• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.6
• /
• pp.1343-1354
• /
• 2018

OAuth 2.0 bearer token and JWT(JSON web token), current standard technologies for authentication and authorization, use the approach of sending fixed token repeatedly to server for authentication that they are subject to eavesdropping attack, thus they should be used in secure communication environment such as HTTPS. In OAuth 2.0 MAC token which was devised as an authentication scheme that can be used in non-secure communication environment, server issues shared secret key to authenticated client and the client uses it to compute MAC to prove the authenticity of request, but in this case server has to store and use the shared secret key to verify user's request. Therefore, it's hard to provide stateless authentication service. In this paper we present a randomized token authentication scheme which can provide stateless MAC token authentication without storing shared secret key in server side. To remove the use of HTTPS, we utilize secure communication using server certificate and simple signature-based login using client certificate together with the proposed randomized token authentication to achieve the fully stateless authentication service and we provide an implementation example.

• Journal of the Economic Geographical Society of Korea
• /
• v.24 no.1
• /
• pp.76-101
• /
• 2021

This paper analyzes two cases of space tokenization, Meridio and QuantmRE, to explore the potential of tokenization as a new means of space financialization. Space tokenization is based on blockchain technology and security token offering (STO). Although some financial geographers noted the possible impact of blockchain technology on space financialization, it has not been examined in depth. Therefore, this paper demonstrates space tokenization cases in detail. Meridio and QuantmRE suggest financial structures that convert space into tokens based on fractional ownership transactions. QuantmRE, specifically, allows a homeowner to secure cash without either debt or ownership relinquishment through sales of tokenized home equity. As this method takes a form of sale transaction rather than a loan, it enables financial institutions to circumvent strengthened regulation on loans after the 2008 global financial crisis. Moreover, even "house poor" households, who own houses but lack cash due to excessive loans, can cash out from their properties through QuantmRE. As such, space tokenization enables financial institutions to overcome constrained conditions after the global financial crisis, thereby reproducing space financialization. Space tokenization also has the potential to geographically expand space financialization through stimulating investment in the depressed housing market.

• Smart Media Journal
• /
• v.2 no.3
• /
• pp.23-33
• /
• 2013

In this paper, we find out about the effort and status of GwangJu metropolitan city to reinvigorate traditional market. And we propose the micro payment model based on Android NFC and tokenization technique to support the small trader's micro payment in aspect of information technology more than the physical infrastructure and environmental improvement projects to reinvigorate the traditional market. The micropayment model supports facilities of payment using smart phone based on NFC, and the encryption and tokenization support the indirection authentication and privacy of users.

• Proceedings of the Korean Society of Broadcast Engineers Conference
• /
• 2011.11a
• /
• pp.92-95
• /
• 2011

본 논문에서는 MPEG RVC(Reconfigurable Video Coding) 프레임워크에서의 효율적인 복호화기 생성을 위한 토큰 정렬 방법을 제안한다. MPEG RVC 프레임워크는 현존하는 비디오 표준을 모듈 단위로 나누어 그에 대한 입력 및 출력의 동작을 명시하고 있다. 현재의 RVC 프레임워크 표준은 각 기능부(functional unit)들의 입력 및 출력의 행동만을 서술할 뿐 특정 비디오 코덱에서 고유적으로 정의하는 각 기능부 사이에 소비되는 토큰의 계산 모델(model of computation)을 제공하지 않는다. 이러한 점은 계산 모델이 다른 환경에서 RVC 프레임워크 솔루션을 개발하는데 큰 어려움으로 작용한다. 따라서 효율적인 RVC 복호화기의 구성을 위해 복호화 기술 정보 상의 명백한 토큰 정렬 정보를 이용하여 RVC 프레임워크의 기능부들 사이의 행동을 결정지어 주는 방법을 제안한다. 제안하는 방법은 토큰 정렬에 의해 계산 모델을 명확하게 해주고 개발자로 하여금 코덱 개발 단계에서의 디버깅 및 테스팅에 따른 부담을 줄여줄 것이다.

• Proceedings of the KAIS Fall Conference
• /
• 2009.05a
• /
• pp.154-157
• /
• 2009

정보통신기술의 발달로 온라인으로 많은 서비스가 이루어지면서 온라인을 통해서 송 수신 되는 정보들의 가치도 높아지고 있다. 현재 전자금융거래의 보안을 향상시키기 위해서 금융기관은 OTP 인증을 사용한다. OTP 인증은 패스워드 기반의 인증기술이며, OTP 토큰을 이용하여 OTP를 생성한다. 이러한 인증은 일방향 해시함수의 충돌성, OTP 토큰에 대한 물리적 공격, OTP 토큰의 전력소모에 따른 동기화 문제를 가지고 있다. 따라서 본 논문에서는 모바일 기기를 이용한 워터마킹 기반 3-Factor OTP 인증을 제안한다. 제안한 인증에서는 OTP를 생성하기 위해 사용자의 생체정보를 사용하며, 서비스 제공자는 사용자의 생체정보에 서버의 비밀정보를 워터마킹 기법을 이용하여 숨긴다. 워터마킹된 생체정보를 사용자의 모바일 기기의 저장하고, 이 정보를 통해 사용자는 생체정보를 인증하고, OTP를 생성한다. 제안한 인증기술은 OTP토큰을 휴대해야 하는 불편 대신에 대부분 성인이 휴대한 휴대폰과 같은 모바일 기기를 통해 OTP를 생성하고 인증을 할 수 있으며, 생체정보를 이용함으로써 다른 사용자가 OTP를 생성할 수 없도록 한다. 이러한 기법은 안전한 인증을 요구하는 모든 온라인 서비스에서 사용될 수 있다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.2
• /
• pp.417-429
• /
• 2019

WPA2-PSK uses a 4-way handshake protocol based on a shared secret to establish a secure session between a client and an AP. It has various security problems such as eavesdropping attacks and the secure session establishment process is inefficient because it requires multiple interactions between client and AP. The WPA3 standard has recently been proposed to solve the security problem of WPA2, but it is a small improvement using the same 4-way handshake methodology. OAuth 2.0 token authentication is widely used on the web, which can be used to keep an authenticated state of a client for a long time by using tokens issued to an authenticated client. In this paper, we apply the dual-token based randomized token authentication technology to the Wi-Fi security protocol to achieve an efficient Wi-Fi security protocol by dividing initial authentication and secure session establishment. Once a client is authenticated and equipped with dual tokens issued by AP, it can establish secure session using them quickly with one message exchange over a non-secure channel.

• Journal of Convergence Society for SMB
• /
• v.5 no.3
• /
• pp.1-7
• /
• 2015

Recently, finance technology related to Fin-Tech has emerged while national and international financial incidents have increased. Security technologies that are currently operated in the financial institutions, have been reported to be vulnerable to security attacks. In this paper, we propose a method of response and plan of security incident using Fin-Tech technology in the divers authentication methods and the usage of biometrics. Proposed method provides a convenient banking services to the users by integrating IT technology, such as personal asset management, crowdfunding to finance technology. Also, the proposed method may provide the security with ease by applying the security technologies such as PCI-DSS, tokenization technique, FDS, the block chain. Proposed method analyzes a number of security cases in relation to the Fin-Tech, financial technologies, for a response.

• Proceedings of the KAIS Fall Conference
• /
• 2010.11a
• /
• pp.239-242
• /
• 2010

웹 애플리케이션 해킹 방법인 CSRF(Cross Site Request Forgery) 공격은 2008년 2월에 온라인 경매사이트인 옥션에서의 1800만명의 개인정보를 유출 사고 피해를 입힌 공격이다. OWASP(Open Web Application Security Project)에서는 이 공격의 해결방안으로 동기화되고 고유한 토큰 값을 생성하여 페이지 요청 시에 이를 검증하는 시스템을 권고하고 있다. 따라서 본 논문에서는 이 공격을 방어하기 위한 방법으로 타임스탬프와 사용자 고유의 값인 전자서명을 토큰형태로 생성하여 Hidden Field에 삽입함으로써 검증하는 기법에 대해 연구하고자 한다.

• Smart Media Journal
• /
• v.10 no.1
• /
• pp.88-98
• /
• 2021

As blockchain technology has emerged as a security issue for IoT, technology which integrates block chain into IoT is being studied. In this paper is a research concerning token-based IoT service access control technology for data sharing, which propose a possessor focused data sharing technic by using the permissioned blockchain. To share IoT health data, a Hyperledger Fabric Network consisting of three organizations was designed to provide a way to share data by applying different access control policies centered on device owners for different services. In the proposed system, the device owner issues access control tokens with different security levels applied to the participants in the organization, and the token issue information is shared through the distributed ledger of the HFN. In IoT, it is possible to lightweight the access control processing of IoT devices by granting tokens to service requesters who request access to data. Furthmore, by sharing token issuance information among network participants using HFN, the integrity of the token is guaranteed and all network participants can trust the token. The device owners can trust that their data is being used within their authorized rights, and control the collection and use of data.

• KIPS Transactions on Computer and Communication Systems
• /
• v.8 no.6
• /
• pp.139-150
• /
• 2019

IoT(Internet of Things) security is becoming increasingly important because IoT potentially has a variety of security threats, including limited hardware specifications and physical attacks. This paper is a study on the certification technology suitable for the lightened IoT environment, and we propose a system in which many gateways share authentication information and issue authentication tokens for mutual authentication using blockchain. The IoT node can be issued an authentication token from one gateway to continuously perform authentication with a gateway in the block-chain network using an existing issued token without performing re-authentication from another gateway participating in the block-chain network. Since we do not perform re-authentication for other devices in a blockchain network with only one authentication, we proposed multi phase authentication consisting of device authentication and message authentication in order to enhance the authentication function. By sharing the authentication information on the blockchain network, it is possible to guarantee the integrity and reliability of the authentication token.