User Authentication of a Smart City Management System

스마트시티 매니지먼트 시스템에서의 사용자인증보안관리

Hwang, Eui-Dong;Lee, Yong-Woo

  • Received : 2018.10.04
  • Accepted : 2019.01.20
  • Published : 2019.01.28


In this paper, we introduce the UTOPIA Smart City Security Management System which manages a user authentication for smart cities. Because the smart city management system should take care of huge number of users and services, and various kinds of resources and facilities, and they should be carefully controlled, we need a specially designed security management system. UTOPIA is a smart city system based on ICT(Information and Communication Technology), and it has a three tier structure of UTOPIA portal system, UTOPIA processing system and UTOPIA infrastructure system. The UTOPIA processing system uses the smart city middleware named SmartUM. The UTOPIA Smart City Security Management System is implemented in the application security layer, which is the top layer of the SmartUM middleware, and the infrastructure security layer, which is the lowest layer. The UTOPIA Smart City security management system is built on the premise that it supports all existing user authentication technologies. This paper introduces the application security layer and describes the authentication management in the application security layer.


UTOPIA Smar City System;Smart City Middleware;Integrated Security Management;Single Sign On(SSO);UTOPIA Smart City Security Management System


  1. Ministry of Land, Infrastructure and Transport, Act on Smart City Creation and Industry Promotion, etc. This Decree enter into force on Sept. 22, 2017. Law No.14718.
  2. ISO/IEC JTC1. (2014). Smart Cities Report.
  3. H. S. Jung, C. S. Jeong, Y. W. LEE, & P. D. Hong. (2009). An Intelligent Ubiquitous Middleware for U-city: SmartUM, Journal of Information Science and Engineering, 25(2), 375-388. DOI: 10.1688/JISE.2009.25.2.3
  4. A. Armando, R. Carbone, L. Compagna, J. Cuellar, & L. Tobarra. (2008). Formal Analysis of SAML 2.0 Web Browser Single Sign-On: Breaking the SAML-based Single Sign-On for Google Apps, the 6th ACM workshop on Formal methods in security engineering. DOI : 10.1145/1456396.1456397
  5. European Union. (2018). The Marketplace of the European Innovation Partnership on Smart Cities and Communities.
  6. S. K.. Yoon & H. S. Jang. (2011). Design of Information Security in Ubiquitous City, Journal of Information and Security, 11(4), 37-42. ISSN: 1598-7329
  7. Y. S. Kim & S. C. Park. (2008). Analysis and Protection Method of Security Threat Factor in u-City Management Center, Proc. Korean Society For Internet Information, 9(1), 129-132. ISSN: 1738-9593
  8. C. J. Chae, S. K. Han & H. J. Cho. (2016). Security Vulnerability and Countermeasures in Smart Farm, Journal of digital convergence, 14(11), 313-318, DOI: 10.14400/JDC.2016.14.11.313
  9. J. N. Kim. (2016). Implementation of Domain Separation-based Security Platform for Smart Device, Journal of digital convergence, 14(12), 471-476. DOI: 10.14400/JDC.2016.14.12.471
  10. S. J. Kim & D. E. Cho. (2012). A Study on Secure Home Network in Environment Smart Grid, Journal of digital convergence, 10(1), 463-469. DOI: G704-002010.2012.10.1.001
  11. J. Hoh and C. Y. Jung. (2017). Convergence-based Smart Factory Security Threats and Response Trends. Journal of the Korea Convergence Society, 8(11), 29-35, DOI: 10.15207/JKCS.2017.8.11.029
  12. S. W. Lee, J. J. N. Kim. (2017). Service-oriented protocol security framework in ICT converged industrial environment. Journal of the Korea Convergence Society, 8(12), 15-22. DOI: 10.15207/JKCS.2017.8.12.015
  13. K. H. Lee. (2010). Analysis of Threats Factor in IT Convergence Security. Journal of the Korea Convergence Society, 1(1), 2233-4890. ISSN: 2233-4890
  14. S. H. Lee, D. H. Shim & D. W. Lee. (2016). Actual Cases of Internet of Thing on Smart City Industry. Journal of Convergence for Information Technology, 6(4). 65-70. DOI: 10.22156/CS4SMB.2016.6.4.065
  15. S. W. Rho & Y. W. Lee. (2010). U-city Portal For Smart Ubiquitous Middleware, 2010 The 12th International Conference Advanced Communication Technology (ICACT), 609-613. ISBN: 978-1-4244-5427-3
  16. S. W. Rho, C. H. Yun & Y. W. Lee. (2011). Provision of U-city web services using cloud computing, 13th International Conference on Advanced Communication Technology (ICACT), 1545-1549. ISBN: 978-89-5519-154-7
  17. P. Beynon-Davies. (2010). Personal identity management as a socio-technical network, Technology analysis & strategic management, 22(4), 463-478. DOI: 10.1080/09537321003714527
  18. G. Bick, M. C. Jacobson & R. Abratt. (2003). The Corporate Identity Management Process Revisited, Journal Of Marketing Management, 19(7-8), 835-856. DOI: 10.1080/0267257X.2003.9728239
  19. Trusted Computing Group website. (2011).
  20. H. S. Kim & C. S. Park. (2010). Cloud Computing and Personal Authentication Service, Information & Communications Magazine, 20(2), 11-92. ISSN: 1598-3978
  21. A. Litan. (2009). Where String Authentication Fails and What You Can About It, Gartner Research.
  22. Y. Oh, T. Obi, J. S. Lee, H. Suzuki, & N. Ohyama. (2010). Empirical analysis of internet identity misuse: case study of south Korean real name system, the 6th ACM workshop on Digital identity management (DIM'10), 27-34. DOI: 10.1145/1866855.1866863
  23. S. K. Un, N. S. Jho, Y. H. Kim & D. S. Choi. (2009). Cloud Computing Security Technology, Electrical Communication Trend Analysis, 24(4), 79-88. p-ISSN: 1225-6455