• Title/Summary/Keyword: OAuth2.0

Search Result 21, Processing Time 0.021 seconds

OAuth 2.0 For Event-based IoT Device Data Communication (이벤트 기반 IoT 디바이스 데이터 통신을 위한 OAuth 2.0)

  • Yuk, Kun Woong;Lim, Taebeom
    • Proceedings of the Korean Society of Broadcast Engineers Conference
    • /
    • 2015.07a
    • /
    • pp.531-532
    • /
    • 2015
  • 웹 서비스에 주로 적용되어 왔던 OAuth 2.0 사용자 인증 기법을 이벤트 기반 IoT 디바이스 데이터 통신 처리에 이용할 수 있도록 확장한다. OAuth 2.0 사용자 인증 기법은 최소화된 인증 절차에 맞추어져 있지만, 이벤트 기반의 IoT 디바이스의 데이터를 응용하기에는 적합하지 않은 실정이다. OAuth 2.0 사용자 인증 기법을 이용하여 이벤트 기반의 IoT 디바이스 데이터 통신으로 동작하기 위한 구성방법, Data Format, 그리고 전송 구조를 제안한다.

  • PDF

Design and Implementation of CoAP Authorization Framework Based on OAuth 2.0 (OAuth 2.0 기반 CoAP 인증 프레임워크 설계 및 구현)

  • Kim, Kyoung-Han;Lim, Hyun-Kyo;Heo, Joo-Seong;Han, Youn-Hee
    • KIPS Transactions on Computer and Communication Systems
    • /
    • v.6 no.8
    • /
    • pp.329-342
    • /
    • 2017
  • Recently, interest and investment in the Internet of Things (IoT) have increased significantly, and security issues are constantly being raised. As a solution, the IETF ACE Working Group is establishing the ACE framework standard, which is a new security framework for various constrained IoT environments based on the existing OAuth 2.0. However, additional work is required to apply the ACE framework, which proposes a new lightweight security system, to the existing Internet environment, and this additional cost is a factor that hinders the application of OAuth 2.0 to the IOT environment. Therefore, we propose an IoT authentication framework based on OAuth 2.0's existing development motivation, and implement a proposal framework based on CoAPthon and analyze its performance.

Study of OAuth-based Authorization Mechanism for Internet of Things (사물 인터넷을 위한 OAuth 기반 권한부여 기법에 대한 연구)

  • Kang, Yong-Hyeog
    • Proceedings of the Korean Society of Computer Information Conference
    • /
    • 2017.01a
    • /
    • pp.255-256
    • /
    • 2017
  • IoT(Internet of Things)는 우리 일상생활에 깊숙이 관여하고 있어서 보안 문제는 중요해지고 있다. OAuth2.0은 웹기반 응용이나 REST 특성의 API를 안전하게 하는 권한부여(authorization) 프레임워크이다. 본 논문에서는 IoT에 OAuth2.0을 적용하여 효율적이고 효과적인 권한부여 기법을 제안한다. OAuth2.0 기술은 서버쪽 기술이지만, IoT에서도 웹을 이용할 수 있는 CoAP 기술이 있으므로 IoT 디바이스 쪽에 접근에 대한 권한부여 기법으로 적용할 수 있다. 제안기법은 권한 부여 서버와 자원 서버와의 키 분배와 해시 함수 및 암호화를 통해 권한부여 기법을 적용한다.

  • PDF

OAuth 2.0 기반 CoAP 인증 프레임워크 연구 동향 및 제안

  • Kim, Gyeong-Han;Im, Hyeon-Gyo;Heo, Ju-Seong;Han, Yeon-Hui
    • Information and Communications Magazine
    • /
    • v.33 no.12
    • /
    • pp.41-47
    • /
    • 2016
  • 최근 사물인터넷에 대한 관심과 투자가 크게 증가하고 있으나 보안 측면에서 문제가 지속적으로 제기되고 있다. 그 해결책으로서 IETF ACE 워킹 그룹이 기존의 OAuth 2.0 기반으로 여러 제약적인 사물인터넷 환경에 적합한 새로운 보안 프레임워크인 ACE 프레임워크 표준을 제정 중에 있다. 본 고에서는 우선 OAuth 2.0 기반 사물인터넷 인증 프레임워크 연구 동향에 대해 소개하고, 새로운 OAuth 2.0 기반 CoAP 인증 프레임워크를 제안한다.

Stateless Randomized Token Authentication for Performance Improvement of OAuth 2.0 MAC Token Authentication (OAuth 2.0 MAC 토큰인증의 효율성 개선을 위한 무상태 난수화토큰인증)

  • Lee, Byoungcheon
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.28 no.6
    • /
    • pp.1343-1354
    • /
    • 2018
  • OAuth 2.0 bearer token and JWT(JSON web token), current standard technologies for authentication and authorization, use the approach of sending fixed token repeatedly to server for authentication that they are subject to eavesdropping attack, thus they should be used in secure communication environment such as HTTPS. In OAuth 2.0 MAC token which was devised as an authentication scheme that can be used in non-secure communication environment, server issues shared secret key to authenticated client and the client uses it to compute MAC to prove the authenticity of request, but in this case server has to store and use the shared secret key to verify user's request. Therefore, it's hard to provide stateless authentication service. In this paper we present a randomized token authentication scheme which can provide stateless MAC token authentication without storing shared secret key in server side. To remove the use of HTTPS, we utilize secure communication using server certificate and simple signature-based login using client certificate together with the proposed randomized token authentication to achieve the fully stateless authentication service and we provide an implementation example.

The Extended Authentication Protocol using E-mail Authentication in OAuth 2.0 Protocol for Secure Granting of User Access (OAuth 2.0 프로토콜에서 E-mail을 이용한 사용자 권한 인증)

  • Chae, Cheol-Joo;Choi, Kwang-Nam;Choi, Kiseok;Yae, Yong-Hee;Shin, YounJu
    • Journal of Internet Computing and Services
    • /
    • v.16 no.1
    • /
    • pp.21-28
    • /
    • 2015
  • Currently there are wide variety of web services and applications available for users. Such services restrict access to only authorized users, and therefore its users often need to go through the inconvenience of getting an authentication from each service every time. To resolve of such inconvenience, a third party application with OAuth(Open Authorization) protocol that can provide restricted access to different web services has appeared. OAuth protocol provides applicable and flexible services to its users, but is exposed to reply attack, phishing attack, impersonation attack. Therefore we propose method that after authentication Access Token can be issued by using the E-mail authentication. In proposed method, regular user authentication success rate is high when value is 5 minutes. However, in the case of the attacker, the probability which can be gotten certificated is not more than the user contrast 0.3% within 5 minutes.

Patient Information Transfer System Using OAuth 2.0 Delegation Token (OAuth 2.0 위임 Token을 이용한 환자정보 전달 시스템)

  • Park, Jungsoo;Jung, Souhwan
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.30 no.6
    • /
    • pp.1103-1113
    • /
    • 2020
  • Hospitals store and manage personal and health information through the electronic medical record (EMR). However, vulnerabilities and threats are increasing with the provision of various services for information sharing in hospitals. Therefore, in this paper, we propose a model to prevent personal information leakage due to the transmission of patient information in EMR. A method for granting permission to securely receive and transmit patient information from hospitals where patient medical records are stored is proposed using OAuth authorization tokens. A protocol was proposed to enable secure information delivery by applying and delivering the record access restrictions desired by the patient to the OAuth Token. OAuth Delegation Token can be delivered by writing the authority, scope, and time of destruction to view patient information.This prevents the illegal collection of patient information and prevents the leakage of personal information that may occur during the delivery process.

Secure User Authority Authentication Method in the Open Authorization (Open Authorization에서의 안전한 사용자 권한 인증 방법에 관한 연구)

  • Chae, Cheol-Joo;Lee, June-Hwan;Cho, Han-Jin
    • Journal of Digital Convergence
    • /
    • v.12 no.8
    • /
    • pp.289-294
    • /
    • 2014
  • Recently, the various web service and applications are provided to the user. As to these service, because of providing the service to the authenticated user, the user undergoes the inconvenience of performing the authentication with the service especially every time. The OAuth(Open Authorization) protocol which acquires the access privilege in which 3rd Party application is limited on the web service in order to resolve this inconvenience appeared. This OAuth protocol provides the service which is convenient and flexible to the user but has the security vulnerability about the authorization acquisition. Therefore, we propose the method that analyze the security vulnerability which it can be generated in the OAuth 2.0 protocol and secure user authority authentication method.

A Study on Vulnerability Prevention Mechanism Due to Logout Problem Using OAuth (OAuth를 이용한 로그아웃 문제로 인한 취약점 방지 기법에 대한 연구)

  • Kim, Jinouk;Park, Jungsoo;Nguyen-Vu, Long;Jung, Souhwan
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.27 no.1
    • /
    • pp.5-14
    • /
    • 2017
  • Many web services which use OAuth Protocol offer users to log in using their personal profile information given by resource servers. This method reduces the inconvenience of the users to register for new membership. However, at the time a user finishes using OAuth client web service, even if he logs out of the client web service, the resource server remained in the login state may cause the problem of leaking personal information. In this paper, we propose a solution to mitigate the threat by providing an additional security behavior check: when a user requests to log out of the Web Client service, he or she can make decision whether or not to log out of the resource server via confirmation notification regarding the state of the resource server. By utilizing the proposed method, users who log in through the OAuth Protocol in the public PC environment like department stores, libraries, printing companies, etc. can prevent the leakage of personal information issues that may arise from forgetting to check the other OAuth related services. To verify our study, we implement a Client Web Service that uses OAuth 2.0 protocol and integrate it with our security behavior check. The result shows that with this additional function, users will have a better security when dealing with resource authorization in OAuth 2.0 implementation.

Integrated Authentication Protocol of Financial Sector that Modified OAuth2.0 (OAuth2.0을 변형한 금융권 통합인증 프로토콜)

  • Jung, Kyu-Won;Shin, Hye-seong;Park, Jong Hwan
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.27 no.2
    • /
    • pp.373-381
    • /
    • 2017
  • Currently, various types of user authentication methods based on public certificates are used in domestic financial transactions. Such an authorized certificate method has a problem that a different security module must be installed every time a user connects an individual financial company to a web server. Also, the financial company relying on this authentication method has a problem that a new security module should be additionally installed for each financial institution whenever a next generation authentication method such as biometric authentication is newly introduced. In order to solve these problems, we propose an integrated authentication system that handles user authentication on behalf of each financial institution in financial transactions, and proposes an integrated authentication protocol that handles secure user authentication between user and financial company web server. The new authentication protocol is a modified version of OAuth2.0 that increases security and efficiency. It is characterized by performing a challenge-response protocol with a pre-shared secret key between the authentication server and the financial company web server. This gives users a convenient and secure Single Sign-On (SSO) effect.