Journal of the Korea Academia-Industrial cooperation Society (한국산학기술학회논문지)

The Korea Academia-Industrial cooperation Society (한국산학기술학회)
권호 표지
DOI QR코드

DOI QR Code

Anonymity Certification Technique of a Smart Card base for Personal Information Protection

개인정보보호를 위한 스마트카드 기반의 익명 인증 기법

  • 이광형 (서일대학 인터넷정보과) ;
  • 박정효 (숭실대학교 컴퓨터학과)
  • Received : 2012.11.09
  • Accepted : 2012.12.06
  • Published : 2012.12.31
Download PDF
⟨ Previous Next ⟩

Abstract

Regarding the official authentication method which is a strong encrypt method for financial transactions, there has recently been a concern for the problem of storage. As a solution for such problems, this study provides the anonymous authentication method based on the smart card used for such a purpose by utilizing the pseudo ID replacing the user's personal data. Such an anonymous authentication method makes it possible to prevent any inside leakage, intermediary attack, limited re-transmission attack, service-denying attack, directional safety attack and secret inspector attack in regard to the user's personal data. As a result, there would be no concern for the leakage of any personal data. In comparative analysis, after executing the comparison and analysis process through the experiment for the authentication process by using the previously-used smart card, the new one has shown about 10% a high level of efficiency for the encrypt and decrypt process together with excellent features in terms of flexibility in regard to the user's anonymity and tracking ability.

금융거래를 위한 강력한 암호화 방식인 공인인증서 방식이 최근 들어 보관상의 문제점으로 인한 피해가 우려되고 있다. 본 논문에서는 이러한 문제점의 해결책으로 사용자의 실제 개인정보를 대체한 가상의 동적아이디를 활용하여 사용자를 익명 인증하는 스마트카드 기반의 익명 인증 기법을 제안한다. 본 논문에서 제안한 익명 인증 기법은 사용자의 개인정보가 내부 유출이나 중간자 공격, 제한적 재전송 공격, 서비스 거부 공격, 전방향 안전성, 은밀한 검증자 공격 등에 대해 개인정보가 유출될 우려가 없고, 사용자의 익명성을 제공함으로써 발생할 수 있는 악의적인 공용자의 불법적인 행위를 필요 시 추적할 수 있다. 비교 분석에서 기존 스마트카드를 이용한 인증과의 실험을 통한 결과 암 복호화 효율성에서 약 10%의 성능 향상을 보였고, 안전성 측면에서 가능한 위협적 요소들에 대해 증명을 통해 안전함을 확인할 수 있었다.

Keywords

References

  1. Ki-young Kim, "A one-time password-based authentication system for Consideration", proceeding of KIISC, Vol.17 No.3, pp.26-31, 2007.
  2. Yi-Roo Baek, Doo-Hwan Oh, Kwang-Eun Gil and Jae-Cheol Ha1, "Implementation of a Remote Authentication System Using Smartcards to Guarantee User Anonymity to Third Party", Journal of KAIS, v.12, no.5, pp.2322-2326, 2011.
  3. Wang-Seong Park, Jong-Pil Jung, Chang-Sub Park, Dong-Hoon Lee, "Password authentication protocol for Consideration", proceeding of KIISC, Vol.9 No.4, pp.51-63, 1999.
  4. Cheol-Oh Kang, Joong0Gil Park, Soon-Jwa Hong, Byung-Cheol Bae, "A Study on the Algorithm of Improved One-Time Password using Time and Time Correction", The KIPS Transactions : Part 8-C No.4, pp.373-378, 2001.
  5. Je-Ho Song, "Design of Inner Key scheduler block for Smart Card", Journal of KAIS, v.11, no.12, pp.4962-4967, 2011. https://doi.org/10.5762/KAIS.2010.11.12.4962
  6. Je-Ho Song, Woochoun Lee, "The Design of Hybr id Cryptosystem for Smart Card", Journal of KAIS, v.12, no.5, pp. 232-2326, 2011.
  7. Sung-Woon Lee, Hyun-Sung Kim, Kee-Young Yoo, "A Password - based Efficient Key Exchange Protocol", Journal of KIISE : Information Networking Vol.31 No.4, pp.347-352, 2004.
  8. Dong-Hyun Choi, Seung-Joo Kim, Dong-Ho Won, "One-time password Technical Analysis and Standardization", proceeding of KIISC, Vol.17 No.3, pp.12-17, 2007.
  9. Eun-Jeong Choi, Chan-Oe Kim, Joo-Seok Song, "Password-Based Authentication Protocol for Remote Access using Public Key Cryptography", Journal of KIISE : Information Networking, Vol.30 No.1, pp.75-83, 2003.
  10. Jong-Seok Choi, Seung-Soo Shin, Kun-Hee Han, "Three-Party Key Exchange Protocol Providing Usser Anonymity based on Smartcards", Journal of KAIS, v.10, no.2, pp.388-395, 2009.
  11. J.Lv and Y.Han, "Enhanced DES Implementation Secure Against High-Order Differential Power Analysis in Smartcards", ACISP 2005, LNCS 3502, pp.195-206, 2005, Article(CrossRefLink)
  12. J.R.Rao, P.Rohatgi and H. Scherzer, "Partitioning Attacks: Or How to Rapidly Clone Some GSM Cards". IBM Watson Research Center, in 2002 IEEE Symposium on Security and Privacy, Oakland, CA, May 2002, Article(CrossRefLink)
  13. L.Goublin and J.Patarin, "DES and differential power analysis", in proceedings of Workshop on Cryptographic Hardware and Embedded Systems, Springer-Verlag, 1999.
  14. T.S.Messerges, E.A.Dabish and R.H.Sloan, "Investigation of Power Analysis Attacks on Smartcards", in Proceedings of USENIX workshop on Smartcard Technology, pp.151-161, May 1999.
  15. Y.S.Son and D.H.Lee, "The Key Management System using the Secret Sharing Scheme Applicable to Smart Card", KIPS Transaction, VOL.11-C, NO 5, pp.373-378, 2004.