Browse > Article
http://dx.doi.org/10.15207/JKCS.2020.11.5.019

A study on the FIDO authentication system using OpenSource  

Lee, Hyun-Jo (Dept. of Computer Engineering, Jeonbuk National University)
Cho, Han-Jin (Dept. of Energy IT, Far East University)
Kim, Yong-Ki (Dept. of IT Convergence System Engineering, VISION College of JeonJu)
Chae, Cheol-Joo (Dept. of General Education, Korea National College of Agriculture and Fisheries)
Publication Information
Journal of the Korea Convergence Society / v.11, no.5, 2020 , pp. 19-25 More about this Journal
Abstract
As the number of mobile device users increases, research on various user authentication methods has been actively conducted to protect sensitive personal information. Knowledge-based techniques have the disadvantage that security is deteriorated due to easy exposure of authentication means, and proprietary-based techniques have a problem of increasing construction cost and low user convenience to use the service. In order to solve this problem, a FIDO authentication system, which is a user authentication method using a smart device, has been proposed. Since the FIDO authentication system performs authentication based on the biometric information of the user, the risk of the authentication means being leaked is low, and since the authentication information is stored in the user's smart device, the user information due to server hacking is solved. Through this, it is possible to select and utilize user authentication technology suitable for the security level of the service. In this paper, we introduce the FIDO authentication system, explain the main parts required for FIDO UAF client-server development, and show examples of implementation using UAF open source provided by ebay.
Keywords
FIDO; OpenSource; ebay FIDO; Authentication; Security;
Citations & Related Records
Times Cited By KSCI : 8  (Citation Analysis)
연도 인용수 순위
1 T. H. Park, G. R. Lee & H. W. Kim. (2017). Survey and Prospective on Privacy Protection Methods on Cloud Platform Environment. Journal of the Korea Institute of Information Security and Cryptology, 27(5), 1149-1155.   DOI
2 T. Y. Kim, H. J. Jun & T. S. Kim. (2018). An Analysis on Intention to Use Information Service for Personal Information Breach. Journal of the Korea Institute of Information Security and Cryptology, 28(1), 199-213.   DOI
3 S. J. Kim & S. S. Yeo. (2013). A Study on Secure Data Access Control in Mobile Cloud Environment. Journal of Digital Convergence, 11(2), 317-322.   DOI
4 H. T. Chae & S. J. Lee. (2014). Security Policy Proposals through PC Security Solution Log Analysis (Prevention Leakage of Personal Information). Journal of the Korea Institute of Information Security & Cryptology, 24(5), 961-968.   DOI
5 S. Yun. (2017). The Biometric Authentication Scheme Capable of Multilevel Security Control. Journal of the Korea Convergence Society, 8(2), 9-14.   DOI
6 S. Khandelwal. (2016). QRLJacking-Hacking Technique to Hijack QR Code Based Quick Login System, The Hacker New(Online). https://thehackernews.com/2016/07/qrljacking-hackingqr-code.html
7 FIDO Alliance. (2016). FIDO UAF Application API and Transport Binding Specification v1.0, https://fidoalliance.org/specs/fido-uaf-v1.0-ps-20141208/fido-uaf-client-api-transport-v1.0-ps-20141208.html
8 J. H. Jeon. (2016). A Study on Security Risk according to the activation of Bio-Authentication Technology. Convergence security journal, 16(5), 57-63.
9 https://fidoalliance.org/
10 J. Kim. (2015). Study on the password-free certification system using the FIDO (Fast IDentity Online). Communications of the Korea Information Science Society, KIISE, 33(5) .
11 npesic et al. (2016). UAF - Universal Authentication Framework. https://github.com/eBay/UAF
12 JSON, http://www.json.org/
13 FIDO Alliance. (2016). FIDO UAF Architectural Overview. https://fidoalliance.org/specs/fido-uaf-v1.0-ps-20141208/fido-uaf-overview-v1.0-ps-20141208.html
14 FIDO Alliance. (2016). FIDO UAF Protocol Specification v1.0. https://fidoalliance.org/specs/fido-uaf-v1.0-ps-20141208/fido-uaf-protocol-v1.0-ps-20141208.html
15 FIDO appID and facet specification. https://fidoalliance.org/specs/fido-uaf-v1.0-ps-20141208/fido-appid-and-facets-v1.0-ps-20141208.html
16 RFC 7515 - JSON Web Signature, https://tools.ietf.org/html/rfc7515