DOI QR코드

DOI QR Code

Secure Management Method for Private Key using Smartphon's Information

스마트폰 고유정보를 이용한 안전한 개인키 관리 방안

  • Received : 2016.05.09
  • Accepted : 2016.05.30
  • Published : 2016.08.28

Abstract

The 3390 million people, around 83% of the adult population in Korea use smartphone. Although the safety problem of the certificate has been occurred continuously, most of these users use the certificate. These safety issues as a solution to 'The owner of a mobile phone using SMS authentication technology', 'Biometric authentication', etc are being proposed. but, a secure and reliable authentication scheme has not been proposed for replace the certificate yet. and there are many attacks to steal the certificate and private key. For these reasons, security experts recommend to store the certificate and private key on usb flash drive, security tokens, smartphone. but smartphones are easily infected malware, an attacker can steal certificate and private key by malicious code. If an attacker snatchs the certificate, the private key file, and the password for the private key password, he can always act as valid user. In this paper, we proposed a safe way to keep the private key on smartphone using smartphone's unique information and user password. If an attacker knows the user password, the certificate and the private key, he can not know the smart phone's unique information, so it is impossible to use the encrypted private key. Therefore smartphone user use IT service safely.

Keywords

PKI;Certificate;Private Key File;Smartphone Unique Information;IMEI

References

  1. "2015년 상반기 모바일 트랜드," KT경제경영연구소 DIGIECO, 2015.7.6.
  2. http://rcps.egovgo.kr:8081/jsp/stat/ppl_stat_jf.jsp
  3. http://www.boannews.com/media/view.asp?idx=45468
  4. http://www.boannews.com/media/view.asp?idx=44245
  5. 소프트포럼, "보안토큰(HSM) 활성화 방안," 2007(4).
  6. 김선주, 조인준, "OTP를 이용한 PKI 기반의 개인키 파일의 안전한 관리방안," 한국콘텐츠학회논문지, 제14권, 제12호, pp.565-573, 2014.
  7. http://word.tta.or.kr
  8. B. Kaliski, PKCS #8: Private-Key Information Syntax Standard V1.2, RSA Laboratories, 2008.
  9. B. Kaliski, PKCS #5, Password Based Cryptography Standard V2.1, RSA Laboratories, 2000.
  10. TTAE.3G-22.016, "IMT2000 3GPP-국제이동통신장비식별(IMEI)," TTA, 2000.07.13.
  11. B. Kaliski, PKCS #10: Certification Request Syntax Standard V1.7, RSA Laboratories, 2008.
  12. 김선주, 조인준, "USB 메모리의 컨테이너ID를 이용한 PKI 기반의 개인키 파일의 안전한 관리방안," 한국콘텐츠학회논문지, 제15권, 제10호, pp.607-615, 2015.
  13. https://msdn.microsoft.com/en-us/library/windows/hardware/ff540024(v=vs.85).aspx