• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.8 no.7
• /
• pp.1516-1523
• /
• 2004

In the paper, an algorithm fitted to P2P system was proposed by improving Kerberos which is an algorithm for mutual authentication. To keep the role of Kerberos and minimize load to server, the proposed algorithm imposed the server role of ticket recognition to the opposite peer. Using this method, the number of sewers as ticket recognition server was averted and function of server for authentication was minimized so that server load was mininized. The proposed algorithm enables the server to play the minimum of the role and to perform strong mutual authentication, while imposeing on the peers the role of authentication. To make suitable to P2P system, trial number oriented authentication limit was given, not time-oriented authentication expiration time. In the paper, a new P2P system was designed using this algorithm.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.5
• /
• pp.803-813
• /
• 2013

As the developments of smart devices and social network services, the amount of data has been exploding. The world is facing Big data era. For these reasons, the Big data processing technology which is a new technology that can handle such data has attracted much attention. One of the most representative technologies is Hadoop. Hadoop Distributed File System(HDFS) designed to run on commercial Linux server is an open source framework and can store many terabytes of data. The initial version of Hadoop did not consider security because it only focused on efficient Big data processing. As the number of users rapidly increases, a lot of sensitive data including personal information were stored on HDFS. So Hadoop announced a new version that introduces Kerberos and token system in 2009. However, this system is vulnerable to the replay attack, impersonation attack and other attacks. In this paper, we analyze these vulnerabilities of HDFS security and propose a new protocol which complements these vulnerabilities and maintains the performance of Hadoop.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.5
• /
• pp.769-780
• /
• 2014

In general, internet users need to remember several IDs and passwords when they use diverse web sites. From an effective management perspective, SSO system was suggested to reduce user inconvenience. Kerberos authentication, which uses centralized system management, is a typical example of a broker-based SSO authentication model. However, further research is required, because the existing Kerberos authentication system has security vulnerability problems of password and replay attacks. In SSO authentication systems, a major security vulnerability is the replay attack. When user credentials are seized by attackers, an authorized session can be obtained through a replay attack. In this paper, an improved SSO authentication model based on the broker-based model and a secure lightweight SSO mechanism against credential replay attack is proposed.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.12 no.4
• /
• pp.67-76
• /
• 2002

Kerberos is designed to provide strong authentication between client and application servers which are working in distributed network environment by using symmetric-key cryptography, and supposed to trust other systems of the realm. In this paper, we design an efficient and strong authentication mechanism by introducing the public/private-key to Kerberos. In the mechanism to make a system more secure, the value of the session key is changed everytime using MAC(message authentication code) algorithm with the long-term key for user-authentication and a random number exchanged through the public key. Also, we employ a mutual authentication method, which is used on challenge-response mechanism based on digital signatures, to improve trust between realms, and present a way of reducing the number of keys by simplifying authentication steps.

• Proceedings of the IEEK Conference
• /
• 2002.06c
• /
• pp.51-54
• /
• 2002

P2P implies direct exchange between peers. If you have something I want, 1 go directly to you and obtain il. There is one of the most advantages of formation of community in P2P. For a specified purpose through P2P, the Peers who make temporary a group delivery a request efficient and safe. And the resources can be jointed common, cooperation and communication. When P2P is developed more, we can expect more formation of online community and development. But to be a safe of personal ID and password in internet, it should be possible to make a key-exchange. In the paper, it suggest P2P security system suitable to personal security that Kerberos be transformed. The user who make community in P2P, have Kerberos Server, and using Physical Address of Ethernet card in personal computer, authenticate users.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2003.05a
• /
• pp.560-563
• /
• 2003

In this paper describes for use Authentication with the WPKI and Kerberos protocol. this paper is the security structure that defined in a WAP forum and security and watches all kinds of password related technology related to the existing authentication system. It looks up weakness point on security with a problem on the design that uses wireless public key-based structure and transmission hierarchical security back of a WAP forum, and a server-client holds for user authentication of an application level all and all, and it provides one counterproposal. Therefore, We offer authentication way solution that connected X.509 with using WIM for complement an authentication protocol Kerberos and its disadvantages.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.29 no.5C
• /
• pp.737-749
• /
• 2004

Kerberos authenticates clients using symmetric-key cryptography, and supposed to Oust other systems of the realm in distributed network environment. But, authentication and authorization are essential elements for the security. In this paper, we design an efficient and secure authentication/authorization mechanism by introducing the public/private-key and installing the proxy privilege server to Kerberos. In the proposed mechanism, to make a system more secure, the value of the session key is changed everytime using MAC(message authentication code) algorithm with the long-term key for user-authentication and a random number exchanged through the public key. Also, we reduce the number of keys by simplifying authentication steps. Proxy privilege server certifies privilege request of client and issues a privilege attribute certificate. Application server executes privilege request of client which is included a privilege attribute certificate. Also, a privilege attribute certificate is used in delegation. We design an efficient and secure authentication/authorization algorithm with Kerberos.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2012.04a
• /
• pp.734-737
• /
• 2012

인체 무선망이란 USN(Ubiquitous Sensor Network)을 통해 환자의 생체 정보를 실시간으로 수집하는 환경이다. 이를 기반으로 원격지에서 생체 정보를 전달 받는 시스템이 u-RPMS(USN Remote Patient Monitoring System)이다. u-RPMS에서 실시간으로 환자의 정보들이 발생하는데 이때 실시간으로 발생한 정보들은 공유가 불가피하다. 환자의 생체 정보는 생명과 연결되기 때문에 공유할 때 안전이 중요하다. 하지만 u-RPMS에서는 무선 통신으로 동작하기 때문에 보안에 취약하며, 이를 보안하기 위해서 서버와 DB(Data Base) 사이에 인증 서버를 통해서 해결 할 것을 제시한다. 본 연구에서는 인체 무선망을 기반으로 해서 모듈화 된 오픈 소스 원격진료 플랫폼인 OpenEMed의 개인 확인 서비스(PIDS, Personal Identification Service)를 이용해 네트워크를 기반으로 한 Kerberos 인증을 제안한다.

• Journal of Computing Science and Engineering
• /
• v.5 no.1
• /
• pp.51-70
• /
• 2011

This paper introduces a new credit card payment scheme called No Number Credit Card that can significantly reduce the possibility of credit card fraud. The proposed payment system is loosely based on Kerberos, a cryptographic framework that has stood the test of time. In No Number Credit Card, instead of card numbers, only payment tokens are exchanged between the customers and merchants. The tokens are generated based on the payment amount, payment type, client information, and merchant information. However, it does not contain the credit card number, so the merchant or a database hacker cannot acquire and illegally use any credit card numbers. The No Number Credit Card system is ideal for online e-commerce transactions and can be used with any credit card that users possess. It can be used with minor modifications to the current card payment system. We provide the principles of its operation through scenario analysis, a sample implementation, and a security analysis

• Proceedings of the Korea Multimedia Society Conference
• /
• 2000.04a
• /
• pp.76-81
• /
• 2000

앞으로 전자상거래는 미국 , 일본등 경제선진국을 중심으로 확대, 발전해 나갈것이고 이에 따라 이를 시스템적으로 지원할 수 있는 지불시스템의 필요성은 더욱 부각될 것이다. 이 지불 시스템에서 핵심적인 기능은 인증기능이 될 것이고 인증에 대한 데이터를 관리하는 디렉토리 서버의 기능과 성능향상은 전제 지불시스템 더 나아가 전자상거래를 활성화 시키는데 절대적인 역할을 할 것이다. 이러한 현시점에서 세계 각국의 대응에 관심을 가지고 국내에서도 독자적인 기술로 국내 환경에 맞는 인증시스템의 개발이 절실하게 필요한 때이다. 본고에서는 X500시리즈와 MIT의 Kerberos Authentication System을 접목시켜 운용 가능한 전자상거래모델을 제시하고 이를 구현시 고려해야할 사항들을 제시함으로 해서 향후 보안 및 전자상거래 관련 분야에서 급속한 수요 증가가 예상되는 디렉토리 서버구현을 위한 모델을 제시하고자한다.