- Volume 19 Issue 9
DOI QR Code
Multi-session authentication scheme for secure authentication and session management of cloud services environment
클라우드 서비스 환경의 안전한 인증과 보안세션 관리를 위한 다중세션 인증 기법
Choi, Do-hyeon;Park, Jung-oh
- Received : 2015.07.27
- Accepted : 2015.09.07
- Published : 2015.08.20
Recently, as the service scale of cloud service is expanded, an anxiety due to concerns on new vulnerabilities and security related incidents and accidents are also increasing. This paper proposes a certification scheme for multiple session management of security sessions which are generated after the user authentication. The proposed session multiplexing scheme enables the independent management of security sessions in the level of virtualization (hypervisor) within the service provider. As a result of performance analysis, providing a strong safety due to session multiplexing and mutual authentication, and the superiority of performance was proven by comparing it with the existing mutual authentication encryption algorithms.
Cloud Service;Web Authentication;Web Service;Virtualization;Hypervisor;Mutual authentication
- KISA. (2015, March). OpenSSL a multi Vulnerabilities Security Update Advisory[Online]. Available: https://www.krcert.or.kr/kor/data/secNoticeView.jsp?p_bulletin_writing_sequence=22627
- Bodo Moller, Thai Duong, Krzysztof Kotowicz. (2013, September). This POODLE Bites: Exploiting The SSL 3.0 Fallback[Online]. Available: https://www.openssl.org/~bodo/ssl-poodle.pdf
- National Vulnerability Database (2015, January). Vulnerability Summary for CVE-2015-0204[Online]. Available: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0204.
- National Vulnerability Database. (2014, April). Vulnerability Summary for CVE-2014-0160[Online]. Available: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0160.
- KISA, “I-PIN 2.0 introducing Guide”, Korea Internet & Security Agency, 2010.
- GCMA, “Security Server Deployment Guide (ver 5.1)”, Korea Goverment Cerification Management Authority, 2012.
- FSI, “Electronic banking authentication technology Research Reports”, Financial Security Institute, 2011.
- MOPAS, “Personal information protection statutes and guidelines notice Explanation”, Ministry of Government Administration and Home Affairs, 2011.
- KISA, “Website vulnerability diagnosis and removal guide for information systems development and administrator”, Korea Internet & Security Agency, 2013.
- KISIA, “Changes in the IT ecosystem, according to a spreading cloud services and Countermeasure”, Korea IT Service Industry Association, 2012.
- Sin-Youngsang, “Hypervisor-based virtualization security technology trends in cloud environments”, Korea Internet & Security Agency, 2014.
- Jung-Hyeonjun, “Trends and major issues of the virtualization technology”, Korea Information Society Development Institute, 2013.
- Gina Stevens. (2015, June). Data Security Breach Notification Laws. University of Maryland Francis King Carey School of Laws[Online]. Available: http://www.ncsl.org/research/telecommunications-and-information-technology/security-breach-notification-laws.aspx
- Korea Ministry of Goverment Legislation. (2012, August). Promotion of Information and Communications Network Utilization and Information Protection Act[Online]. Available: http://www.law.go.kr/lsInfoP.do?lsiSeq=123210&efYd=20120818#0000.
- AD Meniya, HB Jethva, "Single-Sign-On (SSO) across open cloud computing federation", International Journal of Engineering Research and Applications, No. 2, pp. 891- 895, 2012.
- Choi-Dohyeon, et al, “A Design of Security Structure in Bare Metal Hypervisor for Virtualized Internal Enviroment of Cloud Service”, The Journal of Korean Institute of Communications and Information Sciences, Vol. 38, No. 7, pp. 526-534, 2013. https://doi.org/10.7840/kics.2013.38B.7.526
- Son-Seungwoo, “Legal Issues on Cloud Computing Service & SaaS”, Korea Association For Informedia Law, Vol. 14, No. 2, 2010.
- Jung-SungJae, Bae-YuMi, "Trend analysis of Threats and Technologies for Cloud Security", Journal of Security Engineering Vol.10, No2, 2013.
- AD Meniya, HB Jethva, “Single-Sign-On (SSO) across open cloud computing federation”, International Journal of Engineering Research and Applications 2, pp. 891-895, 2012.
- Internet Crime Complaint Center (IC3), “2013 Internet Crime Report”, 2013.
- KISA, “Cyber Security Issue 09 Trend”, Korea Internet & Security Agency, 2014.
- KISA, “Web standards-based certification services Introduction and implementation of technical Guide”, Korea Internet & Security Agency, 2014.