• 사물인터넷융복합논문지
• /
• 제4권2호
• /
• pp.13-20
• /
• 2018

본 논문은 최근 대두된 신기술인 '블록체인' 기술을 기반으로 'Single-Sign-On'과 'Token 기반 인증 방식'을 접목한 인증 시스템을 제안하였다. Single-Sign-On 기반 인증 방식에 블록체인 기술을 접목하여 '접근제어' 기능과 '무결성'을 제공하였으며, Token 기반 인증 방식을 사용하여 Stateless한 Self-Contained 인증 기능을 제공하였다. 암호화 기반 Token 발급 및 인증 과정을 수행하여 보안성을 높일 수 있었으며, Web Server에 대한 인증 편리성을 제공하였다. 또한 SSO과 Token 기반 인증을 통해 번거로운 인증 과정을 보다 편리하게 개선할 수 있는 방법을 제시하였다.

• 한국정보처리학회:학술대회논문집
• /
• 한국정보처리학회 2017년도 추계학술발표대회
• /
• pp.200-202
• /
• 2017

To improve the security of OAuth 2.0 access token transportation and satisfy the challenge of resources constraint caused by the bearer token access mechanism of the OAuth 2.0, we proposed an extensional client authentication scheme that is based on the Proof-of-Possession (PoP) token mechanism. By improving the integrity of PoP token, we bind a PoP key of a public/private key pair to the PoP token. The authorization server and the resource server can authenticate the identity of the client by verifying whether the client has the possession of the PoP token. If the client can prove that it has a PoP key that matches the PoP token, then the identity of the client can be authenticated. This experimental evaluation can confirm that this scheme effectively dealing with the issue of client identity authentication and reduce resources consumption.

• 한국통신학회논문지
• /
• 제29권1B호
• /
• pp.86-100
• /
• 2004

To provide the end-to-end service differentiation for assured services, the random early demotion and promotion (REDP) marker in the edge router at each domain boundary monitors the aggregate flow of the incoming in-profile packets and demotes in-profile packets or promotes the previously demoted in-profile packets at the aggregate flow level according to the negotiated interdomain service level agreement (SLA). The REDP marker achieves UDP fairness in demoting and promoting packets through random and early marking decisions on packets. But, TCP fairness of the REDP marker is not obvious as for UDP sources. In this paper, to improve TCP fairness of the REDP marker, we propose a modified REDP marker where we combine a dropper, meters and a token filling rate configuration component with the REDP marker. To make packet transmission rates of TCP flows more fair, at the aggregate flow level the combined dropper drops incoming excessive in-profile packets randomly with a constant probability when the token level in the leaky bucket stays in demotion region without incoming demoted in-profile packets. Considering the case where the token level cannot stay in demotion region without the prior demotion, we propose a token filling rate configuration method using traffic meters. By using the token filling rate configuration method, the modified REDP marker newly configures a token filling rate which is less than the negotiated rate determined by interdomain SLA and larger than the current input aggregate in-profile traffic rate. Then, with the newly configured token filling rate, the token level in the modified REDP marker can stay in demotion region pertinently fir the operation of the dropper to improve TCP fairness. We experiment with the modified REDP marker using ns2 simulator fur TCP sources at the general case where the token level cannot stay in demotion region without the prior demotion at the negotiated rate set as the bottleneck link bandwidth. The simulation results demonstrate that through the combined dropper with the newly configured token filling rate, the modified REDP marker also increases both aggregate in-profile throughput and link utilization in addition to TCP fairness improvement compared to the REDP marker.

• 제어로봇시스템학회:학술대회논문집
• /
• 제어로봇시스템학회 2001년도 ICCAS
• /
• pp.57.2-57
• /
• 2001

Timed token protocols inadequately provide periodic communication service, although this is crucial for hard real time systems. We propose an approach to guaranteeing periodic communication service on a timed token protocol network. In this approach, we allocate bandwidth to each node so that the summation of bandwidth allocations is Target Token Rotation Time (TTRT). If a node cannot consume the allocated time, the residual time can be used by other nodes for non-periodic service using a timer which contains the unused time value and is appended to the token. This approach can always guarantee transmission of real-time messages before their deadlines when the network utilization is less than 50%.

• 한국통신학회논문지
• /
• 제34권6B호
• /
• pp.553-558
• /
• 2009

IEEE 802.11 네트워크에서 업링크와 다운링크 간 TCP 공평성 보장을 위한 여러 연구가 진행되어 왔다. 하지만 제안된 방법들은 하나의 스테이션이 여러 개의 TCP 업링크 스트림들을 동시에 사용하여 업링크 대역폭을 독점하는 불공평성 문제에는 효과적이지 못하다. 이러한 문제에 대해 본 논문에서는 AP가 각 업링크 스테이션마다 token bucket을 지정하여 전송 대역폭 독점을 막는 방을 제안한다. 이 방법은 업링크와 다운링크 간의 공평성도 보장할 수 있다. 제안 방법은 token bucket을 사용할 때 나타날 수 있는 전승 대역폭의 utilization 저하를 막기 위해 스테이션 간에 잉여 token을 이동할 수 있도록 한다. 이러한 token 이동을 통해 공평성과 utilization간의 균형을 맞출 수 있다. 시뮬레이션을 통해 제안 방식이 업링크 스테이션간의 내역폭 사용의 공평성은 물론, 업링크와 다운링크간의 공평성도 보장함을 확인할 수 있었다.

• IEIE Transactions on Smart Processing and Computing
• /
• 제3권5호
• /
• pp.251-258
• /
• 2014

This paper proposes an efficient token flow design methodology for a decoder in the MPEG Reconfigurable Media Coding (RMC) framework. The MPEG RMC framework facilitates a decoder to be configured with a set of modules called functional units (FUs) that are connected by tokens. Such a modular design philosophy of the MPEG RMC framework enables the reusability and reconfigurability of FUs. One drawback of the MPEG RMC framework is that the decoder performance can be affected by increasing the token transmissions between FUs. The proposed method improves the design of the FU network in the RMC framework toward real-time decoder implementation. In the proposed method, the merging of FU, the separation of token flow, and the merging of token transactions are applied to minimize the token traffic between FUs. The experimental results of the MPEG-4 SP decoder show that the proposed method reduces the total decoding time by up to 77 percent compared to the design of the RMC simulation model.

• JSTS:Journal of Semiconductor Technology and Science
• /
• 제12권2호
• /
• pp.240-253
• /
• 2012

In this paper we propose a protection mechanism for the debug port. While debug ports are useful tools for embedded device development and maintenance, they can also become potential attack tools for device hacking in case their usage is permitted to hackers with malicious intentions. The proposed approach prevents illicit use of debug ports by controlling access through user authentication, where the device generates and issues authentication token only to the server-authenticated users. An authentication token includes user access information which represents the user's permitted level of access and the maximum number of authentications allowed using the token. The device authenticates the user with the token and grants limited access based on the user's access level. The proposed approach improves the degree of overall security by removing the need to expose the device's secret key. Availability is also enhanced by not requiring server connection after the initial token generation and further by supporting flexible token transfer among predefined device groups. Low implementation cost is another benefit of the proposed approach, enabling it to be adopted to a wide range of environments in demand of debug port protection.

• 한국군사과학기술학회지
• /
• 제2권1호
• /
• pp.159-169
• /
• 1999

최근 전산망의 트래픽을 제어하여 해킹방지를 위해 방화벽을 구축한다. 방화벽의 보안 서비스는 인증, 접근통제, 기밀성, 무결성 그리고 감사기록 이다. 사용자는 방화벽에 인증을 위하여 토큰을 사용한다. 토큰은 작은 배터리를 내장하므로 전력 용량이 한정된다. 본 논문은 TCP/IP를 이용하는 전산망의 해킹방지를 위한 경제적인 방화벽 토큰 설계 방법을 제안한다. 공개키 암호 시스템의 주요 연산이며, 토큰 전력 소모의 대부분을 차지하는 지수연산에 Sparse 소수를 이용한 고속 처리 방법을 제안한다. 제안한 방법은 지수연산에서 모듈러 연산 량을 감소시킴으로 토큰의 배터리 용량 또는 CPU 가격을 낮출 수 있다.

• 한국통신학회논문지
• /
• 제32권3C호
• /
• pp.249-255
• /
• 2007

일반적으로, H.264/AVC 압축 표준에서 CAVLC 복원은 많은 양의 메모리 액세스를 필요로 한다. 이러한 메모리 액세스는 비디오폰 및 DMB와 같은 응용 서비스에 있어서 파워 소모 면에서 중요한 문제로 인식된다. 이를 해결하기 위하여 본 논문에서는 CAVLC의 구문요소중 하나인 coeff-token에 대한 효과적인 복호화 방식을 제안한다. 먼저 중복 액세스를 제거하기 위하여 바이트 단위로 구성되는 새로운 코드워드를 정의한다. 그리고 이를 기초로 가변길이 부호어 테이블을 재구성한 후 효과적인 메모리 액세스 기법을 제시한다. 모의 실험은 화질 저하 없이 제안 방식에서 약 85% 정도의 메모리 액세스가 절약됨을 보여준다.

• International Journal of Internet, Broadcasting and Communication
• /
• 제8권1호
• /
• pp.7-18
• /
• 2016

Several authentication methods have been developed to make use of tokens in the mobile networks and smart payment systems. Token used in smart payment system is genearated in place of Primary Account Number. The use of token in each payment transaction is advantageous because the token authentication prevents enemy from intercepting credit card number over the network. Existing token authentication methods work together with the cryptogram, which is computed using the shared key that is provisioned by the token service provider. Long lifetime and repeated use of shared key cause potential brawback related to its vulnerability against the brute-force attack. This paper proposes a per-transaction shared key mechanism, where the per-transaction key is agreed between the mobile device and token service provider for each smart payment transaction. From server viewpoint, per-transaction key list is easy to handle because the per-transaction key has short lifetime below a couple of seconds and the server does not need to maintain the state for the mobile device. We analyze the optimum size of the per-transaction shared key which satisfy the requirements for transaction latency and security strength for secure payment transactions.