Journal of the Korea Academia-Industrial cooperation Society (한국산학기술학회논문지)

The Korea Academia-Industrial cooperation Society (한국산학기술학회)
권호 표지
DOI QR코드

DOI QR Code

A Design of Protocol Based on Smartcard for Financial Information to Protect in E-payment System

온라인 소액결제 시스템에서 금융정보 보호를 위한 스마트카드 기반의 프로토콜 설계

  • 이광형 (서일대학교 인터넷정보과) ;
  • 박정효 (숭실대학교 컴퓨터학과)
  • Received : 2013.09.25
  • Accepted : 2013.11.07
  • Published : 2013.11.30
Download PDF
⟨ Previous Next ⟩

Abstract

This study provides two channel structure and two factor authentication. First, a purchasing request by Internet and then user certification and a settlement approval process by mobile communication. Second, it support that proposal protocol utilize a partial factor value of stored in users smartcard, smart phone and password of certificate. Third, storage stability is improved because certificate store in smartcard. Finally, proposal protocol satisfy confidentiality, integrity, authentication, and non- repudiation on required E-commerce guideline. In comparative analysis, Efficiency of the proposal protocol with the existing system was not significantly different. But, In terms of safety for a variety of threats to prove more secure than the existing system was confirmed.

본 논문에서는 기존 온라인 소액결제 시스템의 취약점을 해결하고자 제안 시스템의 구매 요청은 유선망으로 사용자 인증 및 결제 승인 과정은 이동통신사망으로 수행하여 2 Channel 구조를 가지도록 설계하였고, 스마트카드와 스마트폰에 저장된 부분 인자값과 공인인증서의 비밀번호를 활용하여 소지하고 있다는 것과 알고 있는 것에 대한 2 Factor 인증을 지원한다. 또한 스마트카드에 공인인증서를 저장하여 보관상의 안정성을 향상시켰으며, 전자상거래에서 요구하는 가이드라인을 만족시키기 위해 기밀성, 무결성, 인증, 부인방지 등의 특성을 지원한다. 기존 시스템과의 비교 분석을 한 결과 제안 시스템의 효율성 측면에서는 기존 시스템과 큰 차이를 보이지 않았지만 안전성 측면에서는 다양한 위협 요소들에 대한 증명을 통해 안전함을 확인할 수 있었다.

Keywords

References

  1. Ki-young Kim, "A one-time password-based authentication system for Consideration", proceeding of KIISC, Vol.17 No.3, pp.26-31, 2007.
  2. Yi-Roo Baek, Doo-Hwan Oh, Kwang-Eun Gil and Jae-Cheol Ha1, "Implementation of a Remote Authentication System Using Smartcards to Guarantee User Anonymity to Third Party", Journal of KAIS, v.12, no.5, pp.2322-2326, 2011. DOI: http://dx.doi.org/10.5762/KAIS.2009.10.10.2750
  3. Wang-Seong Park, Jong-Pil Jung, Chang-Sub Park, Dong-Hoon Lee, "Password authentication protocol for Consideration", proceeding of KIISC, Vol.9 No.4, pp.51-63, 1999.
  4. Cheol-Oh Kang, Joong0Gil Park, Soon-Jwa Hong, Byung-Cheol Bae, "A Study on the Algorithm of Improved One-Time Password using Time and Time Correction", The KIPS Transactions : Part 8-C No.4, pp.373-378, 2001.
  5. Je-Ho Song, "Design of Inner Key scheduler block for Smart Card", Journal of KAIS, v.11, no.12, pp.4962-4967, 2011. DOI: http://dx.doi.org/10.5762/KAIS.2010.11.12.4962
  6. Je-Ho Song, Woochoun Lee, "The Design of Hybr id Cryptosystem for Smart Card", Journal of KAIS, v.12, no.5, pp. 232-2326, 2011.
  7. Sung-Woon Lee, Hyun-Sung Kim, Kee-Young Yoo, "A Password-based Efficient Key Exchange Protocol", Journal of KIISE : Information Networking Vol.31 No.4, pp.347-352, 2004.
  8. Dong-Hyun Choi, Seung-Joo Kim, Dong-Ho Won, "One-time password Technical Analysis and Standardization", proceeding of KIISC, Vol.17 No.3, pp.12-17, 2007.
  9. Eun-Jeong Choi, Chan-Oe Kim, Joo-Seok Song, "Password-Based Authentication Protocol for Remote Access using Public Key Cryptography", Journal of KIISE : Information Networking, Vol.30 No.1, pp.75-83, 2003.
  10. Jong-Seok Choi, Seung-Soo Shin, Kun-Hee Han, "Three-Party Key Exchange Protocol Providing Usser Anonymity based on Smartcards", Journal of KAIS, v.10, no.2, pp.388-395, 2009. DOI: http://dx.doi.org/10.5762/KAIS.2009.10.2.388
  11. J.Lv and Y.Han, "Enhanced DES Implementation Secure Against High-Order Differential Power Analysis in Smartcards", ACISP 2005, LNCS 3502, pp.195-206, 2005. DOI: http://dx.doi.org/10.1007/11506157_17
  12. J.R.Rao, P.Rohatgi and H. Scherzer, "Partitioning Attacks: Or How to Rapidly Clone Some GSM Cards". IBM Watson Research Center, in 2002 IEEE Symposium on Security and Privacy, Oakland, CA, May 2002. DOI: http://dx.doi.org/10.1109/SECPRI.2002.1004360
  13. L.Goublin and J.Patarin, "DES and differential power analysis", in proceedings of Workshop on Cryptographic Hardware and Embedded Systems, Springer-Verlag, 1999.
  14. T.S.Messerges, E.A.Dabish and R.H.Sloan, "Investigation of Power Analysis Attacks on Smartcards", in Proceedings of USENIX workshop on Smartcard Technology, pp.151-161, May 1999.
  15. Y.S.Son and D.H.Lee, "The Key Management System using the Secret Sharing Scheme Applicable to Smart Card", KIPS Transaction, VOL.11-C, NO 5, pp.373-378, 2004. DOI: http://dx.doi.org/10.3745/KIPSTC.2004.11C.5.585
  16. S. Ha, D. Park, "Image Features Based Secure Access Control for Data Content Protection", Journal of The Institute of Webcasting, Internet and Telecommunication, Vol 13, No 1, pp. 171-180, 2013.
  17. T.-H. Kim, H.-G. Kang, Y.-H. Kim, S.-H. Cho, "A Study of License acquisition Method Supporting Mutual Compatibility of EPUB-based eBook DRM", Journal of The Institute of Webcasting, Internet and Telecommunication, Vol 13, No 1, pp. 205-214, 2013. https://doi.org/10.7236/JIIBC.2013.13.1.205
  18. Y.-H. An, Y.-D. Joo, "Security Enhancement of Biometrics-based Remote User Authentication Scheme Using Smart Cards", Journal of The Institute of Webcasting, Internet and Telecommunication, Vol 12, No 1, pp. 231-237, 2012. https://doi.org/10.7236/JIWIT.2012.12.1.231
  19. H. Han, N. Kim, "Mobile Message Platform Supporting Dynamic Services based on Templates", Journal of The Institute of Webcasting, Internet and Telecommunication, Vol 12, No 2, pp. 19-27, 2012. https://doi.org/10.7236/JIWIT.2012.12.2.19
  20. Y.-D. Joo, "Security Improvements on Smart-Card Based Mutual Authentication Scheme", Journal of The Institute of Webcasting, Internet and Telecommunication, Vol 12, No 6, pp. 91-98, 2012. https://doi.org/10.7236/JIWIT.2012.12.6.91