• Title/Summary/Keyword: Privilege certificate

Search Result 19, Processing Time 0.021 seconds

Study on a Secure Authentication and Authorization Protocol based on Kerberos (커버로스 기반의 안전한 인증 및 허가 프로토콜 에 관한 연구)

  • 김은환;김명희;전문석
    • The Journal of Korean Institute of Communications and Information Sciences
    • /
    • v.29 no.5C
    • /
    • pp.737-749
    • /
    • 2004
  • Kerberos authenticates clients using symmetric-key cryptography, and supposed to Oust other systems of the realm in distributed network environment. But, authentication and authorization are essential elements for the security. In this paper, we design an efficient and secure authentication/authorization mechanism by introducing the public/private-key and installing the proxy privilege server to Kerberos. In the proposed mechanism, to make a system more secure, the value of the session key is changed everytime using MAC(message authentication code) algorithm with the long-term key for user-authentication and a random number exchanged through the public key. Also, we reduce the number of keys by simplifying authentication steps. Proxy privilege server certifies privilege request of client and issues a privilege attribute certificate. Application server executes privilege request of client which is included a privilege attribute certificate. Also, a privilege attribute certificate is used in delegation. We design an efficient and secure authentication/authorization algorithm with Kerberos.

Design of Privilege Delegation Mechanism using Proxy Certificate (위임 인증서를 이용한 권한 위임 메커니즘 설계)

  • Jin, Seung-Hun;Cho, Sang-Rae;Kim, Tae-Sung;Ryou, Jae-Cheol
    • The KIPS Transactions:PartC
    • /
    • v.10C no.6
    • /
    • pp.739-746
    • /
    • 2003
  • In real life, we frequently use th proxy signatrue by delegating one's own privileges. It is necessary to distribute the data related to privilege delegation securely in order to use such a proxy signature in the Internet. However, inorder to use the secure proxy signature, we need to have some mechanism to prevent a proxy signer from misuse of privileges by applying proxy certificate and a privilege delegation mechanism to manage information with related to privilege delegarion. In addition, we have implemented the prototype to demonstrate the possible proxy signature service using proxy certificate.

A Study of PMI based on Established Certificate (기존 인증서를 통한 PMI 연구)

  • 김건배;배두현;박세현;송오영
    • Proceedings of the Korea Institutes of Information Security and Cryptology Conference
    • /
    • 2002.11a
    • /
    • pp.548-550
    • /
    • 2002
  • 본 논문은 PKC(Public Key Certificate)를 이용하여 Privilege Management를 제공하는 모델에 대해 다룬다. 권한관리는 PKC와 AC(Attribute Certificate)를 이용한 PMI가 제시되고 있으나, PMI를 구축하기 위한 비용이 들게 된다. 본 논문에서는 현재 구성되고 있는 PMI 모델과 본 논문에서 제시한 PSL(Privilege Status List)를 이용한 권한 관리모델을 비교, 분석한다.

  • PDF

Attribute Certificate Profile Research (속성인증서 프로화일 연구)

  • 윤이중;류재철
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.11 no.5
    • /
    • pp.75-84
    • /
    • 2001
  • Existent public key certificates provide authentication information through some information on user\`s public key. However, an attribute certificate which stores and manage user\`s attribute information, provides various privilege information such as position, privilege and role. In recent, international organizations establishes standards on attribute certificate, and the researches and developments on attribute certificate have been widely made. In addition it may be expected to be used many real application area requiring for authorization information as well as authentication information. Therefore, this paper considers background and standardization trends of attribute certificate and describes the profile and related techniques of attribute certificate currently established by IETF. In addition, it introduces and access control system using attribute certificate and specifies applications of attribute certificate.

Privilege Management Technique for Unreliable Network Environments based on Tree Structure (신뢰도가 낮은 네트워크 환경을 위한 트리 구조 기반의 권한 관리 기법)

  • Yang, Soo-Mi
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.18 no.5
    • /
    • pp.83-91
    • /
    • 2008
  • IISO/IEC 9594-8 defines the public key framework and attribute certificate framework. Attribute certificate framework deals with privilege management infrastructure(PMI). In PMI, for privilege management using attribute certificates, role assignment certificates and role specification certificates are used to assign and specify privileges independently. Role specification certificates includes privilege specifications and the details far privilege management of network environments. Privilege management of unreliable network environment tries to enhance the reliability and efficiency of privilege information transmission forwarding over unreliable routes in the presence of potentially faulty nodes and edges. Each node forms a role specification tree based on role specification relationship data collected from the network. In this paper privilege management cost with the role specification certificates tree structure is evaluated trying to reduce the overhead incurred by role creation and modification of privileges. The multicasting of packets are used for scalability. We establish management cost model taking into account the packet loss and node reliability which continuously join and leave for network. We present quantitative results which demonstrate the effectiveness of the proposed privilege management scheme.

Delegated Attribute Certificate Validation And Protocol (PMI 인증서 검증 위임 및 검증 프로토콜)

  • 이승훈;송주석
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.13 no.1
    • /
    • pp.59-67
    • /
    • 2003
  • PMI(Privilege Management Infrastructure) certificates as well as Public-Key certificates must be validated before being used. Validation for a PMI certificate requires PMI certificate path validation, and PKC(Public-Key Certificate) path validations for each entity in the PMI certificate path. This validation work is quite complex and burdened to PMI certificate verifiers. Therefore, this paper suggests a delegated PMI certificate validation that uses specialized validation server, and defines a validation protocol which is used between validation server and client.

Design of a effective Authorization Mechanism based on Kerberos (커버로스 기반의 효율적인 허가 메커니즘 설계)

  • Kim, Eun-Hwan;Jun, Moon-Seog
    • The KIPS Transactions:PartC
    • /
    • v.10C no.3
    • /
    • pp.287-294
    • /
    • 2003
  • Authentication and authorization are essential functions for the security of distributed network environment. Authorization is determining and to decide whether a user or process is permitted to perform a particular operation. In this paper, we design an authorization mechanism to make a system more effective with Kerberos for authentication mechanism. In the authorization mechanism, Kerberos server operates proxy privilege server. Proxy privilege server manages and permits right of users, servers and services with using proposed algorithm. Also, privilege attribute certificate issued by proxy privilege server is used in delegation. We designed secure kerberos with proposed functions for effective authorization at the same time authentication of Kerberos mechanism.

A User Authentication Method between Domains Using Privilege Certificates (권한인증서를 이용한 도메인간의 사용자 인증방안)

  • Gi, Jun-Woong;Kim, Ji-Hong;Kim, Chang-Kyu
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.18 no.6A
    • /
    • pp.75-83
    • /
    • 2008
  • In this paper, we design a user authentication method between domains when mobile node moves in AAA server based MIPv6 environment. Several papers proposed the user authentication method executing at AAA server in home domain via AAA server in visiting domain. In this paper we proposed the user authentication method using privilege certificates between domains.

An Efficient Role Based Access Control Technique by Structuring of Role Specification Certificate (역할 명세 인증서의 구조화에 의한 효율적 역할기반 접근제어 기법)

  • Yang, Soo-Mi
    • Journal of Internet Computing and Services
    • /
    • v.6 no.5
    • /
    • pp.1-9
    • /
    • 2005
  • In a role based access control through attribute certificate, the use of role assignment certificates and role specification certificates can reduce management cost and the overhead incurred by changing roles, Highly distributed computing environments such as ubiquitous computing environments not having global or broad control. need another attribute certificate management technique, Actually just having role specification certificate separately reduce management cost, But for better performance we structure role specification, We group roles and make the role group relation tree, It results secure and efficient role renewing and distribution, For scalable role specification certificate distribution, the multicasting of packets is used, We take into account the packet lass and quantify performance enhancements of structuring role specification certificates.

  • PDF

A Study on the Legal Application for Sport Pilot Certificate in Korea (스포츠조종사 자격증명의 국내 적용에 대한 연구)

  • Noh, Yo-Sup;Kim, Young-Hoon
    • Journal of the Korean Society for Aviation and Aeronautics
    • /
    • v.13 no.3
    • /
    • pp.43-60
    • /
    • 2005
  • In september 2004, a new pilot certificate scheme referred to as Sport Pilot Certificate was declared official and standardized in the US. The designation of Light-sport aircraft and the details of the relevant pilot certificate policy was announced out of the perception that a new regulation is required to be applied whereby the limitations on the manufacturing process enhancements and current aviation rules are considered the triggering factors. US Federal Aviation Regulation retains a comprehensive range of airworthiness certificates and aircrafts are managed systematically in accordance with FAR 21, 103. The airworthiness are further segregated into sub categories, which allows differentiated management. Korean Aviation Law classify aircraft into five different categories and powered air vehicle that weighs more than 150kg(19liters fuel capacity) for one seat, 225kg for two seats(38liters fuel capacity) while the systems that fall under a specific mass threshold level are known as ultralight vehicle. The research discusses the policy of the sport pilot certificate and the light-sport aircraft ratings announced official by the Federal Aviation Administration in an intuitive fashion with the analysis of the operations providing the evidence as to the viability of adopting the policy in local grounds. Based on the findings, the report discusses the case for introducing the light-sport aircraft and make recommendation on a strategy of applying the policy in Korea with respect to the pilot certificates, safety agenda, and the written test for the pilot certificate, and operating efficiency.

  • PDF