The KIPS Transactions:PartC (정보처리학회논문지C)

Korea Information Processing Society (한국정보처리학회)
권호 표지
DOI QR코드

DOI QR Code

Electronic Signature Model and Application of Security Server System using Identity Information

식별정보를 이용한 보안서버시스템의 전자서명 모델 및 응용

  • 김영수 (국민대학교 대학원 정보관리학과) ;
  • 신승중 (한세대학교 IT학부)
  • Published : 2005.04.01
Download PDF
⟨ Previous Next ⟩

Abstract

Electronic signature system is required to be used in the promotion of the e-Commerce. Because the application system for electronic signature system has inconvenience and vulnerability of security, users are reluctant to use it. Therefore, the electronic signature system should give a guarantee of convenience and security. In this paper, we propose server-based application model, which uses identity information and makes users access transparently to solve electronic signature problems. We also design and verify electronic signature system that reduces threats to security, which cause server attack by distributing the part of signature key to both server and client. The application model with lightweight server system based on the electronic signature system is expected to be used in the promotion of the e-Commerce and help to make its business more efficient and competitive.

서명시스템은 오늘날 전자상거래의 활성화를 위한 필수적인 기술로 인식되고 있으나 이의 응용시스템은 사용이 불편하고 보안성이 취약하여 사용자가 이의 사용을 꺼리고 있다. 따라서 사용자의 편의성과 보안성을 동시에 고려하는 서명시스템이 제공되어야 한다. 이의 해결을 위해서 사용자가 서명시스템에 투명하게 접근하여 서명과 검증을 할 수 있도록 식별정보를 사용하는 서버기반의 응용 모델을 제안하고 서명키를 생성하는 구성요소를 클라이언트와 서버에 분산하여 유지하도록 함으로써 서버공격으로부터 야기되는 위험을 감소시킬 수 있는 서명시스템을 설계하고 검증하였다 서명시스템의 응용 모델은 경량급 서버시스템을 인프라로 사용함으로써 경제성을 높이는 동시에 보안성도 고려되도록 설계되어 있어서 전자상거래의 활성화에 이바지하고 기업의 경쟁력을 향상시킬 수 있을 것으로 기대된다.

Keywords

References

  1. Krawcyzk, H., 'The Order of Encryption and Authentication for Protecting Communications', Proc. Crypto '01, 2001
  2. Chokhani, S., 'Towards a national public-key infrastructure', IEEE Communications Magagine, Vol.32, No.9, pp.70-74, 1994 https://doi.org/10.1109/35.312846
  3. Sarbari and Stephen, 'Public Key Infrastructure: Analysis of Existingand Needed Protocols and Object Formats for Key Recovery,' Computer and Security Vol.19(1), pp.56-68, April 2000 https://doi.org/10.1016/S0167-4048(00)86364-6
  4. Merkle, R., 'A Certified Digital Signature, Advances in Cryptology', CRYPTO
  5. Fujisaki, E. and T. Okamoto, 'Secure integration of asymmetric and symmetric encryption schemes', Proc. Crypto '99 pp.537-554, 1999
  6. Merkle, R. C., 'A digital signature based on a conventional encryption function,' in Advances in Cryptology-Crypto'87, pp.369-378, 1987
  7. Rivest, R., A. Shamir and L. Adleman, 'A Method for Obtaining Digital Signature and Public Key Cryptosystems', Comm. of ACM, 21, pp.120-126, 1978 https://doi.org/10.1145/359340.359342
  8. Whittle, R., Public Key Authentication Framework : Tutorial, 1996. 6
  9. Shamir, A., 'Identity-based cryptosystems and signature schemes,' In Advances in Cryptology, Crypto'84, Volume 196 of LNCS, 2001
  10. Asokan, N. and G. Tsudik, and M. Waidner, 'Serversupported signatures,' Journal of Computer Security, Vol.5, No.1, 1997
  11. Mambo, M. and K. Usuda, and E. Okamoto, 'Proxy signatures for delegating signing operation,' in Proc. of the Third ACM Conf. on Computer and Communications Security, pp.48-57, 1996 https://doi.org/10.1145/238168.238185
  12. Lamport, L., 'Constructing digital signatures from oneway functions', SRI intl. CSL-98, October, 1979
  13. Damgard, I. B., 'Collision Free Hash Functions and Public Key Signature Schemes', Eurocrypt, 1987
  14. Rompel, J., 'One-way functions are necessary and sufficient for secure signatures.', In Proceedings of the Twenty Second Annual ACM Symposium on Theory of Computing, pp.387-394, ACM Press, 1990 https://doi.org/10.1145/100216.100269
  15. Fiat, A. and A. Shamir, 'How to prove yourself: Practical solutions to identification and signature problems', Proc. Crypto'86, pp.186-194, 1986
  16. 김영수, 메시지보안시스템의 인증 프로토콜 설계및 검증', 박사학위논문, 국민대학교 대학원, 2003