Journal of Digital Convergence (디지털융복합연구)

The Society of Digital Policy and Management (한국디지털정책학회)
권호 표지
DOI QR코드

DOI QR Code

Analysis of Standard Security Technology for Security of the Network

네트워크의 보안성 강화를 위한 표준 정보보호 기술 분석

  • Kim, Bong-Han (Dept. of Computer & Information Engineering, CheongJu University)
  • 김봉한 (청주대학교 컴퓨터정보공학과)
  • Received : 2015.10.23
  • Accepted : 2015.12.20
  • Published : 2015.12.28
Download PDF
⟨ Previous Next ⟩

Abstract

The development of the security solutions that can provide a variety of security services is needed urgently. For development of the security solutions, analysis of international standard security technology is the key. In this paper, international organizations' standardization(ISO/IEC JTC1 SC27, ITU-T SG-17, IETF Security Area, etc.) and the current trend of the standard security technology are mainly analyzed. The core of the latest security technology(Application Bridging, DNS-based Authentication, HTTP Authentication, IP Security, Javascript Security, Authentication Technology Next Generation, Managed Incident, Web Authorization Protocol, Security Automation, Transport Layer Security, etc.) is analyzed focusing on 18 working groups of the IETF.

인터넷 어플리케이션에서 다양한 정보보호 서비스를 제공할 수 있는 정보보호 솔루션의 개발이 시급하다. 이러한 정보보호 솔루션 개발을 위해서, 국제 표준 정보보호 기술에 대한 분석이 필수적으로 필요하다. 본 논문에서는 ISO/IEC JTC1 SC27, ITU-T SG-17, IETF Security Area 등 국제 표준화기구의 정보보호 기술 현황과 국제 표준으로 등록된 정보보호 기술을 분석하였다. 이 중에서 인터넷에 관련된 정보보호 기술을 중점적으로 개발하고 있는 IETF Security Area의 18개 워킹 그룹을 중심으로, 어플리케이션 브리징, DNS 기반 인증, HTTP 인증, IP 보안, 자바스크립트 보안, 차세대 인증, 보안사고 관리, 웹 인증 프로토콜, 보안 자동화, 전송 층 보안 등 최신 표준 정보보호기술의 핵심내용을 분석하였다.

Keywords

References

  1. Heung-Ryong Oh, Jeong Sik Park, Byoung-Moon Chin, Heung-Youl Youm, "Security International Standardization Status and Driven Systems Analysis", Review of KIISC, Korea Institute of Infomation Security and Cryptology, Vol.21 No.2, pp. 7-18, 2011
  2. Yong-Nyuo Shin, HakIl Kim, Myung-Geun Chun, "Personal Information Protection Reference Architecture and International Standardization Trend", Review of KIISC, Korea Institute of Infomation Security and Cryptology, Vol.21 No.5, pp. 12-20, 2011
  3. Kyeong Hee Oh, Jungduk Kim, Heung-Youl Youm, "A Trend on Security International Standardization", Review of KIISC, Korea Institute of Infomation Security and Cryptology, Vol.23 No.3, pp. 5-13, 2013
  4. Heung-Youl Youm, "An Analysis on Personal Information Protection International Standards", Review of KIISC, Korea Institute of Infomation Security and Cryptology, Vol.25 No.4, pp. 6-10, 2015
  5. Younghun Jeong, Jeonghwan Song, "A Trend on lightweight cryptography International Standardization in ISO/IEC JTC 1/SC 27 WG2", Review of KIISC, Korea Institute of Infomation Security and Cryptology, Vol.25 No.4, pp. 11-17, 2015
  6. Hyun-Sun Kang, "An Analysis of Information Security Management System and Certification Standard for Information Security", Journal of Security Engineering, JSE, Vol.11 No.6, pp. 455-468, 2014 https://doi.org/10.14257/jse.2014.12.04
  7. HeungYoul Youm, Heung-Ryong Oh, "A Trend on Security Technology and International Standardization(ITU-T SG17)", Review of KIISC, Korea Institute of Infomation Security and Cryptology, Vol.24 No.4, pp. 7-14, 2014
  8. Heung-Ryong Oh, Young-Hwa Kim, Heung-Youl Youm, "A Trend on ITU-T SG17(Security) International Standardization", OSIA Standards & Technology Review, Vol.27 No.2, pp. 8-20, 2014
  9. Jungduk Kim, "A Trend on Security Management International Standardization", Review of KIISC, Korea Institute of Infomation Security and Cryptology, Vol.21 No.2, pp. 19-22, 2011
  10. Heung Ryong Oh, Sungpil Yu, Youngwha Kim, "A trend on information security standardization in ITU-T SG17", Proceedings of the Winter Conference, KICS, Vol.2015 No.1, 2015
  11. ISO/IEC JTC1 SC27, http://www.iso.org/iso/iso_technical_committee?commid=45306
  12. ITU-T, http://www.itu.int/en/ITU-T/studygroups/2013-2016/17/Pages/default.aspx
  13. IETF, http://www.ietf.org/
  14. IETF Security Area, http://datatracker.ietf.org/wg/#sec
  15. abfab, http://datatracker.ietf.org/wg/abfab/documents.
  16. dane, http://datatracker.ietf.org/wg/dane/documents
  17. httpauth, http://datatracker.ietf.org/wg/httpauth/documents
  18. ipsecme, http://datatracker.ietf.org/wg/ipsecme/documents
  19. jose, http://datatracker.ietf.org/wg/jose/documents
  20. kitten, http://datatracker.ietf.org/wg/kitten/documents
  21. mile, http://datatracker.ietf.org/wg/mile/documents
  22. oauth, http://datatracker.ietf.org/wg/oauth/documents
  23. sacm, http://datatracker.ietf.org/wg/sacm/documents
  24. tls, http://datatracker.ietf.org/wg/tls/documents/