud computing services, and to protect resources, the current paper proposes a security policy that controls the authority to access the resources for cloud computing services by applying the authentication policy of user authentication agents. The proposed system with its policy of the authority to access the resources ensures seamless and secure cloud computing services for users.

• 한국컴퓨터정보학회논문지
• /
• 제21권4호
• /
• pp.31-38
• /
• 2016

The interface between servers and clients and system management in the cloud computing environment is different from the existing computing environment. The technology for information protection. Management and user authentication has become an important issue. For providing a more convenient service to users, SSO technology is applied to this cloud computing service. In the SSO service environment, system access using a single key facilitates access to several servers at the same time. This SSO authentication service technology is vulnerable to security of several systems, once the key is exposed. In this paper, we propose a technology to solve problems, which might be caused by single key authentication in SSO-based cloud computing access. This is a distributed agent authentication technology using a multiple SSO agent to reinforce user authentication using a single key in the SSO service environment. For user authentication reinforcement, phased access is applied and trackable log information is used when there is a security problem in system to provide a safe cloud computing service.

• 한국산학기술학회논문지
• /
• 제18권1호
• /
• pp.32-39
• /
• 2017

최근 모바일 클라우드 서비스가 증가하고 있으며, 특히 하나의 클라우드 컴퓨팅 서비스의 제약을 넘어 멀티 클라우드 방식에 관한 연구가 활발하게 진행되고 있다. 멀티 클라우드 환경에서 상호 협약된 서비스 제공자들 간의 추가적인 클라우드 서비스를 이용하기 위해 사용자는 다중 인증이 필요하다. 기존 연구에서 SSO를 이용한 방식은 SSO 서버를 통해 모든 인증이 이루어지기 때문에 악의적인 공격에 의해 SSO 서버의 서비스 불가 시 모든 클라우드 서비스 사용이 불가능하다. 또한 브로커를 이용한 방식에서는 사용자가 가입하지 않은 서비스 제공자에게 인증정보를 노출하게 되는 취약점이 존재한다. 본 논문에서는 추가 클라우드 사용 시 노출이 없는 생체인식을 이용한 안전한 사용자 인증 프로토콜을 제안한다. 제안하는 프로토콜은 멀티 클라우드 환경에서 각각의 클라우드에 인증을 위한 정보를 저장하지 않으며 한 번의 생체인증으로 여러 클라우드를 사용할 수 있다. 키의 안정성 측면에서 키 합의 과정과 키 공간 크기를 통해 안정성을 확보하였으며 중간자 공격, 재생 공격 등의 다양한 공격 방식에 대한 무력화를 통한 안전한 모바일 클라우드 서비스를 제공한다.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제9권7호
• /
• pp.2719-2735
• /
• 2015

In the cloud environment, users pay more attentions to their data security since all of them are stored in the cloud server. Researchers have proposed many mutual authentication schemes for the access control of the cloud server by using the smart card to protect the sensitive data. However, few of them can resist from the smart card lost problem and provide both of the forward security and the backward security. In this paper, we propose a novel authentication scheme for cloud computing which can address these problems and also provide the anonymity for the user. The trick we use is using the password, the smart card and the public key technique to protect the processes of the user's authentication and key exchange. Under the Elliptic Curve Diffie-Hellman (ECDH) assumption, it is provably secure in the random oracle model. Compared with the existing smart card based authentication schemes in the cloud computing, the proposed scheme can provide better security degree.

• 디지털산업정보학회논문지
• /
• 제10권3호
• /
• pp.181-196
• /
• 2014

Cloud computer technology currently provides diverse services based on a comprehensive environment ranging from hardware to solution, network and service. While the target of services has been extended from institutions and corporations to personal infrastructure and issues were made about security problems involved with protection of private information, measures on additional security demands for such service characteristics are insufficient. This paper proposes a multi-session authentication technique based on the characteristics of SaaS (Software as a Service) among cloud services. With no reliable authentication authority, the proposed technique reinforced communication sessions by performing key agreement protocol safe against key exposure and multi-channel session authentication, providing high efficiency of performance through key renewal using optimzied key table. Each formed sessions have resistance against deprivation of individual confirmation and service authority. Suggested confirmation technique that uses these features is expected to provide safe computing service in clouding environment.

• 정보과학회 컴퓨팅의 실제 논문지
• /
• 제22권8호
• /
• pp.345-350
• /
• 2016

클라우드 컴퓨팅 서비스는 개별 사용자가 자원을 서로 공유하고 가상화 기술 등을 적용하여 기존의 컴퓨팅 환경과는 다른 특성을 가지고 있다. 이러한 특성으로 인해 클라우드 컴퓨팅 환경에 적합한 사용자 식별 접근제어 기술 및 보안 통제 사항 등이 요구된다. 최근 Yoo는 안전한 클라우드 컴퓨팅을 위한 속성기반 접근제어를 이용한 새로운 인증 기법을 제안하였다. 해당 기법은 속성이라는 개념을 이용하여 클라우드 자원에 대한 안전한 접근을 제공한다. 그러나 Yoo의 기법은 악의적인 서비스 제공자에 의해 인증서버의 비밀키 해시 값이 유출될 수 있는 취약점을 가지고 있으며 이를 이용한 서비스 제공자 공격을 통해 인증 요청 메시지 공격이 가능하다. 본 논문에서는 Yoo가 제안한 기법이 가진 취약점을 개선하여 클라우드 컴퓨팅을 위한 안전하고 효율적인 속성기반 인증 기법을 제안하고자 한다.

• 융합보안논문지
• /
• 제11권6호
• /
• pp.31-36
• /
• 2011

클라우드 컴퓨팅은 자원을 편리하고 효율적으로 사용하기 위해 만들어진 시스템이다. 본 논문에서는 PKI와 ID_PW 그리고 지리정보 조합을 이용한 2-factor 인증방법을 제안한다. 제안한 방법은 하이브리드 클라우드 환경에 적합하며 자원과 데이터를 보다 안전하게 관리할 수 있다.

• 한국정보통신학회:학술대회논문집
• /
• 한국정보통신학회 2015년도 춘계학술대회
• /
• pp.721-723
• /
• 2015

최근 클라우드 컴퓨팅 기술에 대한 중요성과 확장성이 급부상하면서 다양한 정보 시스템에 적용하고 있는 추세이다. 현재 모바일 클라우드 환경에서 많은 서비스가 이루어지고 있는데 의료정보 서비스도 빠른 적용이 요구되고 있다. 의료정보는 개인의 중요한 정보가 노출될 경우 심각한 문제가 발생할 수 있으므로 안전한 인증 절차 문제가 해결되어야만 한다. 따라서 본 논문에서는 모바일 클라우드 환경에서 의료정보시스템을 보다 효율적으로 관리 할 수 있는 인증 기법을 제안하려 한다.