DOI QR코드

DOI QR Code

개발도상국의 모바일 정부를 위한 mNPKI

mNPKI for Mobile Government in Developing Countries

  • 김현성 (경일대학교 사이버보안학과)
  • 투고 : 2019.05.27
  • 심사 : 2019.09.20
  • 발행 : 2019.09.28

초록

무선 전자 장치 상에서 전자 정부의 행정 처리는 안전하지 않으므로 메시지들이 공격에 취약하다. 따라서 무선인터넷을 지원하는 장치는 유선 네트워크와 동일한 수준의 보안과 프라이버시가 보장되어야 한다. 유선 환경에서 사용되는 전자 정부의 국가 공개키 기반 구조(NPKI)는 컴퓨팅 성능, 메모리 용량 및 제한된 배터리 전력의 한계로 인해 모바일 전자 정부를 위한 무선 환경에 적합하지 않다. 이를 위해서는 유선 NPKI와 동일한 보안 수준을 제공하는 개발도상국을 위한 모바일 국가 공개키 기반구조(mPKI)의 개발이 필요하다. 무선 환경에서의 mNPKI 요구사항은 짧은 시간 한계를 갖는 인증서를 기반으로 한다. 분석 결과 mNPKI는 무선 인터넷에 적합하고 유선 NPKI와 동일한 보안과 프라이버시를 제공함을 확인하였다.

Government transactions over wireless electronic devices are not safe and hence the messages are prone to attack. Thereby, devices supporting wireless Internet must assure the same level of security and privacy as the wired network. National public key infrastructure (NPKI) for electronic government used in the wired environment is not suitable for wireless environment for mobile government (mGovernment) because of the limitations of computing power, memory capacity and restricted battery power. This requires the development of a new NPKI for mGovernment, denoted as mNPKI, to developing countries, which provides the same security level as the wired NPKI. For the wireless environment requirements, mNPKI is based on short lived certificates. Analysis shows that mNPKI is well suited to wireless Internet and provides the same security requirement from the wired NPKI.

키워드

참고문헌

  1. A. Das, H. Singh & D. Joseph. (2017). A longitudinal study of e-government maturity.Information & Management, 53, 415-426.
  2. H. Kim & H. Choi. (2016). Research on Deployment Strategy of Public Key Infrastructure for Developing Country: Focused on Malawi. Journal of Digital Convergence, 14(10), 45-51. https://doi.org/10.14400/JDC.2016.14.10.45
  3. J. Jo & S. Choi. (2016). Firm's Market Value Trends after Information Security Management System(ISMS) Cerficiation Acquisition. Journal of the Korea Convergence Society, 7(6), 237-247. https://doi.org/10.15207/JKCS.2016.7.6.237
  4. D. Kang, M. J. Park, D. H. Lee & J. J. Rho. (2017). Mobile services with handset bundling and governmental policies for competitive market. Telematics and Informatics, 34, 323-337. https://doi.org/10.1016/j.tele.2016.04.015
  5. A. Jansen & S. Olnes. (2016). The nature of public e-services and their quality dimensions, Government Information Quarterly, 33, 647-657. https://doi.org/10.1016/j.giq.2016.08.005
  6. C. E. V. Madhavan & P. K. Saxena. (2003). Recent Trends in Applied Cryptology. IETE Technical Review, 20(2), 119-128. https://doi.org/10.1080/02564602.2003.11417076
  7. National Institute of Standards and Technology. (2000). Federal Agency Use of Public Key Technology for Digital Signatures and Authentication.
  8. Solution Profile-U.S. Federal Bridge Certification Authority (FBCA), European Federated Validation Service Study, 2009.
  9. DFN-PKI Certificate Policy - Security levels: Global, Classic and Basic, Deutsches Forschungsnetz, 2006.
  10. J. Kim, S. Park, H. Cho, J. Kim & J. Y. Choi. (2017). Public trust in a mobile device and service policy in South Korea: The Mobile Device Distribution Improvement Act. Telematics and Informatics, 34, 540-547. https://doi.org/10.1016/j.tele.2016.08.020
  11. W. Lam. (2005). ZBarriers to e-government integration, Journal of Enterprise Information Management, 18(5), 511-530. https://doi.org/10.1108/17410390510623981
  12. Informata. (2001). Mobilizing public services in Africa: The m-government challenges, 1-12.
  13. J. Poushter & R. Oates. (2015). Cell Phones in Africa: Communication Lifeline-Texting Most Common Activity, but Mobile Money Popular in Several Countries, Pew Research Center.
  14. S. F. Verkijika & L. D. Wet. (2018). A usability assessment of e-government websites in Sub-Saharan Africa. International Journal of Information Management, 39, 20-29. https://doi.org/10.1016/j.ijinfomgt.2017.11.003
  15. M. Z. I. Lallmahomed, N. Lallmahomed & G. M. Lallmahomed. (2017). Factors influencing the adoption of e-Government services in Maturittius. Telematics and Informatics, 34(4), 57-72. https://doi.org/10.1016/j.tele.2017.01.003
  16. Z. Li & F. Yang. (2016). The E-government Information Model Based on GPR. Government Information Quarterly, 33(2), 291-304. https://doi.org/10.1016/j.giq.2016.04.006
  17. United Nations. (2005). Global E-Government Readiness Report 2005.
  18. OMB Memorandum M-00-10. (2000). OMB Procedures and Guidance on Implementing the Government Paperwork Elimination Act,
  19. European Parliament. (2013). Security of eGovernment System Final Report, Science and Technology Options Assessment, IP/A/STOA/FWC/2008-096/LOT4/C1/SC10.
  20. I. Marin, N. A. J. Al-Habeeb, N. Goga, A. Vasilateanu, I. Pavaloiu & C. Boiangiu. (2017). Improved M-Government based on Mobile WiMAX, in Proc. of 2017 21st International Conference on Control Systems and Computer Science, Bucharest, Romania, 37-42.
  21. S. Hong. (2014). Research on Wireless Sensor Networks Security Attack and Countermeasures: Survey. Journal of Convergence for Information Technology. 4(4), 1-6. https://doi.org/10.22156/CS4SMB.2014.4.4.001
  22. NIST Special Publication 800-25. (2000). Federal Agency Use of Public Key Technology for Digital Signatures and Authentication.
  23. H. Kim. (2013). Privacy Preserving Security Framework for Cognitive Radio Networks. IETE Technical Review, 30(2), 142-148. https://doi.org/10.4103/0256-4602.110553
  24. S. H. Lee. (2015). Cloud computing Issues and Security measure. Journal of Convergence for Information Technology, 5(1), 31-35. https://doi.org/10.22156/CS4SMB.2015.5.1.031
  25. NIST Special Publication 800-57. (2013). Recommendation for Key Management Part 3: Application-Specific Key Management Guidance.
  26. W. Shanks & H. Khiabani. (2013). Building and managing a PKI solution for small and medium size business, The SANS Institute.
  27. B. Payne. (2016). PKI at Scale using Short-lived Certificates, in Proc. of USENIX Enigma 2016, San Francisco, CA.
  28. H. Jin & P. Papadimitratos. (2016). Proactive certificate validation for VANETs, in Proc. of 2016 IEEE Vehicular Networking Conference, (pp.1-4). USA: IEEE.
  29. J. Rowley. (2016). How Short-Lived Certificates Improve Certificate Trust, Digicert blog, https://blog.digicert.com/short-lived-certificates/.
  30. IETF RFC 3280. (2002). Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile.
  31. Y. Lee, J. Lee & J. Song. (2007). Design and implementation of wireless PKI technology suitable for mobile phone in mobile-commerce. Computer Communications, 30, 893-903. https://doi.org/10.1016/j.comcom.2006.10.014
  32. C. Marufu & K. A. Maboe. (2017). Utilisation of mobile health by medical doctors in a Zimbabwean health care facility. Health SA Gesondheid, 22, 228-234. https://doi.org/10.1016/j.hsag.2017.03.002
  33. B. Klievink, A. Neuroni, M. Fraefel & A. Zuiderwijk. (2017). Digital Strategies in Action-a Comparative Analysis of National Data Infrastructure Development, in Proc. of the 18th Annual International Conference on Digital Government Research, (pp. 129-138). New York : ACM.
  34. I. K. Rohman & L. Veiga. (2017). Against the Shadow: the Role of e-Government, in Proc. of the 18th Annual International Conference on Digital Government Research, (pp. 319-328). New York : ACM.