• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.6
• /
• pp.1343-1354
• /
• 2018

OAuth 2.0 bearer token and JWT(JSON web token), current standard technologies for authentication and authorization, use the approach of sending fixed token repeatedly to server for authentication that they are subject to eavesdropping attack, thus they should be used in secure communication environment such as HTTPS. In OAuth 2.0 MAC token which was devised as an authentication scheme that can be used in non-secure communication environment, server issues shared secret key to authenticated client and the client uses it to compute MAC to prove the authenticity of request, but in this case server has to store and use the shared secret key to verify user's request. Therefore, it's hard to provide stateless authentication service. In this paper we present a randomized token authentication scheme which can provide stateless MAC token authentication without storing shared secret key in server side. To remove the use of HTTPS, we utilize secure communication using server certificate and simple signature-based login using client certificate together with the proposed randomized token authentication to achieve the fully stateless authentication service and we provide an implementation example.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2016.05a
• /
• pp.348-351
• /
• 2016

Recently on IoT environment, there is necessary of protected network, which is only specific user can access it. Applying OAuth protocol on IoT, it can be easier to construct network authentication system, but it is hard to construct protected network authentication system. And there is weakness of OAuth protocol, which is easily attacked by sniffing Token by attacker. So, it is necessary to secondary authentication for OAuth. In ultimate IoT, the fog computing is essential. Fog computing is extension of cloud that enables networking not only in core system but also in edge system and communication node to node. Strength of fog computing is location awareness, support for mobility, and so on. If authentication in fog computing uses this strength, it can be more specialized in Fog Computing. So, in secondary Authentication, using Cyber-Physical-Social System will increase convenience of user than using existing authentication system, such as authentication certificate, id/password and group key, which is inconvenient for user. This study is about authentication based Cyber-Physical-Social System.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.2
• /
• pp.373-381
• /
• 2017

Currently, various types of user authentication methods based on public certificates are used in domestic financial transactions. Such an authorized certificate method has a problem that a different security module must be installed every time a user connects an individual financial company to a web server. Also, the financial company relying on this authentication method has a problem that a new security module should be additionally installed for each financial institution whenever a next generation authentication method such as biometric authentication is newly introduced. In order to solve these problems, we propose an integrated authentication system that handles user authentication on behalf of each financial institution in financial transactions, and proposes an integrated authentication protocol that handles secure user authentication between user and financial company web server. The new authentication protocol is a modified version of OAuth2.0 that increases security and efficiency. It is characterized by performing a challenge-response protocol with a pre-shared secret key between the authentication server and the financial company web server. This gives users a convenient and secure Single Sign-On (SSO) effect.

• Journal of Internet Computing and Services
• /
• v.16 no.1
• /
• pp.21-28
• /
• 2015

Currently there are wide variety of web services and applications available for users. Such services restrict access to only authorized users, and therefore its users often need to go through the inconvenience of getting an authentication from each service every time. To resolve of such inconvenience, a third party application with OAuth(Open Authorization) protocol that can provide restricted access to different web services has appeared. OAuth protocol provides applicable and flexible services to its users, but is exposed to reply attack, phishing attack, impersonation attack. Therefore we propose method that after authentication Access Token can be issued by using the E-mail authentication. In proposed method, regular user authentication success rate is high when value is 5 minutes. However, in the case of the attacker, the probability which can be gotten certificated is not more than the user contrast 0.3% within 5 minutes.

• Journal of Digital Convergence
• /
• v.12 no.8
• /
• pp.289-294
• /
• 2014

Recently, the various web service and applications are provided to the user. As to these service, because of providing the service to the authenticated user, the user undergoes the inconvenience of performing the authentication with the service especially every time. The OAuth(Open Authorization) protocol which acquires the access privilege in which 3rd Party application is limited on the web service in order to resolve this inconvenience appeared. This OAuth protocol provides the service which is convenient and flexible to the user but has the security vulnerability about the authorization acquisition. Therefore, we propose the method that analyze the security vulnerability which it can be generated in the OAuth 2.0 protocol and secure user authority authentication method.

• Journal of Digital Convergence
• /
• v.14 no.7
• /
• pp.373-383
• /
• 2016

With mobile-epoch and emerging of Fin-tech, Bio-recognition technology utilizing bio-information in secure method has spread. Specially, In order to change convenient payment services and transportation cards, the combination of biometrics and mobile services are being expanded. The basic concept of authentication such as access control, IA&A, OpenID, OAuth 1.0a, SSO, and Biometrics techniques are investigated, and the protocol stack for security API platform, FIDO, SCIM, OAuth 2.0, JSON Identity Suite, Keystone of OpenStack, Cloud-based SSO, and AIM Agent are described detailed in aspect of application of AIM. The authentication technology in domestic and foreign will accelerate technology development and research of standardization centered in the federated FIDO Universal Authentication Framework(UAF) and Universal 2 Factor Framework(U2F). To accommodate the changing needs of the social computing paradigm recently in this paper, the trends of various authentication technology, and design and function of AIM framework was defined.

• KIPS Transactions on Computer and Communication Systems
• /
• v.6 no.8
• /
• pp.329-342
• /
• 2017

Recently, interest and investment in the Internet of Things (IoT) have increased significantly, and security issues are constantly being raised. As a solution, the IETF ACE Working Group is establishing the ACE framework standard, which is a new security framework for various constrained IoT environments based on the existing OAuth 2.0. However, additional work is required to apply the ACE framework, which proposes a new lightweight security system, to the existing Internet environment, and this additional cost is a factor that hinders the application of OAuth 2.0 to the IOT environment. Therefore, we propose an IoT authentication framework based on OAuth 2.0's existing development motivation, and implement a proposal framework based on CoAPthon and analyze its performance.

• Genomics & Informatics
• /
• v.14 no.1
• /
• pp.20-28
• /
• 2016

Internet addiction (IA) has become a widespread and problematic phenomenon as smart devices pervade society. Moreover, internet gaming disorder leads to increases in social expenditures for both individuals and nations alike. Although the prevention and treatment of IA are getting more important, the diagnosis of IA remains problematic. Understanding the neurobiological mechanism of behavioral addictions is essential for the development of specific and effective treatments. Although there are many databases related to other addictions, a database for IA has not been developed yet. In addition, bioinformatics databases, especially genetic databases, require a high level of security and should be designed based on medical information standards. In this respect, our study proposes the OAuth standard protocol for database access authorization. The proposed IA Bioinformatics (IABio) database system is based on internet user authentication, which is a guideline for medical information standards, and uses OAuth 2.0 for access control technology. This study designed and developed the system requirements and configuration. The OAuth 2.0 protocol is expected to establish the security of personal medical information and be applied to genomic research on IA.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.2
• /
• pp.417-429
• /
• 2019

WPA2-PSK uses a 4-way handshake protocol based on a shared secret to establish a secure session between a client and an AP. It has various security problems such as eavesdropping attacks and the secure session establishment process is inefficient because it requires multiple interactions between client and AP. The WPA3 standard has recently been proposed to solve the security problem of WPA2, but it is a small improvement using the same 4-way handshake methodology. OAuth 2.0 token authentication is widely used on the web, which can be used to keep an authenticated state of a client for a long time by using tokens issued to an authenticated client. In this paper, we apply the dual-token based randomized token authentication technology to the Wi-Fi security protocol to achieve an efficient Wi-Fi security protocol by dividing initial authentication and secure session establishment. Once a client is authenticated and equipped with dual tokens issued by AP, it can establish secure session using them quickly with one message exchange over a non-secure channel.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.15 no.4
• /
• pp.153-159
• /
• 2015

With information technology and health care, efficient health data management provides various health services. Health data from hospitals patients and healthy persons use stacked up enables to trace health condition and to manage health effectively and to reduce healthcare cost. In this paper, we design and implement a framework for relaying health data from various hospitals to cloud storage for manage health condition. For efficient authentication of the framework with cloud storage, OAuth2 protocal is adopted. The proposed health data relay framework can be used for developing various health services with the stacked data in the cloud storage.