• Title/Summary/Keyword: 공개키 기반 인증

Search Result 390, Processing Time 0.026 seconds

Analysis of "Chain of Trust" mechanism for DNSSEC (DNSSEC의 "Chain of Trust" 메카니즘에 대한 분석)

  • Kim, Hak-Joo;Yoon, Min-Woo;Lim, Hyung-Jin;Song, Kwan-Ho;Chung, Tai-Myung
    • Proceedings of the Korea Information Processing Society Conference
    • /
    • 2003.11c
    • /
    • pp.1803-1806
    • /
    • 2003
  • 인터넷의 기반이라 할 수 있는 DNS에 대한 보안 필요성이 대두되면서 DNSSEC(DNS Security)이 연구되고 있다. 이는 공개키 기반의 암호화 알고리즘을 기반으로 신뢰사슬(Chain of Trust) 메카니즘을 이용하여 DNS의 근본적인 취약점인 근원지 인증과 무결성 문제점을 해결한다. DNSSEC의 핵심이라 할 수 있는 신뢰사슬 메카니즘은 시스템의 과부하(Overhead)의 감소를 목표로 하여 여러차례 개선이 이루어지고 있다. 본 논문에서는 DNSSEC의 기본 개념 및 신뢰사슬 메카니즘을 샅펴보며 앞으로 어떤 방향으로 개발이 지속될 것인지에 대해 분석한다.

  • PDF

Design and Implementation of a Secure E-Document Transmission System based Certificate for CEDA (Certified E-Document Authority) (공인전자문서보관소를 위한 인증서 기반의 안전한 전자문서 전송시스템 설계 및 구현)

  • Kim, Dae-Jung;Kim, Jung-Jae;Lee, Seung-Min;Jun, Moon-Seog
    • Journal of the Korea Academia-Industrial cooperation Society
    • /
    • v.9 no.2
    • /
    • pp.370-378
    • /
    • 2008
  • The CEDA(Certified E-Document Authority) is a reliable third party that deposit electronic document having legal effects securely, and verify contents of document or transmission. This paper focuses on a function of secure transmission among several important functions, and implements public key encryption system for secure transmission when server and user communicate for image transmission. This paper follows a standard fundamental rule of X.509 in ITU-T, and it uses symmetric encryption algorithm to raise speed of a large data operation. A key of symmetric encryption algorithm is encrypted by private key in public key system, it protects to be modified using digital signature for data integrity. Also it uses certificates for mutual authentication.

OpenID Based User Authentication Scheme for Multi-clouds Environment (멀티 클라우드 환경을 위한 OpenID 기반의 사용자 인증 기법)

  • Wi, Yukyeong;Kwak, Jin
    • Journal of Digital Convergence
    • /
    • v.11 no.7
    • /
    • pp.215-223
    • /
    • 2013
  • As cloud computing is activated, a variety of cloud services are being distributed. However, to use each different cloud service, you must perform a individual user authentication process to service. Therefore, not only the procedure is cumbersome but also due to repeated authentication process performance, it can cause password exposure or database overload that needs to have user's authentication information each cloud server. Moreover, there is high probability of security problem that being occurred by phishing attacks that result from different authentication schemes and input scheme for each service. Thus, when you want to use a variety of cloud service, we proposed OpenID based user authentication scheme that can be applied to a multi-cloud environment by the trusted user's verify ID provider.

A Study on supporting secure Web Service that based PKI (PKI 기반 보안 웹 서비스 제공 방안에 관한 연구)

  • Kim, Duck-Ki;Kim, Jong-Hak;Mun, Young-Sung
    • Proceedings of the Korea Information Processing Society Conference
    • /
    • 2003.11c
    • /
    • pp.1897-1900
    • /
    • 2003
  • 정보통신기술의 발전과 정보화의 진전을 통한 PC 및 인터넷의 보급은 시간과 공간적인 제약을 최소화하여 기존 산업 분야에 많은 영향을 끼치고 있다. 특히, 웹을 활용한 전자상거래 운용 및 기업체의 지점 또는 분점과 같이 여러 기관으로 구성되어 있는 환경에서는 많은 기업 운영정보들을 관리하기 위하여 웹사이트나 웹 기반의 어플리케이션을 활용하고 있다. 그러나 자료 접근의 용이성을 강조하는 웹 서비스의 특성상 보안상의 취약성을 내제하고 있다. 이러한 문제를 해결하기 위한 기존의 방식들은 사용자 인증을 위한 공개키구조(PKI)기반 구조와 안전한 트렌젝션 처리를 위한 SSL을 이용하여 웹 서비스 보안에 사용하고 있다. 그러나 SSL을 이용한 웹 서비스 보안은 사용자 요구 트렌젝션 증가에 비례하여 웹 서버에게 과도한 부하를 초래한다. 이러한 문제점 해결을 위하여 본 연구에서는 웹 서비스에서 PKI의 인증 및 SSL설정 단계와 시간을 단축을 위한 PKI의 RA와 SSL의 SSL 가속기가 통합된 시스템을 제안한다.

  • PDF

A Study on Attack Detection Technique based on n-hop Node Certification in Wireless Ad Hoc Network (Wireless Ad Hoc Network에서 n-hop 노드 인증 기반 공격 탐지 기법에 관한 연구)

  • Yang, Hwan Seok
    • Convergence Security Journal
    • /
    • v.14 no.4
    • /
    • pp.3-8
    • /
    • 2014
  • Wireless Ad hoc Network is threatened from many types of attacks because of its open structure, dynamic topology and the absence of infrastructure. Attacks by malicious nodes inside the network destroy communication path and discard packet. The damage is quite large and detecting attacks are difficult. In this paper, we proposed attack detection technique using secure authentication infrastructure for efficient detection and prevention of internal attack nodes. Cluster structure is used in the proposed method so that each nodes act as a certificate authority and the public key is issued in cluster head through trust evaluation of nodes. Symmetric Key is shared for integrity of data between the nodes and the structure which adds authentication message to the RREQ packet is used. ns-2 simulator is used to evaluate performance of proposed method and excellent performance can be performed through the experiment.

Self Generable Conditionally Anonymous Authentication System for VANET (VANET를 위한 차량자체생성 조건부익명 인증시스템)

  • Kim, Sang-Jin;Lim, Ji-Hwan;Oh, Hee-Kuck
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.19 no.4
    • /
    • pp.105-114
    • /
    • 2009
  • Messages exchanged among vehicles must be authenticated in order to provide collision avoidance and cooperative driving services in VANET. However, digitally signing the messages can violate the privacy of users. Therefore, we require authentication systems that can provide conditional anonymity. Recently, Zhang et al. proposed conditionally anonymous authentication system for VANET using tamper-resistant hardware. In their system, vehicles can generate identity-based public keys by themselves and use them to sign messages. Moreover, they use batch verification to effectively verify signed messages. In this paper, we provide amelioration to Zhang et al.'s system in the following respects. First, we use a more efficient probabilistic signature scheme. Second, unlike Zhang et al., we use a security proven batch verification scheme. We also provide effective solutions for key revocation and anonymity revocation problems.

A Study on Efficient Distributed Data Processing POS System of PKI Based (PKI 기반의 효율적인 분산처리 Point of sales 시스템에 관한 연구)

  • Park Gil-Cheol;Kim Seok-Soo;Kang Min-Gyun
    • The Journal of the Korea Contents Association
    • /
    • v.5 no.5
    • /
    • pp.43-50
    • /
    • 2005
  • POS system that become that is supply net administration and computerization fetters of customer management that become point in istribution network constructed database and use XML-Encryption that is certificate techniques of PKI and standard of security for security that is XML's shortcoming and design distributed processing POS system using XML for data integration by introduction of Ubiquitous concept. This POS system has four advantages. First, Because there is no server, need not to attempt authentication and data transmission every time. Second, can integrate data base by XML and improve portability of program itself. Third, XML data in data transmission because transmit data after encryption data safe .Fourth, After encode whenever process data for data breakup anger of POS system client program and elevation of the processing speed, transmit at because gathering data at data transmission.

  • PDF

The Design of Electronic Payment Protocol Using Dual Signature based on Cardholder's Secret Number (카드사용자의 비밀번호 기반 이중서명을 이용한 전자 지불 프로토콜의 설계)

  • 김성열;이옥빈;배용근
    • Journal of the Korea Institute of Information and Communication Engineering
    • /
    • v.3 no.2
    • /
    • pp.411-420
    • /
    • 1999
  • The topic of electronic commerce is a hot issue in computer technology. There are many kinds of risks associated with electronic commerce which performs financial transactions by exchanging electronic information over public networks. Therefore, security factors such as confidentiality, integrity, authentication and non-repudiation should be required to construct secure electronic commerce systems. In this paper, the credit card-based payment protocol applying dual signature is presented. It provides payment information to the bank a cardholder pays to, but conceals ordering information. It also offers ordering information to a merchant, but hides payment information including the card number. Thus, cardholder's private information can be protected. In order to accomplish this, dual signature is performed employing both symmetric method utilizing cardholder's secret number as an encryption key and asymmetric method.

  • PDF

Electronic Payment Protocol using GDHP Blind Signature Scheme (GDHP 은닉서명기법을 이용한 전자지불 프로토콜)

  • Lee, Hyun-Ju;Rhee, Chung-Sei
    • The Journal of the Korea Contents Association
    • /
    • v.6 no.12
    • /
    • pp.12-20
    • /
    • 2006
  • In this paper, we propose electronic payment protocol using GDHP blind signature scheme to activate e-business in the wire/wireless integrated environment. The protocol applied elliptic curve algorithm on the GDHP base and improved the efficiency of the existing blind signature technique on the basis of communication frequency and calculation number. And the protocol accelerated speed and strengthened safety against man-in-the-middle attacks and forward secrecy because the certification between individuals is performed by the session key created by Weil paring using elliptic curve cryptosystem in the limited entity $F_q$ instead of the certification used in the existing PayWord protocol.

  • PDF

타임스탬프 서비스 동향 분석

  • 홍기융
    • Review of KIISC
    • /
    • v.10 no.4
    • /
    • pp.23-32
    • /
    • 2000
  • 본 논문에서는 전자서명법 제20조에서 명문화된 시점확인서비스(타임스탬프)에 대한 동향을 분석하였다. 현재 타임스탬프 서비스는 IETF PKIX에서 1997년 처음 인터넷 드래프트가 발표된 이후 RFC로 표준화가 추진 중이며 ISO/IEC JTC1/SC27에서도 표준화가 추진 중이다. 공개키기반구조의 필수적 요소로서 전자서명 인증 서비스와 함께 구현이 필요한 타임스탬프 서비스에 대한 표준화 동향 및 타임스탬프 서비스 프로토콜에 대한 분석과 국외 서비스 업체의 서비스 제공 현황을 분석하여 타임스탬프 응용 서비스 개발에 활용할 수 있도록 작성하였다.

  • PDF