• 제목/요약/키워드: sessionStorage

검색결과 33건 처리시간 0.034초

Enhancing the Session Security of Zen Cart based on HMAC-SHA256

  • Lin, Lihui;Chen, Kaizhi;Zhong, Shangping
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • 제11권1호
    • /
    • pp.466-483
    • /
    • 2017
  • Zen Cart is an open-source online store management system. It is used all over the world because of its stability and safety. Today, Zen Cart's session security mechanism is mainly used to verify user agents and check IP addresses. However, the security in verifying the user agent is lower and checking the IP address can affect the user's experience. This paper, which is based on the idea of session protection as proposed by Ben Adida, takes advantage of the HTML5's sessionStorage property to store the shared keys that are used in HMAC-SHA256 encryption. Moreover, the request path, current timestamp, and parameter are encrypted by using HMAC-SHA256 in the client. The client then submits the result to the web server as per request. Finally, the web server recalculates the HMAC-SHA256 value to validate the request by comparing it with the submitted value. In this way, the Zen Cart's open-source system is reinforced. Owing to the security and integrity of the HMAC-SHA256 algorithm, it can effectively protect the session security. Analysis and experimental results show that this mechanism can effectively protect the session security of Zen Cart without affecting the original performance.

DISCRETE-TIME BUFFER SYSTEMS WITH SESSION-BASED ARRIVALS AND MARKOVIAN OUTPUT INTERRUPTIONS

  • Kim, Jeongsim
    • Journal of applied mathematics & informatics
    • /
    • 제33권1_2호
    • /
    • pp.185-191
    • /
    • 2015
  • This paper considers a discrete-time buffer system with session-based arrivals, an infinite storage capacity and one unreliable output line. There are multiple different types of sessions and the output line is governed by a finite state Markov chain. Based on a generating functions approach, we obtain an exact expression for the mean buffer content.

Dynamic Session Key based Pairwise Key Management Scheme for Wireless Sensor Networks

  • Premamayudu, B;Rao, Koduganti Venkata;Varma, P. Suresh
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • 제10권12호
    • /
    • pp.5596-5615
    • /
    • 2016
  • Security is one of the major challenges in the Wireless Sensor Networks (WSNs). WSNs are more vulnerable to adversarial activities. All cryptographic security services indirectly depend on key management. Symmetric key management is the best key establishment process for WSNs due to the resource constraints of the sensors. In this paper, we proposed dynamic session key establishment scheme based on randomly generated nonce value and sensor node identity, in which each sensor node is equipped with session key on expire basis. The proposed scheme is compare with five popular existing key management systems. Our scheme is simulated in OMNET++ with MixiM and presented experimental results. The analytical study and experimental results show the superiority of the proposed scheme over the existing schemes in terms of energy, storage, resilience and communication overhead.

인체주행 시 중족지절 관절 보조 강성에의 적응에 따른 동역학적 변화 고찰 (Dynamic Changes depending on Adaptation to Assistive Joint Stiffness in Metatarsophalangeal Joint during Human Running)

  • 오건영
    • 대한의용생체공학회:의공학회지
    • /
    • 제45권2호
    • /
    • pp.57-65
    • /
    • 2024
  • Recently, several studies have been conducted to lower the cost of transport of human by adding external joint stiffness elements. However, it has not been clearly elucidated whether adaptation time is required for human subjects to adapt to the added external joint stiffness. In this study, carbon plates in the form of shoe midsoles were added to the metatarsophalangeal joint, and the lower limb joint torque and mechanical energy consumption were compared before and after a total of 5 sessions (2.5 weeks) of running. A total of 11 young healthy participants exhibited higher elastic energy storage in carbon plates in the fifth session compared to the first session, and lower power in the ankle joint. This suggests that a single training session may be insufficient to validate the efficiency effect of added joint stiffness, and the human body seems to increase the elastic energy stored in the assistive joint stiffness and its reutilization.

사용자 정보를 이용한 인증 절차 자동화 (Automate authentication processes with user information)

  • 황우섭;박지수;손진곤
    • 한국정보처리학회:학술대회논문집
    • /
    • 한국정보처리학회 2019년도 추계학술발표대회
    • /
    • pp.1125-1128
    • /
    • 2019
  • 사용자가 인터넷을 사용할 때 화면에 표시되는 텍스트나 그래픽 등을 웹 문서라고 하며 HTML5는 웹 문서를 제작하는 표준 언어의 일종이다. HTML5 중에서 web storage는 사용자가 인터넷을 통한 서비스를 받을 때 데이터를 저장하기 위한 기능으로 키와 값의 형태로 저장한다. web storage는 서버 측에서 사용되는 session storage와 클라이언트에서 사용되는 local storage가 있다. local storage 사용 시 데이터를 클라이언트에 평문 형태로 저장하며 만료 기간 없이 영구적인 특징을 갖고 있다. 이러한 특징은 공격자로부터 XSS 등의 공격에서 저장된 데이터의 접근 및 수정 그리고 탈취할 수 있어 공격자의 의도에 따라 데이터 가공 및 재사용이 가능하다는 문제가 있다. 보안 취약점 문제를 해결하기 위한 최근 연구들은 local storage에 저장된 데이터들을 암호화하여 기밀성을 높였다. 그러나 데이터 암호화를 사용하려면 잦은 암호 입력이나 온라인에서만 사용할 수 있다는 또 다른 문제점을 가지고 있다. 기존 보안 취약점 문제와 기존 연구의 문제점을 동시에 해결하기 위해 운영체제 사용자 정보와 기기의 정보를 활용하여 암호화에 필요한 사용자 인증을 자동화하였으며 검증을 위해 코드를 구현하고 테스트 하였다.

Mutual Authentication and Secure Session Termination Scheme in iATA Protocol

  • Ong, Ivy;Lee, Shirly;Lee, Hoon-Jae;Lim, Hyo-Taek
    • Journal of information and communication convergence engineering
    • /
    • 제8권4호
    • /
    • pp.437-442
    • /
    • 2010
  • Ubiquitous mobile computing is becoming easier and more attractive in this ambient technological Internet world. However, some portable devices such as Personal Digital Assistant (PDAs) and smart phones are still encountering inherent constraints of limited storages and computing resources. To alleviate this problem, we develop a cost-effective protocol, iATA to transfer ATA commands and data over TCP/IP network between mobile appliances and stationary servers. It provides mobile users a virtual storage platform which is physically resided at remote home or office. As communications are made through insecure Internet connections, security risks of adopting this service become a concern. There are many reported cases in the history where attackers masquerade as legitimate users, illegally access to network-based applications or systems by breaking through the poor authentication gates. In this paper, we propose a mutual authentication and secure session termination scheme as the first and last defense steps to combat identity thief and fraud threat in particular for iATA services. Random validation factors, large prime numbers, current timestamps, one-way hash functions and one-time session key are deployed accordingly in the scheme. Moreover, we employ the concept of hard factorization problem (HFP) in the termination phase to against fraud termination requests. Theoretical security analysis discussed in later section indicates the scheme supports mutual authentication and is robust against several attacks such as verifiers' impersonation, replay attack, denial-of-services (DoS) attack and so on.

An Efficient and Secure Authentication Scheme with Session Key Negotiation for Timely Application of WSNs

  • Jiping Li;Yuanyuan Zhang;Lixiang Shen;Jing Cao;Wenwu Xie;Yi Zheng;Shouyin Liu
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • 제18권3호
    • /
    • pp.801-825
    • /
    • 2024
  • For Internet of Things, it is more preferred to have immediate access to environment information from sensor nodes (SNs) rather than from gateway nodes (GWNs). To fulfill the goal, mutual authentication scheme between user and SNs with session key (SK) negotiation is more suitable. However, this is a challenging task due to the constrained power, computation, communication and storage resources of SNs. Though lots of authentication schemes with SK negotiation have been designed to deal with it, they are still insufficiently secure and/or efficient, and some even have serious vulnerabilities. Therefore, we design an efficient secure authentication scheme with session key negotiation (eSAS2KN) for wireless sensor networks (WSNs) utilizing fuzzy extractor technique, hash function and bitwise exclusive-or lightweight operations. In the eSAS2KN, user and SNs are mutually authenticated with anonymity, and an SK is negotiated for their direct and instant communications subsequently. To prove the security of eSAS2KN, we give detailed informal security analysis, carry out logical verification by applying BAN logic, present formal security proof by employing Real-Or-Random (ROR) model, and implement formal security verification by using AVISPA tool. Finally, computation and communication costs comparison show the eSAS2kN is more efficient and secure for practical application.

액상형 보툴리눔 독소와 임상적 활용 (Practical Issue of Botulinum Toxin use Liquid Type, Storage and Reuse)

  • 손희영
    • 대한후두음성언어의학회지
    • /
    • 제30권1호
    • /
    • pp.9-11
    • /
    • 2019
  • Botulinum toxin (BTX) has been widely used to treat muscle spasms in many voice disorders. Most commercially available forms of BTX require reconstitution before use, which may increase the risk of contamination and requires careful titration. Recently, a liquid-type BTX type A (BTX-A) has been developed, which should simplify the procedure and enhance its efficacy. In this session, I will discuss about the differences of BTX-A from existing types and the practical issues associated with it.

청년 1인가구를 위한 식생활교육 프로그램 개발 (Development of a Dietary Education Program for Korean Young Adults in Single-Person Households)

  • 정세호;이정우;배다영;김유경
    • 한국가정과교육학회지
    • /
    • 제33권1호
    • /
    • pp.151-167
    • /
    • 2021
  • 본 연구는 청년 1인가구를 위한 식생활교육 프로그램을 개발하였다. 청년 1인가구의 식생활 요구도 조사를 위해 국민건강영양조사 7기(2016~2018년) 자료를 활용하여 1인가구와 다인가구의 식생활 행태를 비교분석을 하였고, 청년 1인가구의 식생활 행태를 분석하기 위해 서울에 거주하는 청년 1인가구(만19~39세) 350명을 대상으로 온라인 설문조사를 실시하였다. 분석한 결과, 1인가구는 다인가구보다 아침 결식률과 외식빈도가 높았으며, 에너지 및 영양소 평균섭취량이 유의적으로 낮았다(p<0.05). 특히 청년 1인가구의 경우 가정에서의 조리 빈도가 낮을수록 아침 결식률이 높았고 외식과 배달음식 섭취빈도가 유의적으로 높았다(p<0.05). 이런 요구도 조사를 바탕으로 식생활교육 이론모델로 사회인지이론을 선정하였고, 청년 1인가구를 위한 식생활교육 프로그램을 DESIGN 6단계 절차를 적용하여 개발하였다. 1차시는 집밥의 건강향상 효과와 경제적 이익, 2차시 아침의 중요성과 생활 속 운동의 효과, 3차시 균형 잡힌 영양섭취의 중요성과 건강한 식단 작성의 원리, 4차시는 식품안전과 보관, 5차시는 소셜다이닝의 효과의 내용으로 구성하였다. 각 차시는 '건강한 집밥을 더 많이 만들어 먹기'라는 동기유발을 위한 이론강의와 행동수행력 향상을 위한 조리실습을 결합하여 구성되었다.

S/KEY를 개선한 일회용 패스워드 메커니즘 개발 (The Development of a One-time Password Mechanism Improving on S/KEY)

  • 박중길
    • 정보보호학회논문지
    • /
    • 제9권2호
    • /
    • pp.25-36
    • /
    • 1999
  • 이 논문에서는 S/KEY 메커니즘에서 사용 횟수 제한과 사전에 키를 만들어 저장해야 하는 중요한 문제점을 해결한 일회용 패스워드 메커니즘을 제안하다. 제안한 일회용 패스워드로부터 인증용키를 생성함으로써 인증용 키관리를 용이하게 하고, 인증과 더불어 클라이언트와 서버간의 통신 세션키의 분배도 가능하게 한다. 그리고 제안한 메커니즘은 스마트 카드를 이용함으로 인증 정보의 보호 및 관리가 용이하며, 서버의 challenge가 없는 클라이언트에서 서버로의 단방향 인증을 필요로 하는 시스템에 바로 적용된다. In this paper we propose a one-time password mechanism that solves the problems of the S/KEY: the limitation of a usage and the need of storage for keys. because of using a cryptographic algorithm the proposed mechanism has no the limitation of a usage. Also because of producing the key for an authentication from a user's password it is easy to manage the authentication key and is possible to share the session key between a client and a server after the authentication process. In addition the proposed mechanism is easy to protect and manage the authentication information because of using a smart card and is adopted by the system that needs a noe-way authentication from a client to a server without the challenge of a server.