• International Journal of Computer Science & Network Security
• /
• 제24권4호
• /
• pp.11-25
• /
• 2024

The proliferation of IoT devices has presented an unprecedented challenge in managing device identities securely and efficiently. In this paper, we introduce an innovative Hybrid Blockchain-Based Approach for IoT Identity Management that prioritizes both security and efficiency. Our hybrid solution, strategically combines the advantages of direct and indirect connections, yielding exceptional performance. This approach delivers reduced latency, optimized network utilization, and energy efficiency by leveraging local cluster interactions for routine tasks while resorting to indirect blockchain connections for critical processes. This paper presents a comprehensive solution to the complex challenges associated with IoT identity management. Our Hybrid Blockchain-Based Approach sets a new benchmark for secure and efficient identity management within IoT ecosystems, arising from the synergy between direct and indirect connections. This serves as a foundational framework for future endeavors, including optimization strategies, scalability enhancements, and the integration of advanced encryption methodologies. In conclusion, this paper underscores the importance of tailored strategies in shaping the future of IoT identity management through innovative blockchain integration.

• International Journal of Computer Science & Network Security
• /
• 제23권12호
• /
• pp.27-80
• /
• 2023

Nowadays usage of different applications of identity management IDM demands prime attention to clarify which is more efficient regarding preserve privacy as well as security to perform different operations concerning digital identity. Those operations represent the available interactions with identity during its lifecycle in the digital world e.g., create, update, delete, verify and so on. With the rapid growth in technology, this field has been evolving with a number of IDM models being proposed to ensure that identity lifecycle and face some significant issues. However, the control and ownership of data remines in the hand of identity service providers for central and federated approaches unlike in the self-sovereign identity management SSIM approach. SSIM is the recent IDM model were introduced to solve the issue regarding ownership of identity and storing the associated data of it. Thus, SSIM aims to grant the individual's ability to govern their identities without intervening administrative authorities or approval of any authority. Recently, we noticed that numerous IDM solutions enable individuals to own and control their identities in order to adapt with SSIM model. Therefore, we intend to make comparative study as much of these solutions that have proper technical documentation, reports, or whitepapers as well as provide an overview of IDM models. We will point out the existing research gaps and how this study will bridge it. Finally, the study will propose a technical enhancement, everKEY solution, to address some significant drawbacks in current SSIM solutions.

• 디지털산업정보학회논문지
• /
• 제9권4호
• /
• pp.201-212
• /
• 2013

The purpose of this study are to show a new possibility of identity design to be used as tools of users identity expression, designing digital contents by studying on the methods to express users identities successfully in the digital contents design, and to present the possibility to expand the area of identity design. Digital contents are a communication media in it self, but this study tried to consider the digital contents as a tool of users communication or expression. The identity expression, which are not only makes communications efficient but also lets products and companies acknowledged by users, is one of the most indispensable factors in products competitive power in both the present and the future. However, no define methods of identity expression are settled as well as recognized by users properly and accurately yet, so that this study focuses on that point. Therefore, This study is advanced in the direction of establishing the concept of digital identity for an expansion of the media toward the identity expression in design as well as making researchers in successful identity expression ways by means of actual design, more than a graphic image making that simply decorates a digital contents. The point of this study is to show a new concept of identity design that expresses users identities so as to suggest another possibility of identity design.

• 한국통신학회논문지
• /
• 제32권7B호
• /
• pp.438-447
• /
• 2007

인터넷 환경에서 유통되는 사용자 정보는 실소유자가 원하는 데로 제어되어야만 한다. 이를 위해서는 사용자가 요구하는 정보 유통 방식을 표현할 수 있는 프라이버시 정책이 필요하고, 사용자가 편리하게 정책을 설정할 수 있는 인터페이스가 요구된다. 또한 정보 유통이 발생할 때 사용자의 정책에 위배되는지 판단할 수 있는 시스템이 필요하다. 본 논문에서는 인터넷 Identity 관리 시스템 환경에서 운영되는 프라이버시 컨트롤러 시스템 모델을 제안하고 시스템의 인터페이스 및 정책 설정 과정을 제안한다. 정책 구현을 위한 언어로는 OASIS의 XACML을 수정하여 적용하였고, 사용자 정책 외에 도메인 정책, 기본 정보 제공 정책, 정책 충돌 해결 정책을 제안한다.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제7권10호
• /
• pp.2544-2560
• /
• 2013

As a cornerstone of the next generation air traffic management (ATM), automatic dependent surveillance-broadcast (ADS-B) system can provide continual broadcast of aircraft position, identity, velocity and other messages over unencrypted data links to generate a common situational awareness picture for ATM. However, since ADS-B messages are unauthenticated, it is easy to insert fake aircrafts into the system via spoofing or insertion of false messages. Unfortunately, the authentication for ADS-B messages has not yet been well studied. In this paper, we propose an efficient broadcast authentication scheme with batch verification for ADS-B messages which employs an identity-based signature (IBS). Security analysis indicates that our scheme can achieve integrity and authenticity of ADS-B messages, batch verification, and resilience to key leakage. Performance evaluation demonstrates that our scheme is computationally efficient for the typical avionics devices with limited resources, and it has low communication overhead well suitable for low-bandwidth ADS-B data link.

• 디지털융복합연구
• /
• 제19권8호
• /
• pp.205-217
• /
• 2021

탈중앙형 SSI(Self Sovereign Identity)가 새로운 디지털 신원 식별 기술의 대안으로 등장하였으나 이는 데이터 거래의 고유 알고리즘 특성으로 인해 효율적인 비식별화 기법이 제안되지 않았다. 본 논문에서는 SSI의 탈중앙형 동작을 보장하기 위해 ZKP(Zero Knowledge Proof)의 검증 결과를 검증인 측에서 외부에 제공 가능한 형태로 재구성함으로써 식별자를 제거하지 않는 비식별 기술을 제안한다. 또한, 이는 검증 참여 각 개체에 대한 차등 주권 관리 개념을 제안하는 것으로 재구성된 비식별 데이터를 정보주체의 동의 없이 제공할 수 있다. 결과적으로 제안 모델은 탈중앙형 SSI 환경에서 국내 개인정보보호법을 만족하고, 안전하며 효율적인 비식별 처리 및 주권 관리를 제공한다.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제13권6호
• /
• pp.3280-3298
• /
• 2019

Vehicular ad-hoc networks (VANETs) have become increasingly significant in intelligent transportation systems, they play a great role in improving traffic safety and efficiency. In the deployment of intelligent VANETs, intelligent vehicles can efficiently exchange important or urgent traffic information and make driving decisions. Meanwhile, secure data communication and vehicle's identity privacy have been highlighted. To cope with these security issues, in this paper, we construct an efficient anonymous authentication scheme with secure communication in intelligent VANETs. Combing the ElGamal encryption technique with a modified Schnorr signature technique, the proposed scheme provides secure anonymous authentication process for encrypted message in the vehicle-to-infrastructure communication model, and achieves identity privacy, forward security, and reply attack resistance simultaneously. Moreover, except the trusted authority (TA), any outside entity cannot trace the real identity of an intelligent vehicle. The proposed scheme is designed on an identity-based system, which can remove the costs of establishing public key infrastructure (PKI) and certificates management. Compared with existing authentication schemes, the proposed scheme is much more practical in intelligent VANETs.

• 디지털산업정보학회논문지
• /
• 제13권1호
• /
• pp.87-101
• /
• 2017

As people increasingly rely on mobile networks in modern society, mobile communication security is becoming more and more important. In the Long Term Evolution/System Architecture Evolution (LTE/SAE) architecture, the 3rd Generation Partnership (3GPP) team has also developed the improved Evolved Packet System Authentication and Key Agreement (EPS AKA) protocol based on the 3rd Generation Authentication and Key Agreement (3G AKA) protocol in order to provide mutual authentication and secure communication between the user and the network. Unfortunately, the EPS AKA also has several vulnerabilities such as sending the International Mobile Subscriber Identity (IMSI) in plain text (which leads to disclosure of user identity and further causes location and tracing of the user, Mobility Management Entity (MME) attack), man-in-middle attack, etc. Hence, in this paper, we analyze the EPS AKA protocol and point out its deficiencies and then propose an Efficient and Security Enhanced Authentication and Key agreement (ESE-EPS AKA) protocol based on hybrid of Dynamic Pseudonym Mechanism (DPM) and Public Key Infrastructure (PKI) retaining the original framework and the infrastructure of the LTE network. Then, our evaluation proves that the proposed new ESE-EPS AKA protocol is relatively more efficient, secure and satisfies some of the security requirements such as confidentiality, integrity and authentication.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제1권1호
• /
• pp.1-17
• /
• 2007

This paper proposes and analyzes a scalable and an efficient cluster based group key management protocol by introducing identity based infrastructure for secure communication in mobile wireless sensor networks. To ensure scalability and dynamic re-configurability, the system employs a cluster based approach by which group members are separated into clusters and the leaders of clusters securely communicate with each other to agree on a group key in response to changes in membership and member movements. Through analysis we have demonstrated that our protocol has a high probability of being resilient for secure communication among mobile nodes. Finally, it is established that the proposed scheme is efficient for secure positioning in wireless sensor networks.

• 정보보호학회논문지
• /
• 제25권1호
• /
• pp.165-172
• /
• 2015

최근 공공기관 및 대형 포털 사이트에 이르기까지 개인정보관리의 효율적인 관리의 부재로 대량의 고객 정보와 정보 유출 관련 사고들이 연이어 발생하고 있다. 이에 내부 자료의 외부유출을 근원적으로 차단할 수 있는 보안 인프라 구축이 그 어느 때 보다도 중요한 이슈로 등장하고 있다. 이에 사용자의 접근과 권한 관리, 인증, 감사 등을 수행하는 계정 및 권한관리시스템이, 업무의 효율성 향상은 물론, 시스템에 대한 접근과 계정 관리를 위한 안전하고 효과적인 방안으로 대두되고 있다. 본 논문에서는 지방자치 행정업무에서 전산 업무능률 향상과 보안성강화를 위해 어떻게 계정 및 권한관리시스템을 구축해야 하는지 분석하고, 그 방안을 제시하였다.