Browse > Article
http://dx.doi.org/10.6109/jkiice.2017.21.7.1411

A Comparative Analysis of PKI Authentication and FIDO Authentication  

Park, Seungchul (School of Computer Science and Engineering, Korea University of Technology and Education)
Publication Information
Journal of the Korea Institute of Information and Communication Engineering / v.21, no.7, 2017 , pp. 1411-1419 More about this Journal
Abstract
The two factor authentication capability, private key possession and key protection password knowledge, and the strong public key cryptography protocol of PKI authentication have largely contributed to the rapid construction of Internet transaction trusted infrastructure. The reusability of a certificate-based identity for every PKI site was another contribution factor of the spread of PKI authentication. Nevertheless, the PKI authentication has been criticised mainly for the cost of PKI construction, inconvenience of individual certificate management, and difficulties of password management. Recently FIDO authentication has received high attention as an alternative of the PKI authentication. The FIDO authentication is also based on the public key cryptography which provides strong authentication services, but it does not require individual certificate issuance and provides user-friendly and secure authentication services by integrating biometric technologies. The purpose of this paper is to concretely compare the PKI-authentication and FIDO-authentication and, based on the analysis result, to propose their corresponding applications.
Keywords
PKI; FIDO; authentication; certificate;
Citations & Related Records
Times Cited By KSCI : 1  (Citation Analysis)
연도 인용수 순위
1 S. W. Chai, K. S. Min, and J. H. Lee, "A Study of Issues about Accredited Certification Methods in Korea," International Journal of Security and Its Applications, vol. 9, no. 3, pp. 77-84, March 2015.   DOI
2 FIDO Alliance, Specifications Overview [Internet]. Avaliable : https://fidoalliance.org.
3 RFC 5246, The Transport Layer Security(TLS) Protocol Version 1.2, IETF, Aug. 2008.
4 Korea Internet & Security Agency. 2016 National Information Security White Paper[Internet]. Avaliable : http://isis.kisa.or.kr/ebook/download_pdf/.
5 FIPS PUB 201-2, Personal Identity of Verification(PIV) of Federal Employees and Contractors, National Institute of Standards and Technology, August 2013.
6 FSA 2010-001, A Management Guide for Financial Part Encryption Technologies, Financial Security Agency, Jan. 2010.
7 Y. K. Song, "Lessons of Public Certificate-related Debates and A Policy-direction Proposal for Future Digital Transactions," KDI FOCUS, No. 51, pp. 1-8, March 2015.
8 J. H. Lee, "Usability of Accredited Certificate and Its Problems in Smart Environments," Internet & Security Focus, pp. 23-53, March 2013.
9 H. S. Kim, J. H. Huh, and R. Anderson, "On the Security of Internet Banking in South Korea," Oxford Univ. Computing Laboratory, Technical Report CS-RR-10-01, Oct. 2010.
10 S. C. Park, "A Comparative Analysis of NPKI and SSL/PLS for Secure Internet Transactions," Journal of the Korea Institute of Information and Communication Engineering, vol 20, no. 2, pp. 289-298, Feb. 2016.   DOI
11 KISA, "Research on the Actual Condition of Electronic Signature System Usage," Technical Report KISA-WP- 2015-0032, Dec. 2015.
12 A. Hiltgen, T. Kramp, and T. Weigold, "Secure Internet Banking Authentication," IEEE Security & Privacy, pp. 21-29, March/April 2006.
13 FIDO Alliance, Universal 2nd Factor(U2F) Overview [Internet]. Avaliable : https://fidoalliance.org.
14 FIDO Alliance, FIDO UAF Architectural Overview [Internet]. Avaliable : https://fidoalliance.org.
15 FIDO Alliance, Response to NIST RFI on the Framework for Improving Critical Infrastructure Cybersecurity [Internet]. Avaliable : http://csrc.nist.gov/cyberframework/rfi_comments_02_2016/.
16 Korea JoongAng Daily, Hana to Use Biometrics to Make Internet Banking Safer[Internet]. Avaliable : http://koreajoongangdaily.joins.com/news/article/.
17 RFC 5280, Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile, IETF, May 2008.
18 Y. J. Maeng, D. O. Shin, S. H. Kim, D. H. Nyang, and M. K. Lee, "A Vulnerability Analysis of MITB in Online Banking Transactions in Korea," Internet and Information Security, vol 1, no. 2, pp. 101-118, Nov. 2010.