정보과학회 논문지 (Journal of KIISE)

  • 제42권9호
  • /
  • Pages.1175-1184
  • /
  • 2015
  • /
  • 2383-630X(pISSN)
  • /
  • 2383-6296(eISSN)
한국정보과학회 (Korean Institute of Information Scientists and Engineers)
권호 표지
DOI QR코드

DOI QR Code

아웃소싱 데이터 보호를 위한 데이터 블록 기반의 상호 인증 프로토콜

Data Block based User Authentication for Outsourced Data

  • 한창희 (중앙대학교 컴퓨터공학과) ;
  • 권현수 (고려대학교 컴퓨터학과) ;
  • 김대영 (고려대학교 컴퓨터학과) ;
  • 허준범 (고려대학교 컴퓨터학과)
  • 투고 : 2015.05.19
  • 심사 : 2015.07.01
  • 발행 : 2015.09.15
⟨ 이전 논문 다음 논문 ⟩

초록

최근 고품질 포맷을 지원하는 멀티미디어 기술이 발전함에 따라 멀티미디어 데이터의 크기가 급격하게 증가하고 있다. 게다가 여러 온라인 채널을 통해 멀티미디어 데이터를 제공하는 추세에 따라, 단일 서버에서 데이터를 저장 및 처리하기가 어려워지고 있다. 이에 많은 서비스 공급 업체들은 클라우드 저장소와 같은 외부 업체에 데이터 아웃소싱을 통한 비용 절감 효과를 기대하고 있다. 하지만 아웃소싱 데이터에 접근하려는 사용자를 안전하고 효율적으로 인증할 수 있을지는 선결과제로 남아있다. 비밀번호 기반 인증은 안전성 측면에서 많은 문제점을 가진다. 생체인식이나 SMS, 하드웨어 토큰과 같은 채널을 이용한 다중 인증 기법은 안전성을 강화하지만 사용자 편의성(usability)을 감소시킨다. 이에 본 논문에서는 안전성과 편의성을 모두 보장하는 블록 기반 상호 인증 기법을 소개한다. 추가적으로 본 논문에서 제안하는 기법은 효율적인 사용자 취소(user revocation) 기능을 제공한다. 본 논문은 상용 클라우드 서비스인 아마존 EC2에서 직접 실험을 설계 및 구현하였고, 실험 결과를 제시하였다.

Recently, there has been an explosive increase in the volume of multimedia data that is available as a result of the development of multimedia technologies. More and more data is becoming available on a variety of web sites, and it has become increasingly cost prohibitive to have a single data server store and process multimedia files locally. Therefore, many service providers have been likely to outsource data to cloud storage to reduce costs. Such behavior raises one serious concern: how can data users be authenticated in a secure and efficient way? The most widely used password-based authentication methods suffer from numerous disadvantages in terms of security. Multi-factor authentication protocols based on a variety of communication channels, such as SMS, biometric, or hardware tokens, may improve security but inevitably reduce usability. To this end, we present a data block-based authentication scheme that is secure and guarantees usability in such a manner where users do nothing more than enter a password. In addition, the proposed scheme can be effectively used to revoke user rights. To the best of our knowledge, our scheme is the first data block-based authentication scheme for outsourced data that is proven to be secure without degradation in usability. An experiment was conducted using the Amazon EC2 cloud service, and the results show that the proposed scheme guarantees a nearly constant time for user authentication.

키워드

과제정보

연구 과제 주관 기관 : 한국연구재단

참고문헌

  1. Reuters, [Online]. Available: http://www.reuters.com/article/2014/02/04/us-usa-obama-education-idUSBREA130J520140204. 2014.
  2. USA Today, [Online]. Available: http://www.usatoday.com/story/tech/personal/2013/08/07/views-shift-on-cell-phones-in-schools/2607381. 2014.
  3. IBM Data Center, [Online]. Available: http://www-935.ibm.com/services/us/en/outsourcing/data-center-outsourcing. 2014.
  4. utopia, [Online]. Available: http://www.utopiainc.com. 2014.
  5. NTTDATA, [Online]. Available: http://americas.nttdata.com. 2014.
  6. C. James, [Online]. Available: http://www.businessinsider.com/how-hackers-get-into-your-apple-icloud-account-2014-9. 2014.
  7. RSA SecureID, [Online]. Available: http://www.emc.com/security/rsa-securid.htm. Accssed 7 Dec. 2014.
  8. F. Stajano, Pico: No more passwords!. In Security Protocols XIX, Springer Berlin Heidelberg, pp. 49-81, 2011.
  9. S. Drimer, J. Murdoch, R. Anderson, Optimised to Fail: Card Readers for Online Banking, Financial Cryptography and Data Security, pp. 184-200, 2009.
  10. J. Yuan, S. Yu, Efficient privacy-preserving biometric identification in cloud computing, Proc. of IEEE INFOCOM, pp. 2752-2760, 2013.
  11. D. Evans, Y. Huang, J. Katz, L. Malka, Efficient privacy-reserving biometric identification, NDSS, pp. 2653-2657, 2011.
  12. M. Barni, T. Bianchi, D. Catalano, M. Raimondo, R. Donida, P. Failla, A. Piva, Privacy-preserving Fingercode authentication, MMSec', Roma, Italy, ACM, pp. 2-7, 2012.
  13. Core Concepts - Authentication, [Online]. Available: https://developers.facebook.com/docs/authentication. 2014.
  14. D. Recordon and B. Fitzpatrick, [Online]. Available: http://openid.net/specs/openid-authentication-1\_1.html. 2014.
  15. OpenID Connect, [Online]. Available: http://openid.net/connect. 2014.
  16. S. Wiedenbeck, J. Waters, C. Birget, A. Brodskiy, N. Memon, PassPoints: Design and longitudinal evaluation of a graphical password system, International Journal of Human-Computer Studies 63.1, pp. 102-127, 2005. https://doi.org/10.1016/j.ijhcs.2005.04.010
  17. S. Chiasson, C. Oorschot, R. Biddle, Graphical Password Authentication Using Cued Click Points, Proc. European Symp. Research in Computer Security (ESORICS), pp. 359-374, 2007.
  18. S. Chiasson, E. Stobert, A. Forget, R. Biddle, C. Oorschot, Persuasive cued click-points: Design, implementation, and evaluation of a knowledge-based authentication mechanism, IEEE Trans. on Dependable and Secure Computing, Vol. 9, No. 2, pp. 222-235, 2012. https://doi.org/10.1109/TDSC.2011.55
  19. Google Inc., [Online]. Available: https://www.google.com/landing/2step. 2014.
  20. A. Czeskis, M. Dietz, T. Kohno, D. Wallach, D. Balfanz, Strengthening user authentication through opportunistic cryptographic identity assertions, Proc. of the 2012 ACM conference on Computer and communications security, pp. 404-414, 2012.
  21. R. Morris, K. Thompson, Password security: a case history. Commun. ACM, Vol. 22, No. 11, pp. 594-597, 1979. https://doi.org/10.1145/359168.359172
  22. A. Adams, M. Sasse, Users Are Not The Enemy. Commun. ACM, Vol. 42, No. 12, pp. 41-46, 1999.
  23. K. Jain, S. Prabhakar, L. Hong, S. Pankanti, Filterbank- based fingerprint matching, Image Processing, IEEE Transactions on 9.5, pp. 846-859, 2000.
  24. K. Golofit, Click passwords under investigation. Computer Security-ESORICS, Springer Berlin Heidelberg, pp. 343-358, 2007.
  25. A. Dirik, Modeling user choice in the PassPoints graphical password scheme, Proc. of the 3rd symposium on Usable privacy and security. ACM, pp. 20-28, 2007.
  26. J. Thorpe, C. Oorschot, Human-Seeded Attacks and Exploiting Hot-Spots in Graphical Passwords, Proc. 16th USENIX Security Symp., pp. 103-118, 2007.
  27. A. Salehi-Abari, J. Thorpe, C. Oorschot, On Purely Automated Attacks and Click-Based Graphical Passwords, Proc. Ann. Computer Security Applications Conf. (ACSAC), pp. 111-120, 2008.
  28. S. Halevi, D. Harnik, B. Pinkas, A. Shulman-Peleg, Proofs of ownership in remote storage systems, Proc. of the 18th ACM conference on Computer and communications security. ACM, pp. 491-500, 2011.
  29. G. Ateniese, R. Burns, R. Curtmola, J. Herring, L. Kissner, Z. Peterson, D. Song, Provable data possession at untrusted stores, ACM CCS '07, pp. 598-609, 2007.