• Proceedings of the Korean Information Science Society Conference
• /
• 2002.04a
• /
• pp.229-231
• /
• 2002

현재의 전자상거래는 어떠한 물건이나 권리에 대해 거래할 경우 신용카드나 전자 화폐를 통한 유통과, 티켓 소유자의 특정한 권리를 보증하는 증명서 역할을 하는 디지털-티켓[1]에 의한 유통이 이루어지고 있다. 티켓 유통이 실행되면서 디지털-티켓은 악의의 사용자나 공급자로부터 티켓의 복제, 변경, 위조로부터의 보호와 사용자의 인증과 부인방지가 요구된다. 이에 본 논문에서는 디지털-티켓 시스템에 공개키 암호 기술과 토큰을 이용하여 프로토콜을 설계하여 티켓의 정당성과 유효성을 검증하고 신뢰된 티켓검증서버(TVS: Ticket Verification Server)를 통하여 티켓 소유자의 소유권을 검증하는 디지털-티켓 유통 프로토콜을 제안한다. TVS는 인터넷에 연결되어 사용자가 언제든지 자신만이 티켓의 유일한 소유자라는 것을 확인한 수 있고 소유한 티켓의 유효성을 검증할 수 있다.

• The Journal of Society for e-Business Studies
• /
• v.12 no.4
• /
• pp.29-36
• /
• 2007

Recently, Jaiswal et al. proposed a protocol to improve the multi-agent negotiation test-bed which was proposed by Collins et al. Using publish/subscribe system, time-release cryptography and anonymous communication, their protocol gives an improvement on the old one. However, it is shown that the protocol also has some security weaknesses: such as replay data attack and DOS (denial-of-service) attack, anonymity disclosure, collusion between customers and a certain supplier. So proposed protocol reduces DOS attack and avoids replay data attack by providing ticket token and deal sequence number to the supplier. And it is proved that the way that market generates random number to the supplier is better than the supplier do by himself in guaranteeing anonymity. Market publishes interpolating polynomial for sharing the determination process data. It avoids collusion between customer and a certain supplie

• Convergence Security Journal
• /
• v.13 no.2
• /
• pp.155-163
• /
• 2013

Connection hijacking attack using the vulnerability of the TCP protocol to redirect TCP stream goes through your machine actively (Active Attack). The SKEY such as one-time password protection mechanisms that are provided by a ticket-based authentication system such as Kerberos or redirection, the attacker can bypass.Someone TCP connection if you have access on TCP packet sniffer or packet generator is very vulnerable. Sniffer to defend against attacks such as one-time passwords and token-based authentication and user identification scheme has been used. Active protection, but these methods does not sign or encrypt the data stream from sniffing passwords over insecure networks, they are still vulnerable from attacks. For many people, an active attack is very difficult and so I think the threat is low, but here to help break the illusion successful intrusion on the UNIX host, a very aggressive attack is presented. The tools available on the Internet that attempt to exploit this vulnerability, known as the recent theoretical measures is required. In this paper, we propose analysis techniques on a wireless network intruder detection.