국립중앙도서관 "우편 복사 서비스"로 연결 됩니다.
ScienceON
KISSZen Cart is an open-source online store management system. It is used all over the world because of its stability and safety. Today, Zen Cart`s session security mechanism is mainly used to verify user agents and check IP addresses. However, the securi...
다국어 입력
あ
ぁ
か
が
さ
ざ
た
だ
な
は
ば
ぱ
ま
や
ゃ
ら
わ
ゎ
ん
い
ぃ
き
ぎ
し
じ
ち
ぢ
に
ひ
び
ぴ
み
り
う
ぅ
く
ぐ
す
ず
つ
づ
っ
ぬ
ふ
ぶ
ぷ
む
ゆ
ゅ
る
え
ぇ
け
げ
せ
ぜ
て
で
ね
へ
べ
ぺ
め
れ
お
ぉ
こ
ご
そ
ぞ
と
ど
の
ほ
ぼ
ぽ
も
よ
ょ
ろ
を
ア
ァ
カ
サ
ザ
タ
ダ
ナ
ハ
バ
パ
マ
ヤ
ャ
ラ
ワ
ヮ
ン
イ
ィ
キ
ギ
シ
ジ
チ
ヂ
ニ
ヒ
ビ
ピ
ミ
リ
ウ
ゥ
ク
グ
ス
ズ
ツ
ヅ
ッ
ヌ
フ
ブ
プ
ム
ユ
ュ
ル
エ
ェ
ケ
ゲ
セ
ゼ
テ
デ
ヘ
ベ
ペ
メ
レ
オ
ォ
コ
ゴ
ソ
ゾ
ト
ド
ノ
ホ
ボ
ポ
モ
ヨ
ョ
ロ
ヲ
―
http://chineseinput.net/에서 pinyin(병음)방식으로 중국어를 변환할 수 있습니다.
변환된 중국어를 복사하여 사용하시면 됩니다.
예시)
- 中文 을 입력하시려면 zhongwen을 입력하시고 space를누르시면됩니다.
- 北京 을 입력하시려면 beijing을 입력하시고 space를 누르시면 됩니다.
А
Б
В
Г
Д
Е
Ё
Ж
З
И
Й
К
Л
М
Н
О
П
Р
С
Т
У
Ф
Х
Ц
Ч
Ш
Щ
Ъ
Ы
Ь
Э
Ю
Я
а
б
в
г
д
е
ё
ж
з
и
й
к
л
м
н
о
п
р
с
т
у
ф
х
ц
ч
ш
щ
ъ
ы
ь
э
ю
я
′
″
℃
Å
¢
£
¥
¤
℉
‰
$
%
F
₩
㎕
㎖
㎗
ℓ
㎘
㏄
㎣
㎤
㎥
㎦
㎙
㎚
㎛
㎜
㎝
㎞
㎟
㎠
㎡
㎢
㏊
㎍
㎎
㎏
㏏
㎈
㎉
㏈
㎧
㎨
㎰
㎱
㎲
㎳
㎴
㎵
㎶
㎷
㎸
㎹
㎀
㎁
㎂
㎃
㎄
㎺
㎻
㎽
㎾
㎿
㎐
㎑
㎒
㎓
㎔
Ω
㏀
㏁
㎊
㎋
㎌
㏖
㏅
㎭
㎮
㎯
㏛
㎩
㎪
㎫
㎬
㏝
㏐
㏓
㏃
㏉
㏜
㏆
RISS 인기검색어
Enhancing the Session Security of Zen Cart based on HMAC-SHA256 = Enhancing the Session Security of Zen Cart based on HMAC-SHA256
한글로보기https://www.riss.kr/link?id=A103334607
-
저자
( Lihui Lin ) (Fuzhou University, China) ; ( Kaizhi Chen ) (Fuzhou University, China) ; ( Shangping Zhong ) (Fuzhou University, China)
- 발행기관
- 학술지명
- 권호사항
-
발행연도
2017
-
작성언어
Korean
- 주제어
-
등재정보
KCI등재,SCIE,SCOPUS
-
자료형태
학술저널
- 발행기관 URL
-
수록면
466-483(18쪽)
-
KCI 피인용횟수
1
- DOI식별코드
- 제공처
-
0
상세조회 -
0
다운로드
부가정보
다국어 초록 (Multilingual Abstract)
Zen Cart is an open-source online store management system. It is used all over the world because of its stability and safety. Today, Zen Cart`s session security mechanism is mainly used to verify user agents and check IP addresses. However, the security in verifying the user agent is lower and checking the IP address can affect the user`s experience. This paper, which is based on the idea of session protection as proposed by Ben Adida, takes advantage of the HTML5`s sessionStorage property to store the shared keys that are used in HMAC-SHA256 encryption. Moreover, the request path, current timestamp, and parameter are encrypted by using HMAC-SHA256 in the client. The client then submits the result to the web server as per request. Finally, the web server recalculates the HMAC-SHA256 value to validate the request by comparing it with the submitted value. In this way, the Zen Cart`s open-source system is reinforced. Owing to the security and integrity of the HMAC-SHA256 algorithm, it can effectively protect the session security. Analysis and experimental results show that this mechanism can effectively protect the session security of Zen Cart without affecting the original performance.
참고문헌 (Reference)
1 CVE Details, "Zen-cart : Vulnerability Statistics"
2 Wikipedia, "Zen Cart"
3 Ende93, AlexChao, "Window.sessionStorage"
4 Berners-Lee T, "Uniform Resource Identifiers(URI) : Generic Syntax" 4 (4): 84-87, 2005
5 Saini, Vineet, "Threat modeling using attack trees" 23 (23): 124-131, 2008
6 Unger, T., "Shpf: Enhancing http(s) session security with browser fingerprinting" 255-261, 2013
7 Adida, Ben, "Sessionlock : securing web sessions against eavesdropping" 517-524, 2008
8 Wei Guo, "Security analysis and construction of chaotic Hash function" Southwest Jiaotong University 2011
9 De Ryck, P., "SecSess : keeping your session tucked away in your browser" 2171-2176, 2015
10 Gebotys, C. H., "Preaveraging and carry propagate approaches to side-channel analysis of HMAC-SHA256" 15 (15): 1-19, 2016
1 CVE Details, "Zen-cart : Vulnerability Statistics"
2 Wikipedia, "Zen Cart"
3 Ende93, AlexChao, "Window.sessionStorage"
4 Berners-Lee T, "Uniform Resource Identifiers(URI) : Generic Syntax" 4 (4): 84-87, 2005
5 Saini, Vineet, "Threat modeling using attack trees" 23 (23): 124-131, 2008
6 Unger, T., "Shpf: Enhancing http(s) session security with browser fingerprinting" 255-261, 2013
7 Adida, Ben, "Sessionlock : securing web sessions against eavesdropping" 517-524, 2008
8 Wei Guo, "Security analysis and construction of chaotic Hash function" Southwest Jiaotong University 2011
9 De Ryck, P., "SecSess : keeping your session tucked away in your browser" 2171-2176, 2015
10 Gebotys, C. H., "Preaveraging and carry propagate approaches to side-channel analysis of HMAC-SHA256" 15 (15): 1-19, 2016
11 D. Wichers, "Owasp top 10" OWASP Foundation 2013
12 Dietz, M., "Origin-bound certificates: a fresh approach to strong client authentication for the web" 317-331, 2012
13 Dacosta, I., "One-time cookies: preventing session hijacking attacks with stateless authentication tokens" 12 (12): 336-345, 2012
14 Hallam-Baker, Phillip, "Http integrity header"
15 Krawczyk, Hugo, "Hmac: Keyed-hashing for message authentication"
16 Franks, J., "HTTP authentication: Basic and digest access authentication" 1999
17 Kuo-Jui Wei, "Enhancing the Security of Credit Card Transaction based on Visual DSC" 한국인터넷정보학회 9 (9): 1231-1245, 2015
18 Juels, A., "Cache cookies for browser authentication" 301-305, 2006
19 Johns, M., "BetterAuth : web authentication revisited" 169-178, 2012
20 Adida, Ben, "Beamauth : two-factor web authentication with a bookmark" 48-57, 2007
21 HE Run-min, "Analysis safety of SHA-256 algorithm" 22 (22): 31-33, 2014
22 Ismail, Reem Jafar, "A Secure Session Management Based on Threat Modeling" 54 (54): 1176-1182, 2013
동일학술지(권/호) 다른 논문
-
Utility Bounds of Joint Congestion and Medium Access Control for CSMA based Wireless Networks
- 한국인터넷정보학회
- ( Tao Wang )
- 2017
- KCI등재,SCIE,SCOPUS
-
Improved DV-Hop Localization Algorithm Based on Bat Algorithm in Wireless Sensor Networks
- 한국인터넷정보학회
- ( Yuan Liu )
- 2017
- KCI등재,SCIE,SCOPUS
-
Job-aware Network Scheduling for Hadoop Cluster
- 한국인터넷정보학회
- ( Wen Liu )
- 2017
- KCI등재,SCIE,SCOPUS
-
Downlink Capacity Analysis of Distributed Antenna Systems with Imperfect Channel State Information
- 한국인터넷정보학회
- ( Weiye Xu )
- 2017
- KCI등재,SCIE,SCOPUS
분석정보
인용정보 인용지수 설명보기
학술지 이력
| 연월일 | 이력구분 | 이력상세 | 등재구분 |
|---|---|---|---|
| 학술지등록 | 한글명 : KSII Transactions on Internet and Information Systems 외국어명 : KSII Transactions on Internet and Information Systems | ||
| 2023 | 평가예정 | 해외DB학술지평가 신청대상 (해외등재 학술지 평가) | |
| 2020-01-01 | 평가 | 등재학술지 유지 (해외등재 학술지 평가) | |
| 2013-10-01 | 평가 | 등재학술지 선정 (기타) | |
| 2011-01-01 | 평가 | 등재후보학술지 유지 (기타) |  |
| 2009-01-01 | 평가 | SCOPUS 등재 (신규평가) | |
학술지 인용정보
| 기준연도 | WOS-KCI 통합IF(2년) | KCIF(2년) | KCIF(3년) |
|---|---|---|---|
| 2016 | 0.45 | 0.21 | 0.37 |
| KCIF(4년) | KCIF(5년) | 중심성지수(3년) | 즉시성지수 |
| 0.32 | 0.29 | 0.244 | 0.03 |
이 자료와 함께 이용한 RISS 자료
나만을 위한 추천자료
