• Title/Summary/Keyword: Replay

Search Result 318, Processing Time 0.024 seconds

Design and Implementation of OTP Based Authentication Mechanism for Web Service (OTP 기반의 웹서비스 인증 메커니즘 설계 및 구현)

  • Song, You-Jin;Lee, Dong-Hyeok
    • The Journal of Society for e-Business Studies
    • /
    • v.10 no.2
    • /
    • pp.89-108
    • /
    • 2005
  • The SOAP specifications are not provided a functions of information security, especially authentication function. In case of user authentication, delivery of the username and password elements can be exposed to sniffing/replay attack by malicious attacker. In this paper, we propose a new mechanism to protect authentication attacks for the SOAP messages. The proposed mechanism is compensated for weakness of S/KEY system. Our mechanism has no limitation for time and overhead and also provide a more effective and secure delivery.

  • PDF

A Secure Protocol for the Electronic Auction (전자경매를 위한 보안 프로토콜)

  • Shi, Wenbo;Jang, In-Joo;Yoo, Hyeong-Seon
    • The Journal of Society for e-Business Studies
    • /
    • v.12 no.4
    • /
    • pp.29-36
    • /
    • 2007
  • Recently, Jaiswal et al. proposed a protocol to improve the multi-agent negotiation test-bed which was proposed by Collins et al. Using publish/subscribe system, time-release cryptography and anonymous communication, their protocol gives an improvement on the old one. However, it is shown that the protocol also has some security weaknesses: such as replay data attack and DOS (denial-of-service) attack, anonymity disclosure, collusion between customers and a certain supplier. So proposed protocol reduces DOS attack and avoids replay data attack by providing ticket token and deal sequence number to the supplier. And it is proved that the way that market generates random number to the supplier is better than the supplier do by himself in guaranteeing anonymity. Market publishes interpolating polynomial for sharing the determination process data. It avoids collusion between customer and a certain supplie

  • PDF

The Effects of Mediated Computer Environments on Young Children's Representation of Replay (컴퓨터와 교사의 상호작용이 유아의 재연에 대한 표상력의 발달에 미치는 효과)

  • Park, Sun Hee
    • Korean Journal of Child Studies
    • /
    • v.15 no.2
    • /
    • pp.97-116
    • /
    • 1994
  • This study investigated the effect of young children's interaction with a teacher and computer environments on their development of representational competence cf replay, the children's ability to construct and reconstruct actions. A pretest-posttest design with one experimental group and one control group was used; quantitative analyses, including interview assessments and coded observations of children's work in the context of educational interventions were supplemented by qualitative analyses of this work. Thirty-nine children (2-5 years of age) were randomly assigned to either an experimental or control group. The educational intervention provided to the experimental group involved a sequence of twenty sessions incorporating a series of three computer environments. A teaching strategy, based on Vygotsky's Zone of Proximal Development (ZPD) and Sigel's distancing theory, was used to mediate children's interaction with these computer environments. Results indicated that children's representational competence kept developing and reached a higher stage and the educational intervention fostered the development of representational competence, with strong evidence of near transfer but no evidence of far transfer. These results suggest that representational competence is a teachable concept and that a complex mediating structure allows children to reconstruct their previous experiences and apply them to problem situations.

  • PDF

A Data-Consistency Scheme for the Distributed-Cache Storage of the Memcached System

  • Liao, Jianwei;Peng, Xiaoning
    • Journal of Computing Science and Engineering
    • /
    • v.11 no.3
    • /
    • pp.92-99
    • /
    • 2017
  • Memcached, commonly used to speed up the data access in big-data and Internet-web applications, is a system software of the distributed-cache mechanism. But it is subject to the severe challenge of the loss of recently uncommitted updates in the case where the Memcached servers crash due to some reason. Although the replica scheme and the disk-log-based replay mechanism have been proposed to overcome this problem, they generate either the overhead of the replica synchronization or the persistent-storage overhead that is caused by flushing related logs. This paper proposes a scheme of backing up the write requests (i.e., set and add) on the Memcached client side, to reduce the overhead resulting from the making of disk-log records or performing the replica consistency. If the Memcached server fails, a timestamp-based recovery mechanism is then introduced to replay the write requests (buffered by relevant clients), for regaining the lost-data updates on the rebooted Memcached server, thereby meeting the data-consistency requirement. More importantly, compared with the mechanism of logging the write requests to the persistent storage of the master server and the server-replication scheme, the newly proposed approach of backing up the logs on the client side can greatly decrease the time overhead by up to 116.8% when processing the write workloads.

Development of a Web-based Digital Notary System Conforming International Standards (국제 표준을 준수하는 웹 전자 공증 시스템의 개발)

  • 장혜진
    • Journal of the Korea Academia-Industrial cooperation Society
    • /
    • v.5 no.1
    • /
    • pp.16-20
    • /
    • 2004
  • This paper developed a secure web-based digital notary system. The system conforms to international standards, and gives users very good accessibility to it. The technologies and the application systems for timestamp-related services are not yet popularized, but they are potentially meaningful to many kinds of areas such as ecommerces, digital right managements, and internet mail systems. The digital notary system uses the timestamp requests and responses which conforms to rfc 3161. The system supports secure communication between web-based notary server and its clients by using SSL(Secure Socket Layer), and use nonces for prevention of replay attacks.

  • PDF

A Study on Improvement of Mechanism for Secure Handoff in Wireless Networks (무선랜 환경에서 안전한 핸드오프를 위한 메커니즘 개선에 관한 연구)

  • Cho, Ji-Hoon;Jeon, Joon-Hyeon
    • The Journal of Korean Institute of Communications and Information Sciences
    • /
    • v.30 no.11A
    • /
    • pp.1047-1055
    • /
    • 2005
  • One of major characteristics in wireless LAN is terminal's frequent mobility, so it makes many overheads in the process of authentications repeatedly at each handoffs. So I propose IAPP(Inter Access Point Protocol) of IEEE 802.11f, modified context block and 4 way handshake of IEEE 802.11i, in order to implement secure and rapid handoff. The context block. I proposed, doesn't makes any communication with RADIUS server at handoff period. Therefore, it guarantee higher efficiency than existing handoff mechanisms. Also it can improve security vulnerability by padding authentication field in the context block for providing in advance against Replay and DoS(Denial of Service) attacks.

An RFID Mutual Authentication Protocol Using One-Time Random Number (일회성 난수를 사용한 RFID 상호인증 프로토콜)

  • Oh, Se-Jin;Chung, Kyung-Ho;Yun, Tae-Jin;Abn, Kwang-Seon
    • The Journal of Korean Institute of Communications and Information Sciences
    • /
    • v.36 no.7B
    • /
    • pp.858-867
    • /
    • 2011
  • The RFID(Radio-Frequency IDentification) systems have many security problem such as eavesdropping, a replay attack, location tracking and DoS(Denial of Service) attacks. Because RFID systems use radio-frequency. So research are being made to solve the problem of RFID systems, one of which is AES algorithm. This paper presents an authentication protocol using AES and one-time random number to secure other attacks like eavesdropping, a replay attack, location tracking, In addtion, RSMAP uses OTP(One-Time Pad) in order to safely transmit.

An Analysis Tool for Flight Test of Airborne Display Software (항공기 시현계통 소프트웨어의 비행시험을 위한 분석도구)

  • Lee, Yong-Rae;Choi, Eu-Teum;Jun, Yong-Kee
    • Journal of the Korean Society for Aeronautical & Space Sciences
    • /
    • v.46 no.11
    • /
    • pp.961-968
    • /
    • 2018
  • Airborne display systems provide pilots with a variety of information needed to operate aircraft. Software faults in the display system can seriously affect the operation of the aircraft, because it can provide inaccurate information to the pilot. Therefore, the software faults are identified and eliminated through ground testing and flight testing. This paper presents an analysis tool called FDR (flight data replay) for flight test of airborne display software. This tool works in real time with the mission computer of aircraft. Also, the tool reproduces the functional error conditions that appear in the display systems by applying flight test data to the display software.

Cryptanalysis on the Authentication Mechanism of the NateOn Messenger (네이트온 메신저의 사용자 인증 메커니즘에 대한 취약점 분석)

  • Shin, Dong-Hwi;Choi, Youn-Sung;Park, Sang-Joon;Won, Dong-Ho;Kim, Seung-Joo
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.17 no.1
    • /
    • pp.67-80
    • /
    • 2007
  • Nateon Messenger, which has the most number of users in Korea, supports many services such as E-mail, note, Cyworld, SMS, etc. In this paper, we will analyse the authentication traffic which is transmitted and received by the Nateon Messenger. Through performing the replay attack with the authentication information, we will show that an attacker can be authenticated illegally. Furthermore, we will show that other domestic messengers have similar security problems.

An Analysis of Replay Attack Vulnerability on Single Sign-On Solutions (Single Sign-On 솔루션의 재전송 공격 취약점 분석)

  • Maeng, Young-Jae;Nyang, Dae-Hun
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.18 no.1
    • /
    • pp.103-114
    • /
    • 2008
  • Single Sign-On is an authentication scheme that enables a user to authenticate once and then to access to the resources of multiple software systems without re-authentication. As web services are being integrated into a single groupware, more web sites are adopting for user convenience. However, these Single Sign-On services are very dependent upon the cookies and thus, simple eavesdropping enables attackers to hiject the user's session. Even worse, the attacker who hijacked one session can move to another site through the Single Sign-On. In this paper, we show the vulnerabilities of the top ranked sites regarding this point of view and also propose a way to protect a user's session.