Journal of Digital Convergence (디지털융복합연구)

The Society of Digital Policy and Management (한국디지털정책학회)
권호 표지
DOI QR코드

DOI QR Code

A proposal of assurance model based on i-PIN assurance level

아이핀 보증 등급에 기반한 보증 모델

  • Youm, Heung-Youl (Department of Information Security Engineering, SoonChunHyang Univ.)
  • 염흥열 (순천향대학교 정보보호학과)
  • Received : 2016.04.01
  • Accepted : 2016.09.20
  • Published : 2016.09.28
Download PDF
⟨ Previous Next ⟩

Abstract

The electronic transactions over the Internet are growing across the world recently. There have been a lot of identity theft incidents during these online transactions nowaday. Therefore, a high level of identity proofing shall be carried out when using online services to deal with these matter. To prevent this kind of incident, i-PIN was introduced in Korea, which is used as an Internet Personal Identification Number. The i-PIN is designated to provide an online identification of the Internet users. As such, the unique identification numbers are provided to the internet service providers. This paper is to analyze the capabilities that the i-PIN provides, to propose the assurance security model for i-PIN. Furthermore, the security analysis results are presented. The result of this paper can be applicable to improve the applicabilities of the i-PIN.

최근 인터넷을 이용한 전자거래나 전자정부서비스가 활발히 이용되고 있다. 온라인 서비스를 이용하는 동안 다른 사람의 신원을 도용하는 문제가 빈번히 발생하고 있다. 따라서 이에 대응하기 위해서는 온라인 서비스를 이용할 때에도 높은 수준의 신원확인이 수행되어야 한다. 2006년에 국내에 도입되어 운영되고 있는 아이핀 (i-PIN, Internet-Personal Identification Number)은 인터넷 상의 신원확인번호이다[1]. 아이핀은 온라인상의 본인확인 기능을 제공하며, 아이핀 정보(연계정보, 중복가입정보)를 정보통신서비스제공자에게 제공한다. 이런 이유로 아이핀은 온라인에서 주민등록번호를 대체하는 수단으로 활용되고 있다. 본 논문에서는 국내 본인확인 수단인 아이핀의 기본 능력을 분석하고, 아이핀의 활용 및 안전성을 제고하기 위한 보증 모델의 기준을 제안한다. 그리고 제안된 아이핀 보증 모델의 안전성과 특성을 분석한다.

Keywords

References

  1. KCS.KO-12.0054, "Service model and functional capabilities of the internet-Personal Identification Number Service", Sep, 2012
  2. "Recommendation ITU-T X.1252, Baseline identity management terms and definitions", April, 2010
  3. KCS.KO-12.0054, "Service model and functional capabilities of the internet-Personal Identification Number Service", Sep, 2012
  4. Soniya B. Milmile, Amol k. Boke, "Review Paper on real time password authentication system for ATM," IJAICT Volume 1, Issue 7, November 2014
  5. NIST Announces the Release of Special Publication (SP) 800-63-2, Electronic Authentication Guideline September 4, 2013
  6. OMB Memorandum M-04-04, E-Authentication Guidance for Federal agencies, December 16, 2003.
  7. ITU-T X.1254 , Entity authentication assurance framework, September, 2012.
  8. ISO/IEC 29115, Information technology -- Security techniques -- Entity authentication assurance framework, 2013.
  9. KCS.KO-12.0170, Connecting Information for internet-Personal Identification Number Service, 2012
  10. KCS.KO-12.0038, Duplicated Joining Verification Information for internet-Personal Identification Number Service, 2012
  11. KISA i-PIN, http://i-pin.kisa.or.kr/kor/main.jsp
  12. Ministry of the Interior government personal identification number, http://www.g-pin.go.kr/
  13. The Kyunghyang Shinmun, "750,000 illegal issuance of I-pin.... government apologies in 8 days," http://news.khan.co.kr/kh_news/khan_art_view.html?artid=201503100907371&code=940100, 2015.3.10.
  14. MOPAS, "Countermeasures to prevent Illegal issuance of I-pin", http://www.korea.kr/policy/pressReleaseView.do?newsId=156042425&call_from=extlink 2015.3.25.
  15. ISO/IEC CD 29003, Information technology -- Security techniques -- Identity proofing, 2016.4.
  16. Recommendation ITU-T X.1250 (2009), Baseline capabilities for enhanced global identity management and interoperability, September, 2009.
  17. Wikipedia, Keystroke logging, https://en.wikipedia.org/wiki/Keystroke_logging
  18. Whatis.com, social engineering, http://searchsecurity.techtarget.com/definition/social-engineering
  19. Cisco Phishing Overview, http://www.cisco.com/c/en/us/products/security/email-security-appliance/phishing_index.html
  20. Wikipedia, Man-in-the-middle attack, https://en.wikipedia.org/wiki/Man-in-the-middle_attack
  21. Juniper, IP Spoof Attack Prevention Overview, https://www.juniper.net/techpubs/en_US/idp5.0/topics/concept/intrusion-detection-prevention-ipspoof-attack-prevention-overview.html
  22. ISO/IEC JTC 1/SC 27/WG 5 N235, Call for contributions to SC 27/WG 5 Study Period on entity authentication assurance framework (EAAF), 2015-11-12
  23. H.Y. YOUM, "need to change Online idetity verification system," DigitalTimes, http://www.dt.co.kr/contents.html?article_no=2015101302102251607002, 2015.10.
  24. Abbie Barbie, Heung Youl Youm, Proposal of NWI: X.1254rev Entity authentication assurance framework, ITU-T SG17 TD-2568 (Rev.1), 2016.03
  25. MOPAS, Alternative research on Social Security Number Usage by sector, SCH IACF, 2012.12.
  26. K.H, PARK, "A study of the scenario for improvement of NPKI system" Vol.8, No.4, pp.59-71, Dec 2010
  27. H.N. ZOO, "Data Protection and Privacy over the Internet: Towards Development of an International Standard", Vol.11, No.4, pp.57-69, Apr,2013
  28. B.H. KIM, "Analysis of Standard Security Technology for Security of the Network", Vol.13, No.12, pp.193-202, Dec 2015 https://doi.org/10.14400/JDC.2015.13.12.193
  29. S.B. KIM, "A study on the Efficient e-Commerce Policies under the Smart Phone Environment", Vol.10, No.1, pp.125-133, Feb 2012 https://doi.org/10.14400/JDPM.2012.10.1.125
  30. Y.S, Choo, "Design The User Authentication Frame work Using u-helath System", Vol.13, No.5, pp.219-226, May 2015
  31. Keun-Ho Lee, "Analysis of Threats Factor in IT Convergence Security", Journal of the Korea Convergence Society, Vol. 1, No. 1, pp. 49-55, 2010.
  32. Jun-Young Go, Keun-Ho Lee, "SNS disclosure of personal information in M2M environment threats and countermeasures", Journal of the Korea Convergence Society, Vol. 5, No. 1, pp. 29-34, 2014. https://doi.org/10.15207/JKCS.2014.5.1.029