DOI QR코드

DOI QR Code

A Methodology for the Improvement of Accredited Digital Certificate Integrating FIDO Biometric Technology and TrustZone

FIDO 생체기술과 안전영역을 연계한 공인인증서 효율화 방법

  • Cho, Hwa-Gun (Information Security Group, Korea Financial Telecommunications & Clearings Institute) ;
  • Yang, Hae-Sool (Graduate School of Venture, Hoseo University)
  • 조화건 (금융결제원 정보보호본부) ;
  • 양해술 (호서대학교 벤처대학원)
  • Received : 2017.06.21
  • Accepted : 2017.08.20
  • Published : 2017.08.28

Abstract

Digital accredited certificates issued under the Digital Signature Act provide essential functionalities for online service, so certificates are used for various services such as online banking, e-government. However, certificates can be stolen by hackers and users need to install separate software to use certificates. Recently FIDO, which aims to solve the problems of password-based authentication and the lack of interoperability between authentication methods, is used for biometric authentication and TrustZone, hardware-based secure environment, is used for safe smartphone usage. In this paper, the new service method is suggested which uses FIDO-based biometric authentication and stores certificates in TrustZone. This method can not only improve security and convenience but also be easily applied to the service because it uses built-in functionalities of new smartphones such as biometric sensors and TrustZone. It is expected that people can use certificates in a safe and convenient way with this method.

전자서명법에 따라 발급되고 있는 공인인증서는 비대면 거래에서의 필수 기능을 제공하기 때문에 전자금융거래, 전자민원 등 다양한 분야에 이용되고 있다. 하지만 공인인증서는 파일로 저장할 경우 해커로 인한 유출이 가능하며 이용 시 별도 프로그램 설치가 필요하기 때문에 안전성, 편리성 양 측면에서 비판을 받고 있다. 최근 패스워드 기반 인증의 문제점과 인증수단 간 부족한 상호 운용성을 해결하려는 시도로 등장한 FIDO가 생체기술 기반 인증에서 이용되고 있으며, 하드웨어 기반 보안 운영환경인 안전영역이 안전한 스마트폰 이용을 위해 활용되고 있다. 본 고에서는 공인인증서의 문제를 해결하기 위해 FIDO를 이용하여 생체기술 인증을 수행하고 공인인증서는 안전영역에 저장하도록 하는 새로운 형태의 공인인증서 이용 방식을 제시하였다. 제시된 방식은 기존 방식에 비해 안전성과 편리성을 향상시켰을 뿐 아니라 최신 스마트폰에 기본 탑재된 생체정보 인식기능과 안전영역을 이용하였기 때문에 서비스의 적용이 용이하다는 장점이 있다. 이 방식으로 공인인증서 이용이 더 안전하고 편리해지리라 기대해 본다.

Keywords

References

  1. RSA Laboratories, "PKCS #1 v2.2: RSA Cryptography Standard", 2012.
  2. National Law Information Center, "Digital Signature Act", http://www.law.go.kr (June, 2017)
  3. Kyung-Hye Park, "A study of the scenario for improvement of NPKI system", Journal of Digital Convergence, Vol. 8, No. 4, pp. 59-71, 2010.
  4. Korea Internet & Security Agency, "Digital Signature Certificate Profile", 2009.
  5. Korea Internet & Security Agency, "Accredited Digital Signature Certificate Revocation List Profile", 2009.
  6. Han-Wook Lee, "Current Status and Future Prospects of FIDO Authentication Technology", KFTC Payments Trends, Vol. 261, 2016.
  7. Jae Jung Kim and Seung Phil Hong, "Design of a Secure Biometric Authentication Framework Using PKI and FIDO in Fintech Environments", International Journal of Security and Its Applications, Vol. 10, No. 12, pp. 69-80, 2016.
  8. Hyun-Joong Kim, Byung-Rae Cha and Sung-Bum Pan, "Technology Trends, Research and Design of AIM Framework for Authentication Information Management", Journal of Digital Convergence, Vol. 14, No. 7, pp. 373-383, 2016. https://doi.org/10.14400/JDC.2016.14.7.373
  9. FIDO Alliance, http://fidoalliance.org (June, 2017)
  10. Young-Joon, Choi, "Digital Certificates Usage and Technology Trends in Smartphone", KFTC Payment Systems and Information Technology, Vol. 56, 2014.
  11. GlobalPlatform, "Trusted Execution Environment(TEE) Guide", https://globalplatform.org/mediaguidetee.asp (June, 2017)
  12. ARM Ltd., https://www.arm.com/products/security-on-arm/trustzone (June, 2017)
  13. Jeong Nyeo Kim, "Security Core Technology Implementation for Hardware-based Smart Devices", Journal of Digital Convergence, Vol. 14, No. 11, pp. 501-505, 2016. https://doi.org/10.14400/JDC.2016.14.11.501
  14. Hwi-Min Choi, Chang-Bok Jang and Joo-Man Kim, "Efficient Security Method Using Mobile Virtualization Technology And Trustzone of ARM", Journal of Digital Convergence, Vol. 12, No. 10, pp. 299-308, 2014. https://doi.org/10.14400/JDC.2014.12.10.299
  15. Keyong-Seog Song, "A Study on the Risk Management of e-Finance by Active Internet", Journal of Digital Convergence, Vol. 8, No. 2, pp. 189-202, 2010.
  16. Financial Services Commision, "Electronic Financial Fraud Prevention Service Press Release", 2013.
  17. Korea Internet & Security Agency, "User Interface Specification for the Interoperability between Accredited Certificate Authorities", 2015.
  18. Korea Internet & Security Agency, "Certificate Management in Mobile Device", 2015.
  19. Hyeon-Joon Moon, Min-Hyung Lee and Kang-Hun Jeong, "Authentication Performance Optimization for Smart-phone based Multimodal Biometrics", Journal of Digital Convergence, Vol. 13, No. 6, pp. 151-156, 2015. https://doi.org/10.14400/JDC.2015.13.6.151
  20. Sunghyun Yun, "The Biometric Signature Delegation Method with Undeniable Property", Journal of Digital Convergence, Vol. 12, No. 1, pp. 389-395, 2014. https://doi.org/10.14400/JDPM.2014.12.1.389
  21. Korea Internet & Security Agency, "Implementation Guideline for Safe Usage of Accredited Certificate using bio information in Smart phone", 2016.