• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.5
• /
• pp.1049-1062
• /
• 2019

The national accredited certificate is a user certificate issued based on the user's personal information, which has been identified in advance, and has become a universal authentication method used for most electronic financial transactions and user authentication. And it contributed a lot to the use of e-government and domestic service. However, due to the lack of web standards on how to use, it was inconvenient to install a separate plug-in, and efforts to improve it have been continued. In this paper, we attempt to solve the problem of certificate usage environment by presenting the certificate digital signature method using the extension of the FIDO2 (Fast Identity Online v2) client to authentication protocol (CTAP) specification.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2020.05a
• /
• pp.626-629
• /
• 2020

인터넷의 발전으로 웹 서비스를 사용하는 사용자가 기하급수적으로 늘어났고 사용자에게 다양한 서비스를 제공하기 위해 많은 기술이 등장하고 있다. 서비스를 받는 사용자의 웹브라우저에서도 서버의 많은 기술을 구현할 수 있는 공간을 제공하고 있는데 바로 Web Storage와 Indexed DB이다. Web Storage는 용도에 따라 수 MB 정도를 사용하지만 많은 양의 데이터를 구조화하여 사용한다면 Indexed DB가 적합하다. 하지만 Web Storage뿐만 아니라 Indexed DB 역시 영속적이고 평문의 데이터를 저장하고 있다. 이러한 데이터는 웹 보안에 취약하여 XSS 등의 공격에 사용자의 데이터가 노출되어 탈취되거나 편집되어 악용될 우려가 매우 크다. 본 논문에서는 이와 같은 취약점을 보완하기 위해 운영체제와 디바이스 정보를 이용하여 사용자를 인증하고 암호화하는 기법을 구현하여 성능평가를 하였다.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.33 no.6C
• /
• pp.520-528
• /
• 2008

At present Content Management Systems (CMS) with various and diverse web contents have been in wide applications. But, for CMS of each enterprise has its own metadata which is very different from others, it causes the serious problem of web contents repetition. Also, it's a difficult technology to support protecting copyright of web contents which are in separated CMSs. Therefore, in this paper, we solved the problem of contents repetition through metadata integration between mutually heterogeneous CMSs. We also propose the technology of web contents authentication code for avoiding contents repetition and applying digital rights protection by supporting safe ship in vast quantity of contents.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.4
• /
• pp.631-646
• /
• 2020

The government is pursuing a policy to remove plug-ins for public and private websites to create a convenient Internet environment for users. In general, financial institution websites that provide financial services, such as banks and credit card companies, operate fraud detection system(FDS) to enhance the stability of electronic financial transactions. At this time, the installation software is used to collect and analyze the user's information. Therefore, there is a need for an alternative technology and policy that can collect user's information without installing software according to the no-plug-in policy. This paper introduces the device fingerprinting that can be used in the standard web environment and suggests a guideline to select from various techniques. We also propose a user authentication model using device fingerprints based on machine learning. In addition, we actually collected device fingerprints from Chrome and Explorer users to create a machine learning algorithm based Multi-class authentication model. As a result, the Chrome-based Authentication model showed about 85%~89% perfotmance, the Explorer-based Authentication model showed about 93%~97% performance.

• The KIPS Transactions:PartC
• /
• v.8C no.6
• /
• pp.731-740
• /
• 2001

Multi-distributed web cluster model expanding conventional cluster system is the cluster system which processes large-scaled work demanded from users with parallel computing method by building a number of system nodes on open network into a single imaginary network. Multi-distributed web cluster model on the structured characteristics exposes internal system nodes by an illegal third party and has a potential that normal job performance is impossible by the intentional prevention and attack in cooperative work among system nodes. This paper presents the mutual authentication protocol of system nodes through key division method for the authentication of system nodes concerned in the registration, requirement and cooperation of service code block of system nodes and collecting the results and then designs SNKDC which controls and divides symmetrical keys of the whole system nodes safely and effectively. SNKDC divides symmetrical keys required for performing the work of system nodes and the system nodes transmit encoded packet based on the key provided. Encryption packet given and taken between system nodes is decoded by a third party or can prevent the outflow of information through false message.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.38B no.3
• /
• pp.190-198
• /
• 2013

Since the facilities for the remote users tend to be deployed in distributed manner, authentication schemes for multi-server communication settings, which provide various web services, are required for real-world applications. A typical way to authenticate a remote user relies on password authentication mostly. However, this method is vulnerable to attacks and inconvenient as the system requires users to maintain different identities and corresponding passwords. On the other hand, the user can make use of a single password for all servers, but she may be exposed to variants of malicious attacks. In this paper, we propose an efficient and secure authentication scheme based on a brokered authentication along with smart-cards in multi-server environment. Further we show that our scheme is secure against possible attacks and analyze its performance with respect to communication and computational cost.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.38B no.5
• /
• pp.394-400
• /
• 2013

WoT (Web of Things) was proposed to realize intelligent thing to thing communications using WEB standard technology. It is difficult to adapt security protocols suited for existing Internet communications into WoT directly because WoT includes LLN(Low-power, Lossy Network) and resource constrained sensor devices. Recently, IETF standard group propose to use DTLS protocol for supporting security services in WoT environments. However, DTLS protocol is not an efficient solution for supporting end to end security in WoT since it introduces complex handshaking procedures and high communication overheads. We, therefore, divide WoT environment into two areas- one is DTLS enabled area and the other is an area using lightweight security scheme in order to improve them. Then we propose a mutual authentication scheme and a session key distribution scheme for the second area. The proposed system utilizes a smart device as a mobile gateway and WoT proxy. In the proposed authentication scheme, we modify the ISO 9798 standard to reduce both communication overhead and computing time of cryptographic primitives. In addition, our scheme is able to defend against replay attacks, spoofing attacks, select plaintext/ciphertext attacks, and DoS attacks, etc.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.9 no.2
• /
• pp.37-48
• /
• 1999

The Internet has been used as the academic researching purposes. Nowadays accordance with improving and being familiar with the World-Wide Web Many people are giving it a try to use the Internet as commerce markets. The noticeable example of internet-based use of the commerce is the Internet shopping mall. Using the WWW companies exhibit their products and users select the ones and take the payment for ones in the on-line Increasing the the Internet shopping mall there needs to be the countermeasure that companies and clients must verify each other. In this paper there are explained the development credit authentication system of the Internet shopping mall and the construction of the trusted environment clients can use Internet shopping mall. That is to develop the credit authentication system the credit-rating of Internet shopping mall can be sent securely and easily to clients and the information of credit-ranting cannot be eavesdropped.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.14 no.8
• /
• pp.1855-1860
• /
• 2010

This paper describes construction of web services system for secure message transmission appling web services standards. This system composes single sign on module, SSL module and secure message module. We applied these modules to price comparison site. Single sign on module used SAML standards. This module was designed, in order to provide authentication and authorization. As SSL module processes message encryption among end to end, messages of this system are secure. Secure message module is designed according to WS-Security standards and processes authentication, XML signature and XML encryption.

• Journal of the Korea Society of Computer and Information
• /
• v.17 no.12
• /
• pp.159-167
• /
• 2012

The authentication system of the PKI(public key infrastructure) provides the authenticity and security, accessibility, economic feasibility, and convenience to the service provider and users. Therefore the public and private companies in Korea widely use it as the authentication method of the web service. However, the safety client system is threatened by many vulnerable factors which possibly caused when using PKI-based authentication system. Thus, in this article vulnerable factors caused by using the PKI-based authentication system will be analyzed, which is expected to be the useful data afterwards for the construction of the new authentication system as well as performance improvement.