• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.21 no.7
• /
• pp.1411-1419
• /
• 2017

The two factor authentication capability, private key possession and key protection password knowledge, and the strong public key cryptography protocol of PKI authentication have largely contributed to the rapid construction of Internet transaction trusted infrastructure. The reusability of a certificate-based identity for every PKI site was another contribution factor of the spread of PKI authentication. Nevertheless, the PKI authentication has been criticised mainly for the cost of PKI construction, inconvenience of individual certificate management, and difficulties of password management. Recently FIDO authentication has received high attention as an alternative of the PKI authentication. The FIDO authentication is also based on the public key cryptography which provides strong authentication services, but it does not require individual certificate issuance and provides user-friendly and secure authentication services by integrating biometric technologies. The purpose of this paper is to concretely compare the PKI-authentication and FIDO-authentication and, based on the analysis result, to propose their corresponding applications.

• KIPS Transactions on Computer and Communication Systems
• /
• v.7 no.2
• /
• pp.49-58
• /
• 2018

A certificate is a means to certify users by conducting the identification of the users, the prevention of forgery and alteration, and non-repudiation. Most people use an accredited certificate when they perform a task using online banking, and it is often used for the purpose of proving one's identity in issuing various certificates and making electronic payments in addition to online banking. At this time, the issued certificate exists in a file form on the disk, and it is possible to use the certificate issued in an existing device in a new device only if one copies it from the existing device. However, most certificate duplication methods are a method of duplication, entering an 8-16 digit verification code. This is inconvenient because one should enter the verification code and has a weakness that it is vulnerable to security issues. To solve this weakness, this study proposes a method for enhancing security certificate duplication in a multi-channel using TCP and BLE. The proposed method: 1) shares data can be mutually authenticated, using BLE Advertising data; and 2) encrypts the certificate with a symmetric key algorithm and delivers it after the certification of the device through an ECC-based electronic signature algorithm. As a result of the implementation of the proposed method in a mobile environment, it could defend against sniffing attacks, the area of security vulnerabilities in the existing methods and it was proven that it could increase security strength about $10^{41}$ times in an attempt of decoding through the method of substitution of brute force attack existing method.

• The Journal of the Korea Contents Association
• /
• v.15 no.10
• /
• pp.607-615
• /
• 2015

Mosts user of internet and smart phone has certificate, and uses it when money transfer, stock trading, on-line shopping, etc. Mosts user stores certificate in a hard disk drive of PC, or the external storage medium. In particular, the certification agencies are encouraged for user to store certificate in external storage media such as USB memory rather than a hard disk drive. User think that the external storage medium is safe, but when it is connect to a PC, certificate may be copied easily, and can be exposed to hackers through malware or pharming site. Moreover, if a hacker knows the user's password, he can use user's certificate without restrictions. In this paper, we suggest secure management scheme of the private key file using a password of the encrypted private key file, and a USB Memory's hardware information. The private key file is protected safely even if the encrypted private key file is copied or exposed by a hacker. Also, if the password of the private key file is exposed, USB Memory's container ID, additional authentication factor keeps the private key file safe. Therefore, suggested scheme can improve the security of the external storage media for certificate.

• Proceedings of the IEEK Conference
• /
• 2005.11a
• /
• pp.225-228
• /
• 2005

In this paper, we put a focus with a node cognition section of home gateway for information equipments to operate in a home network environment organically individually. We used an IPv6 protocols on a home network node connection on IP base. A node used a certificate published in a registered process by a home gateway for security. We designed secure node cognition structure to have had strong identification.

• Proceedings of the Korean Society of Computer Information Conference
• /
• 2015.07a
• /
• pp.283-284
• /
• 2015

본 논문에서는 기존 인증체계의 문제점을 살펴보고 이를 개선하기 위한 방안을 제안한다. 현재 국내에서 금융관련 서비스에서 공인인증서를 사용하는 서비스가 대부분이나 실용성 및 보안 문제로 인해 최근 정부에서는 공인인증서 사용 의무제도를 폐지하기에 이르렀지만 현재 공인인증서를 대체할만한 안전한 수단을 확보하지 못했고 기존의 OTP나 보안카드로 공인인증서의 공백을 메우기에는 역부족이다. 따라서 공인인증서를 대체할 수 있는 인증방안에 대해 제안하고 이를 통해 보다 안전한 인터넷 전자상거래를 유도하고자 한다.

• Proceedings of the Korean Information Science Society Conference
• /
• 2004.10a
• /
• pp.334-336
• /
• 2004

국내 전자상거래 제품과의 호환성과 확장성을 위하여 국내 전자서명 표준인 KCDSA(Korean Certificate-based Digital Signature Algorithm) 메커니즘을 PKCS(Public Key Cryptographic Standard) #11 암호 API(Application Programming Interface)에 기능을 추가한다. PKCS #11에서 정의한 키 관리(Hey Management) 함수의 입력 파라미터에 암호화할 키를 바로 입력하면 변조된 키를 전달할 수 있으므로, 본 논문에서는 안전한 키보호(Key Protection) 함수를 새로 정의하여 암호화할 키 대신 사용자 PIN(Personal Identification Number: 패스워드) 입력하여 사용자의 KCDSA 개인키와 공개키를 보다 더 안전하게 보관하고자 한다.

• Journal of Industrial Technology
• /
• v.21 no.B
• /
• pp.75-83
• /
• 2001

In the field of secure information systems including electronic commerces, public key infrastructure(PKI) is widely used for secure services. The more PKI domains are established, the more needs are required for cross-domain certifications. Furthermore, each country has many certificate authorities(CA) which require more complex cross certification: We may need a fast algorithm in order to find the possible certification paths. This will be more indispensible in the growing PKI systems. We designed and implemented the high-speed certification path discovery algorithm. Also, we investigated the feature of operation of the system.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.12 no.2
• /
• pp.892-905
• /
• 2018

In smart home environment, certificate based signature technology is being studied by communication with Internet of Things(IoT) device. However, block - chain technology has attracted much attention because of the problems such as single - point error and management overhead of the trust server. Among them, Keyless Signature Infrastructure(KSI) provides integrity by configuring user authentication and global timestamp of distributed server into block chain by using hash-based one-time key. In this paper, we provide confidentiality by applying group key and key management based on multi - solution chain. In addition, we propose a smart home environment that can reduce the storage space by using Extended Merkle Tree and secure and efficient KSI-based authentication and communication with enhanced security strength.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.11 no.4
• /
• pp.2254-2275
• /
• 2017

In this paper, we present an IND-CCA2 secure certificateless proxy re-encryption scheme in the random oracle model. A certificateless public key cryptography simplifies the certificate management in a traditional public key infrastructure and the built-in key escrow feature in an identity-based public key cryptography. Our scheme shares the merits of certificateless public key encryption cryptosystems and proxy re-encryption cryptosystems. Our certificateless proxy re-encryption scheme has several practical and useful properties - namely, multi-use, unidirectionality, non-interactivity, non-transitivity and so on. The security of our scheme bases on the standard bilinear Diffie-Hellman and the decisional Bilinear Diffie-Hellman assumptions.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2000.04a
• /
• pp.447-464
• /
• 2000

많은 사람들이 관심을 가지고 급속도로 발전하는 인터넷 환경의 웹 서비스 중에서 인터넷 뱅킹 시스템은 반드시 필요한 서비스 중의 하나지만, 아직까지 많은 보안상의 문제점을 내포하고 있다. 본 논문에서는 이런 보안상의 문제들 중에서 사용자 인증에 관한 부분, 데이터 암호화에 관한 부분, 키 분배 문제에 관한 부분을 해결할 수 있는 방안을 제시하려 한다. 이를 위해 공개적으로 사용이 가능한 암호 라이브러리인 Crypto++3.1을 이용하여 인터넷 환경에서 보안 서비스를 제공할 수 있는 안전한 인터넷 뱅킹 시스템인 SIBS(Secure Internet Banking System)을 설계 및 구현하였다. SIBS는 빠른 데이터 암호화 처리를 위해 IDEA암호 알고리즘을 사용하였다. 데이터 암호화에 사용할 키를 분배하기 위해서 Diffie-Hellaman키 분배 알고리즘을 이용한다. 또한, 사용자의 인증을 위해 X.509형식의 인증서를 이용하기 위해서 SSLeay를 설치하여 인증서(Certificate)를 발급 받는다. 그러므로, 사용자는 인터넷에서 SIBS의 GUI(Graphic User Interface)를 이용해 빠르고 편리한 접근이 용이하고, 암호 알고리즘에 대한 지식이나 특별한 조치가 없이도 빠른 데이터 암호화 처리와 인증서를 이용한 확실한 사용자 인증을 보장 받을 수 있다.