Browse > Article
http://dx.doi.org/10.14400/JDC.2017.15.8.183

A Methodology for the Improvement of Accredited Digital Certificate Integrating FIDO Biometric Technology and TrustZone  

Cho, Hwa-Gun (Information Security Group, Korea Financial Telecommunications & Clearings Institute)
Yang, Hae-Sool (Graduate School of Venture, Hoseo University)
Publication Information
Journal of Digital Convergence / v.15, no.8, 2017 , pp. 183-193 More about this Journal
Abstract
Digital accredited certificates issued under the Digital Signature Act provide essential functionalities for online service, so certificates are used for various services such as online banking, e-government. However, certificates can be stolen by hackers and users need to install separate software to use certificates. Recently FIDO, which aims to solve the problems of password-based authentication and the lack of interoperability between authentication methods, is used for biometric authentication and TrustZone, hardware-based secure environment, is used for safe smartphone usage. In this paper, the new service method is suggested which uses FIDO-based biometric authentication and stores certificates in TrustZone. This method can not only improve security and convenience but also be easily applied to the service because it uses built-in functionalities of new smartphones such as biometric sensors and TrustZone. It is expected that people can use certificates in a safe and convenient way with this method.
Keywords
Accredited Digital Certificate; FIDO; Biometric Technology; TrustZone; Mobile Security;
Citations & Related Records
Times Cited By KSCI : 6  (Citation Analysis)
연도 인용수 순위
1 RSA Laboratories, "PKCS #1 v2.2: RSA Cryptography Standard", 2012.
2 National Law Information Center, "Digital Signature Act", http://www.law.go.kr (June, 2017)
3 Kyung-Hye Park, "A study of the scenario for improvement of NPKI system", Journal of Digital Convergence, Vol. 8, No. 4, pp. 59-71, 2010.
4 Korea Internet & Security Agency, "Digital Signature Certificate Profile", 2009.
5 Korea Internet & Security Agency, "Accredited Digital Signature Certificate Revocation List Profile", 2009.
6 Han-Wook Lee, "Current Status and Future Prospects of FIDO Authentication Technology", KFTC Payments Trends, Vol. 261, 2016.
7 Jae Jung Kim and Seung Phil Hong, "Design of a Secure Biometric Authentication Framework Using PKI and FIDO in Fintech Environments", International Journal of Security and Its Applications, Vol. 10, No. 12, pp. 69-80, 2016.
8 Hyun-Joong Kim, Byung-Rae Cha and Sung-Bum Pan, "Technology Trends, Research and Design of AIM Framework for Authentication Information Management", Journal of Digital Convergence, Vol. 14, No. 7, pp. 373-383, 2016.   DOI
9 FIDO Alliance, http://fidoalliance.org (June, 2017)
10 Young-Joon, Choi, "Digital Certificates Usage and Technology Trends in Smartphone", KFTC Payment Systems and Information Technology, Vol. 56, 2014.
11 Hwi-Min Choi, Chang-Bok Jang and Joo-Man Kim, "Efficient Security Method Using Mobile Virtualization Technology And Trustzone of ARM", Journal of Digital Convergence, Vol. 12, No. 10, pp. 299-308, 2014.   DOI
12 GlobalPlatform, "Trusted Execution Environment(TEE) Guide", https://globalplatform.org/mediaguidetee.asp (June, 2017)
13 ARM Ltd., https://www.arm.com/products/security-on-arm/trustzone (June, 2017)
14 Jeong Nyeo Kim, "Security Core Technology Implementation for Hardware-based Smart Devices", Journal of Digital Convergence, Vol. 14, No. 11, pp. 501-505, 2016.   DOI
15 Keyong-Seog Song, "A Study on the Risk Management of e-Finance by Active Internet", Journal of Digital Convergence, Vol. 8, No. 2, pp. 189-202, 2010.
16 Financial Services Commision, "Electronic Financial Fraud Prevention Service Press Release", 2013.
17 Sunghyun Yun, "The Biometric Signature Delegation Method with Undeniable Property", Journal of Digital Convergence, Vol. 12, No. 1, pp. 389-395, 2014.   DOI
18 Korea Internet & Security Agency, "User Interface Specification for the Interoperability between Accredited Certificate Authorities", 2015.
19 Korea Internet & Security Agency, "Certificate Management in Mobile Device", 2015.
20 Hyeon-Joon Moon, Min-Hyung Lee and Kang-Hun Jeong, "Authentication Performance Optimization for Smart-phone based Multimodal Biometrics", Journal of Digital Convergence, Vol. 13, No. 6, pp. 151-156, 2015.   DOI
21 Korea Internet & Security Agency, "Implementation Guideline for Safe Usage of Accredited Certificate using bio information in Smart phone", 2016.