• Title/Summary/Keyword: sessionStorage

Search Result 33, Processing Time 0.022 seconds

Enhancing the Session Security of Zen Cart based on HMAC-SHA256

  • Lin, Lihui;Chen, Kaizhi;Zhong, Shangping
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.11 no.1
    • /
    • pp.466-483
    • /
    • 2017
  • Zen Cart is an open-source online store management system. It is used all over the world because of its stability and safety. Today, Zen Cart's session security mechanism is mainly used to verify user agents and check IP addresses. However, the security in verifying the user agent is lower and checking the IP address can affect the user's experience. This paper, which is based on the idea of session protection as proposed by Ben Adida, takes advantage of the HTML5's sessionStorage property to store the shared keys that are used in HMAC-SHA256 encryption. Moreover, the request path, current timestamp, and parameter are encrypted by using HMAC-SHA256 in the client. The client then submits the result to the web server as per request. Finally, the web server recalculates the HMAC-SHA256 value to validate the request by comparing it with the submitted value. In this way, the Zen Cart's open-source system is reinforced. Owing to the security and integrity of the HMAC-SHA256 algorithm, it can effectively protect the session security. Analysis and experimental results show that this mechanism can effectively protect the session security of Zen Cart without affecting the original performance.

DISCRETE-TIME BUFFER SYSTEMS WITH SESSION-BASED ARRIVALS AND MARKOVIAN OUTPUT INTERRUPTIONS

  • Kim, Jeongsim
    • Journal of applied mathematics & informatics
    • /
    • v.33 no.1_2
    • /
    • pp.185-191
    • /
    • 2015
  • This paper considers a discrete-time buffer system with session-based arrivals, an infinite storage capacity and one unreliable output line. There are multiple different types of sessions and the output line is governed by a finite state Markov chain. Based on a generating functions approach, we obtain an exact expression for the mean buffer content.

Dynamic Session Key based Pairwise Key Management Scheme for Wireless Sensor Networks

  • Premamayudu, B;Rao, Koduganti Venkata;Varma, P. Suresh
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.10 no.12
    • /
    • pp.5596-5615
    • /
    • 2016
  • Security is one of the major challenges in the Wireless Sensor Networks (WSNs). WSNs are more vulnerable to adversarial activities. All cryptographic security services indirectly depend on key management. Symmetric key management is the best key establishment process for WSNs due to the resource constraints of the sensors. In this paper, we proposed dynamic session key establishment scheme based on randomly generated nonce value and sensor node identity, in which each sensor node is equipped with session key on expire basis. The proposed scheme is compare with five popular existing key management systems. Our scheme is simulated in OMNET++ with MixiM and presented experimental results. The analytical study and experimental results show the superiority of the proposed scheme over the existing schemes in terms of energy, storage, resilience and communication overhead.

Dynamic Changes depending on Adaptation to Assistive Joint Stiffness in Metatarsophalangeal Joint during Human Running (인체주행 시 중족지절 관절 보조 강성에의 적응에 따른 동역학적 변화 고찰)

  • Keonyoung Oh
    • Journal of Biomedical Engineering Research
    • /
    • v.45 no.2
    • /
    • pp.57-65
    • /
    • 2024
  • Recently, several studies have been conducted to lower the cost of transport of human by adding external joint stiffness elements. However, it has not been clearly elucidated whether adaptation time is required for human subjects to adapt to the added external joint stiffness. In this study, carbon plates in the form of shoe midsoles were added to the metatarsophalangeal joint, and the lower limb joint torque and mechanical energy consumption were compared before and after a total of 5 sessions (2.5 weeks) of running. A total of 11 young healthy participants exhibited higher elastic energy storage in carbon plates in the fifth session compared to the first session, and lower power in the ankle joint. This suggests that a single training session may be insufficient to validate the efficiency effect of added joint stiffness, and the human body seems to increase the elastic energy stored in the assistive joint stiffness and its reutilization.

Automate authentication processes with user information (사용자 정보를 이용한 인증 절차 자동화)

  • Hwang, Woo Seob;Park, JiSu;Shon, Jin Gon
    • Annual Conference of KIPS
    • /
    • 2019.10a
    • /
    • pp.1125-1128
    • /
    • 2019
  • 사용자가 인터넷을 사용할 때 화면에 표시되는 텍스트나 그래픽 등을 웹 문서라고 하며 HTML5는 웹 문서를 제작하는 표준 언어의 일종이다. HTML5 중에서 web storage는 사용자가 인터넷을 통한 서비스를 받을 때 데이터를 저장하기 위한 기능으로 키와 값의 형태로 저장한다. web storage는 서버 측에서 사용되는 session storage와 클라이언트에서 사용되는 local storage가 있다. local storage 사용 시 데이터를 클라이언트에 평문 형태로 저장하며 만료 기간 없이 영구적인 특징을 갖고 있다. 이러한 특징은 공격자로부터 XSS 등의 공격에서 저장된 데이터의 접근 및 수정 그리고 탈취할 수 있어 공격자의 의도에 따라 데이터 가공 및 재사용이 가능하다는 문제가 있다. 보안 취약점 문제를 해결하기 위한 최근 연구들은 local storage에 저장된 데이터들을 암호화하여 기밀성을 높였다. 그러나 데이터 암호화를 사용하려면 잦은 암호 입력이나 온라인에서만 사용할 수 있다는 또 다른 문제점을 가지고 있다. 기존 보안 취약점 문제와 기존 연구의 문제점을 동시에 해결하기 위해 운영체제 사용자 정보와 기기의 정보를 활용하여 암호화에 필요한 사용자 인증을 자동화하였으며 검증을 위해 코드를 구현하고 테스트 하였다.

Mutual Authentication and Secure Session Termination Scheme in iATA Protocol

  • Ong, Ivy;Lee, Shirly;Lee, Hoon-Jae;Lim, Hyo-Taek
    • Journal of information and communication convergence engineering
    • /
    • v.8 no.4
    • /
    • pp.437-442
    • /
    • 2010
  • Ubiquitous mobile computing is becoming easier and more attractive in this ambient technological Internet world. However, some portable devices such as Personal Digital Assistant (PDAs) and smart phones are still encountering inherent constraints of limited storages and computing resources. To alleviate this problem, we develop a cost-effective protocol, iATA to transfer ATA commands and data over TCP/IP network between mobile appliances and stationary servers. It provides mobile users a virtual storage platform which is physically resided at remote home or office. As communications are made through insecure Internet connections, security risks of adopting this service become a concern. There are many reported cases in the history where attackers masquerade as legitimate users, illegally access to network-based applications or systems by breaking through the poor authentication gates. In this paper, we propose a mutual authentication and secure session termination scheme as the first and last defense steps to combat identity thief and fraud threat in particular for iATA services. Random validation factors, large prime numbers, current timestamps, one-way hash functions and one-time session key are deployed accordingly in the scheme. Moreover, we employ the concept of hard factorization problem (HFP) in the termination phase to against fraud termination requests. Theoretical security analysis discussed in later section indicates the scheme supports mutual authentication and is robust against several attacks such as verifiers' impersonation, replay attack, denial-of-services (DoS) attack and so on.

An Efficient and Secure Authentication Scheme with Session Key Negotiation for Timely Application of WSNs

  • Jiping Li;Yuanyuan Zhang;Lixiang Shen;Jing Cao;Wenwu Xie;Yi Zheng;Shouyin Liu
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.18 no.3
    • /
    • pp.801-825
    • /
    • 2024
  • For Internet of Things, it is more preferred to have immediate access to environment information from sensor nodes (SNs) rather than from gateway nodes (GWNs). To fulfill the goal, mutual authentication scheme between user and SNs with session key (SK) negotiation is more suitable. However, this is a challenging task due to the constrained power, computation, communication and storage resources of SNs. Though lots of authentication schemes with SK negotiation have been designed to deal with it, they are still insufficiently secure and/or efficient, and some even have serious vulnerabilities. Therefore, we design an efficient secure authentication scheme with session key negotiation (eSAS2KN) for wireless sensor networks (WSNs) utilizing fuzzy extractor technique, hash function and bitwise exclusive-or lightweight operations. In the eSAS2KN, user and SNs are mutually authenticated with anonymity, and an SK is negotiated for their direct and instant communications subsequently. To prove the security of eSAS2KN, we give detailed informal security analysis, carry out logical verification by applying BAN logic, present formal security proof by employing Real-Or-Random (ROR) model, and implement formal security verification by using AVISPA tool. Finally, computation and communication costs comparison show the eSAS2kN is more efficient and secure for practical application.

Practical Issue of Botulinum Toxin use Liquid Type, Storage and Reuse (액상형 보툴리눔 독소와 임상적 활용)

  • Son, Hee Young
    • Journal of the Korean Society of Laryngology, Phoniatrics and Logopedics
    • /
    • v.30 no.1
    • /
    • pp.9-11
    • /
    • 2019
  • Botulinum toxin (BTX) has been widely used to treat muscle spasms in many voice disorders. Most commercially available forms of BTX require reconstitution before use, which may increase the risk of contamination and requires careful titration. Recently, a liquid-type BTX type A (BTX-A) has been developed, which should simplify the procedure and enhance its efficacy. In this session, I will discuss about the differences of BTX-A from existing types and the practical issues associated with it.

Development of a Dietary Education Program for Korean Young Adults in Single-Person Households (청년 1인가구를 위한 식생활교육 프로그램 개발)

  • Joung, Se Ho;Lee, Jung Woo;Bae, Da Young;Kim, Yoo Kyung
    • Journal of Korean Home Economics Education Association
    • /
    • v.33 no.1
    • /
    • pp.151-167
    • /
    • 2021
  • This study reports on the development of a dietary education program for Korean young adults in single-person households. The 7th National Health and Nutrition Survey (2016-2018) was used to compare and analyze the dietary behavior of single-person households and multi-person households, and an online survey was conducted on 350 young adults (age 19-39 years) living in Seoul. According to the analysis, single-person households had higher rates of breakfast and eating out than multi-person households, and significantly lower average intake of energy and nutrients (p<0.05). In particular, in the case of single-person households, the lower the frequency of cooking at home, the higher the rate of breakfast and the higher the frequency of eating out and delivery food (p<0.05). Based on the survey, a dietary education program for young adults single-person households was developed by applying the DESIGN six-step procedure and social cognitive theory as a conceptual model. The first session consisted of the health and economic benefits of home-cooked meals, the second session of the importance of the breakfast and the effect of exercise in life, the third session of the importance of balanced nutrition and the principles of a healthy diet, the fourth session of food safety and storage, and the fifth session of social dining. Each session was composed of a combination of theoretical lectures to motivate 'more making and eating healthy home-cooked meals' and cooking practice for improving behavioral performance.

The Development of a One-time Password Mechanism Improving on S/KEY (S/KEY를 개선한 일회용 패스워드 메커니즘 개발)

  • 박중길
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.9 no.2
    • /
    • pp.25-36
    • /
    • 1999
  • In this paper we propose a one-time password mechanism that solves the problems of the S/KEY: the limitation of a usage and the need of storage for keys. because of using a cryptographic algorithm the proposed mechanism has no the limitation of a usage. Also because of producing the key for an authentication from a user's password it is easy to manage the authentication key and is possible to share the session key between a client and a server after the authentication process. In addition the proposed mechanism is easy to protect and manage the authentication information because of using a smart card and is adopted by the system that needs a noe-way authentication from a client to a server without the challenge of a server.