• Review of Korean Society for Internet Information
• /
• v.19 no.1
• /
• pp.15-22
• /
• 2018

• Review of Korean Society for Internet Information
• /
• v.20 no.1
• /
• pp.23-29
• /
• 2019

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2022.05a
• /
• pp.620-623
• /
• 2022

최근 이메일 해킹사고의 유형을 살펴보면 사회공학적인 기법을 활용한 피싱메일 공격이 대다수를 차지하고 있는 상황이다. 그중 사용자의 패스워드를 빼내기 위한 공격메일이 기존 첨부파일에 악성코드를 삽입해서 보내지는 방식보다 월등히 높아졌다고 할 수 있다. 이는 공격자가 이메일 내용에 관심이 높아진 것으로 이메일은 사용자의 성향, 직업, 라이프스타일 파악뿐만 아니라 해커가 원하는 중요자료가 저장되어 있을 가능성이 매우 높으며 또 다른 공격대상자를 선정할 수 있는 좋은 창구가 될 수 있을 것이기 때문이다. 만일 피싱메일에 노출되어 패스워드가 해커의 손에 넘어 갔다면 많은 보안대책이 무용지물이 된다. 많은 보안 전문가들은 패스워드를 8자리 이상으로 하되 영문대·소문자와 숫자 그리고 특수문자를 포함하고, 사이트별 규칙성이 없이 모두 다르게 설정해야 하며, 정기적으로 바꿔야 한다고 조언한다. 이러한 조언은 패스워드를 크랙할 경우 안전할 수 있지만 요즘처럼 한 개인이 100여개 이상의 사이트에 대한 패스워드를 관리해야 한다면 현실적으로 불가능한 조언이 되고 말 것이다. 이러한 상황에 2017년 6월 미국 국립표준기술연구소(NIST)에서 '특별 간행 800-63-3: 디지털 인증 가이드라인'을 발표하게 된다. 내용은 그동안 보안전문가들이 권고했던 내용과는 많은 차이가 있다. 오히려 자주 바꾸는 것이 문제가 될 수 있다는 내용이다. 자세한 내용은 본 논문에서 살펴보도록 한다. 우리는 스마트폰 등을 사용함으로써 2-Factor인증에 활용하고 있다. 스마트폰 인증의 대표적인 방법은 지문·얼굴인식 등 생체인증 방식을 사용한다. 패스워드 없이도 편리하고 안전하게 인증을 할 수 있다는 점이 장점이다. 이러한 상황에 FIDO라는 인증 프레임워크가 인기를 얻고 있다. FIDO(Fast IDentity Online)는 비밀번호의 문제점을 해결하기 위한 목적으로 FIDO 얼라이언스에 의해 제안된 사용자 인증 프레임워크다. 향후 FIDO로의 대체가 패스워드 문제의 대안이 될 수 있을 것이다. 이제는 패스워드 대신 생체인증 체계로 대체할 수 있는 시대가 되었다고 할 수 있다. 본 논문에서는 패스워드의 문제점을 살펴보고 이를 대체할 수 있는 FIDO기반의 인증체계가 대안이 될 수 있는 근거를 제시하고자 한다.

• Smart Media Journal
• /
• v.9 no.1
• /
• pp.60-66
• /
• 2020

In this paper, the FIDO (Fast IDentity Online) transaction certification platform was proposed for applying the DID (Decentralized ID) of blockchain with home shopping channels to the IPTV service providers based on the Remocon (Remote Control). In this case, the DID based smart remocon applies biometric identification techniques for personal identification. These individual DID smart remote controls apply distributed ID blockchain, enabling home shopping viewers to conduct reliable ratings surveys through the detection of channel changed information. In addition, this smart remocon utilizes the product purchased information history on home shopping channels, allowing IPTV's home shopping viewers to compare the same broadcasted production information on all channels by blockchain technique and their production characteristics. IPTV service providers can process home shopping order/authorization informations in one-stop service via a number of home shopping broadcasting companies, and DID smart remote controls for home shopping viewers with the checking results of their real-time online access to confirm the FIDO2.0 transaction certification homepage. Thus, the FIDO transaction authentication platforms of IPTV service provider(Telecommunication company) can be expected to improve the benefits of home shopping customers, and to reduce the broadcasting companies' burden of payment, too.

• Smart Media Journal
• /
• v.7 no.1
• /
• pp.24-30
• /
• 2018

Acquisition of the FIDO authentication technology in pursuit of improved security function of the NFC-based 2 factor electronic payment system enabled GenoTech Ch., Ltd. to develop its new service, Gallery-Auction, demoed at Daegu Exhibition. The demonstration was followed by the improvement requests in banner creation & installation, changes in UI, changes in order of operation, etc, which were taken into account for the succeeding update. During the second demonstration held at 'Art: Gwangju: 17,' it analyzed and visualized the number of visitors per hour there.

• Smart Media Journal
• /
• v.6 no.3
• /
• pp.29-40
• /
• 2017

Lately weight for smartphone mounted to function for NFC is increasing, rapidly. Because of this, NFC related technology is made by many companies. We developed Gallery-Auction for security enhancements and new services of NFC-based 2 factor electronic payment system. Enhanced security features development of user authentication module through fingerprint recognition to apply FIDO authentication technology and developed electronic contract voice service of Gallery-Auction using TTS(Text to Speech). Therefore we enhanced convenient and simple authentication method and security through NFC mobile electronic payment.

• Journal of Digital Convergence
• /
• v.14 no.7
• /
• pp.373-383
• /
• 2016

With mobile-epoch and emerging of Fin-tech, Bio-recognition technology utilizing bio-information in secure method has spread. Specially, In order to change convenient payment services and transportation cards, the combination of biometrics and mobile services are being expanded. The basic concept of authentication such as access control, IA&A, OpenID, OAuth 1.0a, SSO, and Biometrics techniques are investigated, and the protocol stack for security API platform, FIDO, SCIM, OAuth 2.0, JSON Identity Suite, Keystone of OpenStack, Cloud-based SSO, and AIM Agent are described detailed in aspect of application of AIM. The authentication technology in domestic and foreign will accelerate technology development and research of standardization centered in the federated FIDO Universal Authentication Framework(UAF) and Universal 2 Factor Framework(U2F). To accommodate the changing needs of the social computing paradigm recently in this paper, the trends of various authentication technology, and design and function of AIM framework was defined.

• Convergence Security Journal
• /
• v.19 no.4
• /
• pp.43-53
• /
• 2019

Recently, a number of military intranet infiltrations suspected of North Korea have been discovered. There was a problem that a vulnerability could occur due to the modification of user authentication data that can access existing military information systems. In this paper, we applied mutual verification technique and API (Application Programming Interface) forgery / forgery blocking and obfuscation to solve the authentication weakness in web browsers that comply with FIDO (Fast IDentity Online) standard. In addition, user convenience is improved by implementing No-Plugin that does not require separate program installation. Performance tests show that most browsers perform about 0.1ms based on the RSA key generation rate. In addition, it proved that it can be used for commercialization by showing performance of less than 0.1 second even in the digital signature verification speed of the server. The service is expected to be useful for improving military information system security as an alternative to browser authentication by building a web secure storage.

• The Journal of Information Systems
• /
• v.27 no.2
• /
• pp.53-75
• /
• 2018

Purpose The purpose of this study is to provide implications by examining the factors affecting the consumers' innovation resistance and intention to use FIDO technology based on the innovation resistance model. In addition, we investigate the difference between FIDO group using biometric authentication technology and those using knowledge / possessive authentication technology. Design/methodology/approach This study investigated the factors influencing innovation resistance and intention to use based on the innovation resistance model. And the structural equation model was applied to analyze the effect of innovation resistance and intention to use. Findings According to empirical results, this study found that perceived relative advantage (+), perceived risk (+), perceived complexity (+), and existing product attitude(+) influenced innovation resistance, and perceived relative advantage (+), self efficacy(+), and innovation resistance(-) influenced intention to use. In addition, this study found that there is a significant difference between the group using the bio-based authentication technology and the group using the knowledge / possessive based authentication technology.

• Journal of Internet Computing and Services
• /
• v.20 no.6
• /
• pp.129-135
• /
• 2019

Recently, studies have been conducted to improve the m-commerce process in the NFC-based mobile environment and the increase of the number of smart phones built in NFC. Since authentication is important in mobile electronic payment, FIDO(Fast IDentity Online) and 2 Factor electronic payment system are applied. In addition, block-chains using distributed raw materials have emerged as a representative technology of the fourth industry. In this study, for the mobile gallery auction of the traders using NFC embedded terminal (smartphone) in a small gallery auction in which an unspecified minority participates, password-based authentication and biometric authentication technology (fingerprint) were applied to record transaction details and ownership transfer of the auction participants in electronic payment. And, for the cost reduction and data integrity related to gallery auction, the private distributed director block chain was constructed and used. In addition, domestic and foreign cases applying block chain in the auction field were investigated and compared. In the future, the study will also study the implementation of block chain networks and smart contract and the integration of block chain and artificial intelligence to apply the proposed method.