국제통용운전면허증의 보안성과 운용성 강화를 위한 상호인증 및 운용 기법에 관한연구

The Mutual Authentication and Operation Methodology for an Enhanced Security and Operation of the IDL

  • 전상훈 (숭실대학교 일반대학원 컴퓨터학과 컴퓨터통신 연구실) ;
  • 전문석 (숭실대학교 컴퓨터학과)
  • 발행 : 2009.02.28

초록

국가 간에 이동하는 인구가 급증하고 있는 현재, 국내 외 운전면허증은 쉽게 복제가 가능하며, 위조된 면허증을 감지하기 어려운 문제점을 갖고 있다. 그리고 국가 상호간에 운전자의 법규 위반 사항을 관리하고 통제하기 어려운 불편함이 증가되고 있다. 운전면허증은 대부분의 국가에서 개인 신분 증명 수단으로 사용되고 있기 때문에 보안성 및 안전성이 그 무엇보다도 중요하며, 분실, 도용 도난으로 인한 부정사용 방지가 요구되고 있다. 따라서 본 논문은 ISO/IEC 18013-3에서 정의하고 있는 ICC기반 국제통용운전면허증의 보안성 및 운용성을 강화하는 효율적인 상호인증 및 운용기법을 제안한다.

In the modern world, where the number of people moving from country to country is sharply increasing, domestic and international driver's licenses are easily fabricated or forged, and distinguishing if a driver's license is legitimate or not is often a difficult task. Furthermore, this would require different countries to mutually share and administer the driving records of individuals, making it a much more complex task (Added to it is the complicated matter of countries having to mutually share and administer the driving records of individuals.) However, the authenticity and security of a driver's license has become the first priority since driver's licenses are also used as identification cards in most countries, thus requiring measures to prevent inappropriate uses arising from theft and embezzlement. In this paper, we propose the mutual authentication mechanism which, can provide enhanced security and efficient operation that is administration of personal information contained within ISO Compliant Driving licence(IDL).

키워드

참고문헌

  1. P.Kocher, 'Timing Attacks on Implementation of Diffie-Hellman, RSA, DSS, and Other Systems,' CRYPT'96, LNCS 1109, pp.104-113, Springer-Verlag, 1996
  2. P.Kocher, J. Jaffe and B.Jun, 'Differential Power Analysis,' CRYPT'99, LNCS 1666, pp.388-397, Springer-Verlag, 1999 https://doi.org/10.1007/3-540-48405-1_25
  3. H.Yoo, herbst, S. mangard, E. Oswald, and S. Moon, 'investigations of Power Analysis Attacks and Countermeasures for ARIA,' WISA'06, LNCS 4298, pp.160-172, Springer-Verlag, 2007 https://doi.org/10.1007/978-3-540-71093-6_13
  4. ChangKyun Kim, IIHwan Park, 'Investigation of side channel analysis attacks on financial IC cards', KIISC, 18-1 pp.31-35, KIISC, 2008
  5. ISO 18013-1, Information technology-Personal identification-ISO-compliant driving licence-Part 1: Physical characteristics and basic data set, ISO, 2005
  6. ISO 18013-2, Information technology-Personal identification-ISO-compliant driving licence-Part 2: Machine-readable technologies, ISO, 2007
  7. ISO 18013-3: Information technology-Personal identification-ISO-compliant driving licence-Part 3:Access control, authentication and integrity validation, ISO, 2006
  8. ISO 7816-4: Identification cards-Integrated circuit(s) cards with contacts-Part 4: Interindustry commands for interchange, ISO, 2005
  9. ISO 7816-8: Identification cards-Integrated circuit(s) cards with contacts-Part 8: Security related interindustry commands, ISO, 2004
  10. ISO 10202-4: Financial transaction cards-Security architecture of financial transaction systems using integrated circuit cards-Part 4: Secure application modules, ISO, 1996
  11. Richard Fernandez. enterprise Dynamic Access Control(EDAC) Compliance with the Role-Based Access Control(RBAC) Standard ANSI/INCITS 359-2004, 2005
  12. ISO 19794-2, Information Technology-Biometric Data Interchange Formats Part 2: Finger Minutiae Data, ISO, 2005
  13. ISO FDIS 19794-3, Information Technology- Biometric Data Interchange Formats-Part 3: Finger Pattern Spectral Data, ISO, 2006
  14. ISO 19785-1, Information technology-Common Biometric Exchange Formats Framework-Part 1: Data element specification, ISO, 2006
  15. ISO 9796-2, Information technology-Security techniques-Digital signature schemes giving message recovery-Part 2: Integer factorization based mechanisms, ISO, 2002
  16. ISO 8825-1:2002: Information technology-ASN.1 encoding rules: Specification of Basic Encoding Rules (BER), Canonical Encoding Rules (CER) and Distinguished Encoding Rules (DER), ISO, 2000
  17. R. Housley, W. Polk, W. Ford, D. Solo, 'Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile', RFC 3280, 2002
  18. T. Freeman, R. Housley, A. 'Serverbased Certificate Validation Protocol (SCVP)', RFC 5055, 2007