Browse > Article
http://dx.doi.org/10.33778/kcsa.2019.19.4.115

Study on the Security Threat Factors of Social Network Services  

Jeon, Jeong Hoon (동덕여자대학교/컴퓨터학과)
Publication Information
Convergence Security Journal / v.19, no.4, 2019 , pp. 115-121 More about this Journal
Abstract
Recently, as the use of smart devices is becoming more common, various and convenient services are being developed. Among these services, the Social Network Service(SNS) is easily accessible anywhere, anytime. In particular, as well as sharing information, it forms a social relationship in cyberspace to expand new connections, and the SNS account is used as an authentication means of other services to provide users with speed and convenience at all times. However, despite the many advantages of SNS, due to security vulnerabilities occurring in the interworking process with various services, accidents of personal information are constantly occurring, and it is urgent to prepare countermeasures against potential risk factors. It is a necessary situation. Therefore, in this paper, the use of SNS is expected to increase rapidly in the future, and it is expected that it will be used as the basic data for developing the countermeasures by learning the countermeasures according to the security threats of the SNS.
Keywords
SNS; OAuth; OpenID; Threat Factor; CSRF; Covert Redirect; OWASP;
Citations & Related Records
연도 인용수 순위
  • Reference
1 김윤화, "SNS(소셜 네트워크 서비스)이용추이 및 이용행태분석," 정보통신정책연구원(KISDI), 2018.6.15.
2 정유진, 배국진, "소셜 네트워크 서비스의 동향과 전망,"한국과학기술연구원, Emerging Issue Report, 2007
3 https://www.statista.com/statistics/898811/south-koreasocial-network-service-weekly-usage-frequency/
4 유선실, "해외 소셜 네트워크 서비스 동향," Vol.29, No.19-656, 정보통신정책연구원, 2017
5 M. McGloin, "OAuth 2.0 Threat Model and Security Considerations," draft-ietf-oauth-v2-threatmodel-06, 2012.6
6 https://d2.naver.com/helloworld/24942
7 https://security.stackexchange.com/questions/44797/when-do-you-use-openid-vs-openid-connect
8 https://connect2id.com/learn/openid-connect
9 https://ko.wikipedia.org/wiki/OWASP
10 박형수, "보안코드를 이용한 OAuth 인증강화방안," 아주대학교 대학원 학위논문(석사), 2016.12
11 https://meetup.toast.com/posts/105
12 https://www.hahwul.com/2019/06/oauth-chained-bugs-to-leak-oauth-token.html
13 이병천, "OAuth 2.0 MAC 토큰인증의 효율성 개선을 위한 무상태 난수화토큰인증," 한국정보보호학회, Vol.28, No.6, 2018.12
14 https://habr.com/en/post/449182/
15 정미경, "소셜네트워크 OAuth 서비스의 취약점에 관한 연구," 성균관대학교 2012.12
16 김진욱 외 3명, "OAuth를 이용한 로그아웃 문제로 인한 취약점 방지기법에 대한 연구," 한국정보보호학회, Vol.27, No.1, 2017.2
17 https://medium.com/securing/what-is-going-on -with-oauth-2-0-and-why-you-should-not-use-it-for-authentication-5f47597b2611
18 https://threatpost.com/oauth-2-0-hack-exposes-1-billion-mobile-apps-to-account-hijacking/121889/
19 이상원, "소셜 네트워크 게임(SNG) 서비스의 개인정보 노출 및 보안위협에 대한 연구," 고려대학교, 2014.12