• Title/Summary/Keyword: Reauthentication

Search Result 5, Processing Time 0.02 seconds

Detecting CSRF through Analysis of Web Site Structure and Web Usage Patterns (웹사이트 구조와 사용패턴 분석을 통한 CSRF 공격 탐지)

  • Choi, Jae-Yeong;Lee, Hyuk-Jun;Min, Byung-Jun
    • Convergence Security Journal
    • /
    • v.11 no.6
    • /
    • pp.9-15
    • /
    • 2011
  • It is difficult to identify attack requests from normal ones when those attacks are based on CSRF which enables an attacker transmit fabricated requests of a trusted user to the website. For the protection against the CSRF, there have been a lot of research efforts including secret token, custom header, proxy, policy model, CAPTCHA, and user reauthentication. There remains, however, incapacitating means and CAPTCHA and user reauthentication incur user inconvenience. In this paper, we propose a method to detect CSRF attacks by analyzing the structure of websites and the usage patterns. Potential victim candidates are selected and website usage patterns according to the structure and usage logs are analyzed. CSRF attacks can be detected by identifying normal usage patterns. Also, the proposed method does not damage users' convenience not like CAPTCHA by requiring user intervention only in case of detecting abnormal requests.

Secure AKA(Authentication and Key Agreement) Protocol for Binary CDMA Network (Binary CDMA 망을 위한 안전한 AKA 프로토콜)

  • Kim, Yong-Hee;Park, Mi-Ae;Cho, Jin-Woong;Lee, Hyeon-Seok;Lee, Jang-Yeon;Yi, Ok-Yeon
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.20 no.1
    • /
    • pp.51-61
    • /
    • 2010
  • Koinonia system is designed to fully utilize the advantage of Binary CDMA so as to guarantee QoS in wireless networks. In this paper, we propose the new network structure based on this system and refer to it as BLAN(Binary CDMA LAN). Although BLAN is similar structure to IEEE 802.11 WLAN, it will ensure the fast handover and QoS. We also propose the AKA(Authentication and Key Agreement) protocol and Reauthentication protocol to be used for communication in BLAN. These protocols are securely and efficiently designed using the user identity module to support the more powerful authentication. Hence, BLAN, including the proposed protocols, will support the high mobility and security. In conclusion, we expect that BLAN can be applied to future infrastructure on special environment, and it can be helpful showing the new network model which alternate WLAN.

User attribute verification method using user mobile dynamic information

  • Kim, Seok-Hun
    • Journal of the Korea Society of Computer and Information
    • /
    • v.24 no.1
    • /
    • pp.145-149
    • /
    • 2019
  • Various supplementary authentication methods are used to supplement user authentication and authorization provided by existing password verification online1. In recent years, authentication and authorization methods using user attribute information have been studied and utilized in various services. User attribute information can be divided into static information and dynamic information. The existing methods focus on research to identify users using dynamic information or to generate challenge questions for user reauthentication. Static information such as a user's home address, school, company, etc. is associated with dynamic information such as location information. We propose a method to verify user attribute information by using the association between two attribute information. For this purpose, the static information of the user is verified by using the user's location record which is dynamic information. The experiment of this paper collects the dynamic information of the actual user and extracts the static information to verify the user attributes. And we implemented the user attribute information authentication system using the proposal verification method and evaluated the utility based on applicability, convenience, and security.

lwEPSep: A Lightweight End-to-end Privacy-preserving Security Protocol for CTI Sharing in IoT Environments

  • Hoonyong Park;Jiyoon Kim;Sangmin Lee;Daniel Gerbi Duguma;Ilsun You
    • Journal of Internet Technology
    • /
    • v.22 no.5
    • /
    • pp.1069-1082
    • /
    • 2021
  • The Internet of Things (IoT) is vulnerable to a wide range of security risks, which can be effectively mitigated by applying Cyber Threat Intelligence (CTI) sharing as a proactive mitigation approach. In realizing CTI sharing, it is of paramount importance to guarantee end-to-end protection of the shared information as unauthorized disclosure of CTI is disastrous for organizations using IoT. Furthermore, resource-constrained devices should be supported through lightweight operations. Unfortunately, the aforementioned are not satisfied by the Hypertext Transfer Protocol Secure (HTTPS), which state-of-the-art CTI sharing systems mainly depends on. As a promising alternative to HTTPS, Ephemeral Diffie-Hellman over COSE (EDHOC) can be considered because it meets the above requirements. However, EDHOC in its current version contains several security flaws, most notably due to the unprotected initial message. Consequently, we propose a lightweight end-to-end privacy-preserving security protocol that improves the existing draft EDHOC protocol by utilizing previously shared keys and keying materials while providing ticket-based optimized reauthentication. The proposed protocol is not only formally validated through BAN-logic and AVISPA, but also proved to fulfill essential security properties such as mutual authentication, secure key exchange, perfect forward secrecy, anonymity, confidentiality, and integrity. Also, comparing the protocol's performance to that of the EDHOC protocol reveals a substantial improvement with a single roundtrip to allow frequent CTI sharing.

Assessing Efficiency of Handoff Techniques for Acquiring Maximum Throughput into WLAN

  • Mohsin Shaikha;Irfan Tunio;Baqir Zardari;Abdul Aziz;Ahmed Ali;Muhammad Abrar Khan
    • International Journal of Computer Science & Network Security
    • /
    • v.23 no.4
    • /
    • pp.172-178
    • /
    • 2023
  • When the mobile device moves from the coverage of one access point to the radio coverage of another access point it needs to maintain its connection with the current access point before it successfully discovers the new access point, this process is known as handoff. During handoff the acceptable delay a voice over IP application can bear is of 50ms whereas the delay on medium access control layer is high enough that goes up to 350-500ms. This research provides a suitable methodology on medium access control layer of the IEEE 802.11 network. The medium access control layer comprises of three phases, namely discovery, reauthentication and re-association. The discovery phase on medium access control layer takes up to 90% of the total handoff latency. The objective is to effectively reduce the delay for discovery phase to ensure a seamless handoff. The research proposes a scheme that reduces the handoff latency effectively by scanning channels prior to the actual handoff process starts and scans only the neighboring access points. Further, the proposed scheme enables the mobile device to scan first the channel on which it is currently operating so that the mobile device has to perform minimum number of channel switches. The results show that the mobile device finds out the new potential access point prior to the handoff execution hence the delay during discovery of a new access point is minimized effectively.