Journal of the Korea Society of Computer and Information (한국컴퓨터정보학회논문지)

Korean Society of Computer Information (한국컴퓨터정보학회)
권호 표지
DOI QR코드

DOI QR Code

A study about the influence to the client system when using PKI-based authentication system

공개키 기반 인증체계의 사용이 클라이언트 시스템에 미치는 영향에 관한 연구

  • 전정훈 (동덕여자대학교 컴퓨터학과)
  • Received : 2012.10.12
  • Accepted : 2012.12.16
  • Published : 2012.12.31
Download PDF
⟨ Previous Next ⟩

Abstract

The authentication system of the PKI(public key infrastructure) provides the authenticity and security, accessibility, economic feasibility, and convenience to the service provider and users. Therefore the public and private companies in Korea widely use it as the authentication method of the web service. However, the safety client system is threatened by many vulnerable factors which possibly caused when using PKI-based authentication system. Thus, in this article vulnerable factors caused by using the PKI-based authentication system will be analyzed, which is expected to be the useful data afterwards for the construction of the new authentication system as well as performance improvement.

공개키 기반(public key infrastructure)의 인증체계는 서비스 제공자와 사용자 모두에게 인증성과 보안성, 접근성, 경제성, 편의성을 제공으로 국내의 공공 및 민간 기업들은 웹 서비스의 인증방안으로 널리 사용되고 있다. 그러나 공개키 기반의 인증체계의 사용에 따른 여러 보안 취약 요인들이 나타나면서, 클라이언트 시스템의 안전성은 위협을 받고 있다. 따라서 본 논문은 공개키를 기반으로 하는 인증체계에 따른 취약 요인들을 사례연구 및 실험을 통해 분석함으로써, 향후 새로운 인증체계의 구축 및 성능향상을 위한 자료로 활용될 것으로 기대한다.

Keywords

References

  1. Jeonghoon Han, "Analysis on Vulnerability of ID/PW Management Solution and Proposal of the Evaluation Criteria" Korea Information Processing Society Journal, vol 15, c, pp125- 132, 2008.4. https://doi.org/10.3745/KIPSTC.2008.15-C.2.125
  2. Telecommunications Technology Association of Korea "HTML5 Techniques for ActiveX Replacement" Telecommunications Technology Associations 2011.12.22
  3. Jeon Jeong Hoon 11others "Cryptography & Network Security 5th", pp.283-347, Green 2011.
  4. Broadcasting and Communications Commission Press release 2012.4.2.
  5. Adams & Lloyd "Understanding Public-Key Infrastructure" Macmillan Technical Publishing, 1999.
  6. Richard E. Smith "Authentication" Addison-Wesley, 2002.
  7. Kim Min Jea 4 others, "A Method for Vulnerability Analysis of ActiveX Modules for Internet Services using Fuzzing Techniques", Korea IT Industry Promotion Agency Conference vol.36, no.2(D). pp46-49, 2009.
  8. National Cyber Security Center "ActiveX controls' at installation hacking vulnerabilities for Web Services" NCSC-TR050017
  9. ITSTAT "Proportion of Internet banking transactions" http://www.itstat.go.kr/stat/graph View.htm?mclass_cd=JB3&detail=4
  10. Su Yong Kim, Ki wook Sohn "The Study of technique to find and prove vulnerabilities in ActiveX Control", National Security Research Institute Vol. 15, No 6, pp.3-12, 2005.12
  11. Jeon Jeong Hoon, "A Study of the Performance Degradation Factors of An Internal Network", Korea Institute of Communications and Information Sciences Vol. 36, No. 1, 2011.1 https://doi.org/10.7840/KICS.2011.36B.1.43
  12. Kim, Boo Hyun , Yeo, Jungsung , "An Analysis of the Use of Cellular-phone's micro payment" Consumer policy and education review, Vol. 5, No. 2, pp.63-79, 2009.6.
  13. KIPA "Electronic Payment 2.0 Payment 2.0 Market Trends" 2008.8