JOURNAL BROWSE
Search
Advanced SearchSearch Tips
Multi-session authentication scheme for secure authentication and session management of cloud services environment
facebook(new window)  Pirnt(new window) E-mail(new window) Excel Download
 Title & Authors
Multi-session authentication scheme for secure authentication and session management of cloud services environment
Choi, Do-hyeon; Park, Jung-oh;
  PDF(new window)
 Abstract
Recently, as the service scale of cloud service is expanded, an anxiety due to concerns on new vulnerabilities and security related incidents and accidents are also increasing. This paper proposes a certification scheme for multiple session management of security sessions which are generated after the user authentication. The proposed session multiplexing scheme enables the independent management of security sessions in the level of virtualization (hypervisor) within the service provider. As a result of performance analysis, providing a strong safety due to session multiplexing and mutual authentication, and the superiority of performance was proven by comparing it with the existing mutual authentication encryption algorithms.
 Keywords
Cloud Service;Web Authentication;Web Service;Virtualization;Hypervisor;Mutual authentication;
 Language
Korean
 Cited by
 References
1.
AD Meniya, HB Jethva, "Single-Sign-On (SSO) across open cloud computing federation", International Journal of Engineering Research and Applications, No. 2, pp. 891- 895, 2012.

2.
Choi-Dohyeon, et al, “A Design of Security Structure in Bare Metal Hypervisor for Virtualized Internal Enviroment of Cloud Service”, The Journal of Korean Institute of Communications and Information Sciences, Vol. 38, No. 7, pp. 526-534, 2013. crossref(new window)

3.
Son-Seungwoo, “Legal Issues on Cloud Computing Service & SaaS”, Korea Association For Informedia Law, Vol. 14, No. 2, 2010.

4.
Jung-SungJae, Bae-YuMi, "Trend analysis of Threats and Technologies for Cloud Security", Journal of Security Engineering Vol.10, No2, 2013.

5.
AD Meniya, HB Jethva, “Single-Sign-On (SSO) across open cloud computing federation”, International Journal of Engineering Research and Applications 2, pp. 891-895, 2012.

6.
Internet Crime Complaint Center (IC3), “2013 Internet Crime Report”, 2013.

7.
KISA, “Cyber Security Issue 09 Trend”, Korea Internet & Security Agency, 2014.

8.
KISA, “Web standards-based certification services Introduction and implementation of technical Guide”, Korea Internet & Security Agency, 2014.

9.
KISA, “I-PIN 2.0 introducing Guide”, Korea Internet & Security Agency, 2010.

10.
GCMA, “Security Server Deployment Guide (ver 5.1)”, Korea Goverment Cerification Management Authority, 2012.

11.
FSI, “Electronic banking authentication technology Research Reports”, Financial Security Institute, 2011.

12.
MOPAS, “Personal information protection statutes and guidelines notice Explanation”, Ministry of Government Administration and Home Affairs, 2011.

13.
KISA, “Website vulnerability diagnosis and removal guide for information systems development and administrator”, Korea Internet & Security Agency, 2013.

14.
KISIA, “Changes in the IT ecosystem, according to a spreading cloud services and Countermeasure”, Korea IT Service Industry Association, 2012.

15.
Sin-Youngsang, “Hypervisor-based virtualization security technology trends in cloud environments”, Korea Internet & Security Agency, 2014.

16.
Jung-Hyeonjun, “Trends and major issues of the virtualization technology”, Korea Information Society Development Institute, 2013.

17.
Gina Stevens. (2015, June). Data Security Breach Notification Laws. University of Maryland Francis King Carey School of Laws[Online]. Available: http://www.ncsl.org/research/telecommunications-and-information-technology/security-breach-notification-laws.aspx

18.
Korea Ministry of Goverment Legislation. (2012, August). Promotion of Information and Communications Network Utilization and Information Protection Act[Online]. Available: http://www.law.go.kr/lsInfoP.do?lsiSeq=123210&efYd=20120818#0000.

19.
KISA. (2015, March). OpenSSL a multi Vulnerabilities Security Update Advisory[Online]. Available: https://www.krcert.or.kr/kor/data/secNoticeView.jsp?p_bulletin_writing_sequence=22627

20.
Bodo Moller, Thai Duong, Krzysztof Kotowicz. (2013, September). This POODLE Bites: Exploiting The SSL 3.0 Fallback[Online]. Available: https://www.openssl.org/~bodo/ssl-poodle.pdf

21.
National Vulnerability Database (2015, January). Vulnerability Summary for CVE-2015-0204[Online]. Available: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0204.

22.
National Vulnerability Database. (2014, April). Vulnerability Summary for CVE-2014-0160[Online]. Available: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0160.