Browse > Article
http://dx.doi.org/10.13089/JKIISC.2019.29.5.1049

A Method of Digital Signature Using FIDO2 CTAP  

Cho, Han-koo (Korea University Graduate School of Information Security)
Lee, Kyung-ho (Korea University Graduate School of Information Security)
Abstract
The national accredited certificate is a user certificate issued based on the user's personal information, which has been identified in advance, and has become a universal authentication method used for most electronic financial transactions and user authentication. And it contributed a lot to the use of e-government and domestic service. However, due to the lack of web standards on how to use, it was inconvenient to install a separate plug-in, and efforts to improve it have been continued. In this paper, we attempt to solve the problem of certificate usage environment by presenting the certificate digital signature method using the extension of the FIDO2 (Fast Identity Online v2) client to authentication protocol (CTAP) specification.
Keywords
FIDO2; CTAP; WebAuthn; Certificate; ActiveX; Plug-in;
Citations & Related Records
Times Cited By KSCI : 4  (Citation Analysis)
연도 인용수 순위
1 ITU-T, "Universal authentication framework," X.1277(11/2018) , SERIES X: DATA NETWORKS, OPEN SYSTEM COMMUNICATIONS AND SECURITY Cyberspace security - Identity management, Sep. 2018.
2 ITU-T, "Client to authenticator protocol/Universal 2-factor framework," X.1278(11/2018) , SERIES X: DATA NETWORKS, OPEN SYSTEM COMMUNICATIONS AND SECURITY Cyberspace security - Identity management, Sep. 2018.
3 Jang, S. S., "A Study on the Effect Fintech on the Information Security Industry," Internet & Security Focus, pp. 4-32, Mar. 2015.
4 Jae-Hun Song and In-Seok Kim, "A Study on the Utilization of Biometric Authentication for Digital Signature in Electronic Financial Transactions: Technological and Legal Aspect," The Journal of Society for e-Business Studies, 21(4), pp.41-53, Nov. 2016,   DOI
5 Korea Internet & Security Agency, "Implementation Guideline for Safe Usage of Accredited Certificate using bio information in Smart phone," KCAC.TG.IMP, Sep. 2016.
6 Byoungcheon Lee, "Certified Key Management in Multi K-FIDO Device Environment," Journal of the Korea Institute of Information Security and Cryptology, 30 Apr. 2017.
7 Daehak Kim, "On the application of authorized certificate for cryptology," Journal of the Korean Data And Information Science Society 28(1), pp. 163-171, Jan. 2017.   DOI
8 FIDO Alliance, "FIDO Security Reference," https://fidoalliance.org/specs/fido-u2f-v1.0-ps-20141009/fido-security-ref-ps-20141009.html, Oct. 2014.
9 Electronics and Telecommunications Research Institute, "User Authentication Method and Apparatus Using Digital Certificate on FIDO 2.0 Method Thereof," Mar. 2018.
10 Kyung-Hye Park, "A Study of the scenario for improvement of NPKI system," Journal of Digital Convergence, pp. 59-71, Nov. 2010.
11 Jeong Gi Seog, "A Study on Measures for Improving Obligatory Use of Digital Certificate for Eletronic Financial Transactions," Journal of Digital Convergence, pp. 25-33, Dec. 2013.
12 W3C, "Web Authentication: An API for accessing Public Key Credentials Level 1," https://www.w3.org/TR/webauthn/, W3C Recommendation, Mar. 2019.
13 Anna Angelogianni, "ANALYSIS AND IMPLEMENTATION OF THE FIDO PROTOCOL IN A TRUSTED ENVIRONMENT," M.Sc. Digital Systems Security, pp. 9-43, Jun. 2018
14 Chae, Cheol Joo, "Authentication Method using Multiple Biometric Information in FIDO Environment," Journal of Digital Convergence, pp. 159-164, Jan. 2018.
15 FIDO alliance, "FIDO UAF Protocol Specification v1.0," https://fidoalliance.org/specs/fido-uaf-v1.0-ps-20141208/fido-uaf-protocol-v1.0-ps-20141208.html, Dec. 2014.
16 Kim-jun Woo, "Study on The Prevention of User Authentication Information Reuse : Focusing on Electronic-Signature," Jan. 2019.
17 FIDO alliance, "Universal 2nd Factor (U2F) Overview," https://fidoalliance.org/specs/fido-u2f -v1.2-ps-20170411/fido-u2f-overview-v1.2-ps-20170411.html , Apr. 2017.
18 Seongjin Lee, Donghyun Choi, Dongho Won, Seungjoo Kim, "International PKI Construction Status Analysis," Korea Institute Of Information Security And Cryptology, pp. 2-14, Dec. 2007.
19 IEEE, "An overview of PKI trust models," IEEE Network Network, IEEE. vol. 13, no. 6, pp. 38-43 Jan, 1999.   DOI
20 Jae Jung Kim, Seng Phil Hong, "Design of a Secure Biometric Authentication Framework Using PKI and FIDO in Fintech Environments," International Journal of Security and Its Applications, vol. 10 no.12, pp. 69-80, Nov. 2016   DOI
21 National Information Society Agency, "NATIONAL INFORMATIZATION WHITE PAPER," ISBN : 978-89-8483-363-0, pp. 4-10, Nov. 2018.
22 IETF, "The Transport Layer Security (TLS) Protocol Version 1.3," Request for Comments: 8446, Aug. 2018.
23 S. Durce et al., "S/MIME Version 2 Merwge Specikalion.," Request for Comments: 231, Mar. 1998.
24 FIDO alliance, "FIDO2.0 : Key Attestation Format," https://fidoalliance.org/specs/fido-v2.0-ps-20150904/fido-key-attestation-v2.0-ps-20150904.html, FIDO Alliance Proposed Standard, Apr. 2015.
25 IETF, "Internet X.509 Public Key Infrastructure Certificate Management Protocol (CMP)," Request for Comments: 4210, Sep. 2005.
26 IETF, "Internet X.509 Public Key Infrastructure Certificate Request Message Format (CRMF)," Request for Comments: 4211, Sep. 2005.
27 Korea Internet & Security Agency, "Introduntion of Accredited Certification Service," https://www.rootca.or.kr/kor/accredited/accredited03_05.jsp, Aug. 2019.
28 Mike Bergman et al., "Device Class Definition for Human Interface Devices (HID)," USB Implementers' Forum, Firmware Specification-6/27/01, Version 1.11, Jun. 2000.
29 IETF, "Concise Binary Object Representation (CBOR)," Request for Comments: 7049, Oct. 2013.
30 Hong Gi Kim and Im Yeong Lee, "A Study on One-Time Password Authentication Scheme in Mobile Environment," Journal of Korea Multimedia Society, 14(6), pp. 785-793, Jun. 2011.   DOI
31 RSA Data Security Inc., "PKCS #5: Password-Based Cryptography Specification Version 2.0," Request for Comments: 5652, Sep. 2010.
32 RSA Data Security Inc., "PKCS #11 v2.11 : Cryptographic Token Interface Standard.," Nov. 2001.
33 Burton S. Kaliski Jr., "A Layman's Guide to a Subset of ASN.1, BER, and DER," An RSA Laboratories Technical Note, Nov. 1993.
34 Moonseog Seo et al., "On the Standard Mechanism for Non-repudiation Services," Information and Communications Univ, Dec. 2010.
35 RSA Data Security Inc., "Cryptographic Message Syntax (CMS)," Request for Comments: 5652, pp. 6-17, Sep. 2009.
36 IETF, "Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile," Request for Comments: 5280, May. 2008.
37 FIDO alliance, "Specifications Overviews," https://fidoalliance.org/specifications/, Aug. 2019.