The KIPS Transactions:PartC (정보처리학회논문지C)

Korea Information Processing Society (한국정보처리학회)
권호 표지
DOI QR코드

DOI QR Code

I2DM : An Improved Identity Management Protocol for Internet Applications in Mobile Networks

모바일 네트워크에서 인터넷 응용을 위한 향상된 ID관리 프로토콜

  • 박인신 (성균관대학교 정보보호학과) ;
  • 정종필 (성균관대학교 정보통신공학부)
  • Received : 2011.09.09
  • Accepted : 2011.12.02
  • Published : 2012.02.29
Download PDF
⟨ Previous Next ⟩

Abstract

Due to rapid spread of smart phones and SNS(Social Network Service), using of Internet applications has increased and taking up bandwidth more than 3G network's capacity recently. This caused reduction of speed and service quality, and occurred strong needs that backbone network company to increasing investment costs. Also a great rise of mobile network users causing identity management problems on mobile service provider through mobile network. This paper proposes advanced IDM3G[1] - to solve user ID management and security problems on mobile internet application services over 3G network and more - authentication management protocol. $I^2DM$ protocol breakup loads which made by existing IDM3G protocol's mutual authentication via mobile operator, via sending some parts to internet application service provider, enhancing mobile and ID management of service provider and network load and process load from information handling and numbers of transmitting packets, to suggest more optimized protocol against further demanding of 3G mobile network.

최근 급속도로 보급되고 있는 스마트폰과 SNS(Social Network Service)로 인한 인터넷 응용프로그램 활용의 증가는 3G 네트워크 이상의 네트워크 대역폭을 빠르게 잠식해가고 있으며 이로 인한 속도 저하와 서비스 질 저하로 인한 기간통신사들의 시설투자비 증가 요구가 강하게 대두되고 있다. 아울러 모바일 네트워크 사용자의 폭증에 따르는 모바일 서비스 제공자와 모바일 네트워크상의 ID관리문제를 촉발하고 있다. 본 논문은 3G 네트워크에서 모바일 인터넷 응용 서비스상의 사용자 ID관리와 보안문제를 해결하기 위한 프로토콜로 제안된 IDM3G[1]를 기반으로 보다 향상된 인증관리 프로토콜을 제안한다. 제안하는 $I^2DM$ 프로토콜은 기존의 IDM3G 프로토콜이 MO를 통한 상호 인증을 수행하면서 발생시키는 부하를 모바일 인터넷 응용 서비스 제공자에게 일정 부분의 역할을 분산시킴으로써 모바일 및 서비스 제공자의 ID관리와 함께 네트워크 부하와 정보처리를 위한 프로세스 부하 그리고 송수신되는 패킷의 수를 보다 효율화한다. 향후 더욱 그 수요가 폭증할 것으로 예상되는 3G 이후의 모바일 네트워크에 대한 수요를 대비하여 보다 최적화된 프로토콜을 제안한다.

Keywords

References

  1. Wisely D, Eardley P, and Burness L. IP for 3G - networking technologies for mobile communications, John Wiley & Sons, 2002.
  2. 3rd Generation Partnership Project. TS 23.234 - 3GPP system to wireless local area network (WLAN) interworking; system description v2.4.0, 2004.
  3. Mont M, Pearson S, and Bramhall P., "Towards accountable management of identity and privacy," Proceedings of 14th international workshop on database and expert systems applications, 2003.
  4. Bonatii P and Samarati P., "A unified framework for regulating service access and information release on the web," Computer Security Journal, Vol.10(3), pp.241-72, 2003.
  5. Damiani E, De Capitani di Vimercati S, and Samarati P., "Managing multiple and dependable identities," IEEE Internet Computing, Vol.7(6), pp.29-37, 2003. https://doi.org/10.1109/MIC.2003.1250581
  6. Siemens, "Identity management for micropayments in a mobile environment," Paycircle, 2003.
  7. Christos K. Dimitriadis and Despina Polemi, "An identity management protocol for Internet applications over 3G mobile networks," Computers & Security, Vol.25, pp.45-51, February, 2006. https://doi.org/10.1016/j.cose.2005.11.001
  8. Ed Gerck, Secure Email Technologies X.509 / PKI, PGP, IBE, and ZMAIL, in Chapter 12, Corporate Email Management, ICFAI University Press, pp.171-196, 2007.
  9. http://www.gnupg.org
  10. http://www.3gpp.org
  11. 3rd Generation Partnership Project. TS 33.102 - 3G security; security architecture v6.0.0, 2003.
  12. 3rd Generation Partnership Project. TS 33.234 - 3G security; wireless local area network (WLAN) interworking security v6.0.0, 2004.
  13. OASIS. Glossary for the OASIS security assertion markup language(SAML) v1.1, 2003.
  14. Liberty Alliance. Liberty ID-FF protocols and schema specification v1.2, 2003.
  15. Liberty Alliance. Liberty ID-FF architecture overview v1.2, 2003.
  16. http://www.sdl-forum.org/MSC/index.htm
  17. Dimitriadis C and Polemi D., "A protocol for incorporating biometricsin 3G with respect to privacy," 7th international conference on enterprise information systems (ICEIS2005), pp.123-135, 2005.
  18. 3rd Generation Partnership Project. TS 31.101 - UICC terminal interface; physical and logical characteristics v6.2.0, 2003.
  19. 3rd Generation Partnership Project 2. S.R0082 enhanced packet data air interface security v1.0, 2003.
  20. Urien P, Pujolle G, EAP-support in smartcard draft-urien-eap-smartcard-21.txt, IETF draft, 2011.
  21. Rao J, Rohatgi P, Scherzer H, and Tinguely S., "Partitioning attacks: or how to rapidly clone some GSM cards," IEEE symposium on security and privacy, 2002.
  22. Khan M, Ahmed A and Cheema A.R, "Vulnerabilitis of UMTS Access Domain Security Architecture", Software Engineering, Artificial Intelligence, Networking, and Parallel/Distributed Computing, 2008. SNPD '08, Ninth ACIS International Conference on
  23. Eastlake D, Crocker S, Schiller J., "Randomness recommendations for security," IETF RFC 1750, 1994.
  24. Fry M, Fischer M, Karaliopoulos M, smith P and Hutchison D, "Challenge identification for network resilience", Next Generation Internet(NGI), 2010 6th EURO-NF Conference on, pp.1-8, 2010
  25. Liberty Alliance. Liberty ID-FF bindings and profiles specification v1.2, 2003.
  26. Microsoft Corp. Microsoft.NET passport review guide, .
  27. Pfitzmann B and Waidner M, "Analysis of liberty single-sign-on with enabled clients," Internet Computing, IEEE, Vol.7, Issue:6, pp.38-44, 2003. https://doi.org/10.1109/MIC.2003.1250582
  28. Liberty Alliance. Liberty trust models guidelines v1.0, 2003.
  29. IDC, Worldwide Identity Theft Black Market 2006-2010 Forecast, 2006.
  30. Liberty Alliance Project, http://www.projectliberty.org/
  31. Microsoft, Introducing Windows CardSpace, http://msdn.microsoft.com/
  32. OpenID, http://openid.net/
  33. Security Assertion Markup Language(SAML) OASIS Standard Specification, Version 2.0, http://www.oasis-open. org/committees/tc_home.php?wg_abbrev=security
  34. Higgins Project, http://www.eclipse.org/higgins/

Cited by

  1. Implementation of Electricity Power Management System for Industries based on USN vol.12, pp.4, 2012, https://doi.org/10.7236/JIWIT.2012.12.4.103
  2. Implementation of Electricity Management System based on the Wireless ICT vol.14, pp.5, 2014, https://doi.org/10.7236/JIIBC.2014.14.5.123