• Journal of the Korea Society of Computer and Information
• /
• v.28 no.12
• /
• pp.115-127
• /
• 2023

In this paper, we propose a SBT user authentication method for decentralized environment like blockchain. Due to tranparancy of blockchain, it is difficult to secure the privacy of person information, so it is necessary to use a new authentication method. In order to solve this problem, research using SBT for user authentication is being conducted, however most studies have implemented SBT in form of removing function which is related to trasmission from NFT without applying the technical features requried for SBT. The proposed scheme of this paper is implemented SBT which secured safetey and usabillity with using locking token function of ERC-5192. Also, based of implemented SBT scheme propose a user authentication process. To verify our approach, we set a hypothetical user authentication scenario based on the proposed user authentication process and deployed a smart contract that satisfies the 19 function call scenarios that occur in that scenario.

• The Journal of Korea Institute of Information, Electronics, and Communication Technology
• /
• v.9 no.6
• /
• pp.599-603
• /
• 2016

Recently the wireless LAN system is substituting wired LAN system notably as the number of mobile users increases greatly along the advancement of technology. But the wireless LAN has a critical weakness in the security such as data leakage. Thus a safe security system is imperative to avoid threatening from hackers with offering the best convenience to inner users. In this research, we have developed a RADIUS wireless LAN security system for industrial applications, which performs the EAP authentication with the compatibility for any maker of wireless LAN. The system has interfaces based on WEB, providing DB access function for user management so that users can perform authentication of 802.1x in their computers.

• Journal of Digital Convergence
• /
• v.12 no.8
• /
• pp.289-294
• /
• 2014

Recently, the various web service and applications are provided to the user. As to these service, because of providing the service to the authenticated user, the user undergoes the inconvenience of performing the authentication with the service especially every time. The OAuth(Open Authorization) protocol which acquires the access privilege in which 3rd Party application is limited on the web service in order to resolve this inconvenience appeared. This OAuth protocol provides the service which is convenient and flexible to the user but has the security vulnerability about the authorization acquisition. Therefore, we propose the method that analyze the security vulnerability which it can be generated in the OAuth 2.0 protocol and secure user authority authentication method.

• Journal of Internet Computing and Services
• /
• v.20 no.6
• /
• pp.119-127
• /
• 2019

This paper proposes a new authentication model to solve the problem of personal information takeover and personal information theft by service providers using centralized servers for user authentication and management of personal information. The centralization issue is resolved by providing user authentication and information storage space through a decentralize platform, blockchain, and ensuring confidentiality of information through user-specific symmetric key encryption. The proposed model was implemented using the public-blockchain Ethereum and the web-based wallet extension MetaMask, and users access the Ethereum main network through the MetaMask on their browser and store their encrypted personal information in the Smart Contract. In the future, users will provide their personal information to the service provider through their Ethereum Account for the use of the new service, which will provide user authentication and personal information without subscription or a new authentication process. Service providers can reduce the costs of storing personal information and separate authentication methods, and prevent problems caused by personal information leakage.

• The KIPS Transactions:PartD
• /
• v.11D no.5
• /
• pp.1095-1104
• /
• 2004

An electronic services which are based on Internet/Intranet business transactions are available to e-market places and get the broader business concepts. Component-based e-commerce technology is a recent trend towards resolving the e-commerce chanange at both system and ap-plication levels. The basic capabilities of component based systems should include the plug and play features at various granularities, interoper-ability across networks and mobility in various networking environments. E-business application developers are attempting to more towards web-service as a mechanism for developing component-based web-applications. Traditional process and development models are inadequately architectured to meet the rapidly evolving needs for the future of scalable web services. In this thesis, we focus specifically on the issues of e-business system architecture based on web service for establishing e-business system. We specifies and identifies design pattern for applying e-business domain in the context of multiple entities. We investigate prototype and frameworks to develope components for e-business application based suggested process. We present a worked example to demonstrate the behavior of Customer Authentication System(CAS) development with component and recommend process. Final]Y, we indicate and view on future directions in component-based development in the context of electronic business.

• The KIPS Transactions:PartC
• /
• v.14C no.7
• /
• pp.545-552
• /
• 2007

P3P(Platform for Privacy Preference) that is used in the World Wide Web is a standard to define and negotiate policies about definition, transmission, collection, and maintenance of personal information. Current P3P standard provides methods that define client personal information protection policy and P3P policy associated with web server. It also provides a method that compares these two policies. The current P3P standard, however, does not handle detail functions for safe transmission of the personal information and data. Also, it does not handle problems that can be induced by the detail functions. In this paper, in order to solve these problems, we propose a Secure P3P(S-P3P) protocol, which is a security protocol for the current P3P standard, offers mutual authentication between the web server and the client, and guarantees integrity and confidentiality of the messages and data. Furthermore, a S-P3P protocol provides non-repudiation on transmission and reception of personal information that is transmitted from the client to the web server.

• The Journal of Society for e-Business Studies
• /
• v.10 no.4
• /
• pp.53-81
• /
• 2005

Current DRM system has limitation in protection of user's privacy Therefore, many troubles are expected in service providing if it comes into the ubiquitous times of context-aware environment. HKUST Proposed a watermark-based web service DRM system. However, the relevant study does not consider ubiquitous environment and cannot provide service that considered a context. And privacy protection of a user is impossible. On the other hand, Netherlands Phillips laboratory indicated a privacy problem of a DRM system and they proposed an alternative method about this. However, in relevant study, a Sniffing/Replay attack is possible if communicated authentication information are exposed between a user and device. We designed web services adaptable privacy-aware DRM architecture which supplements these disadvantages. Our architecture can secure user authentication mechanism for sniffing/Replay attack and keep anonymity and protect privacy Therefore , we can implement the privacy-aware considered web service DRM system in Context-Aware environment.

• Convergence Security Journal
• /
• v.23 no.1
• /
• pp.19-25
• /
• 2023

The current network environment provides a real-time interactive service from an initial one-way information prov ision service. Depending on the form of web-based information sharing, it is possible to provide various knowledge a nd services between users. However, in this web-based real-time information sharing environment, cases of damage by illegal attackers who exploit network vulnerabilities are increasing rapidly. In particular, for attackers who attempt a phishing attack, a link to the corresponding web page is induced after actively generating a forged web page to a user who needs a specific web page service. In this paper, we analyze whether users directly and actively forge a sp ecific site rather than a passive server-based detection method. For this purpose, it is possible to prevent leakage of important personal information of general users by detecting a disguised webpage of an attacker who induces illegal webpage access using traceback information

• Journal of Korea Multimedia Society
• /
• v.18 no.2
• /
• pp.199-206
• /
• 2015

Since security vulnerabilities newly discovered in a popular Web browser immediately put a number of users at risk, urgent attention from developers is required to address those vulnerabilities. Analysis of characteristics in the Web browser vulnerabilities can be used to assess security risks and to determine the resources needed to develop patches quickly to handle vulnerabilities discovered. So far, being a new research area, the quantitative aspects of the Web browser vulnerabilities and risk assessments have not been fully investigated. However, due to the importance of Web browser software systems, further detailed studies are required related to the Web browser risk assessment, using rigorous analysis of actual data which can assist decision makers to maximize the returns on their security related efforts. In this paper, quantitative software vulnerability analysis has been presented for major Web browsers with respect to the Common Vulnerability Scoring System. Further, vulnerability discovery trends in the Web browsers are also investigated. The results show that, almost all the time, vulnerabilities are compromised from remote networks with no authentication required systems. It is also found that a vulnerability discovery model which was originally introduced for operating systems is also applicable to the Web browsers.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.5 no.1
• /
• pp.63-70
• /
• 2009

As individuals spend more time doing social and economic life on the web, the importance of protecting privacy against Phishing and Pharming attacks also increases. Until now, there have been researches on the methods of protection against Phishing and Pharming. However, these researches don't provide efficient methods for protecting privacy and don't consider Pharming attacks. In this paper, we propose an authentication protocol that protects user information from Phishing and Pharming attacks. In this protocol, the messages passed between clients and servers are secure because they authenticate each other using a hash function of password and location information which are certificated to clients and servers only. These messages are used only once, so that the protocol is secure from replay attacks and man-in-the-middle attacks. Furthermore, it is also secure from Pharming attacks.