Browse > Article
http://dx.doi.org/10.33778/kcsa.2019.19.4.043

Design of Military Information System User Authentication System Using FIDO 2.0-based Web Browser Secure Storage  

Park, Jaeyeon (세종대학교 컴퓨터공학과)
Lee, Jaeyoung ((주)아이리플)
Lee, Hyoungseok ((주)아이리플)
Kang, Jiwon (세종대학교 정보보호학과)
Kwon, Hyukjin (국방부)
Shin, Dongil (세종대학교 컴퓨터공학과)
Shin, Dongkyoo (세종대학교 컴퓨터공학과)
Publication Information
Convergence Security Journal / v.19, no.4, 2019 , pp. 43-53 More about this Journal
Abstract
Recently, a number of military intranet infiltrations suspected of North Korea have been discovered. There was a problem that a vulnerability could occur due to the modification of user authentication data that can access existing military information systems. In this paper, we applied mutual verification technique and API (Application Programming Interface) forgery / forgery blocking and obfuscation to solve the authentication weakness in web browsers that comply with FIDO (Fast IDentity Online) standard. In addition, user convenience is improved by implementing No-Plugin that does not require separate program installation. Performance tests show that most browsers perform about 0.1ms based on the RSA key generation rate. In addition, it proved that it can be used for commercialization by showing performance of less than 0.1 second even in the digital signature verification speed of the server. The service is expected to be useful for improving military information system security as an alternative to browser authentication by building a web secure storage.
Keywords
Authentication; Secure Storage; Military; FIDO 2.0;
Citations & Related Records
Times Cited By KSCI : 2  (Citation Analysis)
연도 인용수 순위
1 국방일보, 국방부, "국방망 해킹, 北해커조직 추정세력 소행", 2017.
2 중앙일보, "군 작전 정보체계도 바이러스 감염...핵심 군사기밀 북한에 유출됐는데도 여전히 허술한 군 보안", 2017.
3 김두한, "군보안상 해킹대응방안에 관한 연구", 융합보안논문지, 17.5호, pp.133-142, 2017.
4 Halpin, Harry. "The W3C web cryptography API: motivation and overview." Proceedings of the 23rd International Conference on World Wide Web. ACM, 2014.
5 M. Jemel and A. Serhrouchni, "Security assurance of local data stored by HTML5 web application," in 2014 10th International Conference on Information Assurance and Security, 2014.
6 Hwa-Gun. Cho, and Hae-Sool. Yang, "FIDO 생체 기술과 안전영역을 연계한 공인인증서 효율화 방법," 디지털융복합연구, vol. 15, no. 8, pp. 183-193, Aug. 2017.   DOI
7 Ryan Sleevi and Mark Watson. 2014. Web cryptography API.W3C candidaterecommendation, W3C, Dec(2014).
8 Cairns, Kelsey, Harry Halpin, and Graham Steel. "Security analysis of the W3C web cryptography API." International Conference on Research in Security Standardisation. Springer, Cham, 2016.
9 우희철, 김용훈, 정석균. "미래 정보전에 대비한 육군전술지휘정보체계 (C4I) 정보보호대책 연구." 디지털융복합연구, 제10권, 제9호, pp. 1-13, 2012.   DOI
10 Datanet.co.kr, "PKI는 공인인증서가 아니다." 2016.
11 B. Kaliski, "Public-Key Cryptography Standards (PKCS) #8: Private-Key Information Syntax Specification Version 1.2," RFC Editor, May 2008.
12 B. Kaliski, "PKCS #7: Cryptographic Message Syntax Version 1.5," RFC Editor, Mar. 1998.
13 M. Nystrom, S. Parkinson, A. Rusch, and M. Scott, "PKCS #12: Personal Information Exchange Syntax v1.1," RFC Editor, Jul. 2014.
14 R. Housley, "Cryptographic Message Syntax," RFC Editor, Jun. 1999.
15 R. Housley, "Cryptographic Message Syntax (CMS) Authenticated-Enveloped-Data Content Type," RFC Editor, Nov. 2007.
16 B. Kaliski, "PKCS #5: Password-Based Cryptography Specification Version 2.0," RFC Editor, Sep. 2000.
17 Kimak, Stefan, Jeremy Ellman, and Christopher Laing. "Some potential issues with the security of HTML5 indexedDB." (2014): 2-2.
18 Kimak, Stefan, and Jeremy Ellman. "HTML5 IndexedDB Encryption: Prevention against Potential Attacks." International Journal of Intelligent Computing Research 6.4 (2015):621-630.   DOI