Browse > Article
http://dx.doi.org/10.14400/JDC.2016.14.9.287

A proposal of assurance model based on i-PIN assurance level  

Youm, Heung-Youl (Department of Information Security Engineering, SoonChunHyang Univ.)
Publication Information
Journal of Digital Convergence / v.14, no.9, 2016 , pp. 287-299 More about this Journal
Abstract
The electronic transactions over the Internet are growing across the world recently. There have been a lot of identity theft incidents during these online transactions nowaday. Therefore, a high level of identity proofing shall be carried out when using online services to deal with these matter. To prevent this kind of incident, i-PIN was introduced in Korea, which is used as an Internet Personal Identification Number. The i-PIN is designated to provide an online identification of the Internet users. As such, the unique identification numbers are provided to the internet service providers. This paper is to analyze the capabilities that the i-PIN provides, to propose the assurance security model for i-PIN. Furthermore, the security analysis results are presented. The result of this paper can be applicable to improve the applicabilities of the i-PIN.
Keywords
i-PIN; assurance level; identity proofing; authentication; credential management;
Citations & Related Records
Times Cited By KSCI : 6  (Citation Analysis)
연도 인용수 순위
1 KCS.KO-12.0054, "Service model and functional capabilities of the internet-Personal Identification Number Service", Sep, 2012
2 "Recommendation ITU-T X.1252, Baseline identity management terms and definitions", April, 2010
3 KCS.KO-12.0054, "Service model and functional capabilities of the internet-Personal Identification Number Service", Sep, 2012
4 Soniya B. Milmile, Amol k. Boke, "Review Paper on real time password authentication system for ATM," IJAICT Volume 1, Issue 7, November 2014
5 NIST Announces the Release of Special Publication (SP) 800-63-2, Electronic Authentication Guideline September 4, 2013
6 OMB Memorandum M-04-04, E-Authentication Guidance for Federal agencies, December 16, 2003.
7 ITU-T X.1254 , Entity authentication assurance framework, September, 2012.
8 ISO/IEC 29115, Information technology -- Security techniques -- Entity authentication assurance framework, 2013.
9 KCS.KO-12.0170, Connecting Information for internet-Personal Identification Number Service, 2012
10 KCS.KO-12.0038, Duplicated Joining Verification Information for internet-Personal Identification Number Service, 2012
11 MOPAS, Alternative research on Social Security Number Usage by sector, SCH IACF, 2012.12.
12 K.H, PARK, "A study of the scenario for improvement of NPKI system" Vol.8, No.4, pp.59-71, Dec 2010
13 H.N. ZOO, "Data Protection and Privacy over the Internet: Towards Development of an International Standard", Vol.11, No.4, pp.57-69, Apr,2013
14 B.H. KIM, "Analysis of Standard Security Technology for Security of the Network", Vol.13, No.12, pp.193-202, Dec 2015   DOI
15 S.B. KIM, "A study on the Efficient e-Commerce Policies under the Smart Phone Environment", Vol.10, No.1, pp.125-133, Feb 2012   DOI
16 Y.S, Choo, "Design The User Authentication Frame work Using u-helath System", Vol.13, No.5, pp.219-226, May 2015
17 Keun-Ho Lee, "Analysis of Threats Factor in IT Convergence Security", Journal of the Korea Convergence Society, Vol. 1, No. 1, pp. 49-55, 2010.
18 Jun-Young Go, Keun-Ho Lee, "SNS disclosure of personal information in M2M environment threats and countermeasures", Journal of the Korea Convergence Society, Vol. 5, No. 1, pp. 29-34, 2014.   DOI
19 KISA i-PIN, http://i-pin.kisa.or.kr/kor/main.jsp
20 Ministry of the Interior government personal identification number, http://www.g-pin.go.kr/
21 The Kyunghyang Shinmun, "750,000 illegal issuance of I-pin.... government apologies in 8 days," http://news.khan.co.kr/kh_news/khan_art_view.html?artid=201503100907371&code=940100, 2015.3.10.
22 Wikipedia, Keystroke logging, https://en.wikipedia.org/wiki/Keystroke_logging
23 MOPAS, "Countermeasures to prevent Illegal issuance of I-pin", http://www.korea.kr/policy/pressReleaseView.do?newsId=156042425&call_from=extlink 2015.3.25.
24 ISO/IEC CD 29003, Information technology -- Security techniques -- Identity proofing, 2016.4.
25 Recommendation ITU-T X.1250 (2009), Baseline capabilities for enhanced global identity management and interoperability, September, 2009.
26 Whatis.com, social engineering, http://searchsecurity.techtarget.com/definition/social-engineering
27 Cisco Phishing Overview, http://www.cisco.com/c/en/us/products/security/email-security-appliance/phishing_index.html
28 Wikipedia, Man-in-the-middle attack, https://en.wikipedia.org/wiki/Man-in-the-middle_attack
29 Juniper, IP Spoof Attack Prevention Overview, https://www.juniper.net/techpubs/en_US/idp5.0/topics/concept/intrusion-detection-prevention-ipspoof-attack-prevention-overview.html
30 ISO/IEC JTC 1/SC 27/WG 5 N235, Call for contributions to SC 27/WG 5 Study Period on entity authentication assurance framework (EAAF), 2015-11-12
31 H.Y. YOUM, "need to change Online idetity verification system," DigitalTimes, http://www.dt.co.kr/contents.html?article_no=2015101302102251607002, 2015.10.
32 Abbie Barbie, Heung Youl Youm, Proposal of NWI: X.1254rev Entity authentication assurance framework, ITU-T SG17 TD-2568 (Rev.1), 2016.03