Journal of Convergence for Information Technology (융합정보논문지)

Convergence Society for SMB (중소기업융합학회)
권호 표지
DOI QR코드

DOI QR Code

A Study on Key Protection Method based on WhiteBox Cipher in Block Chain Environment

블록체인 환경에서 화이트박스 암호기반 키 보호 기법에 관한 연구

  • 최도현 (숭실대학교 컴퓨터학과) ;
  • 홍찬기 (가톨릭관동대학교 의료IT학과)
  • Received : 2019.09.09
  • Accepted : 2019.10.20
  • Published : 2019.10.28
Download PDF
⟨ Previous Next ⟩

Abstract

Recently, in the field of next-generation e-commerce and finance, interest in blockchain-based technologies such as Bitcoin and Ethereum is great. Although the security of blockchain technology is known to be secure, hacking incidents / accidents related to cryptocurrencies are being issued. The main causes were vulnerabilities in the external environment, such as taking over login sessions on cryptocurrency wallets, exposing private keys due to malware infection, and using simple passwords. However, private key management recommends general methods such as utilizing a dedicated application or local backup and physical archiving through document printing. In this paper, we propose a white box password-based private key protection scheme. As a result of safety and performance analysis, we strengthened the security against vulnerability of private key exposure and proved the processing efficiency of existing protocol.

최근 차세대 전자상거래 및 금융 분야에서는 비트코인, 이더리움 등의 블록체인 기반 기술에 관심이 크다. 블록체인 기술의 보안성은 안전하다고 알려졌지만, 가상화폐 관련 해킹 사건/사고들이 이슈화되고 있다. 가상화폐 지갑에 대한 로그인 세션 탈취, 악성코드 감염으로 인한 개인키 노출, 단순한 암호 사용 등 외부환경의 취약성이 주요 원인이었다. 그러나 개인키 관리는 전용 애플리케이션 활용 또는 로컬 백업, 문서 프린트를 통한 물리적 보관 등 일반적인 방법을 권장하고 있다. 본 연구에서는 화이트박스 암호 기반 개인키 보호 기법을 제안한다. 안전성 및 성능분석 결과 개인키 노출 취약점에 대한 안전성을 강화하고, 암호화키를 알고리즘에 내장하여 기존 프로토콜의 처리 효율성을 증명하였다.

Keywords

References

  1. S. Nakamoto. (2008). Bitcoin: A peer-to-peer electronic cash system. BITCOIN(Online). http://bitcoin.org
  2. A. M. Antonopoulos. (2014). Mastering Bitcoin: unlocking digital cryptocurrencies. BOSTON : O'Reilly Media.
  3. H. R. Jung & J. W. So. (2018). Security of Password Vaults of Password Managers. Korea Institute of Information Security & Cryptology, 28(5), 1047-1057. DOI : 10.13089/JKIISC.2018.28.5.1047
  4. J. H. Kim. (2013). Next Money Bitcoin-The emergence of digital currency to change the game. Seoul : Bookie.
  5. H. Y. Kim. (2018). Analysis of Security Threats and Countermeasures on Blockchain Platforms. Korean Institute of Information Technology, 16(5), 103-112. DOI : 10.14801/jkiit.2018.16.5.103
  6. W. Brecht. (2012). White-box cryptography: hiding keys in software. NAGRA Kudelski Group Switzerland.
  7. W. Michiels. (2010). Opportunities in white-box cryptography. IEEE Security & Privacy, 8(1), 64-67. DOI : 10.1109/MSP.2010.44
  8. H. J. Lee, D. H. Won & Y. S. Lee. (2019). Protection Technologies against Large-scale Computing Attacks in Blockchain. Korea Information Assurance Society, 19(2), 11-19. DOI : 10.33778/kcsa.2019.19.2.011
  9. M. S. Kim et al. (2016). Effective Vitalization Plan of Electronic Cash using Bitcoin. Jouranl of Information and Security, 16(4), 79-90. UCI : G704-001662.2016.16.4.008
  10. T. Bamert, C. Decker, R. Wattenhofer & S. Welten. (2014). Bluewallet: The secure bitcoin wallet. In International Workshop on Security and Trust Management, 65-80, Springer. DOI : 10.1007/978-3-319-11851-2_5
  11. M. Gentilal, P. Martins & L. Sousa. (2017). TrustZone-backed bitcoin wallet. In Proceedings of the Fourth Workshop on Cryptography and Security in Computing Systems, 25-28, ACM. DOI : 10.1145/3031836.3031841
  12. H. K. Kim. (2014). Bitcoin Regulation : Legal and Regulatory Issues of the Virtual Currency System. Korea Securities Law Association, 15(3), 377-431. DOI : 10.17785/kjsl.2014.15.3.377
  13. S. J. Park. (2018). A study on the compatibility of Korean financial system and blockchain. HUFS Law Research Institute, 42(4), 133-151. DOI : 10.17257/hufslr.2018.42.4.133