• Journal of Internet Computing and Services
• /
• v.7 no.6
• /
• pp.157-174
• /
• 2006

Ajax interaction model changes the posture of web application to become a stateful over HTTP. Ajax applications are long-lived inthe browser. XMLHTTPRequest (XHR) is used to facilitate the data exchange. Using HTTPS over this interaction is not viable because of the frequency of data exchange. Moreover, switching of protocols form HTTP to HTTPS for sensitive information is prohibited because of server-of-origin policy. The longevity, constraint, and asynchronous features of Ajax application need to hove a different authentication and session fondling mechanism that invoke re-authentication. This paper presents an authentication and session management scheme using Ajax. The scheme is design lo invoke periodic and event based re-authentication in the background using digest authentication with auto-generated password similar to OTP (One Time Password). The authentication and session management are wrapped into a framework called AWASec (Ajax Web Application Security) for coupling to avoid broken authentication and session management.

• The KIPS Transactions:PartA
• /
• v.11A no.2
• /
• pp.143-148
• /
• 2004

The session management overhead on the network systems like firewalls or intrusion detection systems is getting grown as the session table is glowing. In this paper. we propose the event-based timeout management policy to increase packet processing throughput on network systems by decreasing the system's timeout management overhead that is comparable to the existing time-based timeout management policies. Through some empirical studies using a session management system implemented in this paper we probed that the proposed policy provides better packet processing throughput than the existing policies.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.19 no.9
• /
• pp.2056-2063
• /
• 2015

Recently, as the service scale of cloud service is expanded, an anxiety due to concerns on new vulnerabilities and security related incidents and accidents are also increasing. This paper proposes a certification scheme for multiple session management of security sessions which are generated after the user authentication. The proposed session multiplexing scheme enables the independent management of security sessions in the level of virtualization (hypervisor) within the service provider. As a result of performance analysis, providing a strong safety due to session multiplexing and mutual authentication, and the superiority of performance was proven by comparing it with the existing mutual authentication encryption algorithms.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2014.10a
• /
• pp.387-389
• /
• 2014

It is preferred to the popularization of smart device business processes through mobile. The ratio of Internet access via mobile devices is reached 30% of PC in September 2012. It is reproduced in a mobile environment that security threats arising from the Internet. that is the characteristics of cyber security threats appearing on the mobile era. Web Application Service security research firm OWASP (The Open Web Application Security Project) issued Session Management threat. That threat will be reproduced in the mobile environment. But Mobile is significantly different from Desktop Computer about Session Management environment. This proceeding proposes a improved Session Management method in Mobile environment.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.10 no.3
• /
• pp.127-141
• /
• 2014

A Vehicle Tracking System consists of GPS tracking device which fits into the vehicle and captures the GPS location information at regular intervals to a central GIS server, and GIS tracking server providing three major responsibilities: receiving data from the GPS tracking unit, securely storing it, and serving this information on demand of the user. GPS based tracking systems supporting a multi-session processing among RMA, RM, and RCP can make a quick response to various services including other vehicle information between RSU and OBU on demand of the user. In this paper we design RSU lower layers and RCP applications in OBU for a multisession processing simulation and test message processing transactions among RMA-RM and RM-RCP. Furthermore, we implement the additional functions of handling access commands simultaneously on multiple service resources which are appropriate for the experimental testing conditions. In order to make a multi-session processing test, it reads 30 resource data,0002/0001 ~ 0002/0030, in total and then occurs 30 session data transmissions simultaneously. We insert a sequence number field into a special header of dummy data as a corresponding response to check that the messages are received correctly. Thus, we find that GIS service system with a multi-session processing is able to provide additional 30 services in a same speed of screen presentation loading while identifying the number of session processing of Web GIS service, the number of OBU service, and the speed of screen presentation loading by comparing a single session and a multi-session of GIS service system.

• The Journal of Korea Institute of Information, Electronics, and Communication Technology
• /
• v.1 no.3
• /
• pp.17-20
• /
• 2008

This paper describes an access control which is running on SIP(Session Initiation Protocol) environment for computer supported cooperated works. Session management include function of session creation, session end, late comer process, and access control. But, conventional framework for access control SIP environment for computer supported cooperated works environment has not yet fully progressed. Therefore, this paper suggests an access control based on SIP environment for computer supported cooperated works environment to maintain good session condition.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.14 no.3
• /
• pp.1263-1279
• /
• 2020

Activating appropriate roles for a session in the role-based access control (RBAC) model has become challenging because of the so-called role explosion. In this paper, factors and issues related to user-driven role management are analysed, and a session role activation (SRA) problem based on reasonable assumptions is proposed to describe the problem of such role management. To solve the SRA problem, we propose an extended RBAC model with context-based role filtering. When a session is created, context conditions are used to filter roles that do not need to be activated for the session. This significantly reduces the candidate roles that need to be reviewed by the user, and aids the user in rapidly activating the appropriate roles. Simulations are carried out, and the results show that the extended RBAC model is effective in filtering the roles that are unnecessary for a session by using predefined context conditions. The extended RBAC model is also implemented in the Apache Shiro framework, and the modifications to Shiro are described in detail.

• Journal of Advanced Navigation Technology
• /
• v.16 no.1
• /
• pp.145-150
• /
• 2012

This paper explains a performance analysis of an error detection system running on nested session management of cloud computing collaboration environment using rule-based DEVS modeling and simulation techniques. In DEVS, a system has a time base, inputs, states, outputs, and functions. This paper explains the design and implementation of the FDA(Fault Detection Agent). FDA is a system that is suitable for detecting software error for multimedia remote control based on nested session management of cloud computing collaboration environment.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.18 no.3
• /
• pp.3-8
• /
• 2008

Ephemeral data are easily revealed if state specific information is stored in insecure memory or a random number generator is corrupted. In this letter, we show that Nam et al.'s group key agreement scheme, which is an improvement of Bresson et al.'s scheme, is not secure against session-state reveal attacks. We then propose an improvement to fix the security flaw.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.11 no.1
• /
• pp.466-483
• /
• 2017

Zen Cart is an open-source online store management system. It is used all over the world because of its stability and safety. Today, Zen Cart's session security mechanism is mainly used to verify user agents and check IP addresses. However, the security in verifying the user agent is lower and checking the IP address can affect the user's experience. This paper, which is based on the idea of session protection as proposed by Ben Adida, takes advantage of the HTML5's sessionStorage property to store the shared keys that are used in HMAC-SHA256 encryption. Moreover, the request path, current timestamp, and parameter are encrypted by using HMAC-SHA256 in the client. The client then submits the result to the web server as per request. Finally, the web server recalculates the HMAC-SHA256 value to validate the request by comparing it with the submitted value. In this way, the Zen Cart's open-source system is reinforced. Owing to the security and integrity of the HMAC-SHA256 algorithm, it can effectively protect the session security. Analysis and experimental results show that this mechanism can effectively protect the session security of Zen Cart without affecting the original performance.