Journal of the Korea Institute of Information and Communication Engineering (한국정보통신학회논문지)

The Korea Institute of Information and Commucation Engineering (한국정보통신학회)
권호 표지
DOI QR코드

DOI QR Code

A Comparative Analysis of PKI Internet Banking and Blockchain Payment Transactions

PKI 인터넷 뱅킹과 블록체인 지불 거래의 비교 분석

  • Park, Seungchul (School of Computer Science and Engineering, Korea University of Technology and Education)
  • Received : 2019.02.11
  • Accepted : 2019.02.20
  • Published : 2019.05.31
Download PDF
⟨ Previous Next ⟩

Abstract

PKI Internet banking is used to have users register their public keys with the banking server together with the identity information, and verify the signature for both user and transaction authentications by using the registered public keys. Although the Blockchain-based financial systems such as Bitcoin adopt similar digital signature-based authentication scheme, there is no server that participants can register public keys with because they perform P2P payment transactions. The purpose of this paper is to identify the advantages and disadvantages of the Blockchain-based payment transactions by analyzing the differences between the most common PKI Internet banking and Blockchain payment systems. Based on the analysis, this paper suggests the issues that need to be enhanced from the aspects of architecture and security in order for Blockchain payment transaction systems to be applied universally.

PKI(Public Key Infrastructure) 인터넷 뱅킹은 서명 검증을 위한 공개키(public key)를 신원 정보와 함께 서버에 등록하고, 등록된 공개키를 사용하여 사용자 인증과 거래 인증을 위한 서명을 검증하는 데 활용한다. 반면, 비트코인 등 블록체인 기반의 금융 거래 시스템은 공개키 암호 기반의 디지털 서명에 근거한 인증 체계를 채택하고 있음에도 불구하고, P2P(peer-to-peer) 방식으로 지불 거래를 수행하므로 공개키를 등록할 수 있는 서버가 존재하지 않는다. 본 논문은 기존의 대표적인 인터넷 뱅킹 방식인 PKI 인터넷 뱅킹과 블록체인 지불 거래의 차이를 분석하고 블록체인 지불 거래의 장단점을 파악하는데 목적이 있다. 이를 통해 본 논문은 블록체인 지불 시스템이 보편적인 금융 거래에 활용되기 위한 구조적 측면과 보안성 측면의 개선방향을 제시하고자 한다.

Keywords

HOJBC0_2019_v23n5_604_f0001.png 이미지

Fig. 1 Registration of Public Key and User Authentication

HOJBC0_2019_v23n5_604_f0002.png 이미지

Fig. 2 PKI Transaction Authentication

HOJBC0_2019_v23n5_604_f0003.png 이미지

Fig. 3 Architecture of Blockchain Payment Transaction System

HOJBC0_2019_v23n5_604_f0004.png 이미지

Fig. 4 Address Usage and Signature Validation of Blockchain Payment Transactions

HOJBC0_2019_v23n5_604_f0005.png 이미지

Fig. 5 Structure of Bitcoin Payment Transaction

Table. 1 Attacks on Internet Banking PKI Private Keys and Countermeasures

HOJBC0_2019_v23n5_604_t0001.png 이미지

Table. 2 Attack on PKI Internet Banking Transaction Signature and Countermeasures

HOJBC0_2019_v23n5_604_t0002.png 이미지

Table. 3 Architectural Comparison of PKI Internet Banking and Blockchain Payment Transaction

HOJBC0_2019_v23n5_604_t0003.png 이미지

Table. 4 Security Comparison of PKI Internet Banking and Blockchain Payment Transaction

HOJBC0_2019_v23n5_604_t0004.png 이미지

References

  1. S. Nakamoto, "Bitcoin : A Peer-to-Peer Electronic Cash System," White Paper, 2008[Internet]. Available: http://bitcoin.org/bitcoin.pdf.
  2. A. Kaushik, A. Choudhary, C. Ektare, and D. Thomas, "Blockchain - Literature Survey," in Proceeding of 2017 2nd IEEE International Conference On Recent Trends in Electronics Information & Communication Technology (RTEICT), India, pp. 2145-2148, May. 19-20, 2017.
  3. I. C. Lin, and T. C. Liao , "A Survey of Blockchain Security Issues and Challenges," International Journal of Network Security, vol.19, no.5, pp. 653-659, Sep. 2017.
  4. S. Park, "A Comparative Analysis of PKI Authentication and FIDO Authentication," Journal of the Korea Institute of Information and Communication Engineering, vol. 21, no. 7, pp. 1411-1419, Jul. 2017. https://doi.org/10.6109/JKIICE.2017.21.7.1411
  5. Z. Zheng, S. Xie, H. Dai, X. Chen, and H. Wang, "An Overview of Blockchain Technology: Architecture, Consensus, and Future Trends," in Proceeding of 2017 IEEE International Congress on Big Data (BigData Congress), Honolulu, USA, 25-30, Jun. 2017.
  6. V. Buterin, "A Next-Generation Smart Contract and Decentralized Application Platform," White Paper, 2013 [Internet]. Available :http://blockchainlab.com/pdf/Ethereum_white_paper-a_next_generation_smart_contract_and_decentralized_application_platform-vitalik-buterin.pdf.
  7. Ripple Labs Inc.. "Ripple: A Primer," White Paper, 2018 [Internet]. Available:https://bravenewcoin.com/assets/Whitepapers/ripple-primer.pdf
  8. FIDO Alliance, "2017 State of Authentication Report," White Paper, 2017[Internet]. Available : https://fidoalliance.org/wp-content/uploads/The-State-of-Authentication-Report.pdf
  9. K. Krombholz, A. Judmayer, M. Gusenbauer, and E. Weippl, "The Other Side of the Coin: User Experiences with Bitcoin Security and Privacy," in Proceeding of International Conference on Financial Cryptography and Data Security, Christ Church, Barbados, pp. 555-580, Feb. 22-26, 2016.
  10. H. S. Park, J. H. Lee, and S. C. Park, "Implementation, Security, and Usability Analysis of Accredited Certificatebased Internet Banking," Journal of Internet Computing and Services, vol. 18, no. 4, pp. 69-79, Aug. 2017. https://doi.org/10.7472/JKSII.2017.18.4.69
  11. A. Hiltgen, T. Kramp, and T. Weigold, "Secure Internet Banking Authentication," IEEE Security & Privacy, pp. 21-29, Mar/Apr. 2006.
  12. Financial Services Commission, "Memory Hacking Related Press Release," FSC Press Release, Jan. 2014[Internet]. Available : https://www.fsc.go.kr/downManager?bbsid=BBS0030&no=88525
  13. F. M. Bencic, and I. P. Zarko, "Distributed Ledger Technology: Blockchain Compared to Directed Acyclic Graph," Cornell University Library, arXiv:1804.10013 [cs.DC], Apr. 2018.
  14. Financial Services Commission, "Bitcoin and Beyond: A Technical Survey on Decentralized Digital Currencies," IEEE Communications Surveys & Tutorials, vol. 18, no. 3, pp. 2084-2123, Feb/Mar. 2016. https://doi.org/10.1109/COMST.2016.2535718