DOI QR코드

DOI QR Code

건강정보를 이용한 OTP 생성 방식 설계

Designed OTP Generation Method Using Health Information

  • Choo, Yeun-Su (Dept. of Computer Graduate School Soongsil University) ;
  • Kang, Jung-Ho (Dept. of Computer Graduate School Soongsil University) ;
  • Kim, Kyoung-Hun (Dept. of Computer Information, Gangdong University) ;
  • Park, Jea-Pyo (Graduate School of Information Sciences Soongsil University) ;
  • Jun, Moon-Seog (Dept. of Computer Graduate School Soongsil University)
  • 투고 : 2015.06.25
  • 심사 : 2015.08.20
  • 발행 : 2015.08.28

초록

온라인 서비스에서 사용자 인증은 정확하고 안전한 서비스를 위해 꼭 필요하다. 이러한 사용자 인증을 위해 OTP(One Time Password)가 많이 활용된다. OTP는 일회성이라는 특성을 만족시키기 위해 분실 및 망실의 위험이 있는 OTP 발생기나 보안카드 등을 사용하여 OTP 생성을 위한 연계 정보를 발생시키거나 최종 OTP 값을 생성한다. 본 논문에서는 u-Health care 시스템에서 수집되는 건강정보를 이용하여 OTP 발생기와 보안카드를 사용하지 않는 OTP 생성방식을 제안한다. 제안하는 방식은 웨어러블 기기를 통해 수집한 건강강보를 OTP 생성에서 사용하는 연계정보로 활용하는 방식이다. 제안하는 방식으로 생성한 OTP는 같은 인증번호가 얼마나 자주 생성되는지를 확인하는 충돌내성 실험에서 기존의 OTP 생성방식과 비슷한 결과를 나타내어 다양한 온라인 서비스에서 사용될 수 있을 것으로 판단된다.

User Authentication in Online service is essential for accurate and safe service. For this user authentication, One Time Password(OTP) is frequently used. To satisfy one-time-use characteristic of OTP, Offset information to generate OTP or final OTP value get generated through OTP generator or security card which could be lost. In this study, OTP generation method that bypasses OTP generator or security card by using health information collected from u-Health care system is proposed. Suggestion is that health information collected through wearable devices get utilized to offset information that are applied in OTP generations. OTP generated using suggested methods showed similar results than current OTP generation methods in the collision resistance test which tests how often it generate same authentication numbers, this implies that new proposed method can be applied to various on-line services.

키워드

참고문헌

  1. Han-na You, Jae-Sik Lee, Jung-Jae Kim, Jae-Pio, Moon-Seog Jun, A Study on the Two-Channel Authentication Method which Provides Two-way Authentication using Mobile Certificate int Internet Banking Environment, The Journal of Korea Information and Communications Society, Vol. 36, No. 8, pp. 939-946, 2011. https://doi.org/10.7840/KICS.2011.36B.8.939
  2. Shirly Lee, Ivy Ong, HyoTaek Lim, HoonJae Lee, International Journal of KIMICS, Vol. 8, No. 4, pp 427-432, 2010.
  3. DOI: http://www.ietf.org/rfc/rfc2289.txt
  4. DOI: http://www.ietf.org/rfc/rfc4226.txt
  5. DOI: http://www.ietf.org/rfc/rfc6238.txt
  6. TTA, u-Health Service Reference Model , TTA, 2010
  7. TTA, Information Security Reference Model for u-Health Service, TTA, 2011.6
  8. So-Yeon Min, Byung-Wook Jin, "Disign of Integrated Authentication Scheme for Safe Personal Information Management in a U-Health Environment", Journal of the Korea Academia-Industrial cooperation Society, Vol 15, No 6, pp.3865-3871, 2014 https://doi.org/10.5762/KAIS.2014.15.6.3865
  9. M. Tubaishat, S. Madria, Sensor Networks: An Overview, IEEE Potentials, Vol. 22, Issue. 2, 20-23, 2003. https://doi.org/10.1109/MP.2003.1197900
  10. Dong-Min Shin, Dong-Il Shin, Dong-Kyoo Shin, Development of u-Health Care System for Dementia Patients, The Journal of Korea Information and Communications Society, Vol. 38C, No. 12, pp.1106-1113, 2013. https://doi.org/10.7840/kics.2013.38C.12.1106
  11. Hyeon-Suk Jang, Tae-Hak Ban, Se-Cheol Jang, Hoe-Kyung Jung, Journal of the Korea Institute of Information and Communication Engineering, Vol. 17, No. 11, pp. 2693-2698, 2013. https://doi.org/10.6109/jkiice.2013.17.11.2693
  12. Yun-Young Sok, Seok-Hun Kim, Integrated Medical Information System Implementation for the u-Healthcare Service Environment, Journal of the Korea Contents Association, Vol. 14, No. 5, pp.1-7, 2014. https://doi.org/10.5392/JKCA.2014.14.05.001
  13. TTA, Algorithm Profile for a one-time password, TTA, 2012.12
  14. TTA, Road map for the one time password standards,TTA, 2011.12
  15. R. Rivest "The MD5 message digest alrogithm." Requests for Comments(RFC) 1321, 1992.
  16. Behrouz A. Forouzan, Cryptography and Network Security(International Edition), pp.377-398, McGraw-Hill, 2008.