Access Control Framework for Collaborative System

Seung, Hyon-Woo,Park, Mi-Young 서울여자대학교 컴퓨터과학연구소 2003 정보기술논문지 Vol.1 No.-

As per increasing research interest in the field of collaborative computing in recent year, the importance of security issues on that area is also incrementally growing. Generally, the persistency of collaborative system is facilitated with conventional authentication and cryptography schemes. It is, however, hard to meet the access control requirements of distributed collaborative computing environments by means of merely applying the existing access control mechanisms. The distributed collaborative system must consider the network openness, and various types of subjects and objects while the existing access control schemes consider only some of the access control elements such as identity, rule, and role. However, this may cause the state of security level alteration phenomenon. In order to handle proper access control in collaborative system, various types of access control elements such as identity, role, group, degree of security, degree of integrity, and permission should be taken into account. Futhermore, if we simply define all the necessary access control elements to implement access control algorithm, then collaborative system consequently should consider too many available objects which in consequence, may lead to the drastic degradation of system performance. In order to improve the stated problems, we propose a novel access control framework that is suitable for the distributed collaborative computing environments. The proposed scheme defines several different types of object elements for the accessed objects and subjects, and uses them to implement access control which allows us to guarantee more solid access control. Futhermore, the objects are distinguished by three categories based on the characteristics of the object elements, and the proposed algorithm is implemented by the classified objects which lead to improve the systems' performance. Also, the proposed method can support scalability compared to the conventional one. Our simulation study shows that the performance results are almost similar to the two cases; one for the collaborative system that has the proposed access control scheme, and the other for the system that has not.

스마트 컨트랙트 기반의 산업제어시스템 접근 제어 메커니즘

조민정,이창훈 한국정보보호학회 2019 정보보호학회논문지 Vol.29 No.3

산업제어시스템은 센서, 액추에이터 등의 다양한 물리적인 장치들로 구성된다. 과거에 미국에서 발생했던 상수도시설 원격 접속 사고, 전력 제어시스템 감염 등 대규모 피해를 가져온 보안 사고는 산업제어시스템 접근 제어의 취약점으로 인해 발생했다. 물리적 장치에 대한 접근제어는 신뢰할 수 있는 시스템을 통해 이뤄져야한다. 그러나 폐쇄망으로 구성된 산업제어시스템 내부에 단일 접근 제어 시스템을 구축하는 것은 신뢰성을 보장받을 수 없다. 또 단일 접근제어 시스템은 장애나 사고 발생시 접근 제어 시스템이 작동 불가능해지므로 다른 접근 제어 방법이나 시스템이 필요하다. 본 논문에서는 신뢰성과 안정적인 운영을 제공하기 위해 운영 계층에 블록체인을 이용하고, 스마트 컨트랙트 배포를 통한 접근제어 메커니즘을 제안한다. 또한, 무결성, 기밀성보다 가용성이 우선시 되는 산업제어시스템을 고려하여 각 산업 환경에 맞게 소모할 컴퓨팅 자원을 설정할 수 있도록 신뢰 점수를 이용했다. 본 논문에서 제안하는 시스템은 기 제안된 블록체인 기반의 접근제어 시스템과 달리 현재 운영중인 산업제어시스템의 특성에 맞게 구성했다. Industrial control systems consist of various physical devices such as sensors, actuators. Security Infringement such aswaterworks facilities Remote Access Infringement and power control systems Infection have been occured by vulnerability ofAccess Control. Access control to physical devices must be fulfilled with a reliable system. However, Having a singleaccess control system inside company can not guarantee reliability. In addition, when single access control is struggled witherror or infringement, access control system is totally unavailable. so system requires a additional access control method orsystem. In this paper, we proposed access control mechanism for reliable and stable operation using blockchain and smartcontract. Proposed Mechanism using trust score to consider resources to be consumed depending on each industrialenvironment in consideration of the industrial control system where availability is more important than integrity andconfidentiality. Unlike other blockchain-based access control system, proposed system is designed for the currently operatingindustrial control system.

Trust and Risk based Access Control and Access Control Constraints

( Nurmamat Helil ),( Mucheol Kim ),( Sangyong Han ) 한국인터넷정보학회 2011 KSII Transactions on Internet and Information Syst Vol.5 No.11

Access control in dynamic environments needs the ability to provide more access opportunities of information to users, while also ensuring protection information from malicious users. Trust and risk are essential factors and can be combined together in access control decision-making to meet the above requirement. In this paper, we propose the combination of the trust and risk in access control to balance information accessibility and protection. Access control decision is made on the basis of trustworthiness of users and risk value of permissions. We use potential relations between users and relations between permissions in access control. Our approach not only provides more access opportunities for trustworthy users in accessing permissions, but also enforces traditional access control constraints such as Chinese Wall policy and Separation of Duty (SoD) of Role-Based Access Control (RBAC) model in an effective way.

Secure Attribute - Based Access Control with a Ciphertext-Policy Attribute - Based Encryption Scheme

Rifki Sadikin,Young Ho Park,Kil Houm Park 한국산업정보학회 2014 한국산업정보학회논문지 Vol.19 No.1

An access control system is needed to ensure only authorized users can access a sensitive resource. We propose a secure access control based on a fully secure and fine grained ciphertext-policy attribute-based encryption scheme. The access control for a sensitive resource is ensured by encrypting it with encryption algorithm from the CP-ABE scheme parameterized by an access control policy. Furthermore, the proposed access control supports non-monotone type access control policy. The ciphertext only can be recovered by users whose attributes satisfy the access control policy. We also implement and measure the performance of our proposed access control. The results of experiments show that our proposed secure access control is feasible.

5G 네트워크에서 D2D 시스템을 위한 액세스 제어

김석규(Seog-Gyu Kim),김재현(Jae-Hyun Kim) 한국컴퓨터정보학회 2021 韓國컴퓨터情報學會論文誌 Vol.26 No.1

본 논문에서는 5G 무선 네트워크 D2D 시스템에서 수행될 수 있는 두 가지 액세스 제어 메커니즘들을 비교해 보고 효과적인 액세스 제어 기법을 제안한다. 현재 5G D2D 시스템에서는 액세스 제어 기법이 표준 규격에 제정 되어 있지 않고 있으나, 두 가지 액세스 제어 기법들이 가능하다. 하나의 방식으로는 UE-to-Network Relay 기반의 액세스 제어 기법이고, 다른 하나의 방식으로는 Remote UE 기반의 액세스 제어 기법이다. 전자의 경우는 UE-to-Network Relay가 액세스 제어검사를 수행하는 것이며, 후자의 경우는 Remote UE가 액세스 제어 검사를 직접 수행하는 방식이다. 실험 평가 결과, 본 논문에서는 5G 무선 네트워크 D2D 시스템에서 효율적인 액세스 제어 방안으로써 Remote UE 기반의 액세스 제어 기법을 최종 제안한다. Remote UE 기반의 액세스 제어기법은 UE-to-Network Relay 기반의 액세스 제어 기법이 비하여, 신호 오버헤드를 최소화하고, 서로 액세스 제어 기능들이 다른 경우 보다 효율적인 액세스 제어 검사를 수행할 수 있다. In this paper, we compare two access control mechanisms for D2D(Device-to-Device) systems in 5G wireless networks and propose an effective access control for 5G D2D networks. Currently, there is no specified access control for 5G D2D networks but there can be two access control approaches for 5G D2D networks. One is the UE-to-Network Relay based access control and the other is the Remote UE(User Equipment) based access control. The former is a UE-to-Network Relay carries out the access control check for 5G D2D networks but the latter is a Remote UE performs the access control check for 5G D2D networks. Through simulation and evaluation, we finally propose the Remote UE based access control for D2D systems in 5G wireless networks. The proposed approach minimizes signalling overhead between the UE-to-Network Relay and the Remote UE and more efficiently performs the access control check, when the access control functionalities are different from the UE-to-Network Relay in 5G D2D networks.

Role Performance Trust-Based Access Control for Protecting Sensitive Attributes

Zhanjiang Wang,Shuoning Wang,Ling Wang 보안공학연구지원센터 2016 International Journal of Security and Its Applicat Vol.10 No.12

Preserving privacy is a challenge and requires the management of access control, which may be based on role, purpose or trust. There are many recent advances of access control models have been developed to avoid unauthorized users access to the privacy. However, there are still issues that impede the development of effective access control. The issue highlight in this paper is inappropriate access and use of sensitive attributes by authorized users. Therefore, it is critical to design an efficient access control model based on trust to protect sensitive attributes from untrusted user. In this paper, we propose a new access control model based on trust called role performance trust-based access control to permit trusted user access to sensitive attributes. Subsequently, we also propose a comprehensive policy to permit user access sensitive attributes based on two trust metrics namely user experience and behaviour. To evaluate the trustworthiness of authorized user, we propose a quantification method to measure those metrics. Based on the results, role performance trust-based access control may significantly permit or prohibit access to personal information, especially sensitive attributes by authorized users. This model is capable to solve the issue of authorized user without trust to access sensitive attributes.

분산 EPCIS 환경에서 RFID 비즈니스 데이터의 접근 메커니즘

박영욱,류우석,우문언,권준호,홍봉희 한국정보과학회 2012 데이타베이스 연구 Vol.28 No.1

RFID 기술은 최근 들어 물류, 군사, 의료 등 많은 응용 분야에서 활용되고 있다. RFID 태그의 위치 추적은 RFID 응용의기본적인 요구사항이다. EPCIS는 RFID 시스템에서 태그 이벤트를 저장하는 정보 저장소이다. RFID 태그의이동 정보는 해당 태그의이동 경로에 따라 여러 분산된 EPCIS에 저장되므로, 태그의추적을 위해서는 서로 다른 소속기관에 의해 관리되는 복수의EPCIS 시스템에 접근하는 것이 필요하다. EPCIS 별로 서로 다른 접근 제어 방식을 가지고 있게 되면 사용자가 개별 EPCIS 각각에 대해 인증 및 인가정보를 유지해야 하는 문제가 발생한다. 본 논문에서는 분산 EPCIS 환경에서 안전한접근 제어를 위한 접근-키 기반의 접근 제어 메커니즘을 제안한다. 제안하는 메커니즘에서 접근-키는 사용자의 인증 및 사용자 등록정보를 포함함으로써, 다른 EPCIS에서 접근-키를 기반으로 사용자를 인증하고 접근 권한을결정할 수 있도록 한다. 이 접근 권한을기반으로 EPCIS는 사용자의 질의를 재설정하여 주어진 권한에 적합한질의 결과를 생성한다. 분산 인증 처리를 통해 접근 제어의 가용성과 함께 처리 성능을 향상시키는 이점이 있다. 실험을 통해 본 논문에서 제안한 접근 제어 메커니즘에 의해 발생하는 EPCIS의 부하가 납득할 만한 수준임을 입증한다. Recently, RFID technology is widely used in logistics, military, health and other application fields. In RFID applications, with RFID tag mobility, RFID data are stored in distributed EPCISs which is RFID data repository component of RFID system. RFID track and trace ability are widespread demand in various applications.Its realization results in cross EPCIS data accessing in multiple organized RFID systems. In this study, we focus on RFID data access control in distributed EPCISs. To realize secure access control for distributed EPCISs access, an access-key based accesscontrol mechanism is proposed; in this mechanism, digitally signed access-key is designed to authenticate user and index user registration information which is necessary for user access right decision. Access-key based access control mechanism enables user to be authenticated by the EPCIS which the user registered in. Additionally, taking use of access-key, accessed EPCIS obtains user registration information for deciding user access right. Based on user access right, EPCIS enforces access control and onlyprovides authorized data to user. Compare with traditional centralized access control, proposed access-key based mechanism enhances availability of access control and it also improves performance of access control processing with distributed authentication process. At last, we check the access control overhead through experiments evaluation. The results of experiments show that the access control brings acceptable overhead.

IoT Open-Source and AI based Automatic Door Lock Access Control Solution

Sung Hoon Yoon,Kil Soo Lee,Jae Sang Cha,Vinayagam Mariappan,Ko Eun Young,Deok Gun Woo,Jeong Uk Kim 한국인터넷방송통신학회 2020 International Journal of Internet, Broadcasting an Vol.12 No.2

Recently, there was an increasing demand for an integrated access control system which is capable of user recognition, door control, and facility operations control for smart buildings automation. The market available door lock access control solutions need to be improved from the current level security of door locks operations where security is compromised when a password or digital keys are exposed to the strangers. At present, the access control system solution providers focusing on developing an automatic access control system using (RF) based technologies like bluetooth, WiFi, etc. All the existing automatic door access control technologies required an additional hardware interface and always vulnerable security threads. This paper proposes the user identification and authentication solution for automatic door lock control operations using camera based visible light communication (VLC) technology. This proposed approach use the cameras installed in building facility, user smart devices and IoT open source controller based LED light sensors installed in buildings infrastructure. The building facility installed IoT LED light sensors transmit the authorized user and facility information color grid code and the smart device camera decode the user informations and verify with stored user information then indicate the authentication status to the user and send authentication acknowledgement to facility door lock integrated camera to control the door lock operations. The camera based VLC receiver uses the artificial intelligence (AI) methods to decode VLC data to improve the VLC performance. This paper implements the testbed model using IoT open-source based LED light sensor with CCTV camera and user smartphone devices. The experiment results are verified with custom made convolutional neural network (CNN) based AI techniques for VLC deciding method on smart devices and PC based CCTV monitoring solutions. The archived experiment results confirm that proposed door access control solution is effective and robust for automatic door access control.

The Dynamic Access Control Model for Cloud Web Based on Repeated-game Theory

Yixuan Zhang,Jingsha He,Bin Zhao 보안공학연구지원센터 2015 International Journal of Grid and Distributed Comp Vol.8 No.4

Access control, what is a core technology in information security, has been widely used cloud web. It is used to distribute objects’ resources to subjects according to some principles. But until now, most traditional access control models are focused on the distributional principles; the security of systems is always ignored. Protecting data and resources in computers from threats and attacks is also an important aspect in access control, especially in cloud web where there are a great deal of threats and attacks. In this paper, we introduce the present situation and related work of access control. Then we analyze the security problems in computer systems with traditional access control model, and get the prisoner’s dilemma in it through Nash equilibrium. To solve this dilemma, we applied repeated-game theory to access control and build a new model RTAC. The ultimate goal of RTAC is to encourage subjects’ honest accesses and discourage subjects’ malicious accesses through Nash equilibrium. At last, we perform some experiments and show the advantages of RTAC over the traditional access control model.

Secure Attribute-Based Access Control with a Ciphertext-Policy Attribute-Based Encryption Scheme

Sadikin, Rifki,Park, Young Ho,Park, Kil Houm Korea Society of Industrial Information Systems 2014 한국산업정보학회논문지 Vol.19 No.1

An access control system is needed to ensure only authorized users can access a sensitive resource. We propose a secure access control based on a fully secure and fine grained ciphertext-policy attribute-based encryption scheme. The access control for a sensitive resource is ensured by encrypting it with encryption algorithm from the CP-ABE scheme parameterized by an access control policy. Furthermore, the proposed access control supports non-monotone type access control policy. The ciphertext only can be recovered by users whose attributes satisfy the access control policy. We also implement and measure the performance of our proposed access control. The results of experiments show that our proposed secure access control is feasible.