국립중앙도서관 "우편 복사 서비스"로 연결 됩니다.
A typical online learning service allows users to watch video lectures in web browsers at any time and any place. In many cases of such services, security solutions (e.g., user authentication and access control) have been deployed to secure access to ...
다국어 입력
あ
ぁ
か
が
さ
ざ
た
だ
な
は
ば
ぱ
ま
や
ゃ
ら
わ
ゎ
ん
い
ぃ
き
ぎ
し
じ
ち
ぢ
に
ひ
び
ぴ
み
り
う
ぅ
く
ぐ
す
ず
つ
づ
っ
ぬ
ふ
ぶ
ぷ
む
ゆ
ゅ
る
え
ぇ
け
げ
せ
ぜ
て
で
ね
へ
べ
ぺ
め
れ
お
ぉ
こ
ご
そ
ぞ
と
ど
の
ほ
ぼ
ぽ
も
よ
ょ
ろ
を
ア
ァ
カ
サ
ザ
タ
ダ
ナ
ハ
バ
パ
マ
ヤ
ャ
ラ
ワ
ヮ
ン
イ
ィ
キ
ギ
シ
ジ
チ
ヂ
ニ
ヒ
ビ
ピ
ミ
リ
ウ
ゥ
ク
グ
ス
ズ
ツ
ヅ
ッ
ヌ
フ
ブ
プ
ム
ユ
ュ
ル
エ
ェ
ケ
ゲ
セ
ゼ
テ
デ
ヘ
ベ
ペ
メ
レ
オ
ォ
コ
ゴ
ソ
ゾ
ト
ド
ノ
ホ
ボ
ポ
モ
ヨ
ョ
ロ
ヲ
―
http://chineseinput.net/에서 pinyin(병음)방식으로 중국어를 변환할 수 있습니다.
변환된 중국어를 복사하여 사용하시면 됩니다.
예시)
- 中文 을 입력하시려면 zhongwen을 입력하시고 space를누르시면됩니다.
- 北京 을 입력하시려면 beijing을 입력하시고 space를 누르시면 됩니다.
А
Б
В
Г
Д
Е
Ё
Ж
З
И
Й
К
Л
М
Н
О
П
Р
С
Т
У
Ф
Х
Ц
Ч
Ш
Щ
Ъ
Ы
Ь
Э
Ю
Я
а
б
в
г
д
е
ё
ж
з
и
й
к
л
м
н
о
п
р
с
т
у
ф
х
ц
ч
ш
щ
ъ
ы
ь
э
ю
я
′
″
℃
Å
¢
£
¥
¤
℉
‰
$
%
F
₩
㎕
㎖
㎗
ℓ
㎘
㏄
㎣
㎤
㎥
㎦
㎙
㎚
㎛
㎜
㎝
㎞
㎟
㎠
㎡
㎢
㏊
㎍
㎎
㎏
㏏
㎈
㎉
㏈
㎧
㎨
㎰
㎱
㎲
㎳
㎴
㎵
㎶
㎷
㎸
㎹
㎀
㎁
㎂
㎃
㎄
㎺
㎻
㎽
㎾
㎿
㎐
㎑
㎒
㎓
㎔
Ω
㏀
㏁
㎊
㎋
㎌
㏖
㏅
㎭
㎮
㎯
㏛
㎩
㎪
㎫
㎬
㏝
㏐
㏓
㏃
㏉
㏜
㏆
RISS 인기검색어
A security analysis of paid subscription video-on-demand services for online learning = 온라인 수업의 유료 주문형 비디오 서비스에 대한 보안 취약점 분석
한글로보기https://www.riss.kr/link?id=T14574558
- 저자
-
발행사항
서울 : 성균관대학교 일반대학원, 2017
-
학위논문사항
학위논문(석사) -- 성균관대학교 일반대학원 , 소프트웨어플랫폼학과 , 2017. 8
-
발행연도
2017
-
작성언어
영어
- 주제어
-
발행국(도시)
서울
-
형태사항
35 ; 26 cm
-
일반주기명
지도교수: 김형식
- DOI식별코드
-
소장기관
- 성균관대학교 중앙학술정보관
- 성균관대학교 중앙학술정보관
-
0
상세조회 -
0
다운로드
부가정보
다국어 초록 (Multilingual Abstract)
A typical online learning service allows users to watch video lectures in web browsers at any time and any place. In many cases of such services, security solutions (e.g., user authentication and access control) have been deployed to secure access to their premium contents to authorized users only who have paid the subscription fee. In this paper, we demonstrate how security solutions in real-world services can be broken easily. We performed an empirical analysis on the effectiveness of the security solutions deployed in the five popular online learning services using a web proxy to analyze the packets transferred between streaming server and web browser for a streaming service. Our experimental results show that one service out of five was vulnerable to password stealing attacks; three services were vulnerable to URL guessing attacks; and two services were vulnerable to cookie cloning attacks. All the websites tested were vulnerable to at least one attack.
A typical online learning service allows users to watch video lectures in web browsers at any time and any place. In many cases of such services, security solutions (e.g., user authentication and access control) have been deployed to secure access to their premium contents to authorized users only who have paid the subscription fee. In this paper, we demonstrate how security solutions in real-world services can be broken easily. We performed an empirical analysis on the effectiveness of the security solutions deployed in the five popular online learning services using a web proxy to analyze the packets transferred between streaming server and web browser for a streaming service. Our experimental results show that one service out of five was vulnerable to password stealing attacks; three services were vulnerable to URL guessing attacks; and two services were vulnerable to cookie cloning attacks. All the websites tested were vulnerable to at least one attack.
목차 (Table of Contents)
- List of Tables ⅱ
- List of Figures ⅱ
- Abstract ⅲ
- 1. Introduction 1
- 2. Background 4
- List of Tables ⅱ
- List of Figures ⅱ
- Abstract ⅲ
- 1. Introduction 1
- 2. Background 4
- 2.1. Overview of video-on-demand services 4
- 2.2. Security technologies for video-on-demand services 6
- 3. Methodology 9
- 3.1. Threat models 9
- 3.2. Three attacks tested 11
- 4. Experiments 14
- 4.1. Security mechanisms of the websites tested 14
- 4.2. Implementation 15
- 4.3. Summary of results 20
- 5. Countermeasures 21
- 5.1. Encryption of web traffic 21
- 5.2. Use of the best practices for capability URLs 21
- 5.3. Expiration of capability URLs and cookies 23
- 5.4. Preventing suspicious URL requests 23
- 6. Conclusion 24
- References 25
- Korean Abstract 27
분석정보
연관 공개강의(KOCW)
이 자료와 함께 이용한 RISS 자료
나만을 위한 추천자료
