• Title/Summary/Keyword: Account Takeover

Search Result 2, Processing Time 0.014 seconds

A Study on Unconsciousness Authentication Technique Using Machine Learning in Online Easy Payment Service (온라인 간편 결제 환경에서 기계학습을 이용한 무자각 인증 기술 연구)

  • Ryu, Gwonsang;Seo, Changho;Choi, Daeseon
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.27 no.6
    • /
    • pp.1419-1429
    • /
    • 2017

  • Recently, environment based authentication technique had proposed reinforced authentication, which generating statistical model per user after user login history classifies into account takeover or legitimate login. But reinforced authentication is likely to be attacked if user was not attacked in past. To improve this problem in this paper, we propose unconsciousness authentication technique that generates 2-Class user model, which trains user's environmental information and others' one using machine learning algorithms. To evaluate performance of proposed technique, we performed evasion attacks: non-knowledge attacker that does not know any information about user, and sophisticated attacker that only knows one information about user. Experimental results against non-knowledge attacker show that precision and recall of Class 0 were measured as 1.0 and 0.998 respectively, and experimental results against sophisticated attacker show that precision and recall of Class 0 were measured as 0.948 and 0.998 respectively.

  • https://doi.org/10.13089/JKIISC.2017.27.6.1419 인용 PDF KSCI HTML

A Blockchain-based User Authentication Model Using MetaMask (메타마스크와 연동한 블록체인 기반 사용자 인증모델)

  • Choi, Nakhoon;Kim, Heeyoul
    • Journal of Internet Computing and Services
    • /
    • v.20 no.6
    • /
    • pp.119-127
    • /
    • 2019

  • This paper proposes a new authentication model to solve the problem of personal information takeover and personal information theft by service providers using centralized servers for user authentication and management of personal information. The centralization issue is resolved by providing user authentication and information storage space through a decentralize platform, blockchain, and ensuring confidentiality of information through user-specific symmetric key encryption. The proposed model was implemented using the public-blockchain Ethereum and the web-based wallet extension MetaMask, and users access the Ethereum main network through the MetaMask on their browser and store their encrypted personal information in the Smart Contract. In the future, users will provide their personal information to the service provider through their Ethereum Account for the use of the new service, which will provide user authentication and personal information without subscription or a new authentication process. Service providers can reduce the costs of storing personal information and separate authentication methods, and prevent problems caused by personal information leakage.

  • https://doi.org/10.7472/jksii.2019.20.6.119 인용 PDF KSCI HTML