DOI QR코드

DOI QR Code

아이핀 기반 본인확인서비스의 안전성 강화 방안

Safety Improvement Methods of Personal Identification Services using the i-Pin

  • 김종배 (서울디지털대학교 컴퓨터공학과)
  • 투고 : 2017.01.30
  • 심사 : 2017.06.14
  • 발행 : 2017.06.30

초록

Due to development of IT, various Internet services via the non-face-to-face are increasing rapidly. In the past, the resident registration numbers (RRN) was used a mean of personal identification, but the use of RRN is prohibited by the relevant laws, and the personal identification services using alternative means are activated. According to the prohibition policy of RRN, i-PIN service appeared as an alternative means to identify a person. However, the user's knowledge-based i-PIN service continues to cause fraudulent issuance, account hijacking, and fraud attempts due to hacking accidents. Due to these problems, the usage rate of i-PIN service which performs a nationwide free personal identification service, is rapidly decreasing. Therefore, this paper proposes a technical safety enhancement method for security enhancement in the i-PIN-based personal identification service. In order to strengthen the security of i-PIN, this paper analyzes the encryption key exposure, key exchange and i-PIN authentication model problems of i-PIN and suggests countermeasures. Through the proposed paper, the i-PIN can be expected to be used more effectively as a substitution of RRN by suggesting measures to enhance the safety of personal identification information. Secured personal identification services will enable safer online non-face-to-face transactions. By securing the technical, institutional, and administrative safety of the i-PIN service, the usage rate will gradually increase.

키워드

참고문헌

  1. Audit and Inspection Report, "National Cyber Safety Management Status", The Board o Audit and Inspection of Korea, 2016. (감사보고서, "국가 사이버안전 관리실태", 감사원, 2016.)
  2. Choi, J.S. and J.B. Kim, "Study of Enhancing Safety of Personal Authorization Methods", Proceedings of IEEK, Vol.1, 2015, 298-301. (최중석, 김종배, "주민번호 대체수단의 안전성 강화방안 연구", 대한전자공학회 추계학술대회, 제1권, 2015, 298-301.)
  3. Choi, J.S. and J.B. Kim, "A Study of Improving user Authentication Procedures for Enhanced Safety of Personal Authorization Methods", Proceedings of KIPS, Vol.22, No.2, 2015, 668-671. (최중석, 김종배, "본인확인서비스 안전성 개선을 위한 본인인증수단 및 절차 개선 방안 연구", 한국정보처리학회 추계학술대회, 제22권, 제2호, 2015, 668-671.)
  4. Choi, K.H., S.W. Jung, G.S. Lee, and S.H. Ahn, "i-Pin Development Plan for National IDM", Journal of The Korea Institute of Information Security and Cryptology, Vol.21, No.4, 2011, 40-46. (최광희, 정승욱, 이강신, 안승호, "국가 IDM을 위한 아이핀 발전 전략", 한국정보보호학회지, 제21권, 제4호, 2011, 40-46.)
  5. Choi, K.H., J.C. Ahn, G.S. Lee, and S.H. Ahn, "i-Pin 2.0 Service Frameworks for Alternative Means of Resident Registration Number", Journal of The Korea Institute of Information Security and Cryptology, Vol.20, No.6, 2010, 88-95. (최광희, 안종찬, 이강신, 안승호, "인터넷상 주민번호 이용을 대체하기 위한 아이핀 2.0 서비스 프레임워크", 정보보호학회지, 제20권, 제6호, 2010, 88-95.)
  6. Heo, G.I., J.W. Kang, and W.H. Park, "Countermeasures of Privacy Disclosure Vulnerability in Data Transfer Section", Journal of the Korea Society of IT Service, Vol.12, No.1, 2013, 163-171. (허건일, 강지원, 박원형, "데이터 전송 구간에서 개인정보노출 취약점과 대응방안", 한국IT서비스학회지, 제12권, 제1호, 2013, 163-171.) https://doi.org/10.9716/KITS.2013.12.1.163
  7. Im, H. and T.S. Kim, "An Empirical Study on the Factors that Affect the Continuous use Intention of i-PIN", Journal of Information Technology Applications & Management, Vol.22, No.4, 2015, 159-179. (임 혁, 김태성, "아이핀(i-PIN)의 지속적 사용의도에 영향을 미치는 요인에 관한 실증적 연구", 한국데이터베이스학회, 제22권, 제4호, 2015, 159-179.) https://doi.org/10.21219/JITAM.2015.22.4.159
  8. Jun, Y.E. and J.Y. Kim, "The Study on the Present Condition of Personal Information Security in Accordance with Cyber Security Threat in Financial Firms", Journal of the Korea Society of IT Service, Vol.13, No.1, 2014, 79-89. (전영은, 김정연, "금융회사의 사이버 보안 위협에 따른 개인정보보호 실태에 관한 연구", 한국IT서비스학회지, 제13권, 제1호, 2014, 79-89.) https://doi.org/10.9716/KITS.2014.13.4.079
  9. Jang, W.C. and L.S. Shin, "Estimating Value Creation Effects of i-PIN", Journal of the Korea Society of IT Service, Vol.12, No.2, 2013, 185-193. (장원창, 신일순, "아이핀(i-PIN)의 가치창출효과 추정", 한국IT서비스학회지, 제12권, 제2호, 2013, 185-193.) https://doi.org/10.9716/KITS.2013.12.2.185
  10. Jang. I.Y. and H.Y. Youm, "A Research of i-Pin of Personal Identification Method on the Internet", Journal of The Korea Institute of Information Security and Cryptology, Vol.19, No.5, 2009. 81-94. (장인용, 염흥열, "인터넷상의 본인확인수단인 아이핀의 활성화 방안 연구", 정보보호학회논문지, 제19권, 제5호, 2009, 81-94.)
  11. Kim, J.H. and J.S. Lm, "Recent Information Security Issue and Cryptology Research Trends", KISA Internet & Security Focus, 2014. (김주혁, 임진수, "최신 정보보호 이슈 및 국외 암호 기술 연구 동향", 한국인터넷진흥원, Internet & Security Focus, 2014.)
  12. Kim, J.B., S.T. Kim, J.H. Kim, J.H. Jun, H.Y. Han, D.H. Jun, and J.S. Choi, "A Research on The Improvement for Securing Safety of An Alternative Resident Registration Number on The Internet", KISA Research Report, KISA-WP-0027, 2015. (김종배, 김성태, 김지연, 전진환, 한흥렬, 전동호, 최중석, "주민번호 대체수단 안전성 강화 방안", 한국인터넷진흥원, KISA-WP-0027, 2015.)
  13. Kim, S.H. and H.S. Choi, "Active Phishing Attack Against the i-PIN Service", Proceedings of IEEK., 2014, 587-590. (김승현, 최대선, "아이핀(i-PIN) 서비스에 대한 액티브피싱 공격", 대한전자공학회 학술대회, 2014, 587-590.)
  14. Kim, S.J., "A Study on Improvement of i-PIN Service", Ph.D Thesis, Sungkyunkwan University, 2007. (김승주, "주민번호 대체수단 서비스 개선 방안 연구", 학위논문, 성균관대학교, 2007.)
  15. Lee, H.K., H.H. Lee, and J.H. Myung, "A Survey on Privacy Level : Part Personal", KISA Report, 2015. (이현규, 이훈행, 명준형, "개인정보보호수준 실태조사 : 개인부분", 한국인터넷진흥원, KISA-WP-2014-0051, 2015.)
  16. Lee, J.S., B.K. Son, and J.H. Gu, "Electronic ID Wallet based i-PIN Technology Development", KISA Research Report, 2007. (이재신, 손병록, 구자현, "전자 ID지갑 시스템 기반의 i-PIN 고도화 기술 개발 및 구현", 한국정보보호진흥원 최종보고서, 55, 2007.)
  17. Shin, Y.J., S.H. Shin, J.S. Lee, and W.G. Han, "A Study on Improvement of Identification Means in R.O.K", Journal of Korean Association for Regional Information Society, Vol.18, No.4, 2015. 59-88. (신영진, 신승호, 이자성, 한웅기, "한국에서의 본인확인수단 개선방안에 관한 연구", 한국지역정보화학회지, 제18권, 제4호, 2015, 59-88.)
  18. Shin, Y.J., "A Study of Enhance Method of Internet Personal Identification(i-PIN)", Korean Policy Studies Review, Vol.22, No.3, 2013, 171-199. (신영진, "인터넷 본인확인수단(i-PIN)의 보급 및 적용에 따른 개선방안 연구-개인정보보호법 제정전, 후 이용자의 인식변화를 중심으로", 한국정책학회보, 제22권, 제3호, 2013, 171-199.